From db802c60e32820866bcfadef47e627821aac7442 Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Thu, 18 Jul 2002 19:10:57 +0000
Subject: [PATCH] Explain why RSA_check_key() doesn't work with hard keys. PR:
 86

---
 doc/crypto/RSA_check_key.pod | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/doc/crypto/RSA_check_key.pod b/doc/crypto/RSA_check_key.pod
index 79fed753ad..5737ecdc3e 100644
--- a/doc/crypto/RSA_check_key.pod
+++ b/doc/crypto/RSA_check_key.pod
@@ -28,12 +28,21 @@ RSA_check_key() returns 1 if B<rsa> is a valid RSA key, and 0 otherwise.
 If the key is invalid or an error occurred, the reason code can be
 obtained using L<ERR_get_error(3)|ERR_get_error(3)>.
 
+=head1 NOTES
+
+RSA_check_key() can only check soft keys.  If given hard keys, i.e. keys
+that were retreived from an ENGINE (with ENGINE_load_private_key()),
+RSA_check_key() will always return 0, as if the key was invalid.  The
+reason is that the private components B<p>, B<q> and B<d> are normally
+not available to OpenSSL for hard keys, and the checks can therefore not
+be done.
+
 =head1 SEE ALSO
 
 L<rsa(3)|rsa(3)>, L<err(3)|err(3)>
 
 =head1 HISTORY
 
-RSA_check() appeared in OpenSSL 0.9.4.
+RSA_check_key() appeared in OpenSSL 0.9.4.
 
 =cut
-- 
2.34.1