OpenBSD manual page server

NAME

DH_set_default_method, DH_get_default_method, DH_set_method, DH_new_method, DH_OpenSSL — select DH method

SYNOPSIS

#include <openssl/dh.h>

void
DH_set_default_method(const DH_METHOD *meth);

const DH_METHOD *
DH_get_default_method(void);

int
DH_set_method(DH *dh, const DH_METHOD *meth);

DH *
DH_new_method(ENGINE *engine);

const DH_METHOD *
DH_OpenSSL(void);

DESCRIPTION

A DH_METHOD object contains pointers to the functions used for Diffie-Hellman operations. By default, the internal implementation returned by DH_OpenSSL() is used. By selecting another method, alternative implementations such as hardware accelerators may be used.

DH_set_default_method() selects meth as the default method for all DH structures created later. If any ENGINE was registered with ENGINE_register_DH(3) that can be successfully initialized, it overrides the default.

DH_get_default_method() returns a pointer to the current default method, even if it is actually overridded by an ENGINE.

DH_set_method() selects meth to perform all operations using the key dh. This replaces the DH_METHOD used by the dh key and if the previous method was supplied by an ENGINE, ENGINE_finish(3) is called on it. It is possible to have DH keys that only work with certain DH_METHOD implementations (e.g. from an ENGINE module that supports embedded hardware-protected keys), and in such cases attempting to change the DH_METHOD for the key can have unexpected results.

DH_new_method() allocates and initializes a DH structure so that engine is used for the DH operations. If engine is NULL, ENGINE_get_default_DH(3) is used. If that returns NULL, the default method controlled by DH_set_default_method() is used.

The DH_METHOD structure is defined as follows:

typedef struct dh_meth_st
{
     /* name of the implementation */
	const char *name;

     /* generate private and public DH values for key agreement */
        int (*generate_key)(DH *dh);

     /* compute shared secret */
        int (*compute_key)(unsigned char *key, BIGNUM *pub_key, DH *dh);

     /* compute r = a ^ p mod m (May be NULL for some implementations) */
        int (*bn_mod_exp)(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
                                const BIGNUM *m, BN_CTX *ctx,
                                BN_MONT_CTX *m_ctx);

     /* called at DH_new */
        int (*init)(DH *dh);

     /* called at DH_free */
        int (*finish)(DH *dh);

        int flags;

        char *app_data; /* ?? */

} DH_METHOD;

RETURN VALUES

DH_OpenSSL() and DH_get_default_method() return pointers to the respective DH_METHOD.

DH_set_method() returns 1 on success or 0 on failure. Currently, it cannot fail.

DH_new_method() returns NULL and sets an error code that can be obtained by ERR_get_error(3) if the allocation fails. Otherwise it returns a pointer to the newly allocated structure.

SEE ALSO

DH_new(3), ENGINE_get_default_DH(3), ENGINE_register_DH(3), ENGINE_set_default_DH(3)

HISTORY

DH_set_default_method(), DH_get_default_method(), DH_set_method(), DH_new_method() and DH_OpenSSL() first appeared in OpenSSL 0.9.5 and have been available since OpenBSD 2.7.