diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 60ce5d470a..2e5a1b80d9 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -594,8 +594,6 @@ typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item; * from step 2, with `digestAlgorithm` obtained by calling * mbedtls_oid_get_oid_by_md() on \p md_alg. * - * \param config_data The configuration data parameter passed to - * mbedtls_ssl_conf_async_private_cb(). * \param ssl The SSL connection instance. It should not be * modified other than via mbedtls_ssl_async_set_data(). * \param cert Certificate containing the public key. @@ -615,8 +613,7 @@ typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item; * \return Any other error indicates a fatal failure and is * propagated up the call chain. */ -typedef int mbedtls_ssl_async_sign_t( void *config_data, - mbedtls_ssl_context *ssl, +typedef int mbedtls_ssl_async_sign_t( mbedtls_ssl_context *ssl, mbedtls_x509_crt *cert, mbedtls_md_type_t md_alg, const unsigned char *hash, @@ -646,8 +643,6 @@ typedef int mbedtls_ssl_async_sign_t( void *config_data, * store an operation context for later retrieval * by the resume callback. * - * \param config_data The configuration data parameter passed to - * mbedtls_ssl_conf_async_private_cb(). * \param ssl The SSL connection instance. It should not be * modified other than via mbedtls_ssl_async_set_data(). * \param cert Certificate containing the public key. @@ -666,8 +661,7 @@ typedef int mbedtls_ssl_async_sign_t( void *config_data, * \return Any other error indicates a fatal failure and is * propagated up the call chain. */ -typedef int mbedtls_ssl_async_decrypt_t( void *config_data, - mbedtls_ssl_context *ssl, +typedef int mbedtls_ssl_async_decrypt_t( mbedtls_ssl_context *ssl, mbedtls_x509_crt *cert, const unsigned char *input, size_t input_len ); @@ -691,8 +685,6 @@ typedef int mbedtls_ssl_async_decrypt_t( void *config_data, * It may call mbedtls_ssl_async_set_data() to modify this * context. * - * \param config_data The configuration data parameter passed to - * mbedtls_ssl_conf_async_private_cb(). * \param ssl The SSL connection instance. It should not be * modified other than via mbedtls_ssl_async_set_data(). * \param output Buffer containing the output (signature or decrypted @@ -709,8 +701,7 @@ typedef int mbedtls_ssl_async_decrypt_t( void *config_data, * \return Any other error means that the operation is aborted. * The SSL handshake is aborted. */ -typedef int mbedtls_ssl_async_resume_t( void *config_data, - mbedtls_ssl_context *ssl, +typedef int mbedtls_ssl_async_resume_t( mbedtls_ssl_context *ssl, unsigned char *output, size_t *output_len, size_t output_size ); @@ -724,13 +715,10 @@ typedef int mbedtls_ssl_async_resume_t( void *config_data, * This function may call mbedtls_ssl_async_get_data() to * retrieve an operation context set by the start callback. * - * \param config_data The configuration data parameter passed to - * mbedtls_ssl_conf_async_private_cb(). * \param ssl The SSL connection instance. It should not be * modified. */ -typedef void mbedtls_ssl_async_cancel_t( void *config_data, - mbedtls_ssl_context *ssl ); +typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl ); #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ /* @@ -856,7 +844,7 @@ struct mbedtls_ssl_config #endif /* MBEDTLS_X509_CRT_PARSE_C */ mbedtls_ssl_async_resume_t *f_async_resume; /*!< resume asynchronous operation */ mbedtls_ssl_async_cancel_t *f_async_cancel; /*!< cancel asynchronous operation */ - void *p_async_config_data; /*!< Configuration data set by mbedtls_ssl_conf_async_private_cb() and passed to the callbacks. */ + void *p_async_config_data; /*!< Configuration data set by mbedtls_ssl_conf_async_private_cb(). */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) @@ -1531,9 +1519,10 @@ void mbedtls_ssl_conf_export_keys_cb( mbedtls_ssl_config *conf, * the description of ::mbedtls_ssl_async_cancel_t * for more information. This may be \c NULL if * no cleanup is needed. - * \param config_data A pointer to configuration data which will be - * passed to the callbacks. The library stores and - * passes back this value without dereferencing it. + * \param config_data A pointer to configuration data which can be + * retrieved with + * mbedtls_ssl_conf_get_async_config_data(). The + * library stores this value without dereferencing it. */ void mbedtls_ssl_conf_async_private_cb( mbedtls_ssl_config *conf, mbedtls_ssl_async_sign_t *f_async_sign, @@ -1542,6 +1531,16 @@ void mbedtls_ssl_conf_async_private_cb( mbedtls_ssl_config *conf, mbedtls_ssl_async_cancel_t *f_async_cancel, void *config_data ); +/** + * \brief Retrieve the configuration data set by + * mbedtls_ssl_conf_async_private_cb(). + * + * \param conf SSL configuration context + * \return The configuration data set by + * mbedtls_ssl_conf_async_private_cb(). + */ +void *mbedtls_ssl_conf_get_async_config_data( const mbedtls_ssl_config *conf ); + /** * \brief Retrieve the asynchronous operation user context. * @@ -1555,7 +1554,7 @@ void mbedtls_ssl_conf_async_private_cb( mbedtls_ssl_config *conf, * has not been called during the current handshake yet, * this function returns \c NULL. */ -void *mbedtls_ssl_async_get_data( mbedtls_ssl_context *ssl ); +void *mbedtls_ssl_async_get_data( const mbedtls_ssl_context *ssl ); /** * \brief Retrieve the asynchronous operation user context. diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 6819e7ac7f..5439f6d617 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -2847,7 +2847,7 @@ static int ssl_resume_server_key_exchange( mbedtls_ssl_context *ssl, unsigned char *sig_start = ssl->out_msg + ssl->out_msglen + 2; size_t sig_max_len = ( ssl->out_buf + MBEDTLS_SSL_MAX_CONTENT_LEN - sig_start ); - int ret = ssl->conf->f_async_resume( ssl->conf->p_async_config_data, ssl, + int ret = ssl->conf->f_async_resume( ssl, sig_start, signature_len, sig_max_len ); if( ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS ) { @@ -3174,8 +3174,7 @@ curve_matching_done: #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) if( ssl->conf->f_async_sign_start != NULL ) { - ret = ssl->conf->f_async_sign_start( ssl->conf->p_async_config_data, - ssl, + ret = ssl->conf->f_async_sign_start( ssl, mbedtls_ssl_own_cert( ssl ), md_alg, hash, hashlen ); switch( ret ) @@ -3402,7 +3401,7 @@ static int ssl_resume_decrypt_pms( mbedtls_ssl_context *ssl, size_t *peer_pmslen, size_t peer_pmssize ) { - int ret = ssl->conf->f_async_resume( ssl->conf->p_async_config_data, ssl, + int ret = ssl->conf->f_async_resume( ssl, peer_pms, peer_pmslen, peer_pmssize ); if( ret != MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS ) { @@ -3465,8 +3464,7 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) if( ssl->conf->f_async_decrypt_start != NULL ) { - ret = ssl->conf->f_async_decrypt_start( ssl->conf->p_async_config_data, - ssl, + ret = ssl->conf->f_async_decrypt_start( ssl, mbedtls_ssl_own_cert( ssl ), p, len ); switch( ret ) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 2c6eef8ecd..04f34587da 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6494,7 +6494,12 @@ void mbedtls_ssl_conf_async_private_cb( conf->p_async_config_data = async_config_data; } -void *mbedtls_ssl_async_get_data( mbedtls_ssl_context *ssl ) +void *mbedtls_ssl_conf_get_async_config_data( const mbedtls_ssl_config *conf ) +{ + return( conf->p_async_config_data ); +} + +void *mbedtls_ssl_async_get_data( const mbedtls_ssl_context *ssl ) { if( ssl->handshake == NULL ) return( NULL ); @@ -7451,7 +7456,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) if( ssl->conf->f_async_cancel != NULL && handshake->async_in_progress != 0 ) { - ssl->conf->f_async_cancel( ssl->conf->p_async_config_data, ssl ); + ssl->conf->f_async_cancel( ssl ); handshake->async_in_progress = 0; } #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index f96040ea2c..272eecdc5e 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -941,15 +941,15 @@ typedef struct unsigned remaining_delay; } ssl_async_operation_context_t; -static int ssl_async_start( void *config_data_arg, - mbedtls_ssl_context *ssl, +static int ssl_async_start( mbedtls_ssl_context *ssl, mbedtls_x509_crt *cert, ssl_async_operation_type_t op_type, mbedtls_md_type_t md_alg, const unsigned char *input, size_t input_len ) { - ssl_async_key_context_t *config_data = config_data_arg; + ssl_async_key_context_t *config_data = + mbedtls_ssl_conf_get_async_config_data( ssl->conf ); size_t slot; ssl_async_operation_context_t *ctx = NULL; const char *op_name = ssl_async_operation_names[op_type]; @@ -1000,37 +1000,35 @@ static int ssl_async_start( void *config_data_arg, return( MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS ); } -static int ssl_async_sign( void *config_data_arg, - mbedtls_ssl_context *ssl, +static int ssl_async_sign( mbedtls_ssl_context *ssl, mbedtls_x509_crt *cert, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len ) { - return( ssl_async_start( config_data_arg, ssl, cert, + return( ssl_async_start( ssl, cert, ASYNC_OP_SIGN, md_alg, hash, hash_len ) ); } -static int ssl_async_decrypt( void *config_data_arg, - mbedtls_ssl_context *ssl, +static int ssl_async_decrypt( mbedtls_ssl_context *ssl, mbedtls_x509_crt *cert, const unsigned char *input, size_t input_len ) { - return( ssl_async_start( config_data_arg, ssl, cert, + return( ssl_async_start( ssl, cert, ASYNC_OP_DECRYPT, MBEDTLS_MD_NONE, input, input_len ) ); } -static int ssl_async_resume( void *config_data_arg, - mbedtls_ssl_context *ssl, +static int ssl_async_resume( mbedtls_ssl_context *ssl, unsigned char *output, size_t *output_len, size_t output_size ) { ssl_async_operation_context_t *ctx = mbedtls_ssl_async_get_data( ssl ); - ssl_async_key_context_t *config_data = config_data_arg; + ssl_async_key_context_t *config_data = + mbedtls_ssl_conf_get_async_config_data( ssl->conf ); ssl_async_key_slot_t *key_slot = &config_data->slots[ctx->slot]; int ret; const char *op_name = NULL; @@ -1080,11 +1078,9 @@ static int ssl_async_resume( void *config_data_arg, return( ret ); } -static void ssl_async_cancel( void *config_data_arg, - mbedtls_ssl_context *ssl ) +static void ssl_async_cancel( mbedtls_ssl_context *ssl ) { ssl_async_operation_context_t *ctx = mbedtls_ssl_async_get_data( ssl ); - (void) config_data_arg; mbedtls_printf( "Async cancel callback.\n" ); mbedtls_free( ctx ); }