Re: Bug#828522: QT4 and OpenSSL 1.1.0: [was Re: OpenSSL 1.1.0]
On Tue, Jun 28, 2016 at 12:46:17PM +0200, Gert Wollny wrote:
> Control: tags -1 patch
>
> Hi,
>
> attached is the patch that I have come up with.
>
> I think that most of the changes are quite straightforward, but I'm not
> quite sure whether "DSA_security_bits" is really a proper replacement
> for "BN_num_bits(d->dsa->p)", likewise RSA_bits versus
> BN_num_bits(d->rsa->n).
DSA_security_bits probably doesn't what you expect, it's clearly
not a replacement for the old code. It gives an equivalent number
as if it was a symmetric cipher. For a 2048 bit DSA key it would
return 112. That's also the difference between RSA_bits and
RSA_security_bits.
You could to use DSA_get0_pqg(), and then use BN_num_bits
on p if you want the same.
You probably also want to add support for EC keys.
There are also the functions EVP_PKEY_bits() and
EVP_PKEY_security_bits(), which should work for any EVP_PKEY,
and I suggest you use that API instead.
Kurt
Reply to: