Re: [EXTERNAL] Re: Replacement for CRYPTO_thread_id() & ERR_get_error_line_data() for openssl3.0

[Matt Caswell <matt@xxxxxxxxxxx>]

On 06/09/2021 12:02, Shivakumar Poojari wrote:
> Hi
>
> In the below C file, I'm trying to update eay_sterror(line:1352) 
> function to 3.0, In eay_sterror function deprecated functions are used
>
> CRYPTO_thread_id()
>
> ERR_get_error_line_data()

That function is only used for printing information.

Like I said in my previous answer the ERR_get_error_line_data() call is 
easy to replace with ERR_get_error_all():

diff --git a/iked/crypto_openssl.c b/iked/crypto_openssl.c
index eede826..e562296 100644
--- a/iked/crypto_openssl.c
+++ b/iked/crypto_openssl.c
@@ -1365,7 +1365,7 @@ eay_strerror(void)

        es = CRYPTO_thread_id();

-       while ((l = ERR_get_error_line_data(&file, &line, &data, 
&flags)) != 0) {
+       while ((l = ERR_get_error_all(&file, &line, NULL, &data, 
&flags)) != 0) {
                n = snprintf(ebuf + len, sizeof(ebuf) - len,
                             "%lu:%s:%s:%d:%s ",
                             es, ERR_error_string(l, buf), file, line,



The CRYPTO_thread_id() call is a bit trickier. It's just a function to 
get hold of the current thread id. In 1.0.2 the implementation of that 
function looked like this:

unsigned long CRYPTO_thread_id(void)
{
    unsigned long ret = 0;

    if (id_callback == NULL) {
# ifdef OPENSSL_SYS_WIN16
        ret = (unsigned long)GetCurrentTask();
# elif defined(OPENSSL_SYS_WIN32)
        ret = (unsigned long)GetCurrentThreadId();
# elif defined(GETPID_IS_MEANINGLESS)
        ret = 1L;
# elif defined(OPENSSL_SYS_BEOS)
        ret = (unsigned long)find_thread(NULL);
# else
        ret = (unsigned long)getpid();
# endif
    } else
        ret = id_callback();
    return (ret);
}


So, it calls the user set callback "id_callback", which is set via a 
call to CRYPTO_set_id_callback(). I don't see any evidence of that 
actually being called anywhere in the racoon2 code which (if that is the 
case) means it falls back to "getpid()" on Linux/unix or 
GetCurrentThreadId() on windows. You can simply replace it with direct 
calls to those functions to get the equivalent functionality.

Whether getpid() actually gives *useful* output in this context is 
another question...but that's the case for the old code too.


Matt




> https://github.com/zoulasc/racoon2/blob/master/iked/crypto_openssl.c 
> <https://github.com/zoulasc/racoon2/blob/master/iked/crypto_openssl.c>
> <https://github.com/zoulasc/racoon2/blob/master/iked/crypto_openssl.c>




> 	
> racoon2/crypto_openssl.c at master · zoulasc/racoon2 
> <https://github.com/zoulasc/racoon2/blob/master/iked/crypto_openssl.c>
> The Racoon2 project is a joint effort which provides an implementation 
> of key management system for IPsec. The implementation is called 
> Racoon2, a successor of Racoon, which was developed by the KA...
> github.com
>
>
> please suggest the replacement,
>
> thanks,
> shiva kumar
> ------------------------------------------------------------------------
> *From:* Matt Caswell <matt@xxxxxxxxxxx>
> *Sent:* Friday, September 3, 2021 1:25 PM
> *To:* Shivakumar Poojari <Shivakumar.Poojari@xxxxxxxx>; 
> openssl-users@xxxxxxxxxxx <openssl-users@xxxxxxxxxxx>
> *Cc:* Paramashivaiah, Sunil <Sunil.Paramashivaiah@xxxxxxxx>; 
> Bhattacharjee, Debapriyo (c) <dbhattacharjee@xxxxxxxx>
> *Subject:* [EXTERNAL] Re: Replacement for CRYPTO_thread_id() & 
> ERR_get_error_line_data() for openssl3.0
>
>
> On 03/09/2021 05:58, Shivakumar Poojari wrote:
> > Hi All,
> >
> > We are upgrading our code to openssl 3.0. the below function we trying 
> > to replace, searched in the openssl man pages not found proper information.
> >
> > CRYPTO_thread_id()
>
> The deprecated implementation of this is a no-op (always returns 0).
> What do you need this for? This used to be useful when locking callbacks
> existed. But they were removed in 1.1.0.
>
> > ERR_get_error_line_data()
>
> You can call ERR_get_error_all() as a replacement (passing a NULL value
> for the "func" parameter).
>
>
> Matt
>
> > please suggest.
> > thanks,
> > shivakumar.
> >
> >
> > Notice: This e-mail together with any attachments may contain 
> > information of Ribbon Communications Inc. and its Affiliates that is 
> > confidential and/or proprietary for the sole use of the intended 
> > recipient. Any review, disclosure, reliance or distribution by others or 
> > forwarding without express permission is strictly prohibited. If you are 
> > not the intended recipient, please notify the sender immediately and 
> > then delete all copies, including any attachments.
>
> Notice: This e-mail together with any attachments may contain 
> information of Ribbon Communications Inc. and its Affiliates that is 
> confidential and/or proprietary for the sole use of the intended 
> recipient. Any review, disclosure, reliance or distribution by others or 
> forwarding without express permission is strictly prohibited. If you are 
> not the intended recipient, please notify the sender immediately and 
> then delete all copies, including any attachments.