Re: Help Required For Code Changes While Upgrading OpenSSL 1.0.1 to 3.0

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 20/10/2021 10:57, Kumar Mishra, Sanjeev wrote:
Hi,
I am upgrading the code from OpenSSL 1.0.1 to 3.0. I am getting following compilation errors. Could you please suggest appropriate changes for following-

 1. X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE);   error:
    'X509err' was not declared in this scope
 2.   RSA *rsa = RSA_new(); error: 'rsa' was not declared in this scope
 3. if(EVP_PKEY_set1_RSA(pkey, rsa)) error: 'EVP_PKEY_set1_RSA' was not
    declared in this scope
 4.   RSA_free(rsa); error: 'RSA_free' was not declared in this scope
 5. RSA *rsa = EVP_PKEY_get1_RSA(privKey); error: 'EVP_PKEY_get1_RSA'
    was not declared in this scope
 6.   if(PEM_write_bio_RSA_PUBKEY(bio, rsa)) error:
    'PEM_write_bio_RSA_PUBKEY' was not declared in this scope
 7.   RSA_get0_key(rsa, &n, NULL, NULL); error: 'RSA_get0_key' was not
    declared in this scope

Did you build OpenSSL using the "no-deprecated" option? The errors suggest the compiler cannot find the declarations of the various functions. Assuming you are actually including the correct header files then this would normally only occur as a result of "no-deprecated". In a normal build the functions still exist even in 3.0 - they are just deprecated.

To use non-deprecated functions instead:

Instead of X509err you can use:
ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE)

It seems strange for you to have been raising an error for X509_F_X509_STORE_ADD_CERT, since this is indicates the error occurred in an internal OpenSSL function...but in any case we no longer use the _F_ codes.

Instead of creating an RSA key via RSA_new() and setting it in an EVP_PKEY via EVP_PKEY_set1_RSA() you need to create an EVP_PKEY directly. How to do this depends on where you were getting your RSA data from before. For example if you were loading an RSA private key from a file then you might use PEM_read_bio_PrivateKey() to load the EVP_PKEY directly:

https://www.openssl.org/docs/man3.0/man3/PEM_read_bio_PrivateKey.html

Or if you were loading it from individual data fields (p, q, e, d, etc) then you might use EVP_PKEY_fromdata:

https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_fromdata.html
https://www.openssl.org/docs/man3.0/man7/EVP_PKEY-RSA.html

Or if you were generating a new one then you might use EVP_PKEY_keygen:

https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_keygen.html

Instead of PEM_write_bio_RSA_PUBKEY() you probably want PEM_write_bio_PUBKEY()

https://www.openssl.org/docs/man3.0/man3/PEM_write_bio_PUBKEY.html

Instead of RSA_get0_key() to get hold of "n" you can use EVP_PKEY_get_bn_param:

https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_get_bn_param.html


Matt



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux