diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index be27b89ca..2dac1da77 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -537,6 +537,22 @@ typedef void mbedtls_ssl_set_timer_t( void * ctx, */ typedef int mbedtls_ssl_get_timer_t( void * ctx ); +/* Defined below */ +typedef struct mbedtls_ssl_session mbedtls_ssl_session; +typedef struct mbedtls_ssl_context mbedtls_ssl_context; +typedef struct mbedtls_ssl_config mbedtls_ssl_config; + +/* Defined in ssl_internal.h */ +typedef struct mbedtls_ssl_transform mbedtls_ssl_transform; +typedef struct mbedtls_ssl_handshake_params mbedtls_ssl_handshake_params; +typedef struct mbedtls_ssl_sig_hash_set_t mbedtls_ssl_sig_hash_set_t; +#if defined(MBEDTLS_X509_CRT_PARSE_C) +typedef struct mbedtls_ssl_key_cert mbedtls_ssl_key_cert; +#endif +#if defined(MBEDTLS_SSL_PROTO_DTLS) +typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item; +#endif + #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) #if defined(MBEDTLS_X509_CRT_PARSE_C) /** @@ -553,22 +569,20 @@ typedef int mbedtls_ssl_get_timer_t( void * ctx ); * this function sends or enqueues a request and does * not wait for the operation to complete. * - * The parameters \c connection_ctx and \c cert are + * The parameters \c ssl and \c cert are * guaranteed to remain valid as long as the SSL * configuration remains valid. On the other hand, this * function must save the contents of \c hash, as the * \c hash buffer is no longer valid when this function * returns. * - * \param connection_ctx Pointer to the connection context set in the - * SSL configuration - * \param p_operation_ctx On success, pointer to the operation context. - * This must be a non-null pointer. Success means - * that an operation was started, and the return - * status is 0 or \c MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS. - * This pointer will be passed to later calls to the - * resume or cancel function. If the callback fails, - * the value is ignored. + * This function may call mbedtls_ssl_async_set_data() to + * store an operation context for later retrieval + * by the resume callback. + * + * \param config_data The configuration data parameter passed to + * mbedtls_ssl_conf_async_private_cb(). + * \param ssl The SSL connection instance. * \param cert Certificate containing the public key * \param md_alg Hash algorithm * \param hash Buffer containing the hash. This buffer is @@ -586,8 +600,8 @@ typedef int mbedtls_ssl_get_timer_t( void * ctx ); * - Any other error indicates a fatal failure and is * propagated up the call chain. */ -typedef int mbedtls_ssl_async_sign_t( void *connection_ctx, - void **p_operation_ctx, +typedef int mbedtls_ssl_async_sign_t( void *config_data, + mbedtls_ssl_context *ssl, mbedtls_x509_crt *cert, mbedtls_md_type_t md_alg, const unsigned char *hash, @@ -607,22 +621,20 @@ typedef int mbedtls_ssl_async_sign_t( void *connection_ctx, * this function sends or enqueues a request and does * not wait for the operation to complete. * - * The parameters \c connection_ctx and \c cert are + * The parameters \c ssl and \c cert are * guaranteed to remain valid as long as the SSL * configuration remains valid. On the other hand, this * function must save the contents of \c hash, as the * \c hash buffer is no longer valid when this function * returns. * - * \param connection_ctx Pointer to the connection context set in the - * SSL configuration - * \param p_operation_ctx On success, pointer to the operation context. - * This must be a non-null pointer. Success means - * that an operation was started, and the return - * status is 0 or \c MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS. - * This pointer will be passed to later calls to the - * resume or cancel function. If the callback fails, - * the value is ignored. + * This function may call mbedtls_ssl_async_set_data() to + * store an operation context for later retrieval + * by the resume callback. + * + * \param config_data The configuration