On Fri, May 1, 2020 at 6:36 AM Richard Levitte <levitte@xxxxxxxxxxx> wrote: > > On Sun, 26 Apr 2020 11:35:14 +0200, > Yann Ylavic wrote: > > > > On Sun, Apr 26, 2020 at 12:15 AM Kurt Roeckx <kurt@xxxxxxxxx> wrote: > > > > > > On Fri, Apr 24, 2020 at 01:26:05PM +0200, Yann Ylavic wrote: > > > > > > > > - DH_bits(dh) (used for logging only in httpd) > > > > Replaced by BN_num_bits(DH_get0_p(dh)). > > > > Not sure this one should be deprecated, it seems to be used in several > > > > places in openssl codebase still, no replacement? > > > > > > I think the replacement is using the EVP_PKEY API and then use > > > EVP_PKEY_bits() > > > > Sure, but if all you have is a DH object (say obtained by > > DH_get_2048_256() or PEM_read_bio_DHparams()), the EVP_PKEY API does > > not help. > > It seems a bit odd to me that DH_bits() or DH_security_bits() are > > deprecated, but not DH_get0_*() or DH_get_length() for instance. > > The DH_get0_* functions are useful in contructing other low-level DH > objects using the same numbers as the one you currently have. I don't > quite see that DH_bits() would be useful in that manner. > > Along that line of thinking, I agree that it's odd that > DH_get_length() wasn't deprecated. I can't remember if it was > discussed in particular... it might simply be an omission. > > All that being said, DH_bits() was undeprecated yesterday. See > https://github.com/openssl/openssl/pull/11669 Thanks for that. Regards, Yann.
