Re: [EXTERNAL] Re: Need Help for Code Changes to Upgrade from OpenSSL 1.0.2 to 3.0
On 28/10/2021 05:50, Paramashivaiah, Sunil wrote:
ssl->session
SSL_get0_session():
https://www.openssl.org/docs/man3.0/man3/SSL_get_session.html
Although beware: TLSv1.3 changes how sessions are established - they are
created post-handshake. Read the NOTES section on the man page carefully.
ssl->ctx
SSL_get_SSL_CTX()
https://www.openssl.org/docs/man3.0/man3/SSL_get_SSL_CTX.html
ssl->references
This is not exposed.
ssl->tlsext_ocsp_resp
SSL_set_tlsext_status_ocsp_resp();
https://www.openssl.org/docs/man3.0/man3/SSL_set_tlsext_status_ocsp_resp.html
Matt
Please let me know the Openssl 3.0 API's for the same.
Thanks and Regards,
Sunil
-Original Message-
From: Matt Caswell
Sent: Monday, October 25, 2021 3:03 PM
To: Paramashivaiah, Sunil ;
openssl-users@openssl.org
Cc: Kumar Mishra, Sanjeev
Subject: Re: [EXTERNAL] Re: Need Help for Code Changes to Upgrade from OpenSSL
1.0.2 to 3.0
Caveat: I've not tested or compiled the following...but something like this:
if (EVP_PKEY_is_a(evpKey, "RSA)) {
keysz = EVP_PKEY_get_bits(evpKey) / 8;
/* some code */
} else if (EVP_PKEY_is_a(evpKey, "EC")) {
char *name;
size_t namesize;
if (!EVP_PKEY_get_utf8_string_param(pkey,
OSSL_PKEY_PARAM_GROUP_NAME,
NULL, 0, &namesize))
/* error */;
name = OPENSSL_malloc(namesize + 1);
if (name == NULL)
/* error */
if (!EVP_PKEY_get_utf8_string_param(pkey,
OSSL_PKEY_PARAM_GROUP_NAME,
name, namesize + 1, 0))
/* error */
/* This gets you the curve name as a string. If you really need as
* an integer you can additionally do the following - but note that
* some providers might add curves that libcrypto doesn't know about
* so this could fail
*/
ecGrpId = OBJ_txt2nid(name);
if (ecGrpId == NID_undef)
/* error */;
OPENSSL_free(name);
/* some code */
}
On 25/10/2021 10:21, Paramashivaiah, Sunil wrote:
Hi Matt,
Thanks for the reply. I need to replace the below code.
int keysz,ecGrpId;
switch(evpKey->type)
{
case NID_rsaEncryption:
{
if(evpKey->pkey.rsa)
{
keysz = BN_num_bits(evpKey->pkey.rsa->n);
.
.
/* some code */
}
break;
}
case NID_X9_62_id_ecPublicKey:
{
ecGrpId = EC_GROUP_get_curve_name(evpKey->pkey.ec->group);
/* some code follows*/
Thanks and Regards,
Sunil
-Original Message-
From: Matt Caswell
Sent: Monday, October 25, 2021 2:23 PM
To: Paramashivaiah, Sunil ;
openssl-users@openssl.org
Subject: [EXTERNAL] Re: Need Help for Code Changes to Upgrade from
OpenSSL 1.0.2 to 3.0
On 25/10/2021 05:45, Paramashivaiah, Sunil wrote:
Hi All,
I need get APIs for accessing the members of EVP_PKEY.
Please suggest APIs to get following members of EVP_PKEY
evpkey->type , evpkey->pkey.rsa , pubKey->pkey.ec->group.
EVP_PKEY_get_id() will get you the `evpkey->type` value. But note that in the provider
world an external provider could add key types that are unknown to libcrypto.
"EVP_PKEY_is_a" is a more future proof way to go.
https://clicktime.symantec.com/3TPr6AZe5xYBkrduooQtHHv6H2?u=https%3A%2
F%2Fwww.openssl.org%2Fdocs%2Fman3.0%2Fman3%2FEVP_PKEY_is_a.html
E.g.
if (EVP_PKEY_is_a(pkey, "RSA")) ...;
if (EVP_PKEY_is_a(pkey, "EC")) ...;
The "evppkey->pkey.rsa" value can be obtained via EVP_PKEY_get0_RSA()
but note that this is deprecated. You are encouraged to not use the
RSA structure at all in 3.0 (all the functions that take an RSA
structure are deprecated). So you should look at what you are trying
to do with
evpkey->pkey.rsa and refactor things to not need it. Why do you want this?
