According to that piece of documentation: https://wiki.openssl.org/index.php/Diffie_Hellman#Using_the_Low_Level_APIs
Using the Low level API's for Diffie Hellman (need to perform a group Key agreement).
For simplicity I need to provide fixed values for Diffie Hellman p and g values for now I use the function DH_generate_parameters_ex but any solution using these options may add a communication overhead and there are fixed values for p and g for Diffie Hellman offering good security.
So using the approach convention over configuration, how I can set fixed values especially the ones specified in this RFC to openssl low-level api fore diffie hellman instyead of generating ones on the fly?
PS I use the OpenSSL version 1.0.2g.
The (outer) primes for the RFC3526 and RFC2409 groups are builtin, per this man page (should also be on your system under those names if 1.1.0+) -- they are actually in the code back to before 1.0.0 but without the BN_ prefix (though in the bn.h header) and previously undocumented. (In 1.1.0+ the old names are additionally #define'd if compatibility is set.)
AFAICS you must add the generator yourself, something like:
DH *dh = DH_new(); BIGNUM *two = BN_new();
if( !dh || !two ) /* error */;
BN_set_word(two,2);
// corrected AGAIN!
DH_set0_pqg (dh, BN_dup(BN_get_rfc3526_prime_2048(NULL)), NULL, two);
// added: below 1.1.0 many API structs were not opaque, just
dh->p = BN_dup(/*not BN_*/ get_rfc3526_prime_2048(NULL));
dh->g = two;
// leave q as unspecified
Note RFC5114 modp parameters are available prebuilt in DH* form but only in 1.1.0+.
来源:https://stackoverflow.com/questions/54536057/openssl-used-fixed-values-for-diffie-hellman-key-generation