1DH_set_method(3) OpenSSL DH_set_method(3)
2
3
4
6 DH_set_default_method, DH_get_default_method, DH_set_method,
7 DH_new_method, DH_OpenSSL - select DH method
8
10 #include <openssl/dh.h>
11 #include <openssl/engine.h>
12
13 void DH_set_default_method(const DH_METHOD *meth);
14
15 const DH_METHOD *DH_get_default_method(void);
16
17 int DH_set_method(DH *dh, const DH_METHOD *meth);
18
19 DH *DH_new_method(ENGINE *engine);
20
21 const DH_METHOD *DH_OpenSSL(void);
22
24 A DH_METHOD specifies the functions that OpenSSL uses for Diffie-
25 Hellman operations. By modifying the method, alternative
26 implementations such as hardware accelerators may be used. IMPORTANT:
27 See the NOTES section for important information about how these DH API
28 functions are affected by the use of ENGINE API calls.
29
30 Initially, the default DH_METHOD is the OpenSSL internal
31 implementation, as returned by DH_OpenSSL().
32
33 DH_set_default_method() makes meth the default method for all DH
34 structures created later. NB: This is true only whilst no ENGINE has
35 been set as a default for DH, so this function is no longer
36 recommended.
37
38 DH_get_default_method() returns a pointer to the current default
39 DH_METHOD. However, the meaningfulness of this result is dependent on
40 whether the ENGINE API is being used, so this function is no longer
41 recommended.
42
43 DH_set_method() selects meth to perform all operations using the key
44 dh. This will replace the DH_METHOD used by the DH key and if the
45 previous method was supplied by an ENGINE, the handle to that ENGINE
46 will be released during the change. It is possible to have DH keys that
47 only work with certain DH_METHOD implementations (eg. from an ENGINE
48 module that supports embedded hardware-protected keys), and in such
49 cases attempting to change the DH_METHOD for the key can have
50 unexpected results.
51
52 DH_new_method() allocates and initializes a DH structure so that engine
53 will be used for the DH operations. If engine is NULL, the default
54 ENGINE for DH operations is used, and if no default ENGINE is set, the
55 DH_METHOD controlled by DH_set_default_method() is used.
56
58 typedef struct dh_meth_st
59 {
60 /* name of the implementation */
61 const char *name;
62
63 /* generate private and public DH values for key agreement */
64 int (*generate_key)(DH *dh);
65
66 /* compute shared secret */
67 int (*compute_key)(unsigned char *key, BIGNUM *pub_key, DH *dh);
68
69 /* compute r = a ^ p mod m (May be NULL for some implementations) */
70 int (*bn_mod_exp)(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
71 const BIGNUM *m, BN_CTX *ctx,
72 BN_MONT_CTX *m_ctx);
73
74 /* called at DH_new */
75 int (*init)(DH *dh);
76
77 /* called at DH_free */
78 int (*finish)(DH *dh);
79
80 int flags;
81
82 char *app_data; /* ?? */
83
84 } DH_METHOD;
85
87 DH_OpenSSL() and DH_get_default_method() return pointers to the
88 respective DH_METHODs.
89
90 DH_set_default_method() returns no value.
91
92 DH_set_method() returns non-zero if the provided meth was successfully
93 set as the method for dh (including unloading the ENGINE handle if the
94 previous method was supplied by an ENGINE).
95
96 DH_new_method() returns NULL and sets an error code that can be
97 obtained by ERR_get_error(3) if the allocation fails. Otherwise it
98 returns a pointer to the newly allocated structure.
99
101 As of version 0.9.7, DH_METHOD implementations are grouped together
102 with other algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in ENGINE
103 modules. If a default ENGINE is specified for DH functionality using an
104 ENGINE API function, that will override any DH defaults set using the
105 DH API (ie. DH_set_default_method()). For this reason, the ENGINE API
106 is the recommended way to control default implementations for use in DH
107 and other cryptographic algorithms.
108
110 dh(3), DH_new(3)
111
113 DH_set_default_method(), DH_get_default_method(), DH_set_method(),
114 DH_new_method() and DH_OpenSSL() were added in OpenSSL 0.9.4.
115
116 DH_set_default_openssl_method() and DH_get_default_openssl_method()
117 replaced DH_set_default_method() and DH_get_default_method()
118 respectively, and DH_set_method() and DH_new_method() were altered to
119 use ENGINEs rather than DH_METHODs during development of the engine
120 version of OpenSSL 0.9.6. For 0.9.7, the handling of defaults in the
121 ENGINE API was restructured so that this change was reversed, and
122 behaviour of the other functions resembled more closely the previous
123 behaviour. The behaviour of defaults in the ENGINE API now
124 transparently overrides the behaviour of defaults in the DH API without
125 requiring changing these function prototypes.
126
127
128
1291.0.2o 2018-03-27 DH_set_method(3)