data parameter passed to + * mbedtls_ssl_conf_async_private_cb(). + * \param ssl The SSL connection instance. * \param cert Certificate containing the public key * \param input Buffer containing the input ciphertext. This buffer * is no longer valid when the function returns. @@ -639,8 +651,8 @@ typedef int mbedtls_ssl_async_sign_t( void *connection_ctx, * - Any other error indicates a fatal failure and is * propagated up the call chain. */ -typedef int mbedtls_ssl_async_decrypt_t( void *connection_ctx, - void **p_operation_ctx, +typedef int mbedtls_ssl_async_decrypt_t( void *config_data, + mbedtls_ssl_context *ssl, mbedtls_x509_crt *cert, const unsigned char *input, size_t input_len ); @@ -652,13 +664,14 @@ typedef int mbedtls_ssl_async_decrypt_t( void *connection_ctx, * Callback to resume an external operation * started by the \c mbedtls_ssl_async_sign_t callback. * - * \param connection_ctx Pointer to the connection context set in the - * SSL configuration - * \param operation_ctx Pointer to the operation context created by - * the start function. If this callback returns - * any value other than - * \c MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS, it should - * free all resources associated with this context. + * This function may call mbedtls_ssl_async_get_data() to + * retrieve an operation context set by the start callback. + * It may call mbedtls_ssl_async_set_data() to modify this + * context. + * + * \param config_data The configuration data parameter passed to + * mbedtls_ssl_conf_async_private_cb(). + * \param ssl The SSL connection instance. * \param output Buffer containing the output on success * \param output_len On success, number of bytes written to \c output * \param output_size Size of the \c output buffer in bytes @@ -672,8 +685,8 @@ typedef int mbedtls_ssl_async_decrypt_t( void *connection_ctx, * - Any other error means that the operation is aborted. * The SSL handshake is aborted. */ -typedef int mbedtls_ssl_async_resume_t( void *connection_ctx, - void *operation_ctx, +typedef int mbedtls_ssl_async_resume_t( void *config_data, + mbedtls_ssl_context *ssl, unsigned char *output, size_t *output_len, size_t output_size ); @@ -684,32 +697,17 @@ typedef int mbedtls_ssl_async_resume_t( void *connection_ctx, * Callback to cancel an external operation * started by the \c mbedtls_ssl_async_sign_t callback. * - * \param connection_ctx Pointer to the connection context set in the - * SSL configuration - * \param operation_ctx Pointer to the operation context created by - * the start function. The callback should free - * all resources associated with this context. + * This function may call mbedtls_ssl_async_get_data() to + * retrieve an operation context set by the start callback. + * + * \param config_data The configuration data parameter passed to + * mbedtls_ssl_conf_async_private_cb(). + * \param ssl The SSL connection instance. */ -typedef void mbedtls_ssl_async_cancel_t( void *connection_ctx, - void *operation_ctx ); +typedef void mbedtls_ssl_async_cancel_t( void *config_data, + mbedtls_ssl_context *ssl ); #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ -/* Defined below */ -typedef struct mbedtls_ssl_session mbedtls_ssl_session; -typedef struct mbedtls_ssl_context mbedtls_ssl_context; -typedef struct mbedtls_ssl_config mbedtls_ssl_config; - -/* Defined in ssl_internal.h */ -typedef struct mbedtls_ssl_transform mbedtls_ssl_transform; -typedef struct mbedtls_ssl_handshake_params mbedtls_ssl_handshake_params; -typedef struct mbedtls_ssl_sig_hash_set_t mbedtls_ssl_sig_hash_set_t; -#if defined(MBEDTLS_X509_CRT_PARSE_C) -typedef struct mbedtls_ssl_key_cert mbedtls_ssl_key_cert; -#endif -#if defined(MBEDTLS_SSL_PROTO_DTLS) -typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item; -#endif - /* * This structure is used for storing current session data. */ @@ -833,7 +831,7 @@ struct mbedtls_ssl_config #endif /* MBEDTLS_X509_CRT_PARSE_C */ mbedtls_ssl_async_resume_t *f_async_resume; /*!