upgrading the openSSL version from 1.0.2j to 1.1.1c - api changes

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

upgrading the openSSL version from 1.0.2j to 1.1.1c - api changes

Umamaheswari Nagarajan

Hi,

 

 

We are upgrading the openSSL version from 1.0.2j to 1.1.1c in our product.

 

The following apis seems to be unavailable or modified in 1.1.1c,

 

ENGINE_cleanup

RAND_cleanup

CRYPTO_lock

 

RSA_PKCS1_SSLeay

DH_get_ex_new_index

DSA_get_ex_new_index

RSA_get_ex_new_index

 

Please advise on the replacement api’s that can to be used.

 

 

 

Thanks

Uma N

 

 

Reply | Threaded
Open this post in threaded view
|

Re: upgrading the openSSL version from 1.0.2j to 1.1.1c - api changes

Matt Caswell-2


On 13/11/2019 09:22, Umamaheswari Nagarajan wrote:
> The following apis seems to be unavailable or modified in 1.1.1c,
>
> ENGINE_cleanup

This still exists, but was converted from a function to a macro that
does nothing. You no longer need to call it. OpenSSL 1.1.0+ cleans
itself up automatically.

> RAND_cleanup

As above.

> CRYPTO_lock

This function was used to lock an internal OpenSSL lock. These locks are
not exposed any more. You will need to rewrite your code to not need
this function. There are some new lock related functions that exist that
are essentially thin wrappers around the platform threading library that
is in use. Depending on what you need it for they might suffice:

CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void);
int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock);
int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock);
int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock);
void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock);

https://www.openssl.org/docs/man1.1.1/man3/CRYPTO_THREAD_lock_new.html


>
> RSA_PKCS1_SSLeay

Now called RSA_PKCS1_OpenSSL().


> DH_get_ex_new_index> DSA_get_ex_new_index
> RSA_get_ex_new_index

All of these still exist but were just converted from functions to macros.

Matt