mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-27 06:21:43 +08:00
Code Issues Packages Projects Releases Wiki Activity
1d39620b34
openssl/doc/man3/DH_new_by_nid.pod
Shane Lontis 55f02cb684 Change DH_get_nid() to set the value of q if it is not already set 
Fixes #11108.

It only sets q if a valid named group is found.
The function signature was recently changed to pass a non const DH pointer
in order to allow the nid to be cached internally. As an extension of this
the value of q can now also be set as q is always known for named groups.
The length field is also set if q is set.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11114)
2020-03-07 07:47:58 +10:00

58 lines
1.8 KiB
Plaintext
Raw Blame History

=pod
=head1 NAME
DH_new_by_nid, DH_get_nid - get or find DH named parameters
=head1 SYNOPSIS
#include <openssl/dh.h>
DH *DH_new_by_nid(int nid);
Deprecated since OpenSSL 3.0, can be hidden entirely by defining
B<OPENSSL_API_COMPAT> with a suitable version value, see
L<openssl_user_macros(7)>:
int *DH_get_nid(DH *dh);
=head1 DESCRIPTION
DH_new_by_nid() creates and returns a DH structure containing named parameters
B<nid>. Currently B<nid> must be B<NID_ffdhe2048>, B<NID_ffdhe3072>,
B<NID_ffdhe4096>, B<NID_ffdhe6144>, B<NID_ffdhe8192>,
B<NID_modp_1536>, B<NID_modp_2048>, B<NID_modp_3072>,
B<NID_modp_4096>, B<NID_modp_6144> or B<NID_modp_8192>.
DH_get_nid() determines if the parameters contained in B<dh> match
any named safe prime group. It returns the NID corresponding to the matching
parameters or B<NID_undef> if there is no match.
Internally it caches the nid, so that any subsequent calls can fetch the
cached value.
If a matching p and g are not found and the value of parameter q is not set,
then it is set to q = (p - 1) / 2.
If parameter q is already set then it must also match the expected q otherwise
no match will be found.
This function is deprecated.
=head1 RETURN VALUES
DH_new_by_nid() returns a set of DH parameters or B<NULL> if an error occurred.
DH_get_nid() returns the NID of the matching set of parameters for p and g
and optionally q, otherwise it returns B<NID_undef> if there is no match.
=head1 HISTORY
The DH_get_nid() function was deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut
Reference in New Issue View Git Blame Copy Permalink