diff options
author | Paul Yang <yang.yang@baishancloud.com> | 2017-09-04 22:02:59 +0800 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2017-09-13 20:38:14 +0200 |
commit | 2aee35d37d5161a2efc4d57953a4a7b234b6ea4c (patch) | |
tree | 396369a86192ce41ecda126ad46fb0bbc8eae593 /doc | |
parent | c061daaaed5ef05cd8cf0b8159d717be02fd451d (diff) |
Support key check in EVP interface
A new method is added to EVP_PKEY_METH as:
int (*check) (EVP_PKEY_CTX *ctx);
and to EVP_PKEY_ASN1_METHOD as:
int (*pkey_check) (EVP_PKEY_CTX *ctx);
This is used to check the validity of a specific key.
The order of calls is:
EVP_PKEY_check -> pmeth.check -> ameth.pkey_check.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4337)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man1/pkey.pod | 6 | ||||
-rw-r--r-- | doc/man3/EVP_PKEY_keygen.pod | 15 | ||||
-rw-r--r-- | doc/man3/EVP_PKEY_meth_new.pod | 13 |
3 files changed, 29 insertions, 5 deletions
diff --git a/doc/man1/pkey.pod b/doc/man1/pkey.pod index 3c277a55a3..d6b0db4d80 100644 --- a/doc/man1/pkey.pod +++ b/doc/man1/pkey.pod @@ -22,6 +22,7 @@ B<openssl> B<pkey> [B<-pubin>] [B<-pubout>] [B<-engine id>] +[B<-check>] =head1 DESCRIPTION @@ -110,6 +111,11 @@ to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. +=item B<-check> + +This option checks the consistency of a key pair for both public and private +components. + =back =head1 EXAMPLES diff --git a/doc/man3/EVP_PKEY_keygen.pod b/doc/man3/EVP_PKEY_keygen.pod index b7f2128baa..3687f9bfff 100644 --- a/doc/man3/EVP_PKEY_keygen.pod +++ b/doc/man3/EVP_PKEY_keygen.pod @@ -6,8 +6,8 @@ EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init, EVP_PKEY_paramgen, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb, EVP_PKEY_CTX_get_keygen_info, EVP_PKEY_CTX_set_app_data, EVP_PKEY_CTX_get_app_data, -EVP_PKEY_gen_cb -- key and parameter generation functions +EVP_PKEY_gen_cb, EVP_PKEY_check +- key and parameter generation and check functions =head1 SYNOPSIS @@ -28,6 +28,8 @@ EVP_PKEY_gen_cb void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); + int EVP_PKEY_check(EVP_PKEY_CTX *ctx); + =head1 DESCRIPTION The EVP_PKEY_keygen_init() function initializes a public key algorithm @@ -58,6 +60,10 @@ and retrieve an opaque pointer. This can be used to set some application defined value which can be retrieved in the callback: for example a handle which is used to update a "progress dialog". +EVP_PKEY_check() validates the key-pair given by B<ctx>. This function first tries +to use customized key check method in B<EVP_PKEY_METHOD> if it's present; otherwise +it calls a default one defined in B<EVP_PKEY_ASN1_METHOD>. + =head1 NOTES After the call to EVP_PKEY_keygen_init() or EVP_PKEY_paramgen_init() algorithm @@ -89,6 +95,9 @@ EVP_PKEY_paramgen() return 1 for success and 0 or a negative value for failure. In particular a return value of -2 indicates the operation is not supported by the public key algorithm. +EVP_PKEY_check() returns 1 for success or others for failure. It +returns -2 if the operation is not supported for the specific algorithm. + =head1 EXAMPLES Generate a 2048 bit RSA key: @@ -171,7 +180,7 @@ These functions were first added to OpenSSL 1.0.0. =head1 COPYRIGHT -Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/EVP_PKEY_meth_new.pod b/doc/man3/EVP_PKEY_meth_new.pod index 041492a8f0..acff78a16c 100644 --- a/doc/man3/EVP_PKEY_meth_new.pod +++ b/doc/man3/EVP_PKEY_meth_new.pod @@ -8,12 +8,12 @@ EVP_PKEY_meth_set_init, EVP_PKEY_meth_set_copy, EVP_PKEY_meth_set_cleanup, EVP_PKEY_meth_set_paramgen, EVP_PKEY_meth_set_keygen, EVP_PKEY_meth_set_sign, EVP_PKEY_meth_set_verify, EVP_PKEY_meth_set_verify_recover, EVP_PKEY_meth_set_signctx, EVP_PKEY_meth_set_verifyctx, EVP_PKEY_meth_set_encrypt, EVP_PKEY_meth_set_decrypt, -EVP_PKEY_meth_set_derive, EVP_PKEY_meth_set_ctrl, +EVP_PKEY_meth_set_derive, EVP_PKEY_meth_set_ctrl, EVP_PKEY_meth_set_check, EVP_PKEY_meth_get_init, EVP_PKEY_meth_get_copy, EVP_PKEY_meth_get_cleanup, EVP_PKEY_meth_get_paramgen, EVP_PKEY_meth_get_keygen, EVP_PKEY_meth_get_sign, EVP_PKEY_meth_get_verify, EVP_PKEY_meth_get_verify_recover, EVP_PKEY_meth_get_signctx, EVP_PKEY_meth_get_verifyctx, EVP_PKEY_meth_get_encrypt, EVP_PKEY_meth_get_decrypt, -EVP_PKEY_meth_get_derive, EVP_PKEY_meth_get_ctrl +EVP_PKEY_meth_get_derive, EVP_PKEY_meth_get_ctrl, EVP_PKEY_meth_get_check - manipulating EVP_PKEY_METHOD structure =head1 SYNOPSIS @@ -106,6 +106,8 @@ EVP_PKEY_meth_get_derive, EVP_PKEY_meth_get_ctrl int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value)); + void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, + int (*check) (EVP_PKEY *pkey)); void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth, int (**pinit) (EVP_PKEY_CTX *ctx)); @@ -185,6 +187,8 @@ EVP_PKEY_meth_get_derive, EVP_PKEY_meth_get_ctrl int (**pctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value)); + void EVP_PKEY_meth_get_check(EVP_PKEY_METHOD *pmeth, + int (**pcheck) (EVP_PKEY *pkey)); =head1 DESCRIPTION @@ -309,6 +313,11 @@ The digestsign() and digestverify() methods are used to generate or verify a signature in a one-shot mode. They could be called by L<EVP_DigetSign(3)> and L<EVP_DigestVerify(3)>. + int (*check) (EVP_PKEY *pkey); + +The check() method is used to validate a key-pair for a given B<pkey>. It +could be called by L<EVP_PKEY_check(3)>. + =head2 Functions EVP_PKEY_meth_new() creates and returns a new B<EVP_PKEY_METHOD> object, |