Hi users, I sent this mail to the dev mailing list, but I had no response :(, so I thought I had sent it to the wrong ML. Here I try again...
I'm experimenting a little with TLS extensions: I managed to exchange
an extension between the client and the server, but I have few
questions.
First of all, must I write all the code for extension handling for each
new extension or is there any common way to handle generic extension?
I figured there was no such method, so I added all the code to handle my
extension.
I wrote a mini howto (attached here below); is there anyone who can
confirm me if it's the right way for adding my own extensions to
OpenSSL?
Are the extensions stores in the form of TLV? If yes, should I use the
functions s2n() and n2s() to write and read the values?
Many many thanks to anyone who will answer any of my questions.
-> Here starts the mini howto <-
Adding an extension to OpenSSL
--== 0 ==-- Requirements
OpenSSL 0.9.9
--== 1 ==-- Define the new extension
Edit the file ssl/tls1.h and define the extension type:
#define TLSEXT_TYPE_DV_myTest 46 /* 46 is by random...
any free number should go
See RFC 4366 for more
information */
Edit the file ssl/ssl.h and add new elements to ssl_st:
size_t tlsext_DV_myTest_length; /* Length of the extension */
unsigned char * tlsext_DV_myTest; /* Out new extension.
Later on it should be
allocated of size
tlsext_DV_myTest_length */
--== 2 ==-- Prepare che extension
Edit the file ssl/t1_lib.c and modify the function
int ssl_prepare_clienthello_tlsext
this function prepares the client hello. This should happend on the
client.
(...)
if (s->version == TLS1_VERSION) { /* We just test if we're
using TLS... otherwise
there should be no
extension.
It is possible that this
test is done somewhere
else into OpenSSL,
but I don't know. */
fprintf (stderr, "Preparing the extension to add to \
the client hello\n");
/* We allocate of the memory for the extension */
if ((s->tlsext_DV_myTest = OPENSSL_malloc(2)) == NULL) {
SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,
ERR_R_MALLOC_FAILURE);
return -1;
}
/* We set the size of the extension */
s->tlsext_DV_myTest_length = 2;
/* We put some test data into the extension */
s->tlsext_DV_myTest[0] = 0;
s->tlsext_DV_myTest[1] = 1;
}
(...)
In the same file modify the function
unsigned char *ssl_add_clienthello_tlsext
this function add the extensions to the client hello. This should happen
on the client.
(...)
/* Add this to the end of the function... see below */
if (s->tlsext_DV_test_ext != NULL) {
/* Add our TLS extension to the ClientHello message */
long lenmax; /* Max length of our extension */
/* Check for enough space...
lenmax must be > limit - ret - 4
1: type
1: lenght
2: extension
Not still sure if 4 must be hard coded or not...
*/
if ((lenmax = limit - ret - 4) < 0)
return NULL;
/* Not enough space for the extension */
/* We add the type of the extension to the client hello */
s2n(TLSEXT_TYPE_DV_myTest, ret);
/* We add the length of the extension to the client hello */
s2n(s->tlsext_DV_myTest_length,ret);
/* We copy the value of the extension in place */
memcpy(ret, s->tlsext_DV_myTest,
s->tlsext_DV_myTest_length);
/* We move forward ret so next extensions have space */
ret+=s->tlsext_DV_myTest_length;
}
/* From now on is OpenSSL code. Do not modify */
if ((extdatalen = ret-p-2)== 0) {
printf ("DV: (extdatalen = ret-p-2)== 0\n");
return p;
}
s2n(extdatalen,p);
return ret;
}
--== 3 ==-- Handle the extension on the server
Edit the file ssl/t1_lib.c and modify the function
int ssl_parse_clienthello_tlsext
this function parses the extensions present in the clienthello and
handle each
extension with the proper code. This should happend on the server.
(...)
else if (type == TLSEXT_TYPE_DV_myTest) {
/* Handling here the extension */
/* The following code is just a stub.
it should be replaced with proper code */
/* Got the extension */
fprintf(stderr, "Hi, I'm the server and \
I just received the test extension.\n");
fprintf(stderr,"Its type is %d and its size \
is %d\n", type, size);
/* type and size are provided by OpenSSL,
so we don't have to handle them */
/* handle the extension here */
}
(...)
--== Test ==--
In ssl/ run make
Go in test/ and run
./ssltest -tls1
we should see something like:
(...)
Received extension type 11 size 4
Received extension type 10 size 52
Received extension type 35 size 0
Received extension type 46 size 2
Hi, I'm the server and I just received the test extension.
Its type is 46 and its size is 4
(...)
-> Here ends the mini howto <-
Hope it may help someone and hope anyone may help me.
Regards.
--
Davide
smime.p7s
Description: S/MIME cryptographic signature
