OpenBSD manual page server

Manual Page Search Parameters

EVP_PKEY_CHECK(3) Library Functions Manual EVP_PKEY_CHECK(3)

EVP_PKEY_check, EVP_PKEY_public_check, EVP_PKEY_param_checkkey and parameter check functions

#include <openssl/evp.h>

int
EVP_PKEY_check(EVP_PKEY_CTX *ctx);

int
EVP_PKEY_public_check(EVP_PKEY_CTX *ctx);

int
EVP_PKEY_param_check(EVP_PKEY_CTX *ctx);

() performs various sanity checks on the key contained in ctx but only supports a small number of key types by default. It preferably uses the function check configured for ctx with EVP_PKEY_meth_set_check(3). It falls back to the function pkey_check configured for the private key contained in ctx with EVP_PKEY_asn1_set_check(3). If that wasn't configured either, it attempts to use the following check functions:

DH
not supported, return value -2
EC
EC_KEY_check_key(3)
RSA
RSA_check_key(3)

() performs various sanity checks on the public key contained in ctx but only supports a small number of key types by default. It preferably uses the function public_check configured for ctx with EVP_PKEY_meth_set_public_check(3). It falls back to the function pkey_public_check configured for the private key contained in ctx with EVP_PKEY_asn1_set_public_check(3). If that wasn't configured either, it attempts to use the following check functions:

DH
DH_check_pub_key(3)
EC
EC_KEY_check_key(3)
RSA
not supported, return value -2

() performs various sanity checks on the key parameters contained in ctx but only supports a small number of key types by default. It preferably uses the function check configured for ctx with EVP_PKEY_meth_set_param_check(3). It falls back to the function pkey_check configured for the private key contained in ctx with EVP_PKEY_asn1_set_param_check(3). If that wasn't configured either, it attempts to use the following check functions:

DH
DH_check(3)
EC
EC_GROUP_check(3)
RSA
not supported, return value -2

These functions return 1 if the check was performed and no problem was found, 0 if a problem was found or if the check could not be performed, for example because ctx does not contain an EVP_PKEY object, or -2 if the required check function is neither configured for ctx nor for the PKEY contained therein, and the check in question is not supported by default for the algorithm in question either.

DH_check(3), EC_GROUP_check(3), EC_KEY_new(3), EVP_PKEY_asn1_new(3), EVP_PKEY_CTX_new(3), EVP_PKEY_meth_new(3), EVP_PKEY_new(3), RSA_check_key(3)

These functions first appeared in OpenSSL 1.1.1 and have been available since OpenBSD 7.1.

For EC keys, EVP_PKEY_public_check() also checks the key and fails if there is a problem with any of the private components, even if no problem is found with the public key.

July 14, 2022 OpenBSD-current