1e71b7053SJung-uk Kim=pod 2e71b7053SJung-uk Kim 3e71b7053SJung-uk Kim=head1 NAME 4e71b7053SJung-uk Kim 5e71b7053SJung-uk KimRSA_check_key_ex, RSA_check_key - validate private RSA keys 6e71b7053SJung-uk Kim 7e71b7053SJung-uk Kim=head1 SYNOPSIS 8e71b7053SJung-uk Kim 9e71b7053SJung-uk Kim #include <openssl/rsa.h> 10e71b7053SJung-uk Kim 11*b077aed3SPierre ProncheryThe following functions have been deprecated since OpenSSL 3.0, and can be 12*b077aed3SPierre Proncheryhidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable version value, 13*b077aed3SPierre Proncherysee L<openssl_user_macros(7)>: 14e71b7053SJung-uk Kim 15*b077aed3SPierre Pronchery int RSA_check_key_ex(const RSA *rsa, BN_GENCB *cb); 16*b077aed3SPierre Pronchery 17*b077aed3SPierre Pronchery int RSA_check_key(const RSA *rsa); 18e71b7053SJung-uk Kim 19e71b7053SJung-uk Kim=head1 DESCRIPTION 20e71b7053SJung-uk Kim 21*b077aed3SPierre ProncheryBoth of the functions described on this page are deprecated. 22*b077aed3SPierre ProncheryApplications should instead use L<EVP_PKEY_public_check(3)>, 23*b077aed3SPierre ProncheryL<EVP_PKEY_private_check(3)> and L<EVP_PKEY_pairwise_check(3)>. 24*b077aed3SPierre Pronchery 25e71b7053SJung-uk KimRSA_check_key_ex() function validates RSA keys. 26e71b7053SJung-uk KimIt checks that B<p> and B<q> are 27e71b7053SJung-uk Kimin fact prime, and that B<n = p*q>. 28e71b7053SJung-uk Kim 29e71b7053SJung-uk KimIt does not work on RSA public keys that have only the modulus 30e71b7053SJung-uk Kimand public exponent elements populated. 31e71b7053SJung-uk KimIt also checks that B<d*e = 1 mod (p-1*q-1)>, 32e71b7053SJung-uk Kimand that B<dmp1>, B<dmq1> and B<iqmp> are set correctly or are B<NULL>. 33e71b7053SJung-uk KimIt performs integrity checks on all 34e71b7053SJung-uk Kimthe RSA key material, so the RSA key structure must contain all the private 35e71b7053SJung-uk Kimkey data too. 36e71b7053SJung-uk KimTherefore, it cannot be used with any arbitrary RSA key object, 37e71b7053SJung-uk Kimeven if it is otherwise fit for regular RSA operation. 38e71b7053SJung-uk Kim 39e71b7053SJung-uk KimThe B<cb> parameter is a callback that will be invoked in the same 40e71b7053SJung-uk Kimmanner as L<BN_is_prime_ex(3)>. 41e71b7053SJung-uk Kim 42e71b7053SJung-uk KimRSA_check_key() is equivalent to RSA_check_key_ex() with a NULL B<cb>. 43e71b7053SJung-uk Kim 44e71b7053SJung-uk Kim=head1 RETURN VALUES 45e71b7053SJung-uk Kim 46e71b7053SJung-uk KimRSA_check_key_ex() and RSA_check_key() 47e71b7053SJung-uk Kimreturn 1 if B<rsa> is a valid RSA key, and 0 otherwise. 48e71b7053SJung-uk KimThey return -1 if an error occurs while checking the key. 49e71b7053SJung-uk Kim 50e71b7053SJung-uk KimIf the key is invalid or an error occurred, the reason code can be 51e71b7053SJung-uk Kimobtained using L<ERR_get_error(3)>. 52e71b7053SJung-uk Kim 53e71b7053SJung-uk Kim=head1 NOTES 54e71b7053SJung-uk Kim 55e71b7053SJung-uk KimUnlike most other RSA functions, this function does B<not> work 56e71b7053SJung-uk Kimtransparently with any underlying ENGINE implementation because it uses the 57e71b7053SJung-uk Kimkey data in the RSA structure directly. An ENGINE implementation can 58e71b7053SJung-uk Kimoverride the way key data is stored and handled, and can even provide 59e71b7053SJung-uk Kimsupport for HSM keys - in which case the RSA structure may contain B<no> 60e71b7053SJung-uk Kimkey data at all! If the ENGINE in question is only being used for 61e71b7053SJung-uk Kimacceleration or analysis purposes, then in all likelihood the RSA key data 62e71b7053SJung-uk Kimis complete and untouched, but this can't be assumed in the general case. 63e71b7053SJung-uk Kim 64e71b7053SJung-uk Kim=head1 BUGS 65e71b7053SJung-uk Kim 66e71b7053SJung-uk KimA method of verifying the RSA key using opaque RSA API functions might need 67e71b7053SJung-uk Kimto be considered. Right now RSA_check_key() simply uses the RSA structure 68e71b7053SJung-uk Kimelements directly, bypassing the RSA_METHOD table altogether (and 69e71b7053SJung-uk Kimcompletely violating encapsulation and object-orientation in the process). 70e71b7053SJung-uk KimThe best fix will probably be to introduce a "check_key()" handler to the 71e71b7053SJung-uk KimRSA_METHOD function table so that alternative implementations can also 72e71b7053SJung-uk Kimprovide their own verifiers. 73e71b7053SJung-uk Kim 74e71b7053SJung-uk Kim=head1 SEE ALSO 75e71b7053SJung-uk Kim 76e71b7053SJung-uk KimL<BN_is_prime_ex(3)>, 77e71b7053SJung-uk KimL<ERR_get_error(3)> 78e71b7053SJung-uk Kim 79e71b7053SJung-uk Kim=head1 HISTORY 80e71b7053SJung-uk Kim 81*b077aed3SPierre ProncheryAll of these functions were deprecated in OpenSSL 3.0. 82*b077aed3SPierre Pronchery 83e71b7053SJung-uk KimRSA_check_key_ex() appeared after OpenSSL 1.0.2. 84e71b7053SJung-uk Kim 85e71b7053SJung-uk Kim=head1 COPYRIGHT 86e71b7053SJung-uk Kim 87*b077aed3SPierre ProncheryCopyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. 88e71b7053SJung-uk Kim 89*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 90e71b7053SJung-uk Kimthis file except in compliance with the License. You can obtain a copy 91e71b7053SJung-uk Kimin the file LICENSE in the source distribution or at 92e71b7053SJung-uk KimL<https://www.openssl.org/source/license.html>. 93e71b7053SJung-uk Kim 94e71b7053SJung-uk Kim=cut 95