Similar comments apply to "pubkey->pkey.ec". You can get the EC_KEY object using
EVP_PKEY_get0_EC_KEY() but this is deprecated. You can get the group from an EC_KEY using
EC_KEY_get0_group() - but this is also deprecated. Instead you might consider getting the "group
name" for the EC key which will tell you what curve is in use, e.g.
EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME,
NULL, 0, &namesize); name =
OPENSSL_malloc(namesize + 1); EVP_PKEY_get_utf8_string_param(pkey,
OSSL_PKEY_PARAM_GROUP_NAME,
name, namesize + 1, 0);
https:
RE: [EXTERNAL] Re: Need Help for Code Changes to Upgrade from OpenSSL 1.0.2 to 3.0
Hi Matt,
Thanks for the help. I need get SSL members (ssl->session , ssl->ctx
, ssl->references) and set SSL member (ssl->tlsext_ocsp_resp).
Please let me know the Openssl 3.0 API's for the same.
Thanks and Regards,
Sunil
-Original Message-
From: Matt Caswell
Sent: Monday, October 25, 2021 3:03 PM
To: Paramashivaiah, Sunil ;
openssl-users@openssl.org
Cc: Kumar Mishra, Sanjeev
Subject: Re: [EXTERNAL] Re: Need Help for Code Changes to Upgrade from OpenSSL
1.0.2 to 3.0
Caveat: I've not tested or compiled the following...but something like this:
if (EVP_PKEY_is_a(evpKey, "RSA)) {
keysz = EVP_PKEY_get_bits(evpKey) / 8;
/* some code */
} else if (EVP_PKEY_is_a(evpKey, "EC")) {
char *name;
size_t namesize;
if (!EVP_PKEY_get_utf8_string_param(pkey,
OSSL_PKEY_PARAM_GROUP_NAME,
NULL, 0, &namesize))
/* error */;
name = OPENSSL_malloc(namesize + 1);
if (name == NULL)
/* error */
if (!EVP_PKEY_get_utf8_string_param(pkey,
OSSL_PKEY_PARAM_GROUP_NAME,
name, namesize + 1, 0))
/* error */
/* This gets you the curve name as a string. If you really need as
* an integer you can additionally do the following - but note that
* some providers might add curves that libcrypto doesn't know about
* so this could fail
*/
ecGrpId = OBJ_txt2nid(name);
if (ecGrpId == NID_undef)
/* error */;
OPENSSL_free(name);
/* some code */
}
On 25/10/2021 10:21, Paramashivaiah, Sunil wrote:
> Hi Matt,
>
> Thanks for the reply. I need to replace the below code.
>
>int keysz,ecGrpId;
>
> switch(evpKey->type)
> {
> case NID_rsaEncryption:
> {
> if(evpKey->pkey.rsa)
> {
> keysz = BN_num_bits(evpKey->pkey.rsa->n);
> .
> .
> /* some code */
> }
> break;
> }
> case NID_X9_62_id_ecPublicKey:
> {
> ecGrpId =
> EC_GROUP_get_curve_name(evpKey->pkey.ec->group);
> /* some code follows*/
>
> Thanks and Regards,
> Sunil
>
> -Original Message-----
> From: Matt Caswell
> Sent: Monday, October 25, 2021 2:23 PM
> To: Paramashivaiah, Sunil ;
> openssl-users@openssl.org
> Subject: [EXTERNAL] Re: Need Help for Code Changes to Upgrade from
> OpenSSL 1.0.2 to 3.0
>
>
>
> On 25/10/2021 05:45, Paramashivaiah, Sunil wrote:
>> Hi All,
>>
>> I need get APIs for accessing the members of EVP_PKEY.
>> Please suggest APIs to get following members of EVP_PKEY
>>
>> evpkey->type , evpkey->pkey.rsa , pubKey->pkey.ec->group.
>
> EVP_PKEY_get_id() will get you the `evpkey->type` value. But note that in the
> provider world an external provider could add key types that are unknown to
> libcrypto. "EVP_PKEY_is_a" is a more future proof way to go.
>
> https://clicktime.symantec.com/3TPr6AZe5xYBkrduooQtHHv6H2?u=https%3A%2
> F%2Fwww.openssl.org%2Fdocs%2Fman3.0%2Fman3%2FEVP_PKEY_is_a.html
>
> E.g.
