[openssl-users] Trouble porting code to OpenSSL 1.1

[Dr. Stephen Henson]

On Sat, Jun 18, 2016, Marc Heuse wrote:

> Hi,
> 
> I have a problem with porting OpenSSL code from 1.0 to 1.1.
> Please do not complain that it does not look like it make sense what
> this code does here - complain to Microsoft who implements certs with
> RDP non-standard ...
> 

I am curious though as to why you need to do this...


> 
>   // OpenSSL 1.0 code, well, really written already when 0.9 was there
> 
>   nid = OBJ_obj2nid(cert->cert_info->key->algor->algorithm);
>   if ((nid == NID_md5WithRSAEncryption) || (nid ==
> NID_shaWithRSAEncryption)) {
>     ASN1_OBJECT_free(cert->cert_info->key->algor->algorithm);
>     cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
>   }
> 
> 
>   // OpenSSL 1.1 code
> 
>   nid = X509_get_signature_nid(cert);
>   if ((nid == NID_md5WithRSAEncryption) || (nid ==
> NID_shaWithRSAEncryption)) {
>     ... how to set the algorithm in the cert to NID_rsaEncryption in
> OpenSSL v1.1.x?
> 
> 

Well the start of that isn't equivalent. 

Anyway here goes.

First you need to get the X509_PUBKEY structure from the certificate
(cert->cert_info->key). You can do this with X509_get_X509_PUBKEY().

Once you have that you can get the algorithm OID and algorithm identifier (you
only need the latter) using X509_PUBKEY_get0_param().

Then you can use X509_ALGOR_get0() to retrieve the ASN1_OBJECT and
X509_ALGOR_set0 to set it if you need to.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org