Re: DH_generate_parameters(_ex)

Dr. Stephen Henson Tue, 05 Dec 2006 15:14:09 -0800

On Tue, Dec 05, 2006, Olivier Mascia wrote:

> Dear,
> 
> Using current OpenSSL version (0.9.8d), which of:
>       DH_generate_parameters
>       DH_generate_parameters_ex
> should better be used in new code?
> 
> Documentation pages do not refer to the _ex version, yet dh.h shows:
> 
> >/* Deprecated version */
> >#ifndef OPENSSL_NO_DEPRECATED
> >DH * DH_generate_parameters(int prime_len,int generator,
> >             void (*callback)(int,int,void *),void *cb_arg);
> >#endif /* !defined(OPENSSL_NO_DEPRECATED) */
> >
> >/* New version */
> >int  DH_generate_parameters_ex(DH *dh, int prime_len,int generator,  
> >BN_GENCB *cb);
> 
> It looks like I have no problem using the _ex version, calling DH_new 
> () first and passing 0 for the BN_GENCB (callback) which I don't need  
> for now.
> 
> Am I driving in the wrong lane?
>


The DH_generate_parameters() function is deprecated as the comment implies.
The _ex version can use a non-default ENGINE for the parameter generation.

If you really want to be up to date you can use the new EVP_PKEY version but
that's only supported in 0.9.9-dev :-)

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Re: DH_generate_parameters(_ex)

Reply via email to