diff options
Diffstat (limited to 'secure/lib/libcrypto/man/man7/EVP_PKEY-DH.7')
| -rw-r--r-- | secure/lib/libcrypto/man/man7/EVP_PKEY-DH.7 | 35 |
1 files changed, 19 insertions, 16 deletions
diff --git a/secure/lib/libcrypto/man/man7/EVP_PKEY-DH.7 b/secure/lib/libcrypto/man/man7/EVP_PKEY-DH.7 index 90555420683b..d86b089e0a8c 100644 --- a/secure/lib/libcrypto/man/man7/EVP_PKEY-DH.7 +++ b/secure/lib/libcrypto/man/man7/EVP_PKEY-DH.7 @@ -1,5 +1,5 @@ .\" -*- mode: troff; coding: utf-8 -*- -.\" Automatically generated by Pod::Man 5.0102 (Pod::Simple 3.45) +.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -52,10 +52,13 @@ . \} .\} .rr rF +.\" +.\" Required to disable full justification in groff 1.23.0. +.if n .ds AD l .\" ======================================================================== .\" .IX Title "EVP_PKEY-DH 7ossl" -.TH EVP_PKEY-DH 7ossl 2025-09-30 3.5.4 OpenSSL +.TH EVP_PKEY-DH 7ossl 2026-04-07 3.5.6 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -65,12 +68,12 @@ EVP_PKEY\-DH, EVP_PKEY\-DHX, EVP_KEYMGMT\-DH, EVP_KEYMGMT\-DHX \&\- EVP_PKEY DH and DHX keytype and algorithm support .SH DESCRIPTION .IX Header "DESCRIPTION" -For finite field Diffie-Hellman key agreement, two classes of domain +For finite field Diffie\-Hellman key agreement, two classes of domain parameters can be used: "safe" domain parameters that are associated with -approved named safe-prime groups, and a class of "FIPS186\-type" domain +approved named safe\-prime groups, and a class of "FIPS186\-type" domain parameters. FIPS186\-type domain parameters should only be used for backward compatibility with existing applications that cannot be upgraded to use the -approved safe-prime groups. +approved safe\-prime groups. .PP See \fBEVP_PKEY\-FFC\fR\|(7) for more information about FFC keys. .PP @@ -90,11 +93,11 @@ implementations support the following: Sets or gets a string that associates a \fBDH\fR or \fBDHX\fR named safe prime group with known values for \fIp\fR, \fIq\fR and \fIg\fR. .Sp -The following values can be used by the OpenSSL's default and FIPS providers: +The following values can be used by the OpenSSL\*(Aqs default and FIPS providers: "ffdhe2048", "ffdhe3072", "ffdhe4096", "ffdhe6144", "ffdhe8192", "modp_2048", "modp_3072", "modp_4096", "modp_6144", "modp_8192". .Sp -The following additional values can also be used by OpenSSL's default provider: +The following additional values can also be used by OpenSSL\*(Aqs default provider: "modp_1536", "dh_1024_160", "dh_2048_224", "dh_2048_256". .Sp DH/DHX named groups can be easily validated since the parameters are well known. @@ -102,14 +105,14 @@ For protocols that only transfer \fIp\fR and \fIg\fR the value of \fIq\fR can al retrieved. .SS "DH and DHX additional parameters" .IX Subsection "DH and DHX additional parameters" -.IP """encoded-pub-key"" (\fBOSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY\fR) <octet string>" 4 +.IP """encoded\-pub\-key"" (\fBOSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY\fR) <octet string>" 4 .IX Item """encoded-pub-key"" (OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY) <octet string>" Used for getting and setting the encoding of the DH public key used in a key exchange message for the TLS protocol. See \fBEVP_PKEY_set1_encoded_public_key()\fR and \fBEVP_PKEY_get1_encoded_public_key()\fR. .SS "DH additional domain parameters" .IX Subsection "DH additional domain parameters" -.IP """safeprime-generator"" (\fBOSSL_PKEY_PARAM_DH_GENERATOR\fR) <integer>" 4 +.IP """safeprime\-generator"" (\fBOSSL_PKEY_PARAM_DH_GENERATOR\fR) <integer>" 4 .IX Item """safeprime-generator"" (OSSL_PKEY_PARAM_DH_GENERATOR) <integer>" Used for DH generation of safe primes using the old safe prime generator code. The default value is 2. @@ -143,14 +146,14 @@ This specifies that a named safe prime name will be chosen using the "pbits" type. .IP """generator""" 4 .IX Item """generator""" -A safe prime generator. See the "safeprime-generator" type above. +A safe prime generator. See the "safeprime\-generator" type above. This is only valid for \fBDH\fR keys. .RE .RS 4 .RE .IP """pbits"" (\fBOSSL_PKEY_PARAM_FFC_PBITS\fR) <unsigned integer>" 4 .IX Item """pbits"" (OSSL_PKEY_PARAM_FFC_PBITS) <unsigned integer>" -Sets the size (in bits) of the prime 'p'. +Sets the size (in bits) of the prime \*(Aqp\*(Aq. .Sp For "fips186_4" this must be 2048. For "fips186_2" this must be 1024. @@ -177,7 +180,7 @@ With the OpenSSL FIPS provider, \fBEVP_PKEY_param_check\fR\|(3) and \&\fBEVP_PKEY_param_check_quick\fR\|(3) behave in the following way: the parameters are tested if they are either an approved safe prime group OR that the FFC parameters conform to FIPS186\-4 as defined in SP800\-56Ar3 \fIAssurances of -Domain-Parameter Validity\fR. +Domain\-Parameter Validity\fR. .PP The OpenSSL default provider uses simpler checks that allows there to be no \fIq\fR value for backwards compatibility, however the \fBEVP_PKEY_param_check\fR\|(3) will @@ -186,10 +189,10 @@ which can take significant time. The \fBEVP_PKEY_param_check_quick\fR\|(3) avoid the prime tests. .PP \&\fBEVP_PKEY_public_check\fR\|(3) conforms to SP800\-56Ar3 -\&\fIFFC Full Public-Key Validation\fR. +\&\fIFFC Full Public\-Key Validation\fR. .PP \&\fBEVP_PKEY_public_check_quick\fR\|(3) conforms to SP800\-56Ar3 -\&\fIFFC Partial Public-Key Validation\fR when the key is an approved named safe +\&\fIFFC Partial Public\-Key Validation\fR when the key is an approved named safe prime group, otherwise it is the same as \fBEVP_PKEY_public_check\fR\|(3). .PP \&\fBEVP_PKEY_private_check\fR\|(3) tests that the private key is in the correct range @@ -199,7 +202,7 @@ For backwards compatibility the OpenSSL default provider only requires \fIp\fR t be set. .PP \&\fBEVP_PKEY_pairwise_check\fR\|(3) conforms to SP800\-56Ar3 -\&\fIOwner Assurance of Pair-wise Consistency\fR. +\&\fIOwner Assurance of Pair\-wise Consistency\fR. .SH EXAMPLES .IX Header "EXAMPLES" An \fBEVP_PKEY\fR context can be obtained by calling: @@ -337,7 +340,7 @@ The following sections of SP800\-56Ar3: .IP "5.5.1.1 FFC Domain Parameter Selection/Generation" 4 .IX Item "5.5.1.1 FFC Domain Parameter Selection/Generation" .PD 0 -.IP "Appendix D: FFC Safe-prime Groups" 4 +.IP "Appendix D: FFC Safe\-prime Groups" 4 .IX Item "Appendix D: FFC Safe-prime Groups" .PD .PP |