DH parameter reading in OPENSSL 3

Dirk Stöcker openssl at dstoecker.de
Wed Jul 13 14:35:42 UTC 2022


when upgrading to openssl3 my code states that some functions are 
deprecated in openssl 3, but even after reading documentation I was 
unable to find a non-deprecated replacement.

Task is to read DH parameters in PEM format from a file and use them for 
the current "context" and if not available choose some defaults.

if((bio = BIO_new_file("filename", "r")))
   DH *dh = PEM_read_bio_DHparams(bio, 0, 0, 0);
   /* if no DH inside, try internal defaults */
   if(!dh && (bio = BIO_new_mem_buf(dhparam, sizeof(dhparam))))
     dh = PEM_read_bio_DHparams(bio, 0, 0, 0);
     SSL_CTX_set_tmp_dh(context, dh);

Now it seems the default can be replaced by

SSL_CTX_set_dh_auto(context, 1);

instead of the the internal values but I have no idea how to use 
OSSL_DECODER to get the parameters and pass them to context. The 
migrationg guide is really useless and the examples and the openssl 
source also didn't help much.

Anybody who can help me? It's probably only a few calls when one knows 
what to do.

Freedom in Peace
https://www.dstoecker.eu/ (PGP key available)

More information about the openssl-users mailing list