Import OpenSSL 1.1.0f

2017-09-07 16:27:43 -07:00
parent ccd3ab4aff
commit f4b81cb7c9
3340 changed files with 325158 additions and 557542 deletions
--- a/doc/crypto/RSA_check_key.pod
+++ b/doc/crypto/RSA_check_key.pod
@@ -2,41 +2,48 @@

 =head1 NAME

-RSA_check_key - validate private RSA keys
+RSA_check_key_ex, RSA_check_key - validate private RSA keys

 =head1 SYNOPSIS

 #include <openssl/rsa.h>

+ int RSA_check_key_ex(RSA *rsa, BN_GENCB *cb);
+
 int RSA_check_key(RSA *rsa);

 =head1 DESCRIPTION

-This function validates RSA keys. It checks that B<p> and B<q> are
+RSA_check_key_ex() function validates RSA keys.
+It checks that B<p> and B<q> are
 in fact prime, and that B<n = p*q>.

+It does not work on RSA public keys that have only the modulus
+and public exponent elements populated.
 It also checks that B<d*e = 1 mod (p-1*q-1)>,
 and that B<dmp1>, B<dmq1> and B<iqmp> are set correctly or are B<NULL>.
+It performs integrity checks on all
+the RSA key material, so the RSA key structure must contain all the private
+key data too.
+Therefore, it cannot be used with any arbitrary RSA key object,
+even if it is otherwise fit for regular RSA operation.

-As such, this function can not be used with any arbitrary RSA key object,
-even if it is otherwise fit for regular RSA operation. See B<NOTES> for more
-information.
+The B<cb> parameter is a callback that will be invoked in the same
+manner as L<BN_is_prime_ex(3)>.
+
+RSA_check_key() is equivalent to RSA_check_key_ex() with a NULL B<cb>.

 =head1 RETURN VALUE

-RSA_check_key() returns 1 if B<rsa> is a valid RSA key, and 0 otherwise.
-1 is returned if an error occurs while checking the key.
+RSA_check_key_ex() and RSA_check_key()
+return 1 if B<rsa> is a valid RSA key, and 0 otherwise.
+They return -1 if an error occurs while checking the key.

 If the key is invalid or an error occurred, the reason code can be
-obtained using L<ERR_get_error(3)|ERR_get_error(3)>.
+obtained using L<ERR_get_error(3)>.

 =head1 NOTES

-This function does not work on RSA public keys that have only the modulus
-and public exponent elements populated. It performs integrity checks on all
-the RSA key material, so the RSA key structure must contain all the private
-key data too.
-
 Unlike most other RSA functions, this function does B<not> work
 transparently with any underlying ENGINE implementation because it uses the
 key data in the RSA structure directly. An ENGINE implementation can
@@ -58,10 +65,20 @@ provide their own verifiers.

 =head1 SEE ALSO

-L<rsa(3)|rsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
+L<BN_is_prime_ex(3)>,
+L<ERR_get_error(3)>

 =head1 HISTORY

-RSA_check_key() appeared in OpenSSL 0.9.4.
+RSA_check_key_ex() appeared after OpenSSL 1.0.2.
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.

 =cut