<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-size:small">Hi Richard,<br clear="all"></div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">Thanks for providing the information.</div><div class="gmail_default" style="font-size:small">I have one more query, please help.</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">I have to compile an NTP application with below mentioned CFLAG to suppress the deprecated compilation errors, but still I see a couple of compilation issues.</div><div class="gmail_default" style="font-size:small"><div class="gmail_default">CFLAGSEXTRA += \</div><div class="gmail_default"> -DOPENSSL_API_COMPAT=0x010101000L</div><div class="gmail_default"><br></div><div class="gmail_default">For below EVP api's, const qualifier is added in openSSL3.0 code. To fix these errors, I have to do type casting in many places. </div><div class="gmail_default">We can't use "-Wdiscarded-qualifiers" FLAG in our environment, it is not supported.</div><div class="gmail_default">Is there any other way that I can avoid this? <br></div><div class="gmail_default"><br></div><div class="gmail_default">Checking 'open'</div></div><div class="gmail_default" style="font-size:small"><div class="gmail_default">../../../../vendor/ntp/util/ntp-keygen.c: In function 'main':</div><div class="gmail_default">../../../../vendor/ntp/util/ntp-keygen.c:644:7: error: assignment discards 'const' qualifier from pointer target type [-Werror]</div><div class="gmail_default"> rsa = EVP_PKEY_get0_RSA(pkey_gqkey);</div><div class="gmail_default"> ^</div><div class="gmail_default">../../../../vendor/ntp/util/ntp-keygen.c:665:7: error: assignment discards 'const' qualifier from pointer target type [-Werror]</div><div class="gmail_default"> rsa = EVP_PKEY_get0_RSA(pkey_gqkey);</div><div class="gmail_default"> ^</div><div class="gmail_default">../../../../vendor/ntp/util/ntp-keygen.c:688:7: error: assignment discards 'const' qualifier from pointer target type [-Werror]</div><div class="gmail_default"> rsa = EVP_PKEY_get0_RSA(pkey_gqkey);</div><div class="gmail_default"> ^</div><div class="gmail_default">../../../../vendor/ntp/util/ntp-keygen.c:731:7: error: assignment discards 'const' qualifier from pointer target type [-Werror]</div><div class="gmail_default"> dsa = EVP_PKEY_get0_DSA(pkey_iffkey);</div><div class="gmail_default"> ^</div><div class="gmail_default">../../../../vendor/ntp/util/ntp-keygen.c:754:7: error: assignment discards 'const' qualifier from pointer target type [-Werror]</div><div class="gmail_default"> dsa = EVP_PKEY_get0_DSA(pkey_iffkey);</div><div class="gmail_default"><br></div><div class="gmail_default"><br></div></div><div><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr">Thanks & Regards,<br></div><div dir="ltr"><div>Samiya khanum</div></div></div></div></div></div><br></div></div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Jan 6, 2023 at 5:30 PM <<a href="mailto:openssl-users-request@openssl.org">openssl-users-request@openssl.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Send openssl-users mailing list submissions to<br>
<a href="mailto:openssl-users@openssl.org" target="_blank">openssl-users@openssl.org</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/mailman/listinfo/openssl-users</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:openssl-users-request@openssl.org" target="_blank">openssl-users-request@openssl.org</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:openssl-users-owner@openssl.org" target="_blank">openssl-users-owner@openssl.org</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of openssl-users digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. Replacement for AES_encrypt (Samiya Khanum)<br>
2. Re: Replacement for AES_encrypt (Richard Levitte)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Thu, 5 Jan 2023 17:42:57 +0530<br>
From: Samiya Khanum <<a href="mailto:samiya.khanum@broadcom.com" target="_blank">samiya.khanum@broadcom.com</a>><br>
To: <a href="mailto:openssl-users@openssl.org" target="_blank">openssl-users@openssl.org</a><br>
Cc: Kamlesh Agrawal <<a href="mailto:kamlesh.agrawal@broadcom.com" target="_blank">kamlesh.agrawal@broadcom.com</a>><br>
Subject: Replacement for AES_encrypt<br>
Message-ID:<br>
<<a href="mailto:CADmX34oWPfjyP5j2q2xtgqr3d3TQQtfLGME4Fk5-rLr444EJsg@mail.gmail.com" target="_blank">CADmX34oWPfjyP5j2q2xtgqr3d3TQQtfLGME4Fk5-rLr444EJsg@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Hi All,<br>
<br>
We are upgrading our code to openSSL 3.0.<br>
<br>
I have replaced AES_set_encrypt_key and AES_encrypt<br>
with EVP_CipherInit_ex, EVP_CipherUpdate and EVP_CipherFinal_ex.<br>
In the below function what should be the cipher parameter(second argument).<br>
Because in AES_encryt api, we don't mention any block cipher.<br>
Is it EVP_aes_128_cbc() algorithm that we should use?<br>
<br>
int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,<br>
*const EVP_CIPHER *cipher,* ENGINE *impl,<br>
const unsigned char *key,<br>
const unsigned char *iv, int enc);<br>
<br>
Thanks & Regards,<br>
Samiya khanum<br>
<br>
-- <br>
This electronic communication and the information and any files transmitted <br>
with it, or attached to it, are confidential and are intended solely for <br>
the use of the individual or entity to whom it is addressed and may contain <br>
information that is confidential, legally privileged, protected by privacy <br>
laws, or otherwise restricted from disclosure to anyone else. If you are <br>
not the intended recipient or the person responsible for delivering the <br>
