yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Don't pass the async config data to async callbacks

Browse source 
The config data is in the SSL config, so callbacks can retrieve it
from there, with the new function mbedtls_ssl_conf_get_async_config_data.
This commit is contained in:
Gilles Peskine 2018-04-26 11:46:10 +02:00
parent e141638868
commit 8f97af7ea3
4 changed files with 42 additions and 44 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

41
include/mbedtls/ssl.h
View file

@ -594,8 +594,6 @@ typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item;
* from step 2, with `digestAlgorithm` obtained by calling * from step 2, with `digestAlgorithm` obtained by calling
* mbedtls_oid_get_oid_by_md() on \p md_alg. * mbedtls_oid_get_oid_by_md() on \p md_alg.
* *
* \param config_data The configuration data parameter passed to
* mbedtls_ssl_conf_async_private_cb().
* \param ssl The SSL connection instance. It should not be * \param ssl The SSL connection instance. It should not be
* modified other than via mbedtls_ssl_async_set_data(). * modified other than via mbedtls_ssl_async_set_data().
* \param cert Certificate containing the public key. * \param cert Certificate containing the public key.
@ -615,8 +613,7 @@ typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item;
* \return Any other error indicates a fatal failure and is * \return Any other error indicates a fatal failure and is
* propagated up the call chain. * propagated up the call chain.
*/ */
typedef int mbedtls_ssl_async_sign_t( void *config_data, typedef int mbedtls_ssl_async_sign_t( mbedtls_ssl_context *ssl,
mbedtls_ssl_context *ssl,
mbedtls_x509_crt *cert, mbedtls_x509_crt *cert,
mbedtls_md_type_t md_alg, mbedtls_md_type_t md_alg,
const unsigned char *hash, const unsigned char *hash,
@ -646,8 +643,6 @@ typedef int mbedtls_ssl_async_sign_t( void *config_data,
* store an operation context for later retrieval * store an operation context for later retrieval
* by the resume callback. * by the resume callback.
* *
* \param config_data The configuration data parameter passed to
* mbedtls_ssl_conf_async_private_cb().
* \param ssl The SSL connection instance. It should not be * \param ssl The SSL connection instance. It should not be
* modified other than via mbedtls_ssl_async_set_data(). * modified other than via mbedtls_ssl_async_set_data().
* \param cert Certificate containing the public key. * \param cert Certificate containing the public key.
@ -666,8 +661,7 @@ typedef int mbedtls_ssl_async_sign_t( void *config_data,
* \return Any other error indicates a fatal failure and is * \return Any other error indicates a fatal failure and is
* propagated up the call chain. * propagated up the call chain.
*/ */
typedef int mbedtls_ssl_async_decrypt_t( void *config_data, typedef int mbedtls_ssl_async_decrypt_t( mbedtls_ssl_context *ssl,
mbedtls_ssl_context *ssl,
mbedtls_x509_crt *cert, mbedtls_x509_crt *cert,
const unsigned char *input, const unsigned char *input,
size_t input_len ); size_t input_len );
@ -691,8 +685,6 @@ typedef int mbedtls_ssl_async_decrypt_t( void *config_data,
* It may call mbedtls_ssl_async_set_data() to modify this * It may call mbedtls_ssl_async_set_data() to modify this
* context. * context.
* *
* \param config_data The configuration data parameter passed to
* mbedtls_ssl_conf_async_private_cb().
* \param ssl The SSL connection instance. It should not be * \param ssl The SSL connection instance. It should not be
* modified other than via mbedtls_ssl_async_set_data(). * modified other than via mbedtls_ssl_async_set_data().
* \param output Buffer containing the output (signature or decrypted * \param output Buffer containing the output (signature or decrypted
@ -709,8 +701,7 @@ typedef int mbedtls_ssl_async_decrypt_t( void *config_data,
* \return Any other error means that the operation is aborted. * \return Any other error means that the operation is aborted.
