[botan-devel] Why is max_keylength_of() deprecated and how to avoid using?

Jack Lloyd lloyd at randombit.net
Sat Jul 16 14:49:08 EDT 2011


On Sat, Jul 16, 2011 at 08:02:56AM -0400, William K. Foster wrote:

> How would I get the specific implementation? What class represents the
> specific implementation? What method on the specific implementation provides
> the actual key length?
> 
> Should I do something like this?
> 
>       const BlockCipher* cipher_proto =
> global_state().algorithm_factory().prototype_block_cipher(_cipherSpec);
>       const u32bit key_len = cipher_proto->maximum_keylength();

Yes, but splitting out only the first part; to answer your followup
question, prototype_block_cipher really only knows about block
ciphers, nothing about modes, so it is to be expected that .../CBC
would return null. Also, note that "AES" isn't an understood algorithm
anymore in 1.10, you have to request a specific key length.

It's theoretically possible this approach would still do the wrong
thing, because between you doing this and calling get_cipher, another
thread might call
global_state().algorithm_factory().set_preferred_provider() which
could change the result. But as long as you know what all of the code
is that is running in your process, and that you're not doing this,
that shouldn't be a problem.

Thanks for pointing out how confusing this is. I think a further fix
is required, which would probably include a variant of get_cipher
which takes a prototype block cipher and a mode request and returns a
filter for that mode. Then you could retreive a specific
implementation, query it, and then create the mode. And/or the ability
to query the Keyed_Filter with more than just 'is this valid or not',
which would let you simply call the normal get_cipher and then find
out what whatever is is you got back supports.

BTW you can disable the deprecated warnings by defining the
preprocessor macro BOTAN_NO_DEPRECATED_WARNINGS (or, if you're
compiling using gcc, with -Wno-deprecated-declarations).

-Jack



More information about the botan-devel mailing list