OpenSSL version 3.0.0-alpha1 published
Yann Ylavic
ylavic.dev at gmail.com
Sun Apr 26 09:35:14 UTC 2020
On Sun, Apr 26, 2020 at 12:15 AM Kurt Roeckx <kurt at roeckx.be> wrote:
>
> On Fri, Apr 24, 2020 at 01:26:05PM +0200, Yann Ylavic wrote:
> >
> > - DH_bits(dh) (used for logging only in httpd)
> > Replaced by BN_num_bits(DH_get0_p(dh)).
> > Not sure this one should be deprecated, it seems to be used in several
> > places in openssl codebase still, no replacement?
>
> I think the replacement is using the EVP_PKEY API and then use
> EVP_PKEY_bits()
Sure, but if all you have is a DH object (say obtained by
DH_get_2048_256() or PEM_read_bio_DHparams()), the EVP_PKEY API does
not help.
It seems a bit odd to me that DH_bits() or DH_security_bits() are
deprecated, but not DH_get0_*() or DH_get_length() for instance.
Regards,
Yann.
More information about the openssl-users
mailing list