On 20/10/2021 10:57, Kumar Mishra, Sanjeev wrote:
Hi,
I am upgrading the code from OpenSSL 1.0.1 to 3.0. I am getting
following compilation errors. Could you please suggest appropriate
changes for following-
1. X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE); error:
'X509err' was not declared in this scope
2. RSA *rsa = RSA_new(); error: 'rsa' was not declared in this scope
3. if(EVP_PKEY_set1_RSA(pkey, rsa)) error: 'EVP_PKEY_set1_RSA' was not
declared in this scope
4. RSA_free(rsa); error: 'RSA_free' was not declared in this scope
5. RSA *rsa = EVP_PKEY_get1_RSA(privKey); error: 'EVP_PKEY_get1_RSA'
was not declared in this scope
6. if(PEM_write_bio_RSA_PUBKEY(bio, rsa)) error:
'PEM_write_bio_RSA_PUBKEY' was not declared in this scope
7. RSA_get0_key(rsa, &n, NULL, NULL); error: 'RSA_get0_key' was not
declared in this scope
Did you build OpenSSL using the "no-deprecated" option? The errors
suggest the compiler cannot find the declarations of the various
functions. Assuming you are actually including the correct header files
then this would normally only occur as a result of "no-deprecated". In a
normal build the functions still exist even in 3.0 - they are just
deprecated.
To use non-deprecated functions instead:
Instead of X509err you can use:
ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE)
It seems strange for you to have been raising an error for
X509_F_X509_STORE_ADD_CERT, since this is indicates the error occurred
in an internal OpenSSL function...but in any case we no longer use the
_F_ codes.
Instead of creating an RSA key via RSA_new() and setting it in an
EVP_PKEY via EVP_PKEY_set1_RSA() you need to create an EVP_PKEY
directly. How to do this depends on where you were getting your RSA data
from before. For example if you were loading an RSA private key from a
file then you might use PEM_read_bio_PrivateKey() to load the EVP_PKEY
directly:
https://www.openssl.org/docs/man3.0/man3/PEM_read_bio_PrivateKey.html
Or if you were loading it from individual data fields (p, q, e, d, etc)
then you might use EVP_PKEY_fromdata:
https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_fromdata.html
https://www.openssl.org/docs/man3.0/man7/EVP_PKEY-RSA.html
Or if you were generating a new one then you might use EVP_PKEY_keygen:
https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_keygen.html
Instead of PEM_write_bio_RSA_PUBKEY() you probably want
PEM_write_bio_PUBKEY()
https://www.openssl.org/docs/man3.0/man3/PEM_write_bio_PUBKEY.html
Instead of RSA_get0_key() to get hold of "n" you can use
EVP_PKEY_get_bn_param:
https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_get_bn_param.html
Matt