Query related to SSL_CTX_set_msg_callback_arg

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Query related to SSL_CTX_set_msg_callback_arg

shalu dhamija
Hi All,
In openssl 1.0.2, I was using  SSL_CTX_set_msg_callback_arg() API to set the application specific argument. And in the callback, I was retrieving that argument from SSL pointer received in the callback e.g. "ssl->msg_callback_arg"
But in openssl1.1.1, the SSL structure members are no more accessible. And I did not find any API to get the msg_callback_arg back. Can someone please comment on this if there is any way to get the msg_callback_arg back in the callbacks from ssl pointer.

Regards,
Shalini Dhamija

Reply | Threaded
Open this post in threaded view
|

Re: Query related to SSL_CTX_set_msg_callback_arg

Jeremy Harris
On 09/06/2019 11:31, shalu dhamija wrote:
> Hi All,In openssl 1.0.2, I was using  SSL_CTX_set_msg_callback_arg() API to set the application specific argument. And in the callback, I was retrieving that argument from SSL pointer received in the callback e.g. "ssl->msg_callback_arg"But in openssl1.1.1, the SSL structure members are no more accessible. And I did not find any API to get the msg_callback_arg back. Can someone please comment on this if there is any way to get the msg_callback_arg back in the callbacks from ssl pointer.

When the callback is called, the arg you set is given to the callback
function, as a function argument.  It's not intended as a general-
purpose data stash.

--
Cheers,
  Jeremy
Reply | Threaded
Open this post in threaded view
|

Re: Query related to SSL_CTX_set_msg_callback_arg

OpenSSL - User mailing list
Actually while setting the callback, we can not pass the user-defined/application data. For example: 
void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
                             int (*new_session_cb)(SSL *, SSL_SESSION *));

When the callback arrives, I have SSL* and SSL_SESSION*. Earlier I was getting it from the 'msg_callback_arg' of SSL pointer but in the openssl1.1.1, SSL structure is no longer accessible.


On Sunday, 9 June, 2019, 8:27:46 pm IST, Jeremy Harris <[hidden email]> wrote:


On 09/06/2019 11:31, shalu dhamija wrote:

> Hi All,In openssl 1.0.2, I was using  SSL_CTX_set_msg_callback_arg() API to set the application specific argument. And in the callback, I was retrieving that argument from SSL pointer received in the callback e.g. "ssl->msg_callback_arg"But in openssl1.1.1, the SSL structure members are no more accessible. And I did not find any API to get the msg_callback_arg back. Can someone please comment on this if there is any way to get the msg_callback_arg back in the callbacks from ssl pointer.


When the callback is called, the arg you set is given to the callback
function, as a function argument.  It's not intended as a general-
purpose data stash.

--
Cheers,
  Jeremy

Reply | Threaded
Open this post in threaded view
|

Re: Query related to SSL_CTX_set_msg_callback_arg

Viktor Dukhovni
On Mon, Jun 10, 2019 at 07:16:26AM +0000, shalu dhamija via openssl-users wrote:

>  Actually while setting the callback, we can not pass the user-defined/application data.

You can however attach it to the SSL connection handle as "ex_data":

    https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_misc.c#L300-L304
    https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_server.c#L395-L406
    https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_server.c#L812-L817

and retrieve it from the SSL handle as needed:

    https://github.com/vdukhovni/postfix/blob/master/postfix/src/tls/tls_server.c#L265

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: Query related to SSL_CTX_set_msg_callback_arg

Jeremy Harris
On 10/06/2019 09:32, Viktor Dukhovni wrote:
> On Mon, Jun 10, 2019 at 07:16:26AM +0000, shalu dhamija via openssl-users wrote:
>
>>  Actually while setting the callback, we can not pass the user-defined/application data.
>
> You can however attach it to the SSL connection handle as "ex_data":

I fail to see the point.  You don't need to pass the data, only a
pointer to the data.  Any time you set the callback, you can set
the callback-arg.  When the callback is called it is given the arg;
if the arg was a pointer you can deref to get the data... which could
have been manipulated as needed in the interim.

Using the ex_data facility is not needed.

--
Cheers,
  Jeremy
Reply | Threaded
Open this post in threaded view
|

Re: Query related to SSL_CTX_set_msg_callback_arg

J. J. Farrell-2
On 10/06/2019 11:05, Jeremy Harris wrote:
On 10/06/2019 09:32, Viktor Dukhovni wrote:
On Mon, Jun 10, 2019 at 07:16:26AM +0000, shalu dhamija via openssl-users wrote:

Actually while setting the callback, we can not pass the user-defined/application data.
You can however attach it to the SSL connection handle as "ex_data":
I fail to see the point.  You don't need to pass the data, only a
pointer to the data.

Well ... obviously ...

Any time you set the callback, you can set the callback-arg.

How? As Shalu quoted, the prototype of the call to set the callback is

void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
                              int (*new_session_cb)(SSL *, SSL_SESSION *));

How do we specify a user-defined callback data pointer in that call?

When the callback is called it is given the arg;

Where? According to the prototype which Shalu quoted the callback gets just a pointer to an SSL and a pointer to an SSL_SESSION; neither of those is a user-defined data pointer.

if the arg was a pointer you can deref to get the data... which could
have been manipulated as needed in the interim.

Using the ex_data facility is not needed.

I may be missing something, but I can't see any other way to do it.
-- 
J. J. Farrell
Not speaking for Oracle
Reply | Threaded
Open this post in threaded view
|

Re: Query related to SSL_CTX_set_msg_callback_arg

Jeremy Harris
On 10/06/2019 15:21, J. J. Farrell wrote:
> |void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(SSL *,
> SSL_SESSION *));|
>
>
> How do we specify a user-defined callback data pointer in that call?

You don't; you additionally use
  SSL_CTX_set_msg_callback_arg()
which the OP said he was already using.

--
Cheers,
  Jeremy
Reply | Threaded
Open this post in threaded view
|

Re: Query related to SSL_CTX_set_msg_callback_arg

Viktor Dukhovni
> On Jun 10, 2019, at 10:54 AM, Jeremy Harris <[hidden email]> wrote:
>
>> |void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(SSL *,
>> SSL_SESSION *));|
>>
>>
>> How do we specify a user-defined callback data pointer in that call?
>
> You don't; you additionally use
>  SSL_CTX_set_msg_callback_arg()
> which the OP said he was already using.

That was a different callback (upthread), the OP is now asking about
the new session callback, which has no explicit application argument.
Perhaps there should be a new "_ex" version that supports an argument,
but in the meantime applications that want an application context with
the new session callback have been using ex_data for the last decade
or two.

--
        Viktor.