[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#828522: QT4 and OpenSSL 1.1.0: [was Re: OpenSSL 1.1.0]

On Tue, Jun 28, 2016 at 12:46:17PM +0200, Gert Wollny wrote:
> Control: tags -1 patch 
> 
> Hi, 
> 
> attached is the patch that I have come up with. 
> 
> I think that most of the changes are quite straightforward, but I'm not
> quite sure whether "DSA_security_bits" is really a proper replacement
> for "BN_num_bits(d->dsa->p)", likewise RSA_bits versus 
> BN_num_bits(d->rsa->n). 

DSA_security_bits probably doesn't what you expect, it's clearly
not a replacement for the old code.  It gives an equivalent number
as if it was a symmetric cipher.  For a 2048 bit DSA key it would
return 112.  That's also the difference between RSA_bits and
RSA_security_bits.

You could to use DSA_get0_pqg(), and then use BN_num_bits
on p if you want the same.

You probably also want to add support for EC keys.

There are also the functions EVP_PKEY_bits() and
EVP_PKEY_security_bits(), which should work for any EVP_PKEY,
and I suggest you use that API instead.


Kurt
Reply to: