OpenBSD manual page server

Manual Page Search Parameters
DH_SET_METHOD(3) Library Functions Manual DH_SET_METHOD(3)

DH_set_default_method, DH_get_default_method, DH_set_method, DH_new_method, DH_OpenSSLselect DH method

#include <openssl/dh.h>

void
DH_set_default_method(const DH_METHOD *meth);

const DH_METHOD *
DH_get_default_method(void);

int
DH_set_method(DH *dh, const DH_METHOD *meth);

DH *
DH_new_method(ENGINE *engine);

const DH_METHOD *
DH_OpenSSL(void);

A DH_METHOD object contains pointers to the functions used for Diffie-Hellman operations. By default, the internal implementation returned by () is used. By selecting another method, alternative implementations such as hardware accelerators may be used.

() selects meth as the default method for all DH structures created later.

() returns a pointer to the current default method.

() selects meth to perform all operations using the key dh. This replaces the DH_METHOD used by the dh key. It is possible to have DH keys that only work with certain DH_METHOD implementations, and in such cases attempting to change the DH_METHOD for the key can have unexpected results.

() allocates and initializes a DH structure. The engine argument is ignored and the default method controlled by DH_set_default_method() is used.

The DH_METHOD structure is defined as follows:

typedef struct dh_meth_st
{
     /* name of the implementation */
	const char *name;

     /* generate private and public DH values for key agreement */
        int (*generate_key)(DH *dh);

     /* compute shared secret */
        int (*compute_key)(unsigned char *key, BIGNUM *pub_key, DH *dh);

     /* compute r = a ^ p mod m (May be NULL for some implementations) */
        int (*bn_mod_exp)(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
                                const BIGNUM *m, BN_CTX *ctx,
                                BN_MONT_CTX *m_ctx);

     /* called at DH_new */
        int (*init)(DH *dh);

     /* called at DH_free */
        int (*finish)(DH *dh);

        int flags;

        char *app_data; /* ?? */

} DH_METHOD;

DH_OpenSSL() and DH_get_default_method() return pointers to the respective DH_METHOD.

DH_set_method() returns 1 on success or 0 on failure. Currently, it cannot fail.

DH_new_method() returns NULL and sets an error code that can be obtained by ERR_get_error(3) if the allocation fails. Otherwise it returns a pointer to the newly allocated structure.

DH_new(3)

DH_set_default_method(), DH_get_default_method(), DH_set_method(), DH_new_method() and DH_OpenSSL() first appeared in OpenSSL 0.9.5 and have been available since OpenBSD 2.7.

November 19, 2023 OpenBSD-current