(reposted with the right subject, sorry)
Hi all, I am starting to port some code to OpenSSL 3 (it's my first
taste of it), and I'm stuck with a problem. I'm working under Ubuntu 22.
I saw that the function X509_issuer_and_serial_hash doesn't return the
same value it did before (though not for an obvious reason), and since
that value is used by my software to identify some certificates against
a DB, I need to replicate the old behaviour.
To do so, I'm first trying to change the old function (from OpenSSL 1.1)
so that it compiles under OpenSSL 3.
Here, a is of type X509, I always accessed most data from pointers. Now
that they are gone, how do I read the following information to obtain
exactly the same data?
- a->cert_info.issuer ...is it X509_get_issuer_name(a) exactly the same?
- a->cert_info.serialNumber.data ?
- a->cert_info.serialNumber.length ?
For completeness, my first, very raw code follows, where you can see how
I'd use the values.
Thank you very much - Ubi
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
#warning "I WILL HAVE MY LOCAL X509_issuer_and_serial_hash, UNDER OPENSSL 3"
unsigned long custom_X509_issuer_and_serial_hash(X509 *a)
{
unsigned long ret = 0;
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
unsigned char md[16];
char *f = NULL;
if (ctx == NULL)
goto err;
// cannot do this under OpenSSL 3 (code from v 1.1): f =
X509_NAME_oneline(a->cert_info.issuer, NULL, 0);
f = X509_NAME_oneline(X509_get_issuer_name(a), NULL, 0);
if (f == NULL)
goto err;
if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL))
goto err;
if (!EVP_DigestUpdate(ctx, (unsigned char *)f, strlen(f)))
goto err;
if (!EVP_DigestUpdate
// cannot do this under OpenSSL 3 (code from v 1.1): (ctx,
(unsigned char *)a->cert_info.serialNumber.data,
// ...but how do I get the data from here?
(ctx, X509_get_serialNumber(a),
// ...same problem here: how do I get the data length?
(unsigned long)a->cert_info.serialNumber.length))
goto err;
if (!EVP_DigestFinal_ex(ctx, &(md[0]), NULL))
goto err;
ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) |
((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)
) & 0xffffffffL;
err:
OPENSSL_free(f);
EVP_MD_CTX_free(ctx);
return ret;
}
#endif