opensolaris man page for dh_check

Query: dh_check

OS: opensolaris

Section: 3openssl

Links: opensolaris man pages   all man pages

Forums: unix linux community   forum categories

Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar

DH_generate_parameters(3openssl)				      OpenSSL					  DH_generate_parameters(3openssl)


NAME

       DH_generate_parameters, DH_check - generate and check Diffie-Hellman parameters


SYNOPSIS

	#include <openssl/dh.h>

	DH *DH_generate_parameters(int prime_len, int generator,
	    void (*callback)(int, int, void *), void *cb_arg);

	int DH_check(DH *dh, int *codes);


DESCRIPTION

       DH_generate_parameters() generates Diffie-Hellman parameters that can be shared among a group of users, and returns them in a newly allo-
       cated DH structure. The pseudo-random number generator must be seeded prior to calling DH_generate_parameters().

       prime_len is the length in bits of the safe prime to be generated.  generator is a small number > 1, typically 2 or 5.

       A callback function may be used to provide feedback about the progress of the key generation. If callback is not NULL, it will be called as
       described in BN_generate_prime(3) while a random prime number is generated, and when a prime has been found, callback(3, 0, cb_arg) is
       called.

       DH_check() validates Diffie-Hellman parameters. It checks that p is a safe prime, and that g is a suitable generator. In the case of an
       error, the bit flags DH_CHECK_P_NOT_SAFE_PRIME or DH_NOT_SUITABLE_GENERATOR are set in *codes.  DH_UNABLE_TO_CHECK_GENERATOR is set if the
       generator cannot be checked, i.e. it does not equal 2 or 5.


RETURN VALUES

       DH_generate_parameters() returns a pointer to the DH structure, or NULL if the parameter generation fails. The error codes can be obtained
       by ERR_get_error(3).

       DH_check() returns 1 if the check could be performed, 0 otherwise.


NOTES

       DH_generate_parameters() may run for several hours before finding a suitable prime.

       The parameters generated by DH_generate_parameters() are not to be used in signature schemes.


BUGS

       If generator is not 2 or 5, dh->g=generator is not a usable generator.


SEE ALSO

       dh(3), ERR_get_error(3), rand(3), DH_free(3)


HISTORY

       DH_check() is available in all versions of SSLeay and OpenSSL.  The cb_arg argument to DH_generate_parameters() was added in SSLeay 0.9.0.

       In versions before OpenSSL 0.9.5, DH_CHECK_P_NOT_STRONG_PRIME is used instead of DH_CHECK_P_NOT_SAFE_PRIME.

OpenSSL-0.9.8							    Oct 11 2005 				  DH_generate_parameters(3openssl)
Related Man Pages
dh_generate_parameters(3ssl) - linux
dh_generate_parameters(3ssl) - debian
dh_generate_parameters(3) - centos
dh_generate_parameters(3) - opendarwin
dh_check(3ssl) - linux
Similar Topics in the Unix Linux Community
What does this mean?
PHP Man Pages Now Available (Over 10,000)
Grep the 'not running' jobs and will send the update in mail with its name(job)
What's legal and what's not?
Solaris 10 - password complexity not working