1DH_set_method(3)                    OpenSSL                   DH_set_method(3)
2
3
4

NAME

6       DH_set_default_method, DH_get_default_method, DH_set_method,
7       DH_new_method, DH_OpenSSL - select DH method
8

SYNOPSIS

10        #include <openssl/dh.h>
11        #include <openssl/engine.h>
12
13        void DH_set_default_method(const DH_METHOD *meth);
14
15        const DH_METHOD *DH_get_default_method(void);
16
17        int DH_set_method(DH *dh, const DH_METHOD *meth);
18
19        DH *DH_new_method(ENGINE *engine);
20
21        const DH_METHOD *DH_OpenSSL(void);
22

DESCRIPTION

24       A DH_METHOD specifies the functions that OpenSSL uses for Diffie-
25       Hellman operations. By modifying the method, alternative
26       implementations such as hardware accelerators may be used. IMPORTANT:
27       See the NOTES section for important information about how these DH API
28       functions are affected by the use of ENGINE API calls.
29
30       Initially, the default DH_METHOD is the OpenSSL internal
31       implementation, as returned by DH_OpenSSL().
32
33       DH_set_default_method() makes meth the default method for all DH
34       structures created later. NB: This is true only whilst no ENGINE has
35       been set as a default for DH, so this function is no longer
36       recommended.
37
38       DH_get_default_method() returns a pointer to the current default
39       DH_METHOD.  However, the meaningfulness of this result is dependent on
40       whether the ENGINE API is being used, so this function is no longer
41       recommended.
42
43       DH_set_method() selects meth to perform all operations using the key
44       dh.  This will replace the DH_METHOD used by the DH key and if the
45       previous method was supplied by an ENGINE, the handle to that ENGINE
46       will be released during the change. It is possible to have DH keys that
47       only work with certain DH_METHOD implementations (eg. from an ENGINE
48       module that supports embedded hardware-protected keys), and in such
49       cases attempting to change the DH_METHOD for the key can have
50       unexpected results.
51
52       DH_new_method() allocates and initializes a DH structure so that engine
53       will be used for the DH operations. If engine is NULL, the default
54       ENGINE for DH operations is used, and if no default ENGINE is set, the
55       DH_METHOD controlled by DH_set_default_method() is used.
56

THE DH_METHOD STRUCTURE

58        typedef struct dh_meth_st
59        {
60            /* name of the implementation */
61               const char *name;
62
63            /* generate private and public DH values for key agreement */
64               int (*generate_key)(DH *dh);
65
66            /* compute shared secret */
67               int (*compute_key)(unsigned char *key, BIGNUM *pub_key, DH *dh);
68
69            /* compute r = a ^ p mod m (May be NULL for some implementations) */
70               int (*bn_mod_exp)(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
71                                       const BIGNUM *m, BN_CTX *ctx,
72                                       BN_MONT_CTX *m_ctx);
73
74            /* called at DH_new */
75               int (*init)(DH *dh);
76
77            /* called at DH_free */
78               int (*finish)(DH *dh);
79
80               int flags;
81
82               char *app_data; /* ?? */
83
84        } DH_METHOD;
85

RETURN VALUES

87       DH_OpenSSL() and DH_get_default_method() return pointers to the
88       respective DH_METHODs.
89
90       DH_set_default_method() returns no value.
91
92       DH_set_method() returns non-zero if the provided meth was successfully
93       set as the method for dh (including unloading the ENGINE handle if the
94       previous method was supplied by an ENGINE).
95
96       DH_new_method() returns NULL and sets an error code that can be
97       obtained by ERR_get_error(3) if the allocation fails. Otherwise it
98       returns a pointer to the newly allocated structure.
99

NOTES

101       As of version 0.9.7, DH_METHOD implementations are grouped together
102       with other algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in ENGINE
103       modules. If a default ENGINE is specified for DH functionality using an
104       ENGINE API function, that will override any DH defaults set using the
105       DH API (ie.  DH_set_default_method()). For this reason, the ENGINE API
106       is the recommended way to control default implementations for use in DH
107       and other cryptographic algorithms.
108

SEE ALSO

110       dh(3), DH_new(3)
111

HISTORY

113       DH_set_default_method(), DH_get_default_method(), DH_set_method(),
114       DH_new_method() and DH_OpenSSL() were added in OpenSSL 0.9.4.
115
116       DH_set_default_openssl_method() and DH_get_default_openssl_method()
117       replaced DH_set_default_method() and DH_get_default_method()
118       respectively, and DH_set_method() and DH_new_method() were altered to
119       use ENGINEs rather than DH_METHODs during development of the engine
120       version of OpenSSL 0.9.6. For 0.9.7, the handling of defaults in the
121       ENGINE API was restructured so that this change was reversed, and
122       behaviour of the other functions resembled more closely the previous
123       behaviour. The behaviour of defaults in the ENGINE API now
124       transparently overrides the behaviour of defaults in the DH API without
125       requiring changing these function prototypes.
126
127
128
1291.0.0e                            2007-11-19                  DH_set_method(3)
Impressum