connection specific data in sign provider
Dr Paul Dale
pauli at openssl.org
Mon Nov 13 08:21:24 UTC 2023
Absolutely do not even consider doing a hack like this.
Never pass a pointer as an octet string.
Ever.
Pauli
On 13/11/23 19:08, Tomas Mraz wrote:
> You would have to pass the callback pointer as an octet string
> OSSL_PARAM set on the signature context. That would of course require
> patching libssl to set the pointer on the signature context when it is
> invoking the signature.
>
> The providers do not have direct reach to libssl or libcrypto data.
>
> Tomas Mraz, OpenSSL
>
> On Sat, 2023-11-11 at 12:48 +0000, boknamail via openssl-users wrote:
>> Hi all,
>>
>> I implemented an Openssl signature provider that shall offload the
>> signature into the user's code space via a callback that the user can
>> define.
>> During the TLS handshake I already get the function
>> OSSL_FUNC_signature_digest_sign invoked. Inside this function I want
>> to call the user defined callback.
>>
>> My current approach is to create a provider context containing an
>> empty callback, have the user get the provider context and set the
>> callback and inside OSSL_FUNC_signature_digest_sign_init copy the
>> callback from the provider context into the sign context.
>>
>> The disadvantage of this is, that the callback is global to the
>> provider.
>> I would rather want to have it connection specific.
>> Is there any way to handover data specific to the connection to the
>> sign functions?
>> I was thinking about adding the callback to the ex_data of the
>> SSL_CTX, but did not find a way to access the SSL_CTX or the SSL from
>> inside the signature function.
>>
>> Thanks!
>>
More information about the openssl-users
mailing list