OpenBSD manual page server

Manual Page Search Parameters

DH_SET_METHOD(3) Library Functions Manual DH_SET_METHOD(3)

DH_set_default_method, DH_get_default_method, DH_set_method, DH_new_method, DH_OpenSSLselect DH method

#include <openssl/dh.h>

void
DH_set_default_method(const DH_METHOD *meth);

const DH_METHOD *
DH_get_default_method(void);

int
DH_set_method(DH *dh, const DH_METHOD *meth);

DH *
DH_new_method(ENGINE *engine);

const DH_METHOD *
DH_OpenSSL(void);

A DH_METHOD object contains pointers to the functions used for Diffie-Hellman operations. By default, the internal implementation returned by () is used. By selecting another method, alternative implementations such as hardware accelerators may be used.

() selects meth as the default method for all DH structures created later. If any ENGINE was registered with ENGINE_register_DH(3) that can be successfully initialized, it overrides the default.

() returns a pointer to the current default method, even if it is actually overridded by an ENGINE.

() selects meth to perform all operations using the key dh. This replaces the DH_METHOD used by the dh key and if the previous method was supplied by an ENGINE, ENGINE_finish(3) is called on it. It is possible to have DH keys that only work with certain DH_METHOD implementations (e.g. from an ENGINE module that supports embedded hardware-protected keys), and in such cases attempting to change the DH_METHOD for the key can have unexpected results.

() allocates and initializes a DH structure so that engine is used for the DH operations. If engine is NULL, ENGINE_get_default_DH(3) is used. If that returns NULL, the default method controlled by DH_set_default_method() is used.

The DH_METHOD structure is defined as follows:

typedef struct dh_meth_st
{
     /* name of the implementation */
	const char *name;

     /* generate private and public DH values for key agreement */
        int (*generate_key)(DH *dh);

     /* compute shared secret */
        int (*compute_key)(unsigned char *key, BIGNUM *pub_key, DH *dh);

     /* compute r = a ^ p mod m (May be NULL for some implementations) */
        int (*bn_mod_exp)(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
                                const BIGNUM *m, BN_CTX *ctx,
                                BN_MONT_CTX *m_ctx);

     /* called at DH_new */
        int (*init)(DH *dh);

     /* called at DH_free */
        int (*finish)(DH *dh);

        int flags;

        char *app_data; /* ?? */

} DH_METHOD;

DH_OpenSSL() and DH_get_default_method() return pointers to the respective DH_METHOD.

DH_set_method() returns 1 on success or 0 on failure. Currently, it cannot fail.

DH_new_method() returns NULL and sets an error code that can be obtained by ERR_get_error(3) if the allocation fails. Otherwise it returns a pointer to the newly allocated structure.

DH_new(3), ENGINE_get_default_DH(3), ENGINE_register_DH(3), ENGINE_set_default_DH(3)

DH_set_default_method(), DH_get_default_method(), DH_set_method(), DH_new_method() and DH_OpenSSL() first appeared in OpenSSL 0.9.5 and have been available since OpenBSD 2.7.

April 18, 2018 OpenBSD-6.9