Porting to OpenSSL 1.1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 10/10/16 23:56, Bernhard Rosenkraenzer wrote:
> Hi,
> I'm porting some code to OpenSSL 1.1 -- for the most part, it's going
> well, but there's some things I'm not sure about:
> 
> - What replaces a direct access to "sha1_hash" in an X509? (found in Qt 5.7)

You could use X509_digest() to calculate this value.

> 
> So far, haven't come up with a proper alternative to this. Should the
> code be refactored to use X509_issuer_and_serial_hash (which isn't quite
> the same, but should still give a unique hash)?
> [this is from qHash -- so the purpose really is to get a unique hash of
> the contents]
> 
> - What's the best way to copy an EVP_PKEY?

Do you really need a *copy*? EVP_PKEYs are ref counted, so normally you
just get a new ref using EVP_PKEY_up_ref().

> 
> Also from Qt 5.7:
> rsa = RSA_new();
> memcpy(rsa, EVP_PKEY_get1_RSA(pkey), sizeof(RSA));

Again, do you really need a *copy*? RSA objects are ref-counted.
EVP_PKEY_get1_RSA() gets you a new ref on the RSA.

> [breaks because sizeof(RSA) is no longer known]
> for EC, there's EC_KEY_dup -- for RSA and DSA, not so much.
> 
> - What's the proper successor to NETSCAPE_X509? (from kdelibs4support)
> I presume this (the method KSSLCertificate::toNetscape()) can just be
> deleted because nothing should be using Netscape x509 anymore?

This is an obsolete format that is no longer used so there is no
successor. It was removed in commit 0bc2f3655.

Matt




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux