Don't pass the async config data to async callbacks
The config data is in the SSL config, so callbacks can retrieve it from there, with the new function mbedtls_ssl_conf_get_async_config_data.
This commit is contained in:
Gilles Peskine
parent
e141638868
commit
8f97af7ea3
4 changed files with 42 additions and 44 deletions
|
|
@ -594,8 +594,6 @@ typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item;
|
|||
* from step 2, with `digestAlgorithm` obtained by calling
|
||||
* mbedtls_oid_get_oid_by_md() on \p md_alg.
|
||||
*
|
||||
* \param config_data The configuration data parameter passed to
|
||||
* mbedtls_ssl_conf_async_private_cb().
|
||||
* \param ssl The SSL connection instance. It should not be
|
||||
* modified other than via mbedtls_ssl_async_set_data().
|
||||
* \param cert Certificate containing the public key.
|
||||
|
|
@ -615,8 +613,7 @@ typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item;
|
|||
* \return Any other error indicates a fatal failure and is
|
||||
* propagated up the call chain.
|
||||
*/
|
||||
typedef int mbedtls_ssl_async_sign_t( void *config_data,
|
||||
mbedtls_ssl_context *ssl,
|
||||
typedef int mbedtls_ssl_async_sign_t( mbedtls_ssl_context *ssl,
|
||||
mbedtls_x509_crt *cert,
|
||||
mbedtls_md_type_t md_alg,
|
||||
const unsigned char *hash,
|
||||
|
|
@ -646,8 +643,6 @@ typedef int mbedtls_ssl_async_sign_t( void *config_data,
|
|||
* store an operation context for later retrieval
|
||||
* by the resume callback.
|
||||
*
|
||||
* \param config_data The configuration data parameter passed to
|
||||
* mbedtls_ssl_conf_async_private_cb().
|
||||
* \param ssl The SSL connection instance. It should not be
|
||||
* modified other than via mbedtls_ssl_async_set_data().
|
||||
* \param cert Certificate containing the public key.
|
||||
|
|
@ -666,8 +661,7 @@ typedef int mbedtls_ssl_async_sign_t( void *config_data,
|
|||
* \return Any other error indicates a fatal failure and is
|
||||
* propagated up the call chain.
|
||||
*/
|
||||
typedef int mbedtls_ssl_async_decrypt_t( void *config_data,
|
||||
mbedtls_ssl_context *ssl,
|
||||
typedef int mbedtls_ssl_async_decrypt_t( mbedtls_ssl_context *ssl,
|
||||
mbedtls_x509_crt *cert,
|
||||
const unsigned char *input,
|
||||
size_t input_len );
|
||||
|
|
@ -691,8 +685,6 @@ typedef int mbedtls_ssl_async_decrypt_t( void *config_data,
|
|||
* It may call mbedtls_ssl_async_set_data() to modify this
|
||||
* context.
|
||||
*
|
||||
* \param config_data The configuration data parameter passed to
|
||||
* mbedtls_ssl_conf_async_private_cb().
|
||||
* \param ssl The SSL connection instance. It should not be
|
||||
* modified other than via mbedtls_ssl_async_set_data().
|
||||
* \param output Buffer containing the output (signature or decrypted
|
||||
|
|
@ -709,8 +701,7 @@ typedef int mbedtls_ssl_async_decrypt_t( void *config_data,
|
|||
* \return Any other error means that the operation is aborted.
|
||||
* The SSL handshake is aborted.
|
||||
*/
|
||||
typedef int mbedtls_ssl_async_resume_t( void *config_data,
|
||||
mbedtls_ssl_context *ssl,
|
||||
typedef int mbedtls_ssl_async_resume_t( mbedtls_ssl_context *ssl,
|
||||
unsigned char *output,
|
||||
size_t *output_len,
|
||||
size_t output_size );
|
||||
|
|
@ -724,13 +715,10 @@ typedef int mbedtls_ssl_async_resume_t( void *config_data,
|
|||
* This function may call mbedtls_ssl_async_get_data() to
|
||||
* retrieve an operation context set by the start callback.
|
||||
*
|
||||
* \param config_data The configuration data parameter passed to
|
||||
* mbedtls_ssl_conf_async_private_cb().
|
||||
* \param ssl The SSL connection instance. It should not be
|
||||
* modified.
|
||||
*/
|
||||
typedef void mbedtls_ssl_async_cancel_t( void *config_data,
|
||||
mbedtls_ssl_context *ssl );
|
||||
typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl );
|
||||
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
||||
|
||||
/*
|
||||
|
|
@ -856,7 +844,7 @@ struct mbedtls_ssl_config
|
|||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
mbedtls_ssl_async_resume_t *f_async_resume; /*!< resume asynchronous operation */
|
||||
mbedtls_ssl_async_cancel_t *f_async_cancel; /*!< cancel asynchronous operation */
|
||||
void *p_async_config_data; /*!< Configuration data set by mbedtls_ssl_conf_async_private_cb() and passed to the callbacks. */
|
||||
void *p_async_config_data; /*!< Configuration data set by mbedtls_ssl_conf_async_private_cb(). */
|
||||
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
|
|
@ -1531,9 +1519,10 @@ void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf,
|
|||
* the description of ::mbedtls_ssl_async_cancel_t
|
||||
* for more information. This may be \c NULL if
|
||||
* no cleanup is needed.
