OpenSSL version 3.0.0-alpha1 published
Yann Ylavic
ylavic.dev at gmail.com
Fri May 1 12:00:04 UTC 2020
On Fri, May 1, 2020 at 6:36 AM Richard Levitte <levitte at openssl.org> wrote:
>
> On Sun, 26 Apr 2020 11:35:14 +0200,
> Yann Ylavic wrote:
> >
> > On Sun, Apr 26, 2020 at 12:15 AM Kurt Roeckx <kurt at roeckx.be> wrote:
> > >
> > > On Fri, Apr 24, 2020 at 01:26:05PM +0200, Yann Ylavic wrote:
> > > >
> > > > - DH_bits(dh) (used for logging only in httpd)
> > > > Replaced by BN_num_bits(DH_get0_p(dh)).
> > > > Not sure this one should be deprecated, it seems to be used in several
> > > > places in openssl codebase still, no replacement?
> > >
> > > I think the replacement is using the EVP_PKEY API and then use
> > > EVP_PKEY_bits()
> >
> > Sure, but if all you have is a DH object (say obtained by
> > DH_get_2048_256() or PEM_read_bio_DHparams()), the EVP_PKEY API does
> > not help.
> > It seems a bit odd to me that DH_bits() or DH_security_bits() are
> > deprecated, but not DH_get0_*() or DH_get_length() for instance.
>
> The DH_get0_* functions are useful in contructing other low-level DH
> objects using the same numbers as the one you currently have. I don't
> quite see that DH_bits() would be useful in that manner.
>
> Along that line of thinking, I agree that it's odd that
> DH_get_length() wasn't deprecated. I can't remember if it was
> discussed in particular... it might simply be an omission.
>
> All that being said, DH_bits() was undeprecated yesterday. See
> https://github.com/openssl/openssl/pull/11669
Thanks for that.
Regards,
Yann.
More information about the openssl-users
mailing list