HEX
Server: nginx/1.28.1
System: Linux 10-41-63-61 6.8.0-31-generic #31-Ubuntu SMP PREEMPT_DYNAMIC Sat Apr 20 00:40:06 UTC 2024 x86_64
User: www (1001)
PHP: 7.4.33
Disabled: passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv
$ pwd: /usr/local/openssl/man/man3/
Upload Files
File: //usr/local/openssl/man/man3/DH_generate_parameters.3
.\" -*- mode: troff; coding: utf-8 -*-
.\" Automatically generated by Pod::Man 5.01 (Pod::Simple 3.43)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>.
.ie n \{\
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
.    if \nF \{\
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{\
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "DH_generate_parameters 3"
.TH DH_generate_parameters 3 2019-12-20 1.0.2u OpenSSL
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH NAME
DH_generate_parameters_ex, DH_generate_parameters,
DH_check \- generate and check Diffie\-Hellman parameters
.SH SYNOPSIS
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/dh.h>
\&
\& int DH_generate_parameters_ex(DH *dh, int prime_len,int generator, BN_GENCB *cb);
\&
\& int DH_check(DH *dh, int *codes);
.Ve
.PP
Deprecated:
.PP
.Vb 2
\& DH *DH_generate_parameters(int prime_len, int generator,
\&     void (*callback)(int, int, void *), void *cb_arg);
.Ve
.SH DESCRIPTION
.IX Header "DESCRIPTION"
\&\fBDH_generate_parameters_ex()\fR generates Diffie-Hellman parameters that can
be shared among a group of users, and stores them in the provided \fBDH\fR
structure. The pseudo-random number generator must be
seeded prior to calling \fBDH_generate_parameters()\fR.
.PP
\&\fBprime_len\fR is the length in bits of the safe prime to be generated.
\&\fBgenerator\fR is a small number > 1, typically 2 or 5.
.PP
A callback function may be used to provide feedback about the progress
of the key generation. If \fBcb\fR is not \fBNULL\fR, it will be
called as described in \fBBN_generate_prime\fR\|(3) while a random prime
number is generated, and when a prime has been found, \fBBN_GENCB_call(cb, 3, 0)\fR
is called. See \fBBN_generate_prime\fR\|(3) for information on
the \fBBN_GENCB_call()\fR function.
.PP
\&\fBDH_check()\fR validates Diffie-Hellman parameters. It checks that \fBp\fR is
a safe prime, and that \fBg\fR is a suitable generator. In the case of an
error, the bit flags DH_CHECK_P_NOT_SAFE_PRIME or
DH_NOT_SUITABLE_GENERATOR are set in \fB*codes\fR.
DH_UNABLE_TO_CHECK_GENERATOR is set if the generator cannot be
checked, i.e. it does not equal 2 or 5.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fBDH_generate_parameters_ex()\fR and \fBDH_check()\fR return 1 if the check could be
performed, 0 otherwise.
.PP
\&\fBDH_generate_parameters()\fR (deprecated) returns a pointer to the DH structure, or
NULL if the parameter generation fails.
.PP
The error codes can be obtained by \fBERR_get_error\fR\|(3).
.SH NOTES
.IX Header "NOTES"
\&\fBDH_generate_parameters_ex()\fR and \fBDH_generate_parameters()\fR may run for several
hours before finding a suitable prime.
.PP
The parameters generated by \fBDH_generate_parameters_ex()\fR and \fBDH_generate_parameters()\fR
are not to be used in signature schemes.
.SH BUGS
.IX Header "BUGS"
If \fBgenerator\fR is not 2 or 5, \fBdh\->g\fR=\fBgenerator\fR is not
a usable generator.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBdh\fR\|(3), \fBERR_get_error\fR\|(3), \fBrand\fR\|(3),
\&\fBDH_free\fR\|(3)
.SH HISTORY
.IX Header "HISTORY"
\&\fBDH_check()\fR is available in all versions of SSLeay and OpenSSL.
The \fBcb_arg\fR argument to \fBDH_generate_parameters()\fR was added in SSLeay 0.9.0.
.PP
In versions before OpenSSL 0.9.5, DH_CHECK_P_NOT_STRONG_PRIME is used
instead of DH_CHECK_P_NOT_SAFE_PRIME.
@ Telegram