OpenSSL version 3.0.0-alpha1 published
Richard Levitte
levitte at openssl.org
Fri May 1 04:36:40 UTC 2020
On Sun, 26 Apr 2020 11:35:14 +0200,
Yann Ylavic wrote:
>
> On Sun, Apr 26, 2020 at 12:15 AM Kurt Roeckx <kurt at roeckx.be> wrote:
> >
> > On Fri, Apr 24, 2020 at 01:26:05PM +0200, Yann Ylavic wrote:
> > >
> > > - DH_bits(dh) (used for logging only in httpd)
> > > Replaced by BN_num_bits(DH_get0_p(dh)).
> > > Not sure this one should be deprecated, it seems to be used in several
> > > places in openssl codebase still, no replacement?
> >
> > I think the replacement is using the EVP_PKEY API and then use
> > EVP_PKEY_bits()
>
> Sure, but if all you have is a DH object (say obtained by
> DH_get_2048_256() or PEM_read_bio_DHparams()), the EVP_PKEY API does
> not help.
> It seems a bit odd to me that DH_bits() or DH_security_bits() are
> deprecated, but not DH_get0_*() or DH_get_length() for instance.
The DH_get0_* functions are useful in contructing other low-level DH
objects using the same numbers as the one you currently have. I don't
quite see that DH_bits() would be useful in that manner.
Along that line of thinking, I agree that it's odd that
DH_get_length() wasn't deprecated. I can't remember if it was
discussed in particular... it might simply be an omission.
All that being said, DH_bits() was undeprecated yesterday. See
https://github.com/openssl/openssl/pull/11669
Cheers,
Richard
--
Richard Levitte levitte at openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
More information about the openssl-users
mailing list