< resume asynchronous operation */ mbedtls_ssl_async_cancel_t *f_async_cancel; /*!< cancel asynchronous operation */ - void *p_async_connection_ctx; /*!< connection context for asynchronous operation callbacks */ + void *p_async_config_data; /*!< Configuration data set by mbedtls_ssl_conf_async_private_cb() and passed to the callbacks. */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) @@ -1505,15 +1503,45 @@ void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf, * \param f_async_cancel Callback to cancel an asynchronous operation. See * the description of \c mbedtls_ssl_async_cancel_t * for more information. - * \param connection_ctx Pointer to the connection context which will be - * passed to the callbacks + * \param config_data A pointer to configuration data which will be + * passed to the callbacks. The library stores and + * passes back this value without dereferencing it. */ void mbedtls_ssl_conf_async_private_cb( mbedtls_ssl_config *conf, mbedtls_ssl_async_sign_t *f_async_sign, mbedtls_ssl_async_decrypt_t *f_async_decrypt, mbedtls_ssl_async_resume_t *f_async_resume, mbedtls_ssl_async_cancel_t *f_async_cancel, - void *connection_ctx ); + void *config_data ); + +/** + * \brief Retrieve the asynchronous operation user context. + * + * \note This function may only be called while a handshake + * is in progress. + * + * \param ssl The SSL context to access. + * + * \return The asynchronous operation user context that was last + * set during the current handshake. If mbedtls_ssl_set_data() + * has not been called during the current handshake yet, + * this function returns \c NULL. + */ +void *mbedtls_ssl_async_get_data( mbedtls_ssl_context *ssl ); + +/** + * \brief Retrieve the asynchronous operation user context. + * + * \note This function may only be called while a handshake + * is in progress. + * + * \param ssl The SSL context to access. + * \param ctx The new value of the asynchronous operation user context. + * Call mbedtls_ssl_get_data() later during the same handshake + * to retrieve this value. + */ +void mbedtls_ssl_async_set_data( mbedtls_ssl_context *ssl, + void *ctx ); #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ /** diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 334b5d852..506aff395 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -243,9 +243,6 @@ struct mbedtls_ssl_handshake_params mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */ #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - void *p_async_operation_ctx; /*!< asynchronous operation context */ -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #if defined(MBEDTLS_SSL_PROTO_DTLS) unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */ @@ -311,6 +308,19 @@ struct mbedtls_ssl_handshake_params #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) int extended_ms; /*!< use Extended Master Secret? */ #endif + +#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) + int async_in_progress : 1; /*!< an asynchronous operation is in progress */ +#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ + +#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) + /** Asynchronous operation context. This field is meant for use by the + * asynchronous operation callbacks (mbedtls_ssl_config::f_async_sign_start, + * mbedtls_ssl_config::f_async_decrypt_start, + * mbedtls_ssl_config::f_async_resume, mbedtls_ssl_config::f_async_cancel). + * The library does not use it internally. */ + void *user_async_ctx; +#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ }; /* diff --git a/library/ssl_srv.c b/library/ssl_srv.c index e1dc5a8e9..8bd332cba 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2841,13 +2841,13 @@ static int ssl_resume_server_key_exchange( mbedtls_ssl_context *ssl, { size_t sig_max_len = ( ssl->out_buf + MBEDTLS_SSL_MAX_CONTENT_LEN - ( ssl->out_msg + ssl->out_msglen + 2 ) ); - int ret = ssl->conf->f_async_resume( ssl->conf->p_async_connection_ctx, - ssl->handshake->p_async_operation_ctx, + int