>
> if (EVP_PKEY_is_a(pkey, "RSA")) ...;
> if (EVP_PKEY_is_a(pkey, "EC")) ...;
>
>
> The "evppkey->pkey.rsa" value can be obtained via EVP_PKEY_get0_RSA()
> but note that this is deprecated. You are encouraged to not use the
> RSA structure at all in 3.0 (all the functions that take an RSA
> structure are deprecated). So you should look at what you are trying
> to do with
> evpkey->pkey.rsa and refactor things to not need it. Why do you want this?
>
> Similar comments apply to "pubkey->pkey.ec". You can get the EC_KEY object
> using EVP_PKEY_get0_EC_KEY() but this is deprecated. You can get the group
> from an EC_KEY using EC_KEY_get0_group() - but this is also deprecated.
> Instead you might consider getting the "group name" for the EC key which will
> tell you what curve is in use, e.g.
>
> EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME,
> NULL, 0, &namesize); name =
> OPENSSL_malloc(namesize + 1); EVP_PKEY_get_utf8_string_param(pkey,
> OSSL_PKEY_PARAM_GROUP_NAME,
> name, namesize + 1, 0);
>
> https://clicktime.symantec.com/36qEeyKryNCZ32uxNgfFe4p6H2?u=https%3
Re: [EXTERNAL] Re: Need Help for Code Changes to Upgrade from OpenSSL 1.0.2 to 3.0
Caveat: I've not tested or compiled the following...but something like this:
if (EVP_PKEY_is_a(evpKey, "RSA)) {
keysz = EVP_PKEY_get_bits(evpKey) / 8;
/* some code */
} else if (EVP_PKEY_is_a(evpKey, "EC")) {
char *name;
size_t namesize;
if (!EVP_PKEY_get_utf8_string_param(pkey,
OSSL_PKEY_PARAM_GROUP_NAME,
NULL, 0, &namesize))
/* error */;
name = OPENSSL_malloc(namesize + 1);
if (name == NULL)
/* error */
if (!EVP_PKEY_get_utf8_string_param(pkey,
OSSL_PKEY_PARAM_GROUP_NAME,
name, namesize + 1, 0))
/* error */
/* This gets you the curve name as a string. If you really need as
* an integer you can additionally do the following - but note that
* some providers might add curves that libcrypto doesn't know about
* so this could fail
*/
ecGrpId = OBJ_txt2nid(name);
if (ecGrpId == NID_undef)
/* error */;
OPENSSL_free(name);
/* some code */
}
On 25/10/2021 10:21, Paramashivaiah, Sunil wrote:
Hi Matt,
Thanks for the reply. I need to replace the below code.
int keysz,ecGrpId;
switch(evpKey->type)
{
case NID_rsaEncryption:
{
if(evpKey->pkey.rsa)
{
keysz = BN_num_bits(evpKey->pkey.rsa->n);
.
.
/* some code */
}
break;
}
case NID_X9_62_id_ecPublicKey:
{
ecGrpId = EC_GROUP_get_curve_name(evpKey->pkey.ec->group);
/* some code follows*/
Thanks and Regards,
Sunil
-Original Message-
From: Matt Caswell
Sent: Monday, October 25, 2021 2:23 PM
To: Paramashivaiah, Sunil ;
openssl-users@openssl.org
Subject: [EXTERNAL] Re: Need Help for Code Changes to Upgrade from OpenSSL
1.0.2 to 3.0
On 25/10/2021 05:45, Paramashivaiah, Sunil wrote:
Hi All,
I need get APIs for accessing the members of EVP_PKEY.
Please suggest APIs to get following members of EVP_PKEY
evpkey->type , evpkey->pkey.rsa , pubKey->pkey.ec->group.
EVP_PKEY_get_id() will get you the `evpkey->type` value. But note that in the provider
world an external provider could add key types that are unknown to libcrypto.
"EVP_PKEY_is_a" is a more future proof way to go.
https://clicktime.symantec.com/3TPr6AZe5xYBkrduooQtHHv6H2?u=https%3A%2F%2Fwww.openssl.org%2Fdocs%2Fman3.0%2Fman3%2FEVP_PKEY_is_a.html
E.g.
if (EVP_PKEY_is_a(pkey, "RSA")) ...;
if (EVP_PKEY_is_a(pkey, "EC")) ...;
The "evppkey->pkey.rsa" value can be obtained via EVP_PKEY_get0_RSA() but note
that this is deprecated. You are encouraged to not use the RSA structure at all in 3.0 (all
the functions that take an RSA structure are deprecated). So you should look at what you are
trying to do with
evpkey->pkey.rsa and refactor things to not need it. Why do you want this?