|
||||
* \param config_data A pointer to configuration data which will be
|
||||
* passed to the callbacks. The library stores and
|
||||
* passes back this value without dereferencing it.
|
||||
* \param config_data A pointer to configuration data which can be
|
||||
* retrieved with
|
||||
* mbedtls_ssl_conf_get_async_config_data(). The
|
||||
* library stores this value without dereferencing it.
|
||||
*/
|
||||
void mbedtls_ssl_conf_async_private_cb( mbedtls_ssl_config *conf,
|
||||
mbedtls_ssl_async_sign_t *f_async_sign,
|
||||
|
|
@ -1542,6 +1531,16 @@ void mbedtls_ssl_conf_async_private_cb( mbedtls_ssl_config *conf,
|
|||
mbedtls_ssl_async_cancel_t *f_async_cancel,
|
||||
void *config_data );
|
||||
|
||||
/**
|
||||
* \brief Retrieve the configuration data set by
|
||||
* mbedtls_ssl_conf_async_private_cb().
|
||||
*
|
||||
* \param conf SSL configuration context
|
||||
* \return The configuration data set by
|
||||
* mbedtls_ssl_conf_async_private_cb().
|
||||
*/
|
||||
void *mbedtls_ssl_conf_get_async_config_data( const mbedtls_ssl_config *conf );
|
||||
|
||||
/**
|
||||
* \brief Retrieve the asynchronous operation user context.
|
||||
*
|
||||
|
|
@ -1555,7 +1554,7 @@ void mbedtls_ssl_conf_async_private_cb( mbedtls_ssl_config *conf,
|
|||
* has not been called during the current handshake yet,
|
||||
* this function returns \c NULL.
|
||||
*/
|
||||
void *mbedtls_ssl_async_get_data( mbedtls_ssl_context *ssl );
|
||||
void *mbedtls_ssl_async_get_data( const mbedtls_ssl_context *ssl );
|
||||
|
||||
/**
|
||||
* \brief Retrieve the asynchronous operation user context.
|
||||
|
|
|
|||
|
|
@ -2847,7 +2847,7 @@ static int ssl_resume_server_key_exchange( mbedtls_ssl_context *ssl,
|
|||
unsigned char *sig_start = ssl->out_msg + ssl->out_msglen + 2;
|
||||
size_t sig_max_len = ( ssl->out_buf + MBEDTLS_SSL_MAX_CONTENT_LEN
|
||||
- sig_start );
|
||||
int ret = ssl->conf->f_async_resume( ssl->conf->p_async_config_data, ssl,
|
||||
int ret = ssl->conf->f_async_resume( ssl,
|
||||
sig_start, signature_len, sig_max_len );
|
||||
if( ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS )
|
||||
{
|
||||
|
|
@ -3174,8 +3174,7 @@ curve_matching_done:
|
|||
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
||||
if( ssl->conf->f_async_sign_start != NULL )
|
||||
{
|
||||
ret = ssl->conf->f_async_sign_start( ssl->conf->p_async_config_data,
|
||||
ssl,
|
||||
ret = ssl->conf->f_async_sign_start( ssl,
|
||||
mbedtls_ssl_own_cert( ssl ),
|
||||
md_alg, hash, hashlen );
|
||||
switch( ret )
|
||||
|
|
@ -3402,7 +3401,7 @@ static int ssl_resume_decrypt_pms( mbedtls_ssl_context *ssl,
|
|||
size_t *peer_pmslen,
|
||||
size_t peer_pmssize )
|
||||
{
|
||||
int ret = ssl->conf->f_async_resume( ssl->conf->p_async_config_data, ssl,
|
||||
int ret = ssl->conf->f_async_resume( ssl,
|
||||
peer_pms, peer_pmslen, peer_pmssize );
|
||||
if( ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS )
|
||||
{
|
||||
|
|
@ -3465,8 +3464,7 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl,
|
|||
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
||||
if( ssl->conf->f_async_decrypt_start != NULL )
|
||||
{
|
||||
ret = ssl->conf->f_async_decrypt_start( ssl->conf->p_async_config_data,
|
||||
ssl,
|
||||
ret = ssl->conf->f_async_decrypt_start( ssl,
|
||||
mbedtls_ssl_own_cert( ssl ),
|
||||
p, len );
|
||||
switch( ret )
|
||||
|
|
|
|||
|
|
@ -6494,7 +6494,12 @@ void mbedtls_ssl_conf_async_private_cb(
|
|||
conf->p_async_config_data = async_config_data;
|
||||
}
|
||||
|
||||
void *mbedtls_ssl_async_get_data( mbedtls_ssl_context *ssl )
|
||||
void *mbedtls_ssl_conf_get_async_config_data( const mbedtls_ssl_config *conf )
