migration from openssl 1.0.2n to 1.1.1

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

migration from openssl 1.0.2n to 1.1.1

Chethan Kumar

Dear all,

 

We did openssl version upgrade from 1.0.2n to 1.1.1. While compiling some package dependent on openssl, getting errors related to M_ASN1_ D2I AND I2D functions.

Digging deeper got to know that, in latest openssl asn1_mac.h header is deprecated.

Can someone please help me out in knowing what are changes to be done to make it work.?

 

We use following fucntions.

M_ASN1_I2D_len(a->issuer,i2d_X509_NAME);

M_ASN1_I2D_vars(a);

M_ASN1_I2D_len(a->subject,i2d_X509_NAME);

M_ASN1_I2D_seq_total();

M_ASN1_I2D_put(a->issuer,i2d_X509_NAME);

M_ASN1_I2D_put(a->subject,i2d_X509_NAME);

M_ASN1_I2D_finish();

M_ASN1_D2I_vars(a, pkcs7_issuer_and_subject *,

M_ASN1_D2I_Init();

M_ASN1_D2I_start_sequence();

M_ASN1_D2I_get(ret->issuer,d2i_X509_NAME);

M_ASN1_D2I_get(ret->subject,d2i_X509_NAME);

M_ASN1_D2I_Finish(a,pkcs7_issuer_and_subject_free, 99);

M_ASN1_New_Malloc(ret,pkcs7_issuer_and_subject);

M_ASN1_New(ret->issuer,X509_NAME_new);

M_ASN1_New(ret->subject,X509_NAME_new);

M_ASN1_New_Error(199);

M_ASN1_INTEGER_free(a->subject);

 

Thanking you,

 

With Regards,

Chethan Kumar

 

The information contained in this e-mail message and in any attachments/annexure/appendices is confidential to the
recipient and may contain privileged information. If you are not the intended recipient, please notify the
sender and delete the message along with any attachments/annexure/appendices. You should not disclose,
copy or otherwise use the information contained in the message or any annexure. Any views expressed in this e-mail
are those of the individual sender except where the sender specifically states them to be the views of 
Toshiba Software India Pvt. Ltd. (TSIP),Bangalore.
Although this transmission and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by Toshiba Software India Pvt. Ltd, for any loss or damage arising in any way from its use.

Reply | Threaded
Open this post in threaded view
|

Re: migration from openssl 1.0.2n to 1.1.1

Matt Caswell-2


On 08/04/2019 08:26, Chethan Kumar wrote:

> Dear all,
>
>  
>
> We did openssl version upgrade from 1.0.2n to 1.1.1. While compiling some
> package dependent on openssl, getting errors related to M_ASN1_ D2I AND I2D
> functions.
>
> Digging deeper got to know that, in latest openssl asn1_mac.h header is deprecated.
>
> Can someone please help me out in knowing what are changes to be done to make it
> work.?

It looks like you are using the very old ASN1 macros. These were replaced with
the current ASN1 code in 2002 - and then removed completely in 1.1.0.

Are you reading/writing custom ASN.1 structures? If so then you'll need to
update to use the new code. To see some examples take a look at the many ASN.1
structures defined in x509v3.h with matching "DECLARE_ASN1_FUNCTIONS" macro
calls to declare the i2d/d2i function to write/read them. Internally to OpenSSL
there are matching IMPLEMENT_ASN1_FUNCTIONS calls to provide the implementations
for these.

For example see this definition of an ASN.1 structure in the OpenSSL code:

https://github.com/openssl/openssl/blob/e9cfa192019574a75fbeca4811c10635a9049381/crypto/x509/x_x509a.c#L26-L34


The IMPLEMENT_ASN1_FUNCTIONS macro shown there results in the functions
described on this page being available:

https://www.openssl.org/docs/man1.1.1/man3/d2i_X509_CERT_AUX.html


Hope that helps,

Matt