ret = ssl->conf->f_async_resume( ssl->conf->p_async_config_data, ssl, ssl->out_msg + ssl->out_msglen + 2, signature_len, sig_max_len ); if( ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS ) { - ssl->handshake->p_async_operation_ctx = NULL; + ssl->handshake->async_in_progress = 0; + mbedtls_ssl_async_set_data( ssl, NULL ); } MBEDTLS_SSL_DEBUG_RET( 2, "ssl_resume_server_key_exchange", ret ); return( ret ); @@ -3167,22 +3167,23 @@ curve_matching_done: #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) if( ssl->conf->f_async_sign_start != NULL ) { - ret = ssl->conf->f_async_sign_start( - ssl->conf->p_async_connection_ctx, - &ssl->handshake->p_async_operation_ctx, - mbedtls_ssl_own_cert( ssl ), - md_alg, hash, hashlen ); + ret = ssl->conf->f_async_sign_start( ssl->conf->p_async_config_data, + ssl, + mbedtls_ssl_own_cert( ssl ), + md_alg, hash, hashlen ); switch( ret ) { case MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH: /* act as if f_async_sign was null */ break; case 0: + ssl->handshake->async_in_progress = 1; return( ssl_resume_server_key_exchange( ssl, signature_len ) ); case MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS: + ssl->handshake->async_in_progress = 1; return( MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS ); default: - MBEDTLS_SSL_DEBUG_RET( 1, "f_async_sign", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "f_async_sign_start", ret ); return( ret ); } } @@ -3251,7 +3252,7 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl ) defined(MBEDTLS_SSL_ASYNC_PRIVATE) /* If we have already prepared the message and there is an ongoing signature operation, resume signing. */ - if( ssl->handshake->p_async_operation_ctx != NULL ) + if( ssl->handshake->async_in_progress != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 2, ( "resuming signature operation" ) ); ret = ssl_resume_server_key_exchange( ssl, &signature_len ); @@ -3385,12 +3386,12 @@ static int ssl_resume_decrypt_pms( mbedtls_ssl_context *ssl, size_t *peer_pmslen, size_t peer_pmssize ) { - int ret = ssl->conf->f_async_resume( ssl->conf->p_async_connection_ctx, - ssl->handshake->p_async_operation_ctx, + int ret = ssl->conf->f_async_resume( ssl->conf->p_async_config_data, ssl, peer_pms, peer_pmslen, peer_pmssize ); if( ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS ) { - ssl->handshake->p_async_operation_ctx = NULL; + ssl->handshake->async_in_progress = 0; + mbedtls_ssl_async_set_data( ssl, NULL ); } MBEDTLS_SSL_DEBUG_RET( 2, "ssl_decrypt_encrypted_pms", ret ); return( ret ); @@ -3412,7 +3413,7 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) /* If we have already started decoding the message and there is an ongoing decryption operation, resume signing. */ - if( ssl->handshake->p_async_operation_ctx != NULL ) + if( ssl->handshake->async_in_progress != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 2, ( "resuming decryption operation" ) ); return( ssl_resume_decrypt_pms( ssl, @@ -3448,25 +3449,26 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) if( ssl->conf->f_async_decrypt_start != NULL ) { - ret = ssl->conf->f_async_decrypt_start( - ssl->conf->p_async_connection_ctx, - &ssl->handshake->p_async_operation_ctx, - mbedtls_ssl_own_cert( ssl ), - p, len ); + ret = ssl->conf->f_async_decrypt_start( ssl->conf->p_async_config_data, + ssl, + mbedtls_ssl_own_cert( ssl ), + p, len ); switch( ret ) { case MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH: /* act as if f_async_decrypt_start was null */ break; case 0: + ssl->handshake->async_in_progress = 1; return( ssl_resume_decrypt_pms( ssl, peer_pms, peer_pmslen, peer_pmssize ) ); case MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS: + ssl->handshake->async_in_progress = 1; return( MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS ); default: - MBEDTLS_SSL_DEBUG_RET( 1, "f_async_sign", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "f_async_decrypt_start", ret ); return( ret ); } } @@ -3649,7 +3651,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) ) if( ( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA ) && - ( ssl->handshake->p_async_operation_ctx != NULL ) ) + ( ssl->handshake->async_in_progress != 0 ) ) { /* We've already read a record and there is an asynchronous * operation in progress to decrypt it. So skip reading the @@ -3771,7 +3773,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) { #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if ( ssl->handshake->p_async_operation_ctx != NULL ) + if ( ssl->handshake->async_in_progress != 0 ) { /* There is an asynchronous operation in progress to * decrypt the encrypted premaster secret, so skip diff --git a/library/ssl_tls.c b/library/ssl_tls.c index aa48b4538..2c6eef8ec 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6485,13 +6485,28 @@ void mbedtls_ssl_conf_async_private_cb( mbedtls_ssl_async_decrypt_t *f_async_decrypt, mbedtls_ssl_async_resume_t *f_async_resume, mbedtls_ssl_async_cancel_t *f_async_cancel, - void *connection_ctx ) + void *async_config_data ) { conf->f_async_sign_start = f_async_sign; conf->f_async_decrypt_start = f_async_decrypt; conf->f_async_resume = f_async_resume; conf->f_async_cancel = f_async_cancel; - conf->p_async_connection_ctx = connection_ctx; + conf->p_async_config_data = async_config_data; +} + +void *mbedtls_ssl_async_get_data( mbedtls_ssl_context *ssl ) +{ + if( ssl->handshake == NULL ) + return( NULL ); + else + return( ssl->handshake->user_async_ctx ); +} + +void mbedtls_ssl_async_set_data( mbedtls_ssl_context *ssl, + void *ctx ) +{ + if( ssl->handshake != NULL ) + ssl->handshake->user_async_ctx = ctx; } #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ @@ -7433,6 +7448,14 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) if( handshake == NULL ) return; +#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) + if( ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0 ) + { + ssl->conf->f_async_cancel( ssl->conf->p_async_config_data, ssl ); + handshake->async_in_progress = 0; + } +#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ + #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) mbedtls_md5_free( &handshake->fin_md5 ); @@ -7495,15 +7518,6 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_SERVER_NAME_INDICATION */ -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if( ssl->conf->f_async_cancel != NULL && - handshake->p_async_operation_ctx != NULL ) - { - ssl->conf->f_async_cancel( ssl->conf->p_async_connection_ctx, - handshake->p_async_operation_ctx ); - } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - #if defined(MBEDTLS_SSL_PROTO_DTLS) mbedtls_free( handshake->verify_cookie ); mbedtls_free( handshake->hs_msg ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index bf25d4e03..9ff735ad8 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -909,15 +909,15 @@ typedef struct unsigned delay; } ssl_async_operation_context_t; -static int ssl_async_start( void *connection_ctx_arg, - void **p_operation_ctx, +static int ssl_async_start( void *config_data_arg, + mbedtls_ssl_context *ssl, mbedtls_x509_crt *cert, const char *op_name, mbedtls_md_type_t md_alg, const unsigned char *input, size_t input_len ) { - ssl_async_key_context_t *key_ctx = connection_ctx_arg; + ssl_async_key_context_t *config_data = config_data_arg; size_t slot; ssl_async_operation_context_t *ctx = NULL; @@ -927,21 +927,21 @@ static int ssl_async_start( void *connection_ctx_arg, mbedtls_printf( "Async %s callback: looking for DN=%s\n", op_name, dn ); } - for( slot = 0; slot < key_ctx->slots_used; slot++ ) + for( slot = 0; slot < config_data->slots_used; slot++ ) { - if( key_ctx->slots[slot].cert == cert ) + if( config_data->slots[slot].cert == cert ) break; } - if( slot == key_ctx->slots_used ) + if( slot == config_data->slots_used ) { mbedtls_printf( "Async %s callback: no key matches this certificate.\n", op_name ); return( MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH ); } mbedtls_printf( "Async %s callback: using key slot %zd, delay=%u.\n", - op_name, slot, key_ctx->slots[slot].delay ); + op_name, slot, config_data->slots[slot].delay ); - if( key_ctx->inject_error == SSL_ASYNC_INJECT_ERROR_START ) + if( config_data->inject_error == SSL_ASYNC_INJECT_ERROR_START ) { mbedtls_printf( "Async %s callback: injected error\n", op_name ); return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); @@ -957,8 +957,8 @@ static int ssl_async_start( void *connection_ctx_arg, ctx->md_alg = md_alg; memcpy( ctx->input, input, input_len ); ctx->input_len = input_len; - ctx->delay = key_ctx->slots[slot].delay; - *p_operation_ctx = ctx; + ctx->delay = config_data->slots[slot].delay; + mbedtls_ssl_async_set_data( ssl, ctx ); if( ctx->delay == 0 ) return( 0 ); @@ -966,42 +966,42 @@ static int ssl_async_start( void *connection_ctx_arg, return( MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS ); } -static int ssl_async_sign( void *connection_ctx_arg, - void **p_operation_ctx, +static int ssl_async_sign( void *config_data_arg, + mbedtls_ssl_context *ssl, mbedtls_x509_crt *cert, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len ) { - return( ssl_async_start( connection_ctx_arg, p_operation_ctx, cert, + return( ssl_async_start( config_data_arg, ssl, cert, "sign", md_alg, hash, hash_len ) ); } -static int ssl_async_decrypt( void *connection_ctx_arg, - void **p_operation_ctx, +static int ssl_async_decrypt( void *config_data_arg, + mbedtls_ssl_context *ssl, mbedtls_x509_crt *cert, const unsigned char *input, size_t input_len ) { - return( ssl_async_start( connection_ctx_arg, p_operation_ctx, cert, + return( ssl_async_start( config_data_arg, ssl, cert, "decrypt", MBEDTLS_MD_NONE, input, input_len ) ); } -static int ssl_async_resume( void *connection_ctx_arg, - void *operation_ctx_arg, +static int ssl_async_resume( void *config_data_arg, + mbedtls_ssl_context *ssl, unsigned char *output, size_t *output_len, size_t output_size ) { - ssl_async_operation_context_t *ctx = operation_ctx_arg; - ssl_async_key_context_t *connection_ctx = connection_ctx_arg; - ssl_async_key_slot_t *key_slot = &connection_ctx->slots[ctx->slot]; + ssl_async_operation_context_t *ctx = mbedtls_ssl_async_get_data( ssl ); + ssl_async_key_context_t *config_data = config_data_arg; + ssl_async_key_slot_t *key_slot = &config_data->slots[ctx->slot]; int ret; const char *op_name; - if( connection_ctx->inject_error == SSL_ASYNC_INJECT_ERROR_RESUME ) + if( config_data->inject_error == SSL_ASYNC_INJECT_ERROR_RESUME ) { mbedtls_printf( "Async resume callback: injected error\n" ); return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); @@ -1021,7 +1021,7 @@ static int ssl_async_resume( void *connection_ctx_arg, ret = mbedtls_pk_decrypt( key_slot->pk, ctx->input, ctx->input_len, output, output_len, output_size, - connection_ctx->f_rng, connection_ctx->p_rng ); + config_data->f_rng, config_data->p_rng ); } else { @@ -1030,10 +1030,10 @@ static int ssl_async_resume( void *connection_ctx_arg, ctx->md_alg, ctx->input, ctx->input_len, output, output_len, - connection_ctx->f_rng, connection_ctx->p_rng ); + config_data->f_rng, config_data->p_rng ); } - if( connection_ctx->inject_error == SSL_ASYNC_INJECT_ERROR_PK ) + if( config_data->inject_error == SSL_ASYNC_INJECT_ERROR_PK ) { mbedtls_printf( "Async resume callback: %s done but injected error\n", op_name ); @@ -1046,11 +1046,11 @@ static int ssl_async_resume( void *connection_ctx_arg, return( ret ); } -static void ssl_async_cancel( void *connection_ctx_arg, - void *operation_ctx_arg ) +static void ssl_async_cancel( void *config_data_arg, + mbedtls_ssl_context *ssl ) { - ssl_async_operation_context_t *ctx = operation_ctx_arg; - (void) connection_ctx_arg; + ssl_async_operation_context_t *ctx = mbedtls_ssl_async_get_data( ssl ); + (void) config_data_arg; mbedtls_printf( "Async cancel callback.\n" ); mbedtls_free( ctx ); }