Preferred way of passing user context void* inside SSL*

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Preferred way of passing user context void* inside SSL*

Johannes Bauer-2
Hi list,

yet another question. In my process with TLS13-PSK, I've noticed that
the PSK callback does not have a user-definable callback context value.
However, the callback is passed the SSL* which I created when the
session was established.

Is there a way for me to piggyback a void* inside the SSL structure so
that I can access it from within the callback?

I've noticed a couple of member variables that might be abused for this
purpose (async_cb_arg, allow_early_data_cb_data,
default_passwd_callback_userdata, msg_callback_arg) and think in my
usecase they hopefully should all be safe to use (I don't use async I/O,
no early data, no SRP, no msg callback) -- but is this the preferred way
to do it? I.e., hijack a different callback argument that isn't used?

Am I overlooking the supposed way of doing this? Or is this typically
done via global variables (which in my case I *really* would want to avoid)?

Cheers,
Johannes
Reply | Threaded
Open this post in threaded view
|

Re: Preferred way of passing user context void* inside SSL*

OpenSSL - User mailing list
>    Is there a way for me to piggyback a void* inside the SSL structure so
    that I can access it from within the callback?
 
Yes, you can use SSL_set_app_data and SSL_get_app_data which are documented in https://github.com/openssl/openssl/pull/10216 (and due to be merged to master soon)


Reply | Threaded
Open this post in threaded view
|

Re: Preferred way of passing user context void* inside SSL*

Johannes Bauer-2
On 23.10.19 15:21, Salz, Rich wrote:
>>    Is there a way for me to piggyback a void* inside the SSL structure so
>     that I can access it from within the callback?
>
> Yes, you can use SSL_set_app_data and SSL_get_app_data which are documented in https://github.com/openssl/openssl/pull/10216 (and due to be merged to master soon)

Ah, completely overlooked that!

Thanks, Rich, this scratches *exactly* my itch.

All the best,
Joe
Reply | Threaded
Open this post in threaded view
|

Re: Preferred way of passing user context void* inside SSL*

Viktor Dukhovni
In reply to this post by OpenSSL - User mailing list
On Wed, Oct 23, 2019 at 01:21:54PM +0000, Salz, Rich via openssl-users wrote:

> >    Is there a way for me to piggyback a void* inside the SSL structure so
>     that I can access it from within the callback?
>  
> Yes, you can use SSL_set_app_data and SSL_get_app_data which are documented
> in https://github.com/openssl/openssl/pull/10216 (and due to be merged to
> master soon)

If the data is needed by a *library* and not "the application",
then it is not appropriate to use index 0, which is reserved for
"the application".  In that case, the library needs to register its
own "ex data index".  Examples can be seen at:

1-time init:  https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_client.c#L353
Setter usage: https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_client.c#L977
Getter usage: https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_client.c#L255

--
        Viktor.