Similar comments apply to "pubkey->pkey.ec". You can get the EC_KEY object using
EVP_PKEY_get0_EC_KEY() but this is deprecated. You can get the group from an EC_KEY using
EC_KEY_get0_group() - but this is also deprecated. Instead you might consider getting the "group
name" for the EC key which will tell you what curve is in use, e.g.
EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME,
NULL, 0, &namesize); name =
OPENSSL_malloc(namesize + 1); EVP_PKEY_get_utf8_string_param(pkey,
OSSL_PKEY_PARAM_GROUP_NAME,
name, namesize + 1, 0);
https://clicktime.symantec.com/36qEeyKryNCZ32uxNgfFe4p6H2?u=https%3A%2F%2Fwww.openssl.org%2Fdocs%2Fman3.0%2Fman3%2FEVP_PKEY_get_utf8_string_param.html
Matt
Thanks and Regards,
Sunil
Notice: This e-mail together with any attachments may contain
information of Ribbon Communications Inc. and its Affiliates that is
confidential and/or proprietary for the sole use of the intended
recipient. Any review, disclosure, reliance or distribution by others
or forwarding without express permission is strictly prohibited. If
you are not the intended recipient, please notify the sender
immediately and then delete all copies, including any attachments.
Notice: This e-mail together with any attachments may contain information of
Ribbon Communications Inc. and its Affiliates that is confidential and/or
proprietary for the sole use of the intended recipient. Any review, disclosure,
reliance or distribution by others or forwarding without express permission is
strictly prohibited. If you are not the intended recipient, please notify the
sender immediately and then delete all copies, including any attachments.
RE: [EXTERNAL] Re: Need Help for Code Changes to Upgrade from OpenSSL 1.0.2 to 3.0
Hi Matt,
Thanks for the reply. I need to replace the below code.
int keysz,ecGrpId;
switch(evpKey->type)
{
case NID_rsaEncryption:
{
if(evpKey->pkey.rsa)
{
keysz = BN_num_bits(evpKey->pkey.rsa->n);
.
.
/* some code */
}
break;
}
case NID_X9_62_id_ecPublicKey:
{
ecGrpId = EC_GROUP_get_curve_name(evpKey->pkey.ec->group);
/* some code follows*/
Thanks and Regards,
Sunil
-Original Message-
From: Matt Caswell
Sent: Monday, October 25, 2021 2:23 PM
To: Paramashivaiah, Sunil ;
openssl-users@openssl.org
Subject: [EXTERNAL] Re: Need Help for Code Changes to Upgrade from OpenSSL
1.0.2 to 3.0
On 25/10/2021 05:45, Paramashivaiah, Sunil wrote:
> Hi All,
>
> I need get APIs for accessing the members of EVP_PKEY.
> Please suggest APIs to get following members of EVP_PKEY
>
> evpkey->type , evpkey->pkey.rsa , pubKey->pkey.ec->group.
EVP_PKEY_get_id() will get you the `evpkey->type` value. But note that in the
provider world an external provider could add key types that are unknown to
libcrypto. "EVP_PKEY_is_a" is a more future proof way to go.
https://clicktime.symantec.com/3TPr6AZe5xYBkrduooQtHHv6H2?u=https%3A%2F%2Fwww.openssl.org%2Fdocs%2Fman3.0%2Fman3%2FEVP_PKEY_is_a.html
E.g.
if (EVP_PKEY_is_a(pkey, "RSA")) ...;
if (EVP_PKEY_is_a(pkey, "EC")) ...;
The "evppkey->pkey.rsa" value can be obtained via EVP_PKEY_get0_RSA() but note
that this is deprecated. You are encouraged to not use the RSA structure at all
in 3.0 (all the functions that take an RSA structure are deprecated). So you
should look at what you are trying to do with
evpkey->pkey.rsa and refactor things to not need it. Why do you want this?
Similar comments apply to "pubkey->pkey.ec". You can get the EC_KEY object
using EVP_PKEY_get0_EC_KEY() but this is deprecated. You can get the group from
an EC_KEY using EC_KEY_get0_group() - but this is also deprecated. Instead you
might consider getting the "group name" for the EC key which will tell you what
curve is in use, e.g.
EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME,
NULL, 0, &namesize); name =
OPENSSL_malloc(namesize + 1); EVP_PKEY_get_utf8_string_param(pkey,
OSSL_PKEY_PARAM_GROUP_NAME,
name, namesize + 1, 0);
https://clicktime.symantec.com/36qEeyKryNCZ32uxNgfFe4p6H2?u=https%3A%2F%2Fwww.openssl.org%2Fdocs%2Fman3.0%2Fman3%2FEVP_PKEY_get_utf8_string_param.html
Matt
>
> Thanks and Regards,
>
> Sunil
>
>
> Notice: This e-mail together with any attachments may contain
> information of Ribbon Communications Inc. and its Affiliates that is
> confidential and/or proprietary for the sole use of the intended
> recipient. Any review, disclosure, reliance or distribution by others
> or forwarding without express permission is strictly prohibited. If
> you are not the intended recipient, please notify the sender
> immediately and then delete all copies, including any attachments.
Notice: This e-mail together with any attachments may contain information of
Ribbon Communications Inc. and its Affiliates that is confidential and/or
proprietary for the sole use of the intended recipient. Any review, disclosure,
reliance or distribution by others or forwarding without express permission is
strictly prohibited. If you are not the intended recipient, please notify the
sender immediately and then delete all copies, including any attachments.
Re: Need Help for Code Changes to Upgrade from OpenSSL 1.0.2 to 3.0
On 25/10/2021 05:45, Paramashivaiah, Sunil wrote: Hi All, I need get APIs for accessing the members of EVP_PKEY. Please suggest APIs to get following members of EVP_PKEY evpkey->type , evpkey->pkey.rsa , pubKey->pkey.ec->group. EVP_PKEY_get_id() will get you the `evpkey->type` value. But note that in the provider world an external provider could add key types that are unknown to libcrypto. "EVP_PKEY_is_a" is a more future proof way to go. https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_is_a.html E.g. if (EVP_PKEY_is_a(pkey, "RSA")) ...; if (EVP_PKEY_is_a(pkey, "EC")) ...; The "evppkey->pkey.rsa" value can be obtained via EVP_PKEY_get0_RSA() but note that this is deprecated. You are encouraged to not use the RSA structure at all in 3.0 (all the functions that take an RSA structure are deprecated). So you should look at what you are trying to do with evpkey->pkey.rsa and refactor things to not need it. Why do you want this? Similar comments apply to "pubkey->pkey.ec". You can get the EC_KEY object using EVP_PKEY_get0_EC_KEY() but this is deprecated. You can get the group from an EC_KEY using EC_KEY_get0_group() - but this is also deprecated. Instead you might consider getting the "group name" for the EC key which will tell you what curve is in use, e.g. EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0, &namesize); name = OPENSSL_malloc(namesize + 1); EVP_PKEY_get_utf8_string_param(pkey, OSSL_PKEY_PARAM_GROUP_NAME, name, namesize + 1, 0); https://www.openssl.org/docs/man3.0/man3/EVP_PKEY_get_utf8_string_param.html Matt Thanks and Regards, Sunil Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. and its Affiliates that is confidential and/or proprietary for the sole use of the intended recipient. Any review, disclosure, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please notify the sender immediately and then delete all copies, including any attachments.
Need Help for Code Changes to Upgrade from OpenSSL 1.0.2 to 3.0
Hi All, I need get APIs for accessing the members of EVP_PKEY. Please suggest APIs to get following members of EVP_PKEY evpkey->type , evpkey->pkey.rsa , pubKey->pkey.ec->group. Thanks and Regards, Sunil Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. and its Affiliates that is confidential and/or proprietary for the sole use of the intended recipient. Any review, disclosure, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please notify the sender immediately and then delete all copies, including any attachments.
