On Tue, Jun 28, 2016 at 12:46:17PM +0200, Gert Wollny wrote: > Control: tags -1 patch > > Hi, > > attached is the patch that I have come up with. > > I think that most of the changes are quite straightforward, but I'm not > quite sure whether "DSA_security_bits" is really a proper replacement > for "BN_num_bits(d->dsa->p)", likewise RSA_bits versus > BN_num_bits(d->rsa->n).
DSA_security_bits probably doesn't what you expect, it's clearly not a replacement for the old code. It gives an equivalent number as if it was a symmetric cipher. For a 2048 bit DSA key it would return 112. That's also the difference between RSA_bits and RSA_security_bits. You could to use DSA_get0_pqg(), and then use BN_num_bits on p if you want the same. You probably also want to add support for EC keys. There are also the functions EVP_PKEY_bits() and EVP_PKEY_security_bits(), which should work for any EVP_PKEY, and I suggest you use that API instead. Kurt
