RE: Need Help for Code Changes to Upgrade from OpenSSL 1.0.2 to 3.0

["Floodeenjr, Thomas" <thomas_floodeenjr@xxxxxxxxxx>]

Here are my notes from when we did this project a couple of years ago. It does not match your code exactly, but maybe it helps.

 

-Tom

 

### ALL ###

Follow the porting instructions here: https://wiki.tizen.org/Security/Tizen_5.X_Migration_from_OpenSSL_1.0.2_to_OpenSSL_1.1.1_guide

 

Especially the section "EVP_CIPHER_CTX became opaque". The changes here will match changes for most classes in OpenSSL.

 

Most notable:

Declaration:

                -              EVP_CIPHER_CTX  evp;

                +             EVP_CIPHER_CTX  *evp;

Initialization & cleanup:

                -              EVP_CIPHER_CTX_init(&evp);

                +             evp = EVP_CIPHER_CTX_new();

                +             EVP_CIPHER_CTX_free(evp);      /* do not forget to free after usage or error */

Function calling:

                -              EVP_CipherInit(&evp, EVP_des_cbc(), k1, NULL, enc);

                +             EVP_CipherInit(evp, EVP_des_cbc(), k1, NULL, enc);

 

Note the change to using a pointer instead of directly.

 

For encoding/decoding, the init() step is still needed.

 

-    EVP_EncodeInit(&m_evpCtx);

+    m_evpCtx = EVP_ENCODE_CTX_new();

+    EVP_EncodeInit(m_evpCtx);

 

More changes:

 

                                X509_EXTENSION *ext = X509_get_ext(peer, i);

                                const unsigned char *data;

 

                -              data = "">

                +             data = "">

 

                -              ext_data = meth->d2i(NULL, &data, ext->value->length);

                +             ext_data = meth->d2i(NULL, &data, ASN1_STRING_length(X509_EXTENSION_get_data(ext)));

 

xmlsec.h(99): warning C4005: 'XMLSEC_CRYPTO': macro redefinition

/**

* XMLSEC_CRYPTO:

*

* Macro. Deprecated. Defined for backward compatibility only. Do not use

* in your code and use xmlSecGetDefaultCrypto() function instead.

*

* Returns the default crypto engine.

*/

#define XMLSEC_CRYPTO                          (xmlSecGetDefaultCrypto())

 

### WINDOWS ###

ws2_32.lib will need to replace wsock32.lib when linking, or be added to link if not there.

 

ZLIB_WINAPI may be defined with some OSS (like curl), this causes link errors and should be removed.

 

### LINUX ###

Linux will likely need to link with -lpthread

Some apps may need -lrt

 

From: openssl-users <openssl-users-bounces@xxxxxxxxxxx> On Behalf Of Paramashivaiah, Sunil
Sent: Thursday, October 21, 2021 2:49 AM
To: openssl-users@xxxxxxxxxxx
Subject: Need Help for Code Changes to Upgrade from OpenSSL 1.0.2 to 3.0

 

Hi All,

         Please let me know how I can replace the below 1.0.2 code to 3.0

 

    SSL_SESSION data;

    SSL_SESSION *ret=NULL;

 

    data.ssl_version = sessVersion;

    data.session_id_length= sessIdLen;

 

    memcpy(data.session_id, sessId,  sessIdLen);

    CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);

 

    ret= (SSL_SESSION *)lh_retrieve((_LHASH *)sslCtx->sessions, &data);

 

    CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);

 

Thanks and Regards,

Sunil

Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. and its Affiliates that is confidential and/or proprietary for the sole use of the intended recipient. Any review, disclosure, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please notify the sender immediately and then delete all copies, including any attachments.