RE: Need Help for Code Changes to Upgrade from OpenSSL 1.0.2 to 3.0
Here are my notes from when we did this project a couple of years ago. It does not match your code exactly, but maybe it helps. -Tom ### ALL ### Follow the porting instructions here: https://wiki.tizen.org/Security/Tizen_5.X_Migration_from_OpenSSL_1.0.2_to_OpenSSL_1.1.1_guide Especially the section "EVP_CIPHER_CTX became opaque". The changes here will match changes for most classes in OpenSSL. Most notable: Declaration: - EVP_CIPHER_CTX evp; + EVP_CIPHER_CTX *evp; Initialization & cleanup: - EVP_CIPHER_CTX_init(&evp); + evp = EVP_CIPHER_CTX_new(); + EVP_CIPHER_CTX_free(evp); /* do not forget to free after usage or error */ Function calling: - EVP_CipherInit(&evp, EVP_des_cbc(), k1, NULL, enc); + EVP_CipherInit(evp, EVP_des_cbc(), k1, NULL, enc); Note the change to using a pointer instead of directly. For encoding/decoding, the init() step is still needed. -EVP_EncodeInit(&m_evpCtx); +m_evpCtx = EVP_ENCODE_CTX_new(); +EVP_EncodeInit(m_evpCtx); More changes: X509_EXTENSION *ext = X509_get_ext(peer, i); const unsigned char *data; - data = ext->value->data; + data = ASN1_STRING_get0_data(X509_EXTENSION_get_data(ext)); - ext_data = meth->d2i(NULL, &data, ext->value->length); + ext_data = meth->d2i(NULL, &data, ASN1_STRING_length(X509_EXTENSION_get_data(ext))); xmlsec.h(99): warning C4005: 'XMLSEC_CRYPTO': macro redefinition /** * XMLSEC_CRYPTO: * * Macro. Deprecated. Defined for backward compatibility only. Do not use * in your code and use xmlSecGetDefaultCrypto() function instead. * * Returns the default crypto engine. */ #define XMLSEC_CRYPTO (xmlSecGetDefaultCrypto()) ### WINDOWS ### ws2_32.lib will need to replace wsock32.lib when linking, or be added to link if not there. ZLIB_WINAPI may be defined with some OSS (like curl), this causes link errors and should be removed. ### LINUX ### Linux will likely need to link with -lpthread Some apps may need -lrt From: openssl-users On Behalf Of Paramashivaiah, Sunil Sent: Thursday, October 21, 2021 2:49 AM To: openssl-users@openssl.org Subject: Need Help for Code Changes to Upgrade from OpenSSL 1.0.2 to 3.0 Hi All, Please let me know how I can replace the below 1.0.2 code to 3.0 SSL_SESSION data; SSL_SESSION *ret=NULL; data.ssl_version = sessVersion; data.session_id_length= sessIdLen; memcpy(data.session_id, sessId, sessIdLen); CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); ret= (SSL_SESSION *)lh_retrieve((_LHASH *)sslCtx->sessions, &data); CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); Thanks and Regards, Sunil Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. and its Affiliates that is confidential and/or proprietary for the sole use of the intended recipient. Any review, disclosure, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please notify the sender immediately and then delete all copies, including any attachments.
Re: Need Help for Code Changes to Upgrade from OpenSSL 1.0.2 to 3.0
On 21/10/2021 09:48, Paramashivaiah, Sunil wrote: Hi All, Please let me know how I can replace the below 1.0.2 code to 3.0 * SSL_SESSION data;* * SSL_SESSION *ret=NULL;* ** * data.ssl_version = sessVersion;* * data.session_id_length= sessIdLen;* ** * memcpy(data.session_id, sessId, sessIdLen);* * CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);* ** * ret= (SSL_SESSION *)lh_retrieve((_LHASH *)sslCtx->sessions, &data);* ** * CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);* I don't think this is currently possible (at least not easily). There is no way to access the session hash lock at the moment. There *is* a way to get hold of the session hash itself using SSL_CTX_sessions(). That's not particularly useful, because without access to the lock you would have to do your own locking to ensure that no libssl functions were being called by other threads at the same time as the retrieval from the hash. Also we don't expose the function lh_SSL_SESSION_retrieve() which is what we use internally for retrieving out of the session hash (this is actually possibly a bug) - although you could use the type generic OPENSSL_LH_retrieve function (lh_retrieve in your code above is just a macro for OPENSSL_LH_retrieve in 3.0) If your objective is simply to determine whether such a hash entry exists or not then you could instead use SSL_has_matching_session_id(): https://www.openssl.org/docs/man3.0/man3/SSL_has_matching_session_id.html Matt
Need Help for Code Changes to Upgrade from OpenSSL 1.0.2 to 3.0
Hi All, Please let me know how I can replace the below 1.0.2 code to 3.0 SSL_SESSION data; SSL_SESSION *ret=NULL; data.ssl_version = sessVersion; data.session_id_length= sessIdLen; memcpy(data.session_id, sessId, sessIdLen); CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); ret= (SSL_SESSION *)lh_retrieve((_LHASH *)sslCtx->sessions, &data); CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); Thanks and Regards, Sunil Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. and its Affiliates that is confidential and/or proprietary for the sole use of the intended recipient. Any review, disclosure, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please notify the sender immediately and then delete all copies, including any attachments.
