堆栈内存溢出
  简体   繁体   English

OpenSSL自定义扩展回调函数

[英]Openssl custom extension callback functions

 原文  2018-12-12 11:41:19       c/ ssl/ openssl/ network-programming/ tls1.2

问题描述

I am creating a custom extension using the OpenSSL custom extension API. 我正在使用OpenSSL自定义扩展API创建自定义扩展。

The functions SSL_CTX_add_client_custom_ext and SSL_CTX_custom_ext return 1 ie success but the issue is there are certain callback functions which get called to operate on the data we need to add or parse. 函数SSL_CTX_add_client_custom_ext和SSL_CTX_custom_ext返回1,即成功,但问题是有某些回调函数被调用以对我们需要添加或解析的数据进行操作。 I added certain debug statements to find out whether they get called or not and I think they don't. 我添加了某些调试语句,以查明它们是否被调用,而我认为没有。 

static int old_add_cb(SSL *s, unsigned int ext_type, const unsigned 
char **out, size_t *outlen, int *al, void *add_arg) {

 printf("called!!");
     return 1;
}

static void old_free_cb(SSL *s, unsigned int ext_type, const unsigned 
char *out, void *add_arg) {

    printf("called!!");
    OPENSSL_free((unsigned char *)out);
}

static int old_parse_cb(SSL *s, unsigned int ext_type, const 
 unsigned char *in, size_t inlen, int *al, void *parse_arg) {

       printf("called!!");     
       return 1;
}

The SSL_CTX related code is: 与SSL_CTX相关的代码是: 

int main(int count, char *strings[]) {   

   SSL_CTX *ctx;
   int server;
   SSL *ssl;
   char buf[1024];
   int bytes;
   char *hostname, *portnum;

   if ( count != 3 ) {
    printf("usage: %s <hostname> <portnum>\n", strings[0]);
    exit(0);
           }

   SSL_library_init();

   hostname=strings[1];
   portnum=strings[2];

   ctx = InitCTX();
   int result = SSL_CTX_add_custom_ext(ctx, 1000, 
                            SSL_EXT_CLIENT_HELLO, old_add_cb, 
                          old_free_cb, NULL, old_parse_cb, 
                                                 NULL);
   printf("Extension Register %d", result);

   server = OpenConnection(hostname, atoi(portnum));
   ssl = SSL_new(ctx);      /* create new SSL connection state */
   SSL_set_fd(ssl, server);    /* attach the socket descriptor */

   if ( SSL_connect(ssl) == FAIL )   /* perform the connection */
       ERR_print_errors_fp(stderr);

  else {   char *msg = "Hello???";

    printf("Connected with %s encryption\n", SSL_get_cipher(ssl));
    ShowCerts(ssl);        /* get any certs */
    SSL_write(ssl, msg, strlen(msg));   /* encrypt & send message */
    bytes = SSL_read(ssl, buf, sizeof(buf)); /* get reply & decrypt */
    buf[bytes] = 0;
    printf("Received: \"%s\"\n", buf);
    SSL_free(ssl);        /* release connection state */
   }
  close(server);         /* close socket */
  SSL_CTX_free(ctx);        /* release context */
  return 0;
   }

The 'SSL_CTX_add_custom_ext' function returns 1 but the print statements in callback functions are not being executed. “ SSL_CTX_add_custom_ext”函数返回1,但未执行回调函数中的print语句。

1 个解决方案

解决方案1
 1  2019-05-15 08:43:38

From Openssl doc about SSL_extension_supported we can see the following statements: 有关SSL_extension_supported的Openssl文档中,我们可以看到以下语句:

For the ServerHello and EncryptedExtension messages every registered add_cb is called once if and only if the requirements of the specified context are met and the corresponding extension was received in the ClientHello. 对于ServerHello和EncryptedExtension消息,仅当满足指定上下文的要求并且在ClientHello中接收到相应的扩展名时,每个注册的add_cb才被调用一次。 That is, if no corresponding extension was received in the ClientHello then add_cb will not be called. 也就是说,如果ClientHello中未收到相应的扩展名,则不会调用add_cb。

I mean, the callbacks from both side(here is client and server) will execute only if server verify and accept the ClientHello which includes extensions. 我的意思是, 仅当服务器验证并接受包含扩展名的ClientHello时,才会执行双方(这里是客户端和服务器)的回调。 So you should add extension(here callback) to server like client to make sure callback to be executed. 因此,您应该向服务器(如客户端)添加扩展名(此处为回调),以确保要执行回调。 Here is my example: 这是我的示例: 

static int ext_add_cb(SSL *s, unsigned int ext_type,
                      const unsigned char **out,
                      size_t *outlen, int *al, void *add_arg)
{
    switch (ext_type) {
        case 65280:
            printf("ext_add_cb from client called!\n");
            break;

        default:
            break;
    }
    return 1;
}

static void ext_free_cb(SSL *s, unsigned int ext_type,
                        const unsigned char *out, void *add_arg)
{
    printf("ext_free_cb from client called\n");

}

static int ext_parse_cb(SSL *s, unsigned int ext_type,
                        const unsigned char *in,
                        size_t inlen, int *al, void *parse_arg)
{
    printf("ext_parse_cb from client called!\n");
    return 1;
}

server is similar to client. 服务器类似于客户端。 And then add register in main : 然后在main添加寄存器: 

    int result = SSL_CTX_add_client_custom_ext(ctx, 65280, ext_add_cb, ext_free_cb, NULL, ext_parse_cb, NULL);

Run server and then run client, I got this message: 运行服务器,然后运行客户端,我收到此消息: 

# server:
ext_parse_cb from server called!
ext_add_cb from server called!
ext_free_cb from server called!


# client:
ext_add_cb from client called!
ext_free_cb from client called
ext_parse_cb from client called!

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用OpenSSL将自定义扩展名添加到PKCS#10请求中(以编程方式) - Adding custom extension to PKCS#10 request using OpenSSL (programatically) OpenSSL定制开发 - OpenSSL custom development 从控制台命令到功能的OpenSSL - OpenSSL from console commands to functions 具有不同参数的回调函数 - Callback functions with different arguments ALooper 回调函数同步 - ALooper callback functions syncronization C中多个函数的回调 - Callback to multiple functions in C NanoPB 回调函数 - NanoPB Callback functions 在C中实现回调函数 - Implementing callback functions in C 在OpenSSL中使用HMAC与EVP功能 - Using HMAC vs EVP functions in OpenSSL 链接 OpenSSL 时未提及 BIO 功能 - No reference to BIO-functions when linking OpenSSL
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM