On Sun, 26 Apr 2020 11:35:14 +0200, Yann Ylavic wrote: > > On Sun, Apr 26, 2020 at 12:15 AM Kurt Roeckx <kurt@xxxxxxxxx> wrote: > > > > On Fri, Apr 24, 2020 at 01:26:05PM +0200, Yann Ylavic wrote: > > > > > > - DH_bits(dh) (used for logging only in httpd) > > > Replaced by BN_num_bits(DH_get0_p(dh)). > > > Not sure this one should be deprecated, it seems to be used in several > > > places in openssl codebase still, no replacement? > > > > I think the replacement is using the EVP_PKEY API and then use > > EVP_PKEY_bits() > > Sure, but if all you have is a DH object (say obtained by > DH_get_2048_256() or PEM_read_bio_DHparams()), the EVP_PKEY API does > not help. > It seems a bit odd to me that DH_bits() or DH_security_bits() are > deprecated, but not DH_get0_*() or DH_get_length() for instance. The DH_get0_* functions are useful in contructing other low-level DH objects using the same numbers as the one you currently have. I don't quite see that DH_bits() would be useful in that manner. Along that line of thinking, I agree that it's odd that DH_get_length() wasn't deprecated. I can't remember if it was discussed in particular... it might simply be an omission. All that being said, DH_bits() was undeprecated yesterday. See https://github.com/openssl/openssl/pull/11669 Cheers, Richard -- Richard Levitte levitte@xxxxxxxxxxx OpenSSL Project http://www.openssl.org/~levitte/
