]>
Commit | Line | Data |
---|---|---|
0263b992 MC |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
6db7fadf DMSP |
5 | DH_get0_pqg, DH_set0_pqg, DH_get0_key, DH_set0_key, |
6 | DH_get0_p, DH_get0_q, DH_get0_g, | |
7 | DH_get0_priv_key, DH_get0_pub_key, | |
8 | DH_clear_flags, DH_test_flags, DH_set_flags, DH_get0_engine, | |
9 | DH_get_length, DH_set_length - Routines for getting and setting data in a DH object | |
0263b992 MC |
10 | |
11 | =head1 SYNOPSIS | |
12 | ||
13 | #include <openssl/dh.h> | |
14 | ||
fd809cfd RL |
15 | void DH_get0_pqg(const DH *dh, |
16 | const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); | |
0263b992 | 17 | int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); |
fd809cfd RL |
18 | void DH_get0_key(const DH *dh, |
19 | const BIGNUM **pub_key, const BIGNUM **priv_key); | |
0263b992 | 20 | int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); |
6db7fadf DMSP |
21 | const BIGNUM *DH_get0_p(const DH *dh); |
22 | const BIGNUM *DH_get0_q(const DH *dh); | |
23 | const BIGNUM *DH_get0_g(const DH *dh); | |
24 | const BIGNUM *DH_get0_priv_key(const DH *dh); | |
25 | const BIGNUM *DH_get0_pub_key(const DH *dh); | |
0263b992 MC |
26 | void DH_clear_flags(DH *dh, int flags); |
27 | int DH_test_flags(const DH *dh, int flags); | |
28 | void DH_set_flags(DH *dh, int flags); | |
ada66e78 | 29 | |
ccefc341 P |
30 | long DH_get_length(const DH *dh); |
31 | int DH_set_length(DH *dh, long length); | |
32 | ||
ada66e78 P |
33 | Deprecated since OpenSSL 3.0, can be hidden entirely by defining |
34 | B<OPENSSL_API_COMPAT> with a suitable version value, see | |
35 | L<openssl_user_macros(7)>: | |
36 | ||
0263b992 | 37 | ENGINE *DH_get0_engine(DH *d); |
0263b992 MC |
38 | |
39 | =head1 DESCRIPTION | |
40 | ||
55f02cb6 SL |
41 | A DH object contains the parameters I<p>, I<q> and I<g>. Note that the I<q> |
42 | parameter is optional. It also contains a public key (I<pub_key>) and | |
43 | (optionally) a private key (I<priv_key>). | |
0263b992 | 44 | |
55f02cb6 SL |
45 | The I<p>, I<q> and I<g> parameters can be obtained by calling DH_get0_pqg(). |
46 | If the parameters have not yet been set then I<*p>, I<*q> and I<*g> will be set | |
0263b992 MC |
47 | to NULL. Otherwise they are set to pointers to their respective values. These |
48 | point directly to the internal representations of the values and therefore | |
49 | should not be freed directly. | |
55f02cb6 | 50 | Any of the out parameters I<p>, I<q>, and I<g> can be NULL, in which case no |
5777254b | 51 | value will be returned for that parameter. |
0263b992 | 52 | |
55f02cb6 SL |
53 | The I<p>, I<q> and I<g> values can be set by calling DH_set0_pqg() and passing |
54 | the new values for I<p>, I<q> and I<g> as parameters to the function. Calling | |
0263b992 MC |
55 | this function transfers the memory management of the values to the DH object, |
56 | and therefore the values that have been passed in should not be freed directly | |
55f02cb6 SL |
57 | after this function has been called. The I<q> parameter may be NULL. |
58 | DH_set0_pqg() also checks if the parameters associated with I<p> and I<g> and | |
59 | optionally I<q> are associated with known safe prime groups. If it is a safe | |
738ee181 SL |
60 | prime group then the value of I<q> will be set to q = (p - 1) / 2 if I<q> is |
61 | NULL. The optional length parameter will be set to BN_num_bits(I<q>) if I<q> | |
62 | is not NULL. | |
0263b992 MC |
63 | |
64 | To get the public and private key values use the DH_get0_key() function. A | |
55f02cb6 SL |
65 | pointer to the public key will be stored in I<*pub_key>, and a pointer to the |
66 | private key will be stored in I<*priv_key>. Either may be NULL if they have not | |
0263b992 MC |
67 | been set yet, although if the private key has been set then the public key must |
68 | be. The values point to the internal representation of the public key and | |
69 | private key values. This memory should not be freed directly. | |
55f02cb6 | 70 | Any of the out parameters I<pub_key> and I<priv_key> can be NULL, in which case |
5777254b | 71 | no value will be returned for that parameter. |
