mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 05:21:51 +08:00
Code Issues Packages Projects Releases Wiki Activity
185e1aa226
openssl/doc/man3/DH_new_by_nid.pod
Shane Lontis 738ee1819e Fix DH_get_nid() so that it does not cache values. 
DH_set0_pqg() is now responsible for caching the nid, q and length.

DH with or without named safe prime groups now default to using the maximum private key length (BN_num_bits(q) - 1)
when generating a DH private key. The code is now shared between fips and non fips mode for DH key generation.

The OSSL_PKEY_PARAM_DH_PRIV_LEN parameter can be used during keygen to override the maximum private key length to be
in the range (2 * strength ... bits(q) - 1). Where the strength depends on the length of p.

Added q = (p - 1) / 2 safe prime BIGNUMS so that the code is data driven (To simplify adding new names).
The BIGNUMS were code generated.

Fix error in documented return value for DH_get_nid

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11562)
2020-04-20 11:07:38 +10:00

52 lines
1.5 KiB
Plaintext
Raw Blame History

=pod
=head1 NAME
DH_new_by_nid, DH_get_nid - create or get DH named parameters
=head1 SYNOPSIS
#include <openssl/dh.h>
DH *DH_new_by_nid(int nid);
Deprecated since OpenSSL 3.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:
int DH_get_nid(const DH *dh);
=head1 DESCRIPTION
DH_new_by_nid() creates and returns a DH structure containing named parameters
B<nid>. Currently B<nid> must be B<NID_ffdhe2048>, B<NID_ffdhe3072>,
B<NID_ffdhe4096>, B<NID_ffdhe6144>, B<NID_ffdhe8192>,
B<NID_modp_1536>, B<NID_modp_2048>, B<NID_modp_3072>,
B<NID_modp_4096>, B<NID_modp_6144> or B<NID_modp_8192>.
DH_get_nid() determines if the parameters contained in B<dh> match
any named safe prime group. It returns the NID corresponding to the matching
parameters or B<NID_undef> if there is no match.
This function is deprecated.
=head1 RETURN VALUES
DH_new_by_nid() returns a set of DH parameters or B<NULL> if an error occurred.
DH_get_nid() returns the NID of the matching set of parameters for p and g
and optionally q, otherwise it returns B<NID_undef> if there is no match.
=head1 HISTORY
The DH_get_nid() function was deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut
Reference in New Issue View Git Blame Copy Permalink