[EXTERNAL] Re: Replacement for CRYPTO_thread_id() & ERR_get_error_line_data() for openssl3.0

Matt Caswell matt at openssl.org
Mon Sep 6 12:02:10 UTC 2021 


On 06/09/2021 12:02, Shivakumar Poojari wrote:
> Hi
> 
> In the below C file, I'm trying to update eay_sterror(line:1352) 
> function to 3.0, In eay_sterror function deprecated functions are used
> 
> CRYPTO_thread_id()
> 
> ERR_get_error_line_data()
> 

That function is only used for printing information.

Like I said in my previous answer the ERR_get_error_line_data() call is 
easy to replace with ERR_get_error_all():

diff --git a/iked/crypto_openssl.c b/iked/crypto_openssl.c
index eede826..e562296 100644
--- a/iked/crypto_openssl.c
+++ b/iked/crypto_openssl.c
@@ -1365,7 +1365,7 @@ eay_strerror(void)

         es = CRYPTO_thread_id();

-       while ((l = ERR_get_error_line_data(&file, &line, &data, 
&flags)) != 0) {
+       while ((l = ERR_get_error_all(&file, &line, NULL, &data, 
&flags)) != 0) {
                 n = snprintf(ebuf + len, sizeof(ebuf) - len,
                              "%lu:%s:%s:%d:%s ",
                              es, ERR_error_string(l, buf), file, line,



The CRYPTO_thread_id() call is a bit trickier. It's just a function to 
get hold of the current thread id. In 1.0.2 the implementation of that 
function looked like this:

unsigned long CRYPTO_thread_id(void)
{
     unsigned long ret = 0;

     if (id_callback == NULL) {
# ifdef OPENSSL_SYS_WIN16
         ret = (unsigned long)GetCurrentTask();
# elif defined(OPENSSL_SYS_WIN32)
         ret = (unsigned long)GetCurrentThreadId();
# elif defined(GETPID_IS_MEANINGLESS)
         ret = 1L;
# elif defined(OPENSSL_SYS_BEOS)
         ret = (unsigned long)find_thread(NULL);
# else
         ret = (unsigned long)getpid();
# endif
     } else
         ret = id_callback();
     return (ret);
}


So, it calls the user set callback "id_callback", which is set via a 
call to CRYPTO_set_id_callback(). I don't see any evidence of that 
actually being called anywhere in the racoon2 code which (if that is the 
case) means it falls back to "getpid()" on Linux/unix or 
GetCurrentThreadId() on windows. You can simply replace it with direct 
calls to those functions to get the equivalent functionality.

Whether getpid() actually gives *useful* output in this context is 
another question...but that's the case for the old code too.


Matt




> 
> 
> https://github.com/zoulasc/racoon2/blob/master/iked/crypto_openssl.c 
> <https://github.com/zoulasc/racoon2/blob/master/iked/crypto_openssl.c>
> <https://github.com/zoulasc/racoon2/blob/master/iked/crypto_openssl.c>




> 	
> racoon2/crypto_openssl.c at master · zoulasc/racoon2 
> <https://github.com/zoulasc/racoon2/blob/master/iked/crypto_openssl.c>
> The Racoon2 project is a joint effort which provides an implementation 
> of key management system for IPsec. The implementation is called 
> Racoon2, a successor of Racoon, which was developed by the KA...
> github.com
> 
> 
> please suggest the replacement,
> 
> thanks,
> shiva kumar
> ------------------------------------------------------------------------
> *From:* Matt Caswell <matt at openssl.org>
> *Sent:* Friday, September 3, 2021 1:25 PM
> *To:* Shivakumar Poojari <Shivakumar.Poojari at rbbn.com>; 
> openssl-users at openssl.org <openssl-users at openssl.org>
> *Cc:* Paramashivaiah, Sunil <Sunil.Paramashivaiah at rbbn.com>; 
> Bhattacharjee, Debapriyo (c) <dbhattacharjee at rbbn.com>
> *Subject:* [EXTERNAL] Re: Replacement for CRYPTO_thread_id() & 
> ERR_get_error_line_data() for openssl3.0
> 
> 
> On 03/09/2021 05:58, Shivakumar Poojari wrote:
>> Hi All,
>> 
>> We are upgrading our code to openssl 3.0. the below function we trying 
>> to replace, searched in the openssl man pages not found proper information.
>> 
>> CRYPTO_thread_id()
> 
> The deprecated implementation of this is a no-op (always returns 0).
> What do you need this for? This used to be useful when locking callbacks
> existed. But they were removed in 1.1.0.
> 
>> 
>> ERR_get_error_line_data()
> 
> You can call ERR_get_error_all() as a replacement (passing a NULL value
> for the "func" parameter).
> 
> 
> Matt
> 
>> 
>> 
>> please suggest.
>> thanks,
>> shivakumar.
>> 
>> 
>> Notice: This e-mail together with any attachments may contain 
>> information of Ribbon Communications Inc. and its Affiliates that is 
>> confidential and/or proprietary for the sole use of the intended 
>> recipient. Any review, disclosure, reliance or distribution by others or 
>> forwarding without express permission is strictly prohibited. If you are 
>> not the intended recipient, please notify the sender immediately and 
>> then delete all copies, including any attachments.
> 
> Notice: This e-mail together with any attachments may contain 
> information of Ribbon Communications Inc. and its Affiliates that is 
> confidential and/or proprietary for the sole use of the intended 
> recipient. Any review, disclosure, reliance or distribution by others or 
> forwarding without express permission is strictly prohibited. If you are 
> not the intended recipient, please notify the sender immediately and 
> then delete all copies, including any attachments.

More information about the openssl-users mailing list