0263b992 | 72 | |
7966101e DB |
73 | The public and private key values can be set using DH_set0_key(). Either |
74 | parameter may be NULL, which means the corresponding DH field is left | |
75 | untouched. As with DH_set0_pqg() this function transfers the memory management | |
76 | of the key values to the DH object, and therefore they should not be freed | |
77 | directly after this function has been called. | |
0263b992 | 78 | |
55f02cb6 | 79 | Any of the values I<p>, I<q>, I<g>, I<priv_key>, and I<pub_key> can also be |
6db7fadf DMSP |
80 | retrieved separately by the corresponding function DH_get0_p(), DH_get0_q(), |
81 | DH_get0_g(), DH_get0_priv_key(), and DH_get0_pub_key(), respectively. | |
82 | ||
55f02cb6 | 83 | DH_set_flags() sets the flags in the I<flags> parameter on the DH object. |
0263b992 MC |
84 | Multiple flags can be passed in one go (bitwise ORed together). Any flags that |
85 | are already set are left set. DH_test_flags() tests to see whether the flags | |
55f02cb6 | 86 | passed in the I<flags> parameter are currently set in the DH object. Multiple |
0263b992 MC |
87 | flags can be tested in one go. All flags that are currently set are returned, or |
88 | zero if none of the flags are set. DH_clear_flags() clears the specified flags | |
89 | within the DH object. | |
90 | ||
91 | DH_get0_engine() returns a handle to the ENGINE that has been set for this DH | |
ada66e78 | 92 | object, or NULL if no such ENGINE has been set. This function is deprecated. |
0263b992 MC |
93 | |
94 | The DH_get_length() and DH_set_length() functions get and set the optional | |
9c0586d5 | 95 | length parameter associated with this DH object. If the length is nonzero then |
55f02cb6 | 96 | it is used, otherwise it is ignored. The I<length> parameter indicates the |
738ee181 SL |
97 | length of the secret exponent (private key) in bits. These functions are |
98 | deprecated. For safe prime groups the optional length parameter I<length> can be | |
99 | set to a value greater or equal to 2 * maximum_target_security_strength(BN_num_bits(I<p>)) | |
100 | as listed in SP800-56Ar3 Table(s) 25 & 26. | |
0263b992 | 101 | |
4c5e6b2c RL |
102 | =head1 NOTES |
103 | ||
104 | Values retrieved with DH_get0_key() are owned by the DH object used | |
105 | in the call and may therefore I<not> be passed to DH_set0_key(). If | |
106 | needed, duplicate the received value using BN_dup() and pass the | |
107 | duplicate. The same applies to DH_get0_pqg() and DH_set0_pqg(). | |
108 | ||
0263b992 MC |
109 | =head1 RETURN VALUES |
110 | ||
111 | DH_set0_pqg() and DH_set0_key() return 1 on success or 0 on failure. | |
112 | ||
6db7fadf | 113 | DH_get0_p(), DH_get0_q(), DH_get0_g(), DH_get0_priv_key(), and DH_get0_pub_key() |
5777254b | 114 | return the respective value, or NULL if it is unset. |
6db7fadf | 115 | |
0263b992 MC |
116 | DH_test_flags() returns the current state of the flags in the DH object. |
117 | ||
118 | DH_get0_engine() returns the ENGINE set for the DH object or NULL if no ENGINE | |
119 | has been set. | |
120 | ||
121 | DH_get_length() returns the length of the secret exponent (private key) in bits, | |
122 | or zero if no such length has been explicitly set. | |
123 | ||
124 | =head1 SEE ALSO | |
125 | ||
b97fdb57 | 126 | L<DH_new(3)>, L<DH_new(3)>, L<DH_generate_parameters(3)>, L<DH_generate_key(3)>, |
0263b992 MC |
127 | L<DH_set_method(3)>, L<DH_size(3)>, L<DH_meth_new(3)> |
128 | ||
129 | =head1 HISTORY | |
130 | ||
ccefc341 | 131 | The DH_get0_engine() function was deprecated in OpenSSL 3.0. |
ada66e78 | 132 | |
e90fc053 | 133 | The functions described here were added in OpenSSL 1.1.0. |
0263b992 | 134 | |
e2f92610 RS |
135 | =head1 COPYRIGHT |
136 | ||
33388b44 | 137 | Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. |
e2f92610 | 138 | |
4746f25a | 139 | Licensed under the Apache License 2.0 (the "License"). You may not use |
e2f92610 RS |
140 | this file except in compliance with the License. You can obtain a copy |
141 | in the file LICENSE in the source distribution or at | |
142 | L<https://www.openssl.org/source/license.html>. | |
143 | ||
144 | =cut |