Talk:OpenSSL 1.1.0 Changes

From OpenSSLWiki
Revision as of 13:30, 23 September 2016 by Edwintorok (talk | contribs) (sign my edit)
Jump to navigationJump to search

Converting code to be compatible with both OpenSSL 1.0.x and 1.1.x

Small correction to the example at 1.1_API_Changes#Adding_forward-compatible_code_to_older_versions:

HMAC_CTX_reset, and EVP_MD_CTX_free are OpenSSL 1.1 APIs themselves so their use should be avoided in the #if section. Also LibreSSL claims to be OPENSSL_VERSION_NUMBER 0x20000000L, but doesn't support the new OpenSSL 1.1.0 API yet.

Suggested example:

#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined (LIBRESSL_VERSION_NUMBER)
static HMAC_CTX *HMAC_CTX_new(void)
{
   HMAC_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
   if (ctx != NULL)
       HMAC_CTX_init(ctx);
   return ctx;
}

static void HMAC_CTX_free(HMAC_CTX *ctx)
{
   if (ctx != NULL) {
       HMAC_CTX_cleanup(ctx);
       OPENSSL_free(ctx);
   }
}
#endif

Similarly examples for other APIs that I encountered:

#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined (LIBRESSL_VERSION_NUMBER)
#define EVP_MD_CTX_new EVP_MD_CTX_create
#define EVP_MD_CTX_free EVP_MD_CTX_destroy
#endif

#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
#define ASN1_STRING_get0_data(x) ASN1_STRING_data(x)
#endif

--Edwintorok (talk) 13:30, 23 September 2016 (UTC)