EVP_PKEY_CHECK(3) Library Functions Manual EVP_PKEY_CHECK(3)
NAME
EVP_PKEY_check, EVP_PKEY_public_check, EVP_PKEY_param_check — key and parameter check functions
SYNOPSIS
#include <openssl/evp.h>
int
EVP_PKEY_check(EVP_PKEY_CTX *ctx);
int
EVP_PKEY_public_check(EVP_PKEY_CTX *ctx);
int
EVP_PKEY_param_check(EVP_PKEY_CTX *ctx);
DESCRIPTION
EVP_PKEY_check() performs various sanity checks on the key contained in ctx but only supports a small number of key types by default. It preferably uses the function check configured for ctx with EVP_PKEY_meth_set_check(3). It falls back to the function pkey_check configured for the private key contained in ctx with EVP_PKEY_asn1_set_check(3). If that wasn’t configured either, it attempts to use the following check functions:
DH
not supported, return value −2
EC
EC_KEY_check_key(3)
RSA
RSA_check_key(3)
EVP_PKEY_public_check() performs various sanity checks on the public key contained in ctx but only supports a small number of key types by default. It preferably uses the function public_check configured for ctx with EVP_PKEY_meth_set_public_check(3). It falls back to the function pkey_public_check configured for the private key contained in ctx with EVP_PKEY_asn1_set_public_check(3). If that wasn’t configured either, it attempts to use the following check functions:
DH
DH_check_pub_key(3)
EC
EC_KEY_check_key(3)
RSA
not supported, return value −2
EVP_PKEY_param_check() performs various sanity checks on the key parameters contained in ctx but only supports a small number of key types by default. It preferably uses the function check configured for ctx with EVP_PKEY_meth_set_param_check(3). It falls back to the function pkey_check configured for the private key contained in ctx with EVP_PKEY_asn1_set_param_check(3). If that wasn’t configured either, it attempts to use the following check functions:
DH
DH_check(3)
EC
EC_GROUP_check(3)
RSA
not supported, return value −2
RETURN VALUES
These functions return 1 if the check was performed and no problem was found, 0 if a problem was found or if the check could not be performed, for example because ctx does not contain an EVP_PKEY object, or −2 if the required check function is neither configured for ctx nor for the PKEY contained therein, and the check in question is not supported by default for the algorithm in question either.
SEE ALSO
DH_check(3), EC_GROUP_check(3), EC_KEY_new(3), EVP_PKEY_asn1_new(3), EVP_PKEY_CTX_new(3), EVP_PKEY_meth_new(3), EVP_PKEY_new(3), RSA_check_key(3)
HISTORY
These functions first appeared in OpenSSL 1.1.1 and have been available since OpenBSD 7.1.
BUGS
For EC keys, EVP_PKEY_public_check() also checks the private key and fails if there is a problem with any of the private components, even if no problem is found with the public key. GNU July 14, 2022 EVP_PKEY_CHECK(3)