On 31/05/2019 04:55, Swamy J-S wrote: > Hi, > > > I recently updated openssl from 1.0.2n to 1.1.0g in linux system. > > > Earlier I was using > > "ASN1_INTEGER **c2i_ASN1_INTEGER*(ASN1_INTEGER **a, const unsigned char **pp, > long len) " function. As this function is removed in openssl 1.1.0, now i > replaced this with > > > "ASN1_INTEGER **d2i_ASN1_UINTEGER*(ASN1_INTEGER **a, const unsigned char **pp, > long length)". > > Now when i build my application then i get warning as > > *"Warning:0:-- SSL Error queue report --* > *Warning:0: - asn1 encoding routines|d2i_ASN1_UINTEGER|expecting an > integer:218718323".* > * > * > * > * > What is the solution for this problem? > I spotted your stack exchange question on this before I spotted your question on this list. I'll repost my stack exchange answer here as well: ASN.1 encoding of an INTEGER (as BER or DER) consists of 1 or more "identifier" octets (usually 1), followed by 1 or more "length" octets, followed by "content" octets (the length of which is determined by the previous "length" octets). The function c2i_ASN1_INTEGER assumes you have already parsed the "identifier" and "length" octets and coverts the "content" bytes into an integer. This was removed from OpenSSL 1.1.0 because this is considered a very low level parsing operation that applications should not be calling directly. The function d2i_ASN1_UINTEGER is not a direct drop in replacement for c2i_ASN1_INTEGER. It parses the whole integer (including the "identifier" and "length" octets). If you pass it just the content octets then it will interpret the first byte as an "identifier" octet. This will likely have the wrong value for an integer and so this is probably why you are seeing the "expecting an integer" error. You will need to rewrite your code to pass the whole integer to d2i_ASN1_UINTEGER. Matt
