From 5368bf05ed73e8a270490e024586fb25077fa13c Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 7 Oct 2017 13:42:05 +0100 Subject: [PATCH] Add RFC7919 documentation. Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/4485) --- doc/man3/DH_new_by_nid.pod | 39 ++++++++++++++++++++++++++++++++++ doc/man3/EVP_PKEY_CTX_ctrl.pod | 12 +++++++++++ util/private.num | 2 ++ 3 files changed, 53 insertions(+) create mode 100644 doc/man3/DH_new_by_nid.pod diff --git a/doc/man3/DH_new_by_nid.pod b/doc/man3/DH_new_by_nid.pod new file mode 100644 index 0000000000..73636c5d1e --- /dev/null +++ b/doc/man3/DH_new_by_nid.pod @@ -0,0 +1,39 @@ +=pod + +=head1 NAME + +DH_new_by_nid, DH_get_nid - get or find DH named parameters + +=head1 SYNOPSIS + + #include + DH *DH_new_by_nid(int nid); + int *DH_get_nid(const DH *dh); + +=head1 DESCRIPTION + +DH_new_by_nid() creates and returns a DH structure containing named parameters +B. Currently B must be B, B, +B, B or B. + +DH_get_nid() determines if the parameters contained in B match +any named set. It returns the NID corresponding to the matching parameters or +B if there is no match. + +=head1 RETURN VALUES + +DH_new_by_nid() returns a set of DH parameters or B if an error occurred. + +DH_get_nid() returns the NID of the matching set of parameters or +B if there is no match. + +=head1 COPYRIGHT + +Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod index 4670aa141a..2ad470b558 100644 --- a/doc/man3/EVP_PKEY_CTX_ctrl.pod +++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod @@ -8,6 +8,7 @@ EVP_PKEY_CTX_set_rsa_pss_saltlen, EVP_PKEY_CTX_set_rsa_keygen_bits, EVP_PKEY_CTX_set_rsa_keygen_pubexp, EVP_PKEY_CTX_set_dsa_paramgen_bits, EVP_PKEY_CTX_set_dh_paramgen_prime_len, EVP_PKEY_CTX_set_dh_paramgen_generator, +EVP_PKEY_CTX_set_dh_pad, EVP_PKEY_CTX_set_dh_nid, EVP_PKEY_CTX_set_ec_paramgen_curve_nid, EVP_PKEY_CTX_set_ec_param_enc - algorithm specific control operations @@ -35,6 +36,8 @@ EVP_PKEY_CTX_set_ec_param_enc - algorithm specific control operations #include int EVP_PKEY_CTX_set_dh_paramgen_prime_len(EVP_PKEY_CTX *ctx, int len); int EVP_PKEY_CTX_set_dh_paramgen_generator(EVP_PKEY_CTX *ctx, int gen); + int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad); + int EVP_PKEY_CTX_set_dh_nid(EVP_PKEY_CTX *ctx, int nid); #include int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid); @@ -111,6 +114,15 @@ then 1024 is used. The EVP_PKEY_CTX_set_dh_paramgen_generator() macro sets DH generator to B for DH parameter generation. If not specified 2 is used. +The EVP_PKEY_CTX_set_dh_pad() macro sets the DH padding mode. If B is +1 the shared secret is padded with zeroes up to the size of the DH prime B

. +If B is zero (the default) then no padding is performed. + +EVP_PKEY_CTX_set_dh_nid() sets the DH parameters to values corresponding to +B. The B parameter must be B, B, +B, B or B. This macro can be +called during parameter or key generation. + The EVP_PKEY_CTX_set_ec_paramgen_curve_nid() sets the EC curve for EC parameter generation to B. For EC parameter generation this macro must be called or an error occurs because there is no default curve. diff --git a/util/private.num b/util/private.num index 8c2fa396ab..205efe335a 100644 --- a/util/private.num +++ b/util/private.num @@ -169,6 +169,8 @@ EVP_PKEY_CTX_set1_hkdf_salt define EVP_PKEY_CTX_set1_tls1_prf_secret define EVP_PKEY_CTX_set_dh_paramgen_generator define EVP_PKEY_CTX_set_dh_paramgen_prime_len define +EVP_PKEY_CTX_set_dh_pad define +EVP_PKEY_CTX_set_dh_nid define EVP_PKEY_CTX_set_dsa_paramgen_bits define EVP_PKEY_CTX_set_ec_param_enc define EVP_PKEY_CTX_set_ec_paramgen_curve_nid define -- 2.25.1