table of contents
EVP_PKEY_CHECK(3) | Library Functions Manual | EVP_PKEY_CHECK(3) |
NAME¶
EVP_PKEY_check
,
EVP_PKEY_public_check
,
EVP_PKEY_param_check
— key
and parameter check functions
SYNOPSIS¶
#include
<openssl/evp.h>
int
EVP_PKEY_check
(EVP_PKEY_CTX
*ctx);
int
EVP_PKEY_public_check
(EVP_PKEY_CTX
*ctx);
int
EVP_PKEY_param_check
(EVP_PKEY_CTX
*ctx);
DESCRIPTION¶
EVP_PKEY_check
()
performs various sanity checks on the key contained in
ctx but only supports a small number of key types by
default. It preferably uses the function check
configured for ctx with
EVP_PKEY_meth_set_check(3). It falls back to the function
pkey_check configured for the private key contained in
ctx with EVP_PKEY_asn1_set_check(3).
If that wasn't configured either, it attempts to use the following check
functions:
- DH
- not supported, return value -2
- EC
- EC_KEY_check_key(3)
- RSA
- RSA_check_key(3)
EVP_PKEY_public_check
()
performs various sanity checks on the public key contained in
ctx but only supports a small number of key types by
default. It preferably uses the function public_check
configured for ctx with
EVP_PKEY_meth_set_public_check(3). It falls back to the
function pkey_public_check configured for the private
key contained in ctx with
EVP_PKEY_asn1_set_public_check(3). If that wasn't
configured either, it attempts to use the following check functions:
- DH
- DH_check_pub_key(3)
- EC
- EC_KEY_check_key(3)
- RSA
- not supported, return value -2
EVP_PKEY_param_check
()
performs various sanity checks on the key parameters contained in
ctx but only supports a small number of key types by
default. It preferably uses the function check
configured for ctx with
EVP_PKEY_meth_set_param_check(3). It falls back to the
function pkey_check configured for the private key
contained in ctx with
EVP_PKEY_asn1_set_param_check(3). If that wasn't
configured either, it attempts to use the following check functions:
- DH
- DH_check(3)
- EC
- EC_GROUP_check(3)
- RSA
- not supported, return value -2
RETURN VALUES¶
These functions return 1 if the check was performed and no problem was found, 0 if a problem was found or if the check could not be performed, for example because ctx does not contain an EVP_PKEY object, or -2 if the required check function is neither configured for ctx nor for the PKEY contained therein, and the check in question is not supported by default for the algorithm in question either.
SEE ALSO¶
DH_check(3), EC_GROUP_check(3), EC_KEY_new(3), EVP_PKEY_asn1_new(3), EVP_PKEY_CTX_new(3), EVP_PKEY_meth_new(3), EVP_PKEY_new(3), RSA_check_key(3)
HISTORY¶
These functions first appeared in OpenSSL 1.1.1 and have been available since OpenBSD 7.1.
BUGS¶
For EC keys, EVP_PKEY_public_check
() also
checks the
private
key and fails if there is a problem with any of the private components, even
if no problem is found with the public key.
July 14, 2022 | Linux 6.4.0-150600.23.25-default |