-
Notifications
You must be signed in to change notification settings - Fork 838
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The SSL structure in openssl 3.2.0 has been modified #464
Comments
OpenSSL 3.2 is a recently released version, quite new. As you mentioned, there are changes in the structure of the data. It requires eCapture adaptation. I will provide support for it soon. openssl 3.2是刚出的版本,比较新。正如你所说,存在结构体变化的情况。需要 eCapture 适配。 近期我来支持一下。 |
openssl 3.2.x does have a particularly big change, and I need to find a suitable HOOK function again, and I need to take some time. However, I started by supporting the 3.1.x version of openssl library |
在openssl 3.2.x里,如果是bio的结构体发生了变化,eCapture的 In OpenSSL 3.2.x, if the structure of the bio has changed, the |
* kern: support openssl 3.2.x , change ssl_st to ssl_connection_st, update more OFFSETS. * user: Added eBPF loader support for OpenSSL 3.2.0. * Optimized OpenSSL 3.2 offset generation scripts. * SSL_CONNECTION types of ssl_st are not supported at this time. feat: #464 Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
Support for |
kern/openssl.h
中有一段解析SSL*获取fd的代码,看起来一个是认为结构体大致以如下形式分布但是在openssl 3.2.0中,这个结构体直接大改,bio系列结构体都放进了一个
ssl_connection_st
的结构体,原ssl_st变为ssl_connection_st为
在调用时
ssl_st
使用宏SSL_CONNECTION_FROM_SSL
进行转换为ssl_connection_st
,因此对于新的openssl版本,需整体添加sizeof(struct ssl_st)+sizeof(int)
的偏移才能获取到rbio/wbio结构体以及,在
uprobe/SSL_write
中,读出ssl_wbio_addr
后,后续却是使用ssl_wbio_ptr
加上偏移去读取数据,是否有误?The text was updated successfully, but these errors were encountered: