#include "mm-internal.h"
struct mbedtls_context {
- mbedtls_ssl_context *ssl;
+ mbedtls_dyncontext *ssl;
mbedtls_net_context net;
};
static void *
{
struct mbedtls_context *ctx = ssl;
if (flags & BEV_OPT_CLOSE_ON_FREE)
- mbedtls_ssl_free(ctx->ssl);
+ bufferevent_mbedtls_dyncontext_free(ctx->ssl);
mm_free(ctx);
}
static int
static struct le_ssl_ops le_mbedtls_ops = {
mbedtls_context_init,
mbedtls_context_free,
- (void (*)(void *))mbedtls_ssl_free,
+ (void (*)(void *))bufferevent_mbedtls_dyncontext_free,
mbedtls_context_renegotiate,
mbedtls_context_write,
mbedtls_context_read,
err:
if (options & BEV_OPT_CLOSE_ON_FREE)
- mbedtls_ssl_free(ssl);
+ bufferevent_mbedtls_dyncontext_free(ssl);
return NULL;
}
err:
return NULL;
}
+
+mbedtls_dyncontext *
+bufferevent_mbedtls_dyncontext_new(struct mbedtls_ssl_config *conf)
+{
+ mbedtls_dyncontext *ctx = mm_calloc(1, sizeof(*ctx));
+ mbedtls_ssl_init(ctx);
+ mbedtls_ssl_setup(ctx, conf);
+ return ctx;
+}
+
+void
+bufferevent_mbedtls_dyncontext_free(mbedtls_dyncontext *ctx)
+{
+ mbedtls_ssl_free(ctx);
+ mm_free(ctx);
+}
#endif
#if defined(EVENT__HAVE_MBEDTLS) || defined(EVENT_IN_DOXYGEN_)
struct mbedtls_ssl_context;
+struct mbedtls_ssl_config;
+typedef struct mbedtls_ssl_context mbedtls_dyncontext;
+
/**
Create a new SSL bufferevent to send its data over another bufferevent.
struct bufferevent *
bufferevent_mbedtls_filter_new(struct event_base *base,
struct bufferevent *underlying,
- struct mbedtls_ssl_context *ssl,
+ mbedtls_dyncontext *ssl,
enum bufferevent_ssl_state state,
int options);
struct bufferevent *
bufferevent_mbedtls_socket_new(struct event_base *base,
evutil_socket_t fd,
- struct mbedtls_ssl_context *ssl,
+ mbedtls_dyncontext *ssl,
enum bufferevent_ssl_state state,
int options);
EVENT2_EXPORT_SYMBOL
int bufferevent_mbedtls_renegotiate(struct bufferevent *bev);
-/** Return the most recent OpenSSL error reported on an SSL bufferevent. */
+/** Return the most recent MbedTLS error reported on an SSL bufferevent. */
EVENT2_EXPORT_SYMBOL
unsigned long bufferevent_get_mbedtls_error(struct bufferevent *bev);
+/** Create a new heap-based MbedTLS context for use it in bufferevent_mbedtls_* functions */
+EVENT2_EXPORT_SYMBOL
+mbedtls_dyncontext *
+bufferevent_mbedtls_dyncontext_new(struct mbedtls_ssl_config *conf);
+
+/** Deallocate heap-based MbedTLS context */
+EVENT2_EXPORT_SYMBOL
+void
+bufferevent_mbedtls_dyncontext_free(mbedtls_dyncontext *ctx);
+
#endif
#ifdef __cplusplus
#ifdef EVENT__HAVE_MBEDTLS
#include <mbedtls/ssl.h>
mbedtls_ssl_config *get_mbedtls_config(int endpoint);
-mbedtls_ssl_context *mbedtls_ssl_new(mbedtls_ssl_config *config);
#endif
void * basic_test_setup(const struct testcase_t *testcase);
static struct bufferevent *
https_mbedtls_bev(struct event_base *base, void *arg)
{
- mbedtls_ssl_context *ssl = mbedtls_ssl_new(get_mbedtls_config(MBEDTLS_SSL_IS_SERVER));
+ mbedtls_dyncontext *ssl = bufferevent_mbedtls_dyncontext_new(get_mbedtls_config(MBEDTLS_SSL_IS_SERVER));
return bufferevent_mbedtls_socket_new(
base, -1, ssl, BUFFEREVENT_SSL_ACCEPTING,
BEV_OPT_CLOSE_ON_FREE);
#endif
} else if (ssl_mask & HTTP_MBEDTLS) {
#ifdef EVENT__HAVE_MBEDTLS
- mbedtls_ssl_context *ssl = mbedtls_ssl_new(get_mbedtls_config(MBEDTLS_SSL_IS_CLIENT));
+ mbedtls_dyncontext *ssl = bufferevent_mbedtls_dyncontext_new(get_mbedtls_config(MBEDTLS_SSL_IS_CLIENT));
if (ssl_mask & HTTP_SSL_FILTER) {
struct bufferevent *underlying =
bufferevent_socket_new(base, fd, flags);
#undef SSL_get_peer_certificate
#define SSL_get_peer_certificate mbedtls_ssl_get_peer_cert
#define SSL_get1_peer_certificate mbedtls_ssl_get_peer_cert
-#define SSL_new mbedtls_ssl_new
+#define SSL_new bufferevent_mbedtls_dyncontext_new
#define SSL_use_certificate(a, b) \
do { \
} while (0);
#define ssl_setup mbedtls_setup
#include "regress_ssl.c"
static mbedtls_ssl_config *the_mbedtls_conf[2] = {NULL, NULL};
-static mbedtls_ssl_context *the_mbedtls_ctx[1024] = {NULL};
-static int the_mbedtls_ctx_count = 0;
static mbedtls_entropy_context entropy;
static mbedtls_ctr_drbg_context ctr_drbg;
static mbedtls_x509_crt *the_cert;
static int
mbedtls_test_cleanup(const struct testcase_t *testcase, void *ptr)
{
- int i;
int ret = basic_test_cleanup(testcase, ptr);
if (!ret) {
return ret;
mbedtls_pk_free(the_key);
free(the_key);
- for (i = 0; i < the_mbedtls_ctx_count; i++) {
- mbedtls_ssl_free(the_mbedtls_ctx[i]);
- }
if (the_mbedtls_conf[0]) {
mbedtls_ssl_config_free(the_mbedtls_conf[0]);
free(the_mbedtls_conf[0]);
return 1;
}
-mbedtls_ssl_context *
-mbedtls_ssl_new(mbedtls_ssl_config *config)
-{
- mbedtls_ssl_context *ssl = malloc(sizeof(*ssl));
- mbedtls_ssl_init(ssl);
- mbedtls_ssl_setup(ssl, config);
- the_mbedtls_ctx[the_mbedtls_ctx_count++] = ssl;
- return ssl;
-}
-
static int
bio_rwcount_read(void *ctx, unsigned char *out, size_t outlen)
{