* The SSL handshake is aborted. * The SSL handshake is aborted.
*/ */
typedef int mbedtls_ssl_async_resume_t( void *config_data, typedef int mbedtls_ssl_async_resume_t( mbedtls_ssl_context *ssl,
mbedtls_ssl_context *ssl,
unsigned char *output, unsigned char *output,
size_t *output_len, size_t *output_len,
size_t output_size ); size_t output_size );
@ -724,13 +715,10 @@ typedef int mbedtls_ssl_async_resume_t( void *config_data,
* This function may call mbedtls_ssl_async_get_data() to * This function may call mbedtls_ssl_async_get_data() to
* retrieve an operation context set by the start callback. * retrieve an operation context set by the start callback.
* *
* \param config_data The configuration data parameter passed to
* mbedtls_ssl_conf_async_private_cb().
* \param ssl The SSL connection instance. It should not be * \param ssl The SSL connection instance. It should not be
* modified. * modified.
*/ */
typedef void mbedtls_ssl_async_cancel_t( void *config_data, typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl );
mbedtls_ssl_context *ssl );
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
/* /*
@ -856,7 +844,7 @@ struct mbedtls_ssl_config
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
mbedtls_ssl_async_resume_t *f_async_resume; /*!< resume asynchronous operation */ mbedtls_ssl_async_resume_t *f_async_resume; /*!< resume asynchronous operation */
mbedtls_ssl_async_cancel_t *f_async_cancel; /*!< cancel asynchronous operation */ mbedtls_ssl_async_cancel_t *f_async_cancel; /*!< cancel asynchronous operation */
void *p_async_config_data; /*!< Configuration data set by mbedtls_ssl_conf_async_private_cb() and passed to the callbacks. */ void *p_async_config_data; /*!< Configuration data set by mbedtls_ssl_conf_async_private_cb(). */
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
@ -1531,9 +1519,10 @@ void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf,
* the description of ::mbedtls_ssl_async_cancel_t * the description of ::mbedtls_ssl_async_cancel_t
* for more information. This may be \c NULL if * for more information. This may be \c NULL if
* no cleanup is needed. * no cleanup is needed.
* \param config_data A pointer to configuration data which will be * \param config_data A pointer to configuration data which can be
* passed to the callbacks. The library stores and * retrieved with
* passes back this value without dereferencing it. * mbedtls_ssl_conf_get_async_config_data(). The
* library stores this value without dereferencing it.
*/ */
void mbedtls_ssl_conf_async_private_cb( mbedtls_ssl_config *conf, void mbedtls_ssl_conf_async_private_cb( mbedtls_ssl_config *conf,
mbedtls_ssl_async_sign_t *f_async_sign, mbedtls_ssl_async_sign_t *f_async_sign,
@ -1542,6 +1531,16 @@ void mbedtls_ssl_conf_async_private_cb( mbedtls_ssl_config *conf,
mbedtls_ssl_async_cancel_t *f_async_cancel, mbedtls_ssl_async_cancel_t *f_async_cancel,
void *config_data ); void *config_data );
/**
* \brief Retrieve the configuration data set by
* mbedtls_ssl_conf_async_private_cb().
*
* \param conf SSL configuration context
* \return The configuration data set by
* mbedtls_ssl_conf_async_private_cb().
*/
void *mbedtls_ssl_conf_get_async_config_data( const mbedtls_ssl_config *conf );
/** /**
* \brief Retrieve the asynchronous operation user context. * \brief Retrieve the asynchronous operation user context.
* *
@ -1555,7 +1554,7 @@ void mbedtls_ssl_conf_async_private_cb( mbedtls_ssl_config *conf,
* has not been called during the current handshake yet, * has not been called during the current handshake yet,
* this function returns \c NULL. * this function returns \c NULL.
*/ */
void *mbedtls_ssl_async_get_data( mbedtls_ssl_context *ssl ); void *mbedtls_ssl_async_get_data( const mbedtls_ssl_context *ssl );
/** /**
* \brief Retrieve the asynchronous operation user context. * \brief Retrieve the asynchronous operation user context.

