1*2175Sjp161948=pod 2*2175Sjp161948 3*2175Sjp161948=head1 NAME 4*2175Sjp161948 5*2175Sjp161948RSA_check_key - validate private RSA keys 6*2175Sjp161948 7*2175Sjp161948=head1 SYNOPSIS 8*2175Sjp161948 9*2175Sjp161948 #include <openssl/rsa.h> 10*2175Sjp161948 11*2175Sjp161948 int RSA_check_key(RSA *rsa); 12*2175Sjp161948 13*2175Sjp161948=head1 DESCRIPTION 14*2175Sjp161948 15*2175Sjp161948This function validates RSA keys. It checks that B<p> and B<q> are 16*2175Sjp161948in fact prime, and that B<n = p*q>. 17*2175Sjp161948 18*2175Sjp161948It also checks that B<d*e = 1 mod (p-1*q-1)>, 19*2175Sjp161948and that B<dmp1>, B<dmq1> and B<iqmp> are set correctly or are B<NULL>. 20*2175Sjp161948 21*2175Sjp161948As such, this function can not be used with any arbitrary RSA key object, 22*2175Sjp161948even if it is otherwise fit for regular RSA operation. See B<NOTES> for more 23*2175Sjp161948information. 24*2175Sjp161948 25*2175Sjp161948=head1 RETURN VALUE 26*2175Sjp161948 27*2175Sjp161948RSA_check_key() returns 1 if B<rsa> is a valid RSA key, and 0 otherwise. 28*2175Sjp161948-1 is returned if an error occurs while checking the key. 29*2175Sjp161948 30*2175Sjp161948If the key is invalid or an error occurred, the reason code can be 31*2175Sjp161948obtained using L<ERR_get_error(3)|ERR_get_error(3)>. 32*2175Sjp161948 33*2175Sjp161948=head1 NOTES 34*2175Sjp161948 35*2175Sjp161948This function does not work on RSA public keys that have only the modulus 36*2175Sjp161948and public exponent elements populated. It performs integrity checks on all 37*2175Sjp161948the RSA key material, so the RSA key structure must contain all the private 38*2175Sjp161948key data too. 39*2175Sjp161948 40*2175Sjp161948Unlike most other RSA functions, this function does B<not> work 41*2175Sjp161948transparently with any underlying ENGINE implementation because it uses the 42*2175Sjp161948key data in the RSA structure directly. An ENGINE implementation can 43*2175Sjp161948override the way key data is stored and handled, and can even provide 44*2175Sjp161948support for HSM keys - in which case the RSA structure may contain B<no> 45*2175Sjp161948key data at all! If the ENGINE in question is only being used for 46*2175Sjp161948acceleration or analysis purposes, then in all likelihood the RSA key data 47*2175Sjp161948is complete and untouched, but this can't be assumed in the general case. 48*2175Sjp161948 49*2175Sjp161948=head1 BUGS 50*2175Sjp161948 51*2175Sjp161948A method of verifying the RSA key using opaque RSA API functions might need 52*2175Sjp161948to be considered. Right now RSA_check_key() simply uses the RSA structure 53*2175Sjp161948elements directly, bypassing the RSA_METHOD table altogether (and 54*2175Sjp161948completely violating encapsulation and object-orientation in the process). 55*2175Sjp161948The best fix will probably be to introduce a "check_key()" handler to the 56*2175Sjp161948RSA_METHOD function table so that alternative implementations can also 57*2175Sjp161948provide their own verifiers. 58*2175Sjp161948 59*2175Sjp161948=head1 SEE ALSO 60*2175Sjp161948 61*2175Sjp161948L<rsa(3)|rsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)> 62*2175Sjp161948 63*2175Sjp161948=head1 HISTORY 64*2175Sjp161948 65*2175Sjp161948RSA_check_key() appeared in OpenSSL 0.9.4. 66*2175Sjp161948 67*2175Sjp161948=cut 68