Help Required For Code Changes While Upgrading OpenSSL 1.0.1 to 3.0

Matt Caswell matt at openssl.org
Wed Oct 20 10:44:01 UTC 2021



On 20/10/2021 10:57, Kumar Mishra, Sanjeev wrote:
> Hi,
> I am upgrading the code from OpenSSL 1.0.1 to 3.0. I am getting 
> following compilation errors. Could you please suggest appropriate 
> changes for following-
> 
>  1. X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE);   error:
>     'X509err' was not declared in this scope
>  2.   RSA *rsa = RSA_new(); error: 'rsa' was not declared in this scope
>  3. if(EVP_PKEY_set1_RSA(pkey, rsa)) error: 'EVP_PKEY_set1_RSA' was not
>     declared in this scope
>  4.   RSA_free(rsa); error: 'RSA_free' was not declared in this scope
>  5. RSA *rsa = EVP_PKEY_get1_RSA(privKey); error: 'EVP_PKEY_get1_RSA'
>     was not declared in this scope
>  6.   if(PEM_write_bio_RSA_PUBKEY(bio, rsa)) error:
>     'PEM_write_bio_RSA_PUBKEY' was not declared in this scope
>  7.   RSA_get0_key(rsa, &n, NULL, NULL); error: 'RSA_get0_key' was not
>     declared in this scope

Did you build OpenSSL using the "no-deprecated" option? The errors 
suggest the compiler cannot find the declarations of the various 
functions. Assuming you are actually including the correct header files 
then this would normally only occur as a result of "no-deprecated". In a 
normal build the functions still exist even in 3.0 - they are just 
deprecated.

To use non-deprecated functions instead:

Instead of X509err you can use:
ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE)

It seems strange for you to have been raising an error for 
X509_F_X509_STORE_ADD_CERT, since this is indicates the error occurred 
in an internal OpenSSL function...but in any case we no longer use the 
_F_ codes.

Instead of creating an RSA key via RSA_new() and setting it in an 
EVP_PKEY via EVP_PKEY_set1_RSA() you need to create an EVP_PKEY 
directly. How to do this depends on where you were getting your RSA data 
from before. For example if you were loading an RSA private key from a 
file then you might use PEM_read_bio_PrivateKey() to load the EVP_PKEY 
directly:

https://www.openssl.org/docs/man3.0/man3/PEM_read_bio_PrivateKey.html

Or if you were loading it from individual data fields (p, q, e, d, etc) 
then you might use EVP_PKEY_fromdata:

https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_fromdata.html
https://www.openssl.org/docs/man3.0/man7/EVP_PKEY-RSA.html

Or if you were generating a new one then you might use EVP_PKEY_keygen:

https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_keygen.html

Instead of PEM_write_bio_RSA_PUBKEY() you probably want 
PEM_write_bio_PUBKEY()

https://www.openssl.org/docs/man3.0/man3/PEM_write_bio_PUBKEY.html

Instead of RSA_get0_key() to get hold of "n" you can use 
EVP_PKEY_get_bn_param:

https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_get_bn_param.html


Matt


More information about the openssl-users mailing list