Need Replacement for Deprecated function.

[Matt Caswell]

On 29/11/2021 12:35, Shivakumar Poojari wrote:
> Hi All,
> 
> We are upgrading our code to openssl 3.0.
> 
> Need Replacement for below Deprecated function.
> 
> SSL_use_RSAPrivateKey_ASN1();

Use SSL_use_PrivateKey_ASN1();


> PEM_read_bio_DHparams();
> PEM_read_bio_DSAparams();

Use PEM_read_bio_Parameters_ex() for these two.

> DSA_dup_DH();

There is no replacement for this. Why do you need it? Generally this is 
a bad idea.

If you really need to do it there is a workaround:

https://github.com/openssl/openssl/blob/bc42cf51c8b2a22282bb3cdf6303e230dc7b7873/apps/dhparam.c#L352-L400


> DSA_free();

You shouldn't need to call this anymore because you shouldn't have any 
DSA objects anymore. Instead you should only be using EVP_PKEY objects. 
To free those you use EVP_PKEY_free();


> SSL_set_tmp_dh();

SSL_set0_tmp_dh_pkey(). Although you might be able to just remove it 
completely. These functions set the DH parameters to a specific set of 
values. Mostly you can instead just use the default built-in ones.

> DH_free();

As per DSA_free();

> SSL_CTX_set_tmp_dh();

SSL_CTX_set0_tmp_dh_pkey() - but same comments as for SSL_set_tmp_dh() 
apply.


Matt

> 
> I'm not able to find proper replacement, Please help me out
> 
> Thanks,
> Shiva Kumar
> 
> 
> 
> 
> Notice: This e-mail together with any attachments may contain 
> information of Ribbon Communications Inc. and its Affiliates that is 
> confidential and/or proprietary for the sole use of the intended 
> recipient. Any review, disclosure, reliance or distribution by others or 
> forwarding without express permission is strictly prohibited. If you are 
> not the intended recipient, please notify the sender immediately and 
> then delete all copies, including any attachments.