|
||||
{
|
||||
return( conf->p_async_config_data );
|
||||
}
|
||||
|
||||
void *mbedtls_ssl_async_get_data( const mbedtls_ssl_context *ssl )
|
||||
{
|
||||
if( ssl->handshake == NULL )
|
||||
return( NULL );
|
||||
|
|
@ -7451,7 +7456,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
|
|||
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
||||
if( ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0 )
|
||||
{
|
||||
ssl->conf->f_async_cancel( ssl->conf->p_async_config_data, ssl );
|
||||
ssl->conf->f_async_cancel( ssl );
|
||||
handshake->async_in_progress = 0;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
||||
|
|
|
|||
|
|
@ -941,15 +941,15 @@ typedef struct
|
|||
unsigned remaining_delay;
|
||||
} ssl_async_operation_context_t;
|
||||
|
||||
static int ssl_async_start( void *config_data_arg,
|
||||
mbedtls_ssl_context *ssl,
|
||||
static int ssl_async_start( mbedtls_ssl_context *ssl,
|
||||
mbedtls_x509_crt *cert,
|
||||
ssl_async_operation_type_t op_type,
|
||||
mbedtls_md_type_t md_alg,
|
||||
const unsigned char *input,
|
||||
size_t input_len )
|
||||
{
|
||||
ssl_async_key_context_t *config_data = config_data_arg;
|
||||
ssl_async_key_context_t *config_data =
|
||||
mbedtls_ssl_conf_get_async_config_data( ssl->conf );
|
||||
size_t slot;
|
||||
ssl_async_operation_context_t *ctx = NULL;
|
||||
const char *op_name = ssl_async_operation_names[op_type];
|
||||
|
|
@ -1000,37 +1000,35 @@ static int ssl_async_start( void *config_data_arg,
|
|||
return( MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS );
|
||||
}
|
||||
|
||||
static int ssl_async_sign( void *config_data_arg,
|
||||
mbedtls_ssl_context *ssl,
|
||||
static int ssl_async_sign( mbedtls_ssl_context *ssl,
|
||||
mbedtls_x509_crt *cert,
|
||||
mbedtls_md_type_t md_alg,
|
||||
const unsigned char *hash,
|
||||
size_t hash_len )
|
||||
{
|
||||
return( ssl_async_start( config_data_arg, ssl, cert,
|
||||
return( ssl_async_start( ssl, cert,
|
||||
ASYNC_OP_SIGN, md_alg,
|
||||
hash, hash_len ) );
|
||||
}
|
||||
|
||||
static int ssl_async_decrypt( void *config_data_arg,
|
||||
mbedtls_ssl_context *ssl,
|
||||
static int ssl_async_decrypt( mbedtls_ssl_context *ssl,
|
||||
mbedtls_x509_crt *cert,
|
||||
const unsigned char *input,
|
||||
size_t input_len )
|
||||
{
|
||||
return( ssl_async_start( config_data_arg, ssl, cert,
|
||||
return( ssl_async_start( ssl, cert,
|
||||
ASYNC_OP_DECRYPT, MBEDTLS_MD_NONE,
|
||||
input, input_len ) );
|
||||
}
|
||||
|
||||
static int ssl_async_resume( void *config_data_arg,
|
||||
mbedtls_ssl_context *ssl,
|
||||
static int ssl_async_resume( mbedtls_ssl_context *ssl,
|
||||
unsigned char *output,
|
||||
size_t *output_len,
|
||||
size_t output_size )
|
||||
{
|
||||
ssl_async_operation_context_t *ctx = mbedtls_ssl_async_get_data( ssl );
|
||||
ssl_async_key_context_t *config_data = config_data_arg;
|
||||
ssl_async_key_context_t *config_data =
|
||||
mbedtls_ssl_conf_get_async_config_data( ssl->conf );
|
||||
ssl_async_key_slot_t *key_slot = &config_data->slots[ctx->slot];
|
||||
int ret;
|
||||
const char *op_name = NULL;
|
||||
|
|
@ -1080,11 +1078,9 @@ static int ssl_async_resume( void *config_data_arg,
|
|||
return( ret );
|
||||
}
|
||||
|
||||
static void ssl_async_cancel( void *config_data_arg,
|
||||
mbedtls_ssl_context *ssl )
|
||||
static void ssl_async_cancel( mbedtls_ssl_context *ssl )
|
||||
{
|
||||
ssl_async_operation_context_t *ctx = mbedtls_ssl_async_get_data( ssl );
|
||||
(void) config_data_arg;
|
||||
mbedtls_printf( "Async cancel callback.\n" );
|
||||
mbedtls_free( ctx );
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue