CODEWITHSUNDEEP
c++openssl
carraro
carraro

Reputation: 309

Pointer issues when upgrading to openSSL 1.1.1

I was using openSSL 1.0.2 and decided to upgrade to version 1.1.1k. However, I have some problems with some pointers:

    X509_STORE_CTX *vrfy_ctx = X509_STORE_CTX_new();
    X509_STORE_CTX_init(vrfy_ctx, store, cert_x509, NULL);

    if(X509_verify_cert(vrfy_ctx) != 1)
    {
        if(ignore_date)
        {
            //X509_V_FLAG_NO_CHECK_TIME is not available here so check
            // if the error is related to datetime, if it is, just ignore it
            switch(vrfy_ctx->error) //error here
            {
                case X509_V_ERR_CERT_NOT_YET_VALID:
                case X509_V_ERR_CERT_HAS_EXPIRED:
                    X509_STORE_CTX_free(vrfy_ctx);
                    X509_STORE_free(store);
                    return true;
            }
        }

        error_message = X509_verify_cert_error_string(vrfy_ctx->error); //error here
        X509 *error_cert  = X509_STORE_CTX_get_current_cert(vrfy_ctx);
        X509_NAME *certsubject = X509_get_subject_name(error_cert);
        error_message += X509_NAME_oneline(certsubject, 0, 0);
        X509_free(error_cert);
        X509_STORE_CTX_free(vrfy_ctx);
        X509_STORE_free(store);
        return false;
    }

And here too:

std::string ssl_tools::public_key_type(X509 *x509)
{
    EVP_PKEY *pkey=X509_get_pubkey(x509);
    int key_type = EVP_PKEY_type(pkey->type); //error here
    EVP_PKEY_free(pkey);
    if (key_type==EVP_PKEY_RSA) return "RSA";
    if (key_type==EVP_PKEY_DSA) return "DSA";
    if (key_type==EVP_PKEY_DH)  return "DH";
    if (key_type==EVP_PKEY_EC)  return "ECC";
    return "";
}

int ssl_tools::public_key_size(X509 *x509)
{
    EVP_PKEY *pkey=X509_get_pubkey(x509);
    int key_type = EVP_PKEY_type(pkey->type); //error here
    int keysize = -1; //or in bytes, RSA_size() DSA_size(), DH_size(), ECDSA_size();
    keysize = key_type==EVP_PKEY_RSA && pkey->pkey.rsa->n ? BN_num_bits(pkey->pkey.rsa->n) : keysize; //error here
    keysize = key_type==EVP_PKEY_DSA && pkey->pkey.dsa->p ? BN_num_bits(pkey->pkey.dsa->p) : keysize; //error here
    keysize = key_type==EVP_PKEY_DH  && pkey->pkey.dh->p  ? BN_num_bits(pkey->pkey.dh->p) : keysize; //error here
    keysize = key_type==EVP_PKEY_EC  ? EC_GROUP_get_degree(EC_KEY_get0_group(pkey->pkey.ec)) : keysize; //error here
    EVP_PKEY_free(pkey);
    return keysize;
}

The above errors are: "the pointer to the incomplete class type "evp_pkey_st" is not allowed" and "the pointer to incomplete class type "x509_store_ctx_st" is not allowed"

Couldn't understand how I can resolve these mistakes, any thoughts?

Upvotes: 2

Views: 1194

Answers (1)

Matt Caswell
Matt Caswell

Reputation: 9392

Many structures are opaque in OpenSSL 1.1.1, which means you are not allowed to dive into the structure internals to access values. Instead you need to use accessor functions:

  • Replace any instances of vrfy_ctx->error with X509_STORE_CTX_get_error(vrfy_ctx)
  • Replace any instances of pkey->type with EVP_PKEY_id(pkey).
  • Replace any instances of pkey->pkey.rsa->n with RSA_get0_n(EVP_PKEY_get0_RSA(pkey))
  • Replace any instances of pkey->pkey.dsa->p with DSA_get0_p(EVP_PKEY_get0_DSA(pkey))
  • Replace any instances of pkey->pkey.dh->p with DH_get0_p(EVP_PKEY_get0_DH(pkey))
  • Replace any instances of pkey->pkey.ec with EVP_PKEY_get0_EC_KEY(pkey).

Upvotes: 3

Related Questions