1*ebfedea0SLionel Sambuc=pod 2*ebfedea0SLionel Sambuc 3*ebfedea0SLionel Sambuc=head1 NAME 4*ebfedea0SLionel Sambuc 5*ebfedea0SLionel SambucRSA_check_key - validate private RSA keys 6*ebfedea0SLionel Sambuc 7*ebfedea0SLionel Sambuc=head1 SYNOPSIS 8*ebfedea0SLionel Sambuc 9*ebfedea0SLionel Sambuc #include <openssl/rsa.h> 10*ebfedea0SLionel Sambuc 11*ebfedea0SLionel Sambuc int RSA_check_key(RSA *rsa); 12*ebfedea0SLionel Sambuc 13*ebfedea0SLionel Sambuc=head1 DESCRIPTION 14*ebfedea0SLionel Sambuc 15*ebfedea0SLionel SambucThis function validates RSA keys. It checks that B<p> and B<q> are 16*ebfedea0SLionel Sambucin fact prime, and that B<n = p*q>. 17*ebfedea0SLionel Sambuc 18*ebfedea0SLionel SambucIt also checks that B<d*e = 1 mod (p-1*q-1)>, 19*ebfedea0SLionel Sambucand that B<dmp1>, B<dmq1> and B<iqmp> are set correctly or are B<NULL>. 20*ebfedea0SLionel Sambuc 21*ebfedea0SLionel SambucAs such, this function can not be used with any arbitrary RSA key object, 22*ebfedea0SLionel Sambuceven if it is otherwise fit for regular RSA operation. See B<NOTES> for more 23*ebfedea0SLionel Sambucinformation. 24*ebfedea0SLionel Sambuc 25*ebfedea0SLionel Sambuc=head1 RETURN VALUE 26*ebfedea0SLionel Sambuc 27*ebfedea0SLionel SambucRSA_check_key() returns 1 if B<rsa> is a valid RSA key, and 0 otherwise. 28*ebfedea0SLionel Sambuc-1 is returned if an error occurs while checking the key. 29*ebfedea0SLionel Sambuc 30*ebfedea0SLionel SambucIf the key is invalid or an error occurred, the reason code can be 31*ebfedea0SLionel Sambucobtained using L<ERR_get_error(3)|ERR_get_error(3)>. 32*ebfedea0SLionel Sambuc 33*ebfedea0SLionel Sambuc=head1 NOTES 34*ebfedea0SLionel Sambuc 35*ebfedea0SLionel SambucThis function does not work on RSA public keys that have only the modulus 36*ebfedea0SLionel Sambucand public exponent elements populated. It performs integrity checks on all 37*ebfedea0SLionel Sambucthe RSA key material, so the RSA key structure must contain all the private 38*ebfedea0SLionel Sambuckey data too. 39*ebfedea0SLionel Sambuc 40*ebfedea0SLionel SambucUnlike most other RSA functions, this function does B<not> work 41*ebfedea0SLionel Sambuctransparently with any underlying ENGINE implementation because it uses the 42*ebfedea0SLionel Sambuckey data in the RSA structure directly. An ENGINE implementation can 43*ebfedea0SLionel Sambucoverride the way key data is stored and handled, and can even provide 44*ebfedea0SLionel Sambucsupport for HSM keys - in which case the RSA structure may contain B<no> 45*ebfedea0SLionel Sambuckey data at all! If the ENGINE in question is only being used for 46*ebfedea0SLionel Sambucacceleration or analysis purposes, then in all likelihood the RSA key data 47*ebfedea0SLionel Sambucis complete and untouched, but this can't be assumed in the general case. 48*ebfedea0SLionel Sambuc 49*ebfedea0SLionel Sambuc=head1 BUGS 50*ebfedea0SLionel Sambuc 51*ebfedea0SLionel SambucA method of verifying the RSA key using opaque RSA API functions might need 52*ebfedea0SLionel Sambucto be considered. Right now RSA_check_key() simply uses the RSA structure 53*ebfedea0SLionel Sambucelements directly, bypassing the RSA_METHOD table altogether (and 54*ebfedea0SLionel Sambuccompletely violating encapsulation and object-orientation in the process). 55*ebfedea0SLionel SambucThe best fix will probably be to introduce a "check_key()" handler to the 56*ebfedea0SLionel SambucRSA_METHOD function table so that alternative implementations can also 57*ebfedea0SLionel Sambucprovide their own verifiers. 58*ebfedea0SLionel Sambuc 59*ebfedea0SLionel Sambuc=head1 SEE ALSO 60*ebfedea0SLionel Sambuc 61*ebfedea0SLionel SambucL<rsa(3)|rsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)> 62*ebfedea0SLionel Sambuc 63*ebfedea0SLionel Sambuc=head1 HISTORY 64*ebfedea0SLionel Sambuc 65*ebfedea0SLionel SambucRSA_check_key() appeared in OpenSSL 0.9.4. 66*ebfedea0SLionel Sambuc 67*ebfedea0SLionel Sambuc=cut 68