10
library/ssl_srv.c
View file

@ -2847,7 +2847,7 @@ static int ssl_resume_server_key_exchange( mbedtls_ssl_context *ssl,
unsigned char *sig_start = ssl->out_msg + ssl->out_msglen + 2; unsigned char *sig_start = ssl->out_msg + ssl->out_msglen + 2;
size_t sig_max_len = ( ssl->out_buf + MBEDTLS_SSL_MAX_CONTENT_LEN size_t sig_max_len = ( ssl->out_buf + MBEDTLS_SSL_MAX_CONTENT_LEN
- sig_start ); - sig_start );
int ret = ssl->conf->f_async_resume( ssl->conf->p_async_config_data, ssl, int ret = ssl->conf->f_async_resume( ssl,
sig_start, signature_len, sig_max_len ); sig_start, signature_len, sig_max_len );
if( ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS ) if( ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS )
{ {
@ -3174,8 +3174,7 @@ curve_matching_done:
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if( ssl->conf->f_async_sign_start != NULL ) if( ssl->conf->f_async_sign_start != NULL )
{ {
ret = ssl->conf->f_async_sign_start( ssl->conf->p_async_config_data, ret = ssl->conf->f_async_sign_start( ssl,
ssl,
mbedtls_ssl_own_cert( ssl ), mbedtls_ssl_own_cert( ssl ),
md_alg, hash, hashlen ); md_alg, hash, hashlen );
switch( ret ) switch( ret )
@ -3402,7 +3401,7 @@ static int ssl_resume_decrypt_pms( mbedtls_ssl_context *ssl,
size_t *peer_pmslen, size_t *peer_pmslen,
size_t peer_pmssize ) size_t peer_pmssize )
{ {
int ret = ssl->conf->f_async_resume( ssl->conf->p_async_config_data, ssl, int ret = ssl->conf->f_async_resume( ssl,
peer_pms, peer_pmslen, peer_pmssize ); peer_pms, peer_pmslen, peer_pmssize );
if( ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS ) if( ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS )
{ {
@ -3465,8 +3464,7 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if( ssl->conf->f_async_decrypt_start != NULL ) if( ssl->conf->f_async_decrypt_start != NULL )
{ {
ret = ssl->conf->f_async_decrypt_start( ssl->conf->p_async_config_data, ret = ssl->conf->f_async_decrypt_start( ssl,
ssl,
mbedtls_ssl_own_cert( ssl ), mbedtls_ssl_own_cert( ssl ),
p, len ); p, len );
switch( ret ) switch( ret )

9
library/ssl_tls.c
View file

@ -6494,7 +6494,12 @@ void mbedtls_ssl_conf_async_private_cb(
conf->p_async_config_data = async_config_data; conf->p_async_config_data = async_config_data;
} }
void *mbedtls_ssl_async_get_data( mbedtls_ssl_context *ssl ) void *mbedtls_ssl_conf_get_async_config_data( const mbedtls_ssl_config *conf )
{
return( conf->p_async_config_data );
}
void *mbedtls_ssl_async_get_data( const mbedtls_ssl_context *ssl )
{ {
if( ssl->handshake == NULL ) if( ssl->handshake == NULL )
return( NULL ); return( NULL );
@ -7451,7 +7456,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
if( ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0 ) if( ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0 )
{ {
ssl->conf->f_async_cancel( ssl->conf->p_async_config_data, ssl ); ssl->conf->f_async_cancel( ssl );
handshake->async_in_progress = 0; handshake->async_in_progress = 0;
} }
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */

26
programs/ssl/ssl_server2.c
View file

@ -941,15 +941,15 @@ typedef struct
unsigned remaining_delay; unsigned remaining_delay;
} ssl_async_operation_context_t; } ssl_async_operation_context_t;
static int ssl_async_start( void *config_data_arg, static int ssl_async_start( mbedtls_ssl_context *ssl,
mbedtls_ssl_context *ssl,
mbedtls_x509_crt *cert, mbedtls_x509_crt *cert,
ssl_async_operation_type_t op_type, ssl_async_operation_type_t op_type,
mbedtls_md_type_t md_alg, mbedtls_md_type_t md_alg,
const unsigned char *input, const unsigned char *input,
size_t input_len ) size_t input_len )
{ {
ssl_async_key_context_t *config_data = config_data_arg; ssl_async_key_context_t *config_data =
mbedtls_ssl_conf_get_async_config_data( ssl->conf );
size_t slot; size_t slot;
ssl_async_operation_context_t *ctx = NULL; ssl_async_operation_context_t *ctx = NULL;
const char *op_name = ssl_async_operation_names[op_type]; const char *op_name = ssl_async_operation_names[op_type];
@ -1000,37 +1000,35 @@ static int ssl_async_start( void *config_data_arg,
return( MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS ); return( MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS );
} }
static int ssl_async_sign( void *config_data_arg, static int ssl_async_sign( mbedtls_ssl_context *ssl,
mbedtls_ssl_context *ssl,
mbedtls_x509_crt *cert, mbedtls_x509_crt *cert,
mbedtls_md_type_t md_alg, mbedtls_md_type_t md_alg,
const unsigned char *hash, const unsigned char *hash,
size_t hash_len ) size_t hash_len )
{ {
return( ssl_async_start( config_data_arg, ssl, cert, return( ssl_async_start( ssl, cert,
ASYNC_OP_SIGN, md_alg, ASYNC_OP_SIGN, md_alg,
hash, hash_len ) ); hash, hash_len ) );
} }
static int ssl_async_decrypt( void *config_data_arg, static int ssl_async_decrypt( mbedtls_ssl_context *ssl,
mbedtls_ssl_context *ssl,
mbedtls_x509_crt *cert, mbedtls_x509_crt *cert,
const unsigned char *input, const unsigned char *input,
size_t input_len ) size_t input_len )
{ {
return( ssl_async_start( config_data_arg, ssl, cert, return( ssl_async_start( ssl, cert,
ASYNC_OP_DECRYPT, MBEDTLS_MD_NONE, ASYNC_OP_DECRYPT, MBEDTLS_MD_NONE,
input, input_len ) ); input, input_len ) );
} }
static int ssl_async_resume( void *config_data_arg, static int ssl_async_resume( mbedtls_ssl_context *ssl,
mbedtls_ssl_context *ssl,
unsigned char *output, unsigned char *output,
size_t *output_len, size_t *output_len,
size_t output_size ) size_t output_size )
{ {
ssl_async_operation_context_t *ctx = mbedtls_ssl_async_get_data( ssl ); ssl_async_operation_context_t *ctx = mbedtls_ssl_async_get_data( ssl );
ssl_async_key_context_t *config_data = config_data_arg; ssl_async_key_context_t *config_data =
mbedtls_ssl_conf_get_async_config_data( ssl->conf );
ssl_async_key_slot_t *key_slot = &config_data->slots[ctx->slot]; ssl_async_key_slot_t *key_slot = &config_data->slots[ctx->slot];
int ret; int ret;
const char *op_name = NULL; const char *op_name = NULL;
@ -1080,11 +1078,9 @@ static int ssl_async_resume( void *config_data_arg,
return( ret ); return( ret );
} }
static void ssl_async_cancel( void *config_data_arg, static void ssl_async_cancel( mbedtls_ssl_context *ssl )
mbedtls_ssl_context *ssl )
{ {
ssl_async_operation_context_t *ctx = mbedtls_ssl_async_get_data( ssl ); ssl_async_operation_context_t *ctx = mbedtls_ssl_async_get_data( ssl );
(void) config_data_arg;
mbedtls_printf( "Async cancel callback.\n" ); mbedtls_printf( "Async cancel callback.\n" );
mbedtls_free( ctx ); mbedtls_free( ctx );
} }