Re: [EXTERNAL] Re: Need Replacement for Deprecated function

From: Matt Caswell Sent: Monday, December 6, 2021 7:19 PM To: Shivakumar Poojari ; openssl-users@openssl.org Cc: Amballi, Kishor ; Bhattacharjee, Debapriyo (c) ; Kumar Mishra, Sanjeev Subject: [EXTERNAL] Re: Need Replacement for Deprecated function On 06/12/2021 12:26, Shivakumar Poojari wro

Re: Need Replacement for Deprecated function.

On 05/12/2021 22:06, Viktor Dukhovni wrote: Where is that macro defined? Ah, so it is. And "cscope -kR" is ignoring that file, for some reason, hence lying to me. Thanks Viktor. -- Cheers, Jeremy

Re: Need Replacement for Deprecated function

On 06/12/2021 12:26, Shivakumar Poojari wrote: Hi All, We are upgrading our code to openssl 3.0. Need Replacement for below Deprecated function. DSE: DES_set_key(); DES_ecb_encrypt(); AES: AES_set_encrypt_key(); AES_set_decrypt_key(); AES_wrap_key(); AES_unwrap_key();--- perivously i upgra

自动回复: Re: Need Replacement for Deprecated function.

您好，您的邮件我已收到，我会尽快阅读，谢谢！

Re: Need Replacement for Deprecated function.

On Sun, Dec 05, 2021 at 09:59:34PM +, Jeremy Harris wrote: > >> The reference example in > >> https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_tlsext_ticket_key_cb.html > >> > >> uses OSSL_MAC_PARAM_KEY and OSSL_MAC_PARAM_DIGEST. > >> > >> So does the code in master as of 6d770c5ba3.  B

Re: Need Replacement for Deprecated function.

On 05/12/2021 02:12, Dr Paul Dale wrote: They are documented in provider-mac(7) and EVP_MAC-HMAC(7) respectively. The key is the MAC key -- a string of bytes. The digest is

Re: (OpenSSL bug please fix) Re: Need Replacement for Deprecated function.

On Sat, Dec 04, 2021 at 12:53:34AM -0500, Viktor Dukhovni wrote: > Actually, no, not your fault at all. The implementation in libssl is > borked. Please open a ticket. I took care of opening the ticket: https://github.com/openssl/openssl/issues/17196 -- Viktor.

Re: Need Replacement for Deprecated function.

They are documented in provider-mac(7) and EVP_MAC-HMAC(7) respectively. The key is the MAC key -- a string of bytes. The digest is the name of the digest that is to be use

Re: Need Replacement for Deprecated function.

Following along with my tidying out of now-deprecated interface uses... The reference example in https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_tlsext_ticket_key_cb.html uses OSSL_MAC_PARAM_KEY and OSSL_MAC_PARAM_DIGEST. So does the code in master as of 6d770c5ba3. But I don't see

自动回复: (OpenSSL bug please fix) Re: Need Replacement for Deprecated function.

您好，您的邮件我已收到，我会尽快阅读，谢谢！

(OpenSSL bug please fix) Re: Need Replacement for Deprecated function.

On Fri, Dec 03, 2021 at 07:05:43PM +, Jeremy Harris wrote: > > EVP_PKEY_get_bits() should be equivalent to DH_bits() (for a DH > > file). I would definitely double-check that you are not mis-loading > > something. > > OK; this was indeed my fault. Actually, no, not your fault at all. The im

Re: Need Replacement for Deprecated function.

On 02/12/2021 11:07, Matt Caswell wrote: EVP_PKEY_get_bits() should be equivalent to DH_bits() (for a DH file). I would definitely double-check that you are not mis-loading something. OK; this was indeed my fault. One minor docs item: https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set

Re: Need Replacement for Deprecated function.

On 01/12/2021 16:19, Jeremy Harris wrote: Hmmm..maybe we can change the wording to remove that confusion, e.g. something like "The following functions have been deprecated since OpenSSL 3.0..." Yes, that would be good. I created a PR for this: https://github.com/openssl/openssl/pull/17

Re: Need Replacement for Deprecated function.

On 01/12/2021 19:07, Jeremy Harris wrote: Another DH problem:  I have a PEM for which DH_bits() says 512. https://www.openssl.org/docs/man3.0/man3/DH_bits.html has EVP_PKEY_get_bits() as a see-also, but that returns 4096. Is it more likely I've mis-loaded the file (via a BIO), or is EVP_PKEY

Re: Need Replacement for Deprecated function.

Another DH problem: I have a PEM for which DH_bits() says 512. https://www.openssl.org/docs/man3.0/man3/DH_bits.html has EVP_PKEY_get_bits() as a see-also, but that returns 4096. Is it more likely I've mis-loaded the file (via a BIO), or is EVP_PKEY_get_bits() something different? It's doc tal

Re: Need Replacement for Deprecated function.

On 01/12/2021 16:35, Viktor Dukhovni wrote: I've reworked the DH support in Postfix for OpenSSL 3.x compatibility, without use of any deprecated interfaces. I now prefer/recommend the use "auto" DH parameter selection: As do I. Going back to my comment earlier in this thread: > SSL_set0_tm

Re: Need Replacement for Deprecated function.

On Wed, Dec 01, 2021 at 03:54:15PM +, Jeremy Harris wrote: > On 29/11/2021 15:10, Matt Caswell wrote: > > SSL_CTX_set0_tmp_dh_pkey() > > "Deprecated since OpenSSL 3.0" > > Is there a non-deprecated interface? I've reworked the DH support in Postfix for OpenSSL 3.x compatibility, without us

Re: Need Replacement for Deprecated function.

On 01/12/2021 16:17, Matt Caswell wrote: Interesting that you are using the beta website :-) First hit from Duckduckgo :) I think you are misreading the manual. The synopsis is split into 2 sections. The "Deprecated since OpenSSL 3.0" section applies to the second half of the synopsis. Ah

Re: Need Replacement for Deprecated function.

On 01/12/2021 16:13, Jeremy Harris wrote: On 01/12/2021 16:06, Matt Caswell wrote: On 01/12/2021 15:54, Jeremy Harris wrote: On 29/11/2021 15:10, Matt Caswell wrote: SSL_CTX_set0_tmp_dh_pkey() "Deprecated since OpenSSL 3.0" Where are you seeing that? That is not correct. https://be

Re: Need Replacement for Deprecated function.

On 01/12/2021 16:06, Matt Caswell wrote: On 01/12/2021 15:54, Jeremy Harris wrote: On 29/11/2021 15:10, Matt Caswell wrote: SSL_CTX_set0_tmp_dh_pkey() "Deprecated since OpenSSL 3.0" Where are you seeing that? That is not correct. https://beta.openssl.org/docs/manmaster/man3/SSL_set_tmp

Re: Need Replacement for Deprecated function.

On 01/12/2021 15:54, Jeremy Harris wrote: On 29/11/2021 15:10, Matt Caswell wrote: SSL_CTX_set0_tmp_dh_pkey() "Deprecated since OpenSSL 3.0" Where are you seeing that? That is not correct. The similarly named macro SSL_CTX_set_tmp_dh() *is* deprecated, but the pkey function is not. M

Re: Need Replacement for Deprecated function.

On 29/11/2021 15:10, Matt Caswell wrote: SSL_CTX_set0_tmp_dh_pkey() "Deprecated since OpenSSL 3.0" Is there a non-deprecated interface? -- Cheers, Jeremy

Re: [EXTERNAL] Re: Need Replacement for Deprecated function.

rams into DH params"); break; } break; } #endif /* !OPENSSL_NO_DSA */ if (dh == NULL) { wpa_printf(MSG_INFO, "TLS: Failed to read/parse DH/DSA file "   "'%s'", dh_file); return -1; ---------------

Re: [EXTERNAL] Re: Need Replacement for Deprecated function.

//////// ________ From: openssl-users on behalf of Matt Caswell Sent: Monday, November 29, 2021 8:40 PM To: openssl-users@openssl.org Subject: [EXTERNAL] Re: Need Replacement for Deprecated function. On 29/11

Re: Need Replacement for Deprecated function.

On 29/11/2021 12:35, Shivakumar Poojari wrote: Hi All, We are upgrading our code to openssl 3.0. Need Replacement for below Deprecated function. SSL_use_RSAPrivateKey_ASN1(); Use SSL_use_PrivateKey_ASN1(); PEM_read_bio_DHparams(); PEM_read_bio_DSAparams(); Use PEM_read_bio_Parameters