From abcce97a970fd3c1e608758f957694dca751a75e Mon Sep 17 00:00:00 2001
From: Geoff Thorpe <geoff@openssl.org>
Date: Thu, 18 Jul 2002 22:24:25 +0000
Subject: [PATCH] this is a non-ENGINE version of the clarifications made to
 the other CVS branches.

PR: 86
---
 doc/crypto/RSA_check_key.pod | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/doc/crypto/RSA_check_key.pod b/doc/crypto/RSA_check_key.pod
index 79fed753ad..8a42d2e0d4 100644
--- a/doc/crypto/RSA_check_key.pod
+++ b/doc/crypto/RSA_check_key.pod
@@ -18,7 +18,9 @@ in fact prime, and that B<n = p*q>.
 It also checks that B<d*e = 1 mod (p-1*q-1)>,
 and that B<dmp1>, B<dmq1> and B<iqmp> are set correctly or are B<NULL>.
 
-The key's public components may not be B<NULL>.
+As such, this function can not be used with any arbitrary RSA key object,
+even if it is otherwise fit for regular RSA operation. See B<NOTES> for more
+information.
 
 =head1 RETURN VALUE
 
@@ -28,6 +30,13 @@ RSA_check_key() returns 1 if B<rsa> is a valid RSA key, and 0 otherwise.
 If the key is invalid or an error occurred, the reason code can be
 obtained using L<ERR_get_error(3)|ERR_get_error(3)>.
 
+=head1 NOTES
+
+This function does not work on RSA public keys that have only the modulus
+and public exponent elements populated. It performs integrity checks on all
+the RSA key material, so the RSA key structure must contain all the private
+key data too.
+
 =head1 SEE ALSO
 
 L<rsa(3)|rsa(3)>, L<err(3)|err(3)>
-- 
2.25.1