e-mail to the intended recipient, you are hereby notified that any use, <br>
copying, distributing, dissemination, forwarding, printing, or copying of <br>
this e-mail is strictly prohibited. If you received this e-mail in error, <br>
please return the e-mail to the sender, delete it from your computer, and <br>
destroy any printed copy of it.<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="https://mta.openssl.org/pipermail/openssl-users/attachments/20230105/d2dd2a2f/attachment-0001.htm" rel="noreferrer" target="_blank">https://mta.openssl.org/pipermail/openssl-users/attachments/20230105/d2dd2a2f/attachment-0001.htm</a>><br>
-------------- next part --------------<br>
A non-text attachment was scrubbed...<br>
Name: smime.p7s<br>
Type: application/pkcs7-signature<br>
Size: 4212 bytes<br>
Desc: S/MIME Cryptographic Signature<br>
URL: <<a href="https://mta.openssl.org/pipermail/openssl-users/attachments/20230105/d2dd2a2f/attachment-0001.p7s" rel="noreferrer" target="_blank">https://mta.openssl.org/pipermail/openssl-users/attachments/20230105/d2dd2a2f/attachment-0001.p7s</a>><br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Fri, 06 Jan 2023 08:19:33 +0100<br>
From: Richard Levitte <<a href="mailto:levitte@openssl.org" target="_blank">levitte@openssl.org</a>><br>
To: <a href="mailto:openssl-users@openssl.org" target="_blank">openssl-users@openssl.org</a>, Kamlesh Agrawal<br>
<<a href="mailto:kamlesh.agrawal@broadcom.com" target="_blank">kamlesh.agrawal@broadcom.com</a>><br>
Subject: Re: Replacement for AES_encrypt<br>
Message-ID: <<a href="mailto:871qo8ruyi.wl-levitte@openssl.org" target="_blank">871qo8ruyi.wl-levitte@openssl.org</a>><br>
Content-Type: text/plain; charset=ISO-8859-1<br>
<br>
EVP_aes_128_cbc() is still usable to get the appropriate EVP_CIPHER<br>
reference, but is regarded legacy.<br>
<br>
With OpenSSL 3.0 and providers, the new method to get the algorithm<br>
you want is by fetching, in this case using EVP_CIPHER_fetch().<br>
<br>
In <a href="https://www.openssl.org/docs/man3.0/man7/crypto.html#FETCHING-EXAMPLES" rel="noreferrer" target="_blank">https://www.openssl.org/docs/man3.0/man7/crypto.html#FETCHING-EXAMPLES</a>,<br>
there is an example that demonstrates fetching exactly the algorithm<br>
your asking for, "AES-128-CBC".<br>
<br>
If you want to know exactly what algorithms are available to you (by name),<br>
'openssl list' is your friend. For example, this command shows all<br>
the default cipher algorithms:<br>
<br>
openssl list -cipher-algorithms<br>
<br>
You will notice that the output is divided into two sections,<br>
"Legacy:" and "Provided:". The latter is more future proof set of<br>
names.<br>
<br>
Cheers,<br>
Richard<br>
<br>
On Thu, 05 Jan 2023 13:12:57 +0100,<br>
Samiya Khanum via openssl-users wrote:<br>
> <br>
> Hi All,<br>
> <br>
> We are?upgrading our code to openSSL 3.0.<br>
> <br>
> I have?replaced? AES_set_encrypt_key? and?AES_encrypt with?EVP_CipherInit_ex, EVP_CipherUpdate<br>
> and?EVP_CipherFinal_ex.<br>
> In the below function what should be the cipher parameter(second argument). Because in AES_encryt<br>
> api, we don't?mention any block cipher.?<br>
> Is it?EVP_aes_128_cbc() algorithm that?we should use?<br>
> <br>
> int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,<br>
> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?const EVP_CIPHER *cipher, ENGINE *impl,<br>
> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?const unsigned char *key,<br>
> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?const unsigned char *iv, int enc);<br>
> ?<br>
> Thanks & Regards,<br>
> Samiya khanum<br>
> <br>
> This electronic communication and the information and any files transmitted with it, or attached<br>
> to it, are confidential and are intended solely for the use of the individual or entity to whom it<br>
> is addressed and may contain information that is confidential, legally privileged, protected by<br>
> privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended<br>
> recipient or the person responsible for delivering the e-mail to the intended recipient, you are<br>
> hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or<br>
> copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return<br>
> the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.<br>
> <br>
> [2 S/MIME Cryptographic Signature <application/pkcs7-signature (base64)>]<br>
> Good signature from 1E45BABBADAD646C644FE256D55EFC9561AABBFF /CN=Samiya Khanum/O=Broadcom Inc./L=Bangalore/ST=Karnataka/C=IN/EMail=<a href="mailto:samiya.khanum@broadcom.com" target="_blank">samiya.khanum@broadcom.com</a> (trust full)<br>
-- <br>
Richard Levitte <a href="mailto:levitte@openssl.org" target="_blank">levitte@openssl.org</a><br>
OpenSSL Project <a href="http://www.openssl.org/~levitte/" rel="noreferrer" target="_blank">http://www.openssl.org/~levitte/</a><br>
<br>
<br>
------------------------------<br>
<br>
Subject: Digest Footer<br>
<br>
_______________________________________________<br>
openssl-users mailing list<br>
<a href="mailto:openssl-users@openssl.org" target="_blank">openssl-users@openssl.org</a><br>
<a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/mailman/listinfo/openssl-users</a><br>
<br>
<br>
------------------------------<br>
<br>
End of openssl-users Digest, Vol 98, Issue 7<br>
********************************************<br>
</blockquote></div>
<br>
<span style="background-color:rgb(255,255,255)"><font size="2">This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.</font></span>