forked from openssl/openssl
-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
RT3724 Add asynchronous event processing
Rebranding of SSL_ERROR_WANT_X509_LOOKUP as SSL_ERROR_WANT_EVENT, making event type to wait for visible in SSL->rwstate, letting TLS_SRP have its own event type instead of piggybacking on SSL_X509_LOOKUP. Adding task for decryption of client key exchange response Adding task for generating client certificate verify message Adding task for signing of server key exchange message (cherry picked from commit 64658cf) Conflicts: apps/s_server.c include/openssl/ssl.h include/openssl/ssl3.h ssl/s3_clnt.c ssl/s3_lib.c ssl/s3_srvr.c ssl/ssl_locl.h
- Loading branch information
Showing
24 changed files
with
1,735 additions
and
274 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,120 @@ | ||
=pod | ||
|
||
=head1 NAME | ||
|
||
SSL_CTX_set_schedule_task_cb, SSL_CTX_get_schedule_task_cb - handle task callback function | ||
|
||
=head1 SYNOPSIS | ||
|
||
#include <openssl/ssl.h> | ||
|
||
typedef void SSL_task_fn(SSL *, SSL_task_ctx *ctx); | ||
typedef int (*SSL_schedule_task_cb)(SSL *ssl, int event_type, SSL_task_ctx *ctx, SSL_task_fn *fn); | ||
|
||
void SSL_CTX_set_schedule_task_cb(SSL_CTX *ctx, SSL_schedule_task_cb cb); | ||
SSL_schedule_task_cb SSL_CTX_get_schedule_task_cb(SSL_CTX *ctx); | ||
|
||
=head1 DESCRIPTION | ||
|
||
SSL_CTX_set_schedule_task_cb() sets the B<SSL_schedule_task_cb()> callback, that is | ||
called when a task needs to be performed for an SSL object. | ||
|
||
When B<SSL_schedule_task_cb()> is NULL, no callback function is used. | ||
|
||
SSL_CTX_get_schedule_task_cb() returns a pointer to the currently set callback | ||
function. | ||
|
||
SSL_schedule_task_cb() is the application defined callback. It is invoked whenever | ||
the SSL object has a task to perform that might be time consuming, especially during | ||
the connect/accept handshake period. Applications that wish to mulitplex several | ||
SSL connects may prefer to handle such tasks in separate threads. | ||
|
||
If no SSL_schedule_task_cb() is registered all such tasks are directly executed | ||
by the SSL object. | ||
|
||
=head1 CALLBACK ARGUMENTS | ||
|
||
The callback is invoked with four arguments: B<SSL*> as the SSL object that needs | ||
the task to be performed. B<event_type> is the event that will signal that the | ||
task is done (see SSL_EVENT_* constants). This value is informative only and the | ||
callback might use it to select which tasks it wants to schedule or refuse. | ||
|
||
B<ctx> is an opaque parameter that needs to be passed to the task function and, | ||
finally, B<fn> is the supplied function that needs to be called. | ||
|
||
=head1 CALLBACK RETURN VALUES | ||
|
||
If a callback is registered, its return values are interpreted as follows: | ||
|
||
=over 4 | ||
|
||
=item E<gt>0 | ||
|
||
The scheduling was successful. | ||
|
||
=item Z<>0 | ||
|
||
The callback refuses to schedule the task. The SSL object must execute the | ||
task itself instead. This de facto results in the same behaviour as if no | ||
callback had been registered. This allows the application to only schedule | ||
a subset of the tasks in another thread (switching on the event_type, for | ||
example). | ||
|
||
=item E<lt>0 | ||
|
||
The scheduling failed. The SSL object will treat this as an error. If this | ||
happens during handshake, for example, the handshake will fail. | ||
|
||
=head1 NOTES | ||
|
||
=head2 ASYNCHRONOUS HANDLING | ||
|
||
While the callback might directly call the supplied task function, the most | ||
common use case is expected to be that the task function will run in a | ||
separate thread. | ||
|
||
The SSL method called by the application (e.g. connect()/accept()), will in | ||
this case return with a value E<lt>0 and the application needs to check | ||
B<SSL_get_error>() for the cause. When a task was scheduled, B<SSL_get_error>() | ||
will return B<SSL_ERROR_WANT_EVENT> to indicate that it waits for an event | ||
to happen (here, the event that signals the end of the task). | ||
|
||
The application may call the SSL method again, but this will give the same | ||
results until the event has happened. How the application code may synchronize | ||
with its callback is not a concern of OpenSSL. | ||
|
||
=head2 OBJECT LIFETIMES | ||
|
||
The arguments to the callback will continue to exist until the task function | ||
has been called. However, once the task function returns, the supplied B<SSL*> | ||
might have been deallocated. | ||
|
||
An application that accepts a task, but then decides not to run it, needs to | ||
signal the event with a negative result value. Otherwise resources allocated | ||
to the SSL object might never be freed. | ||
|
||
=head2 TASK/EVENT TYPES | ||
|
||
The following tasks, indicated by their completion event, are currently available | ||
for SSL. Not all tasks will occur during an SSL connection. Tasks vary by | ||
client, server, protocol version, renegotiation attempts and other things. Also, | ||
the list of tasks might vary with each release. | ||
|
||
=item B<SSL_EVENT_KEY_EXCH_DECRYPT_DONE> | ||
|
||
The task performs the decryption of the exchanged keys on the server side. | ||
Supported for RSA encrypted keys. | ||
|
||
=item B<SSL_EVENT_SETUP_CERT_VRFY_DONE> | ||
|
||
The task signs the certificate verification message on the client side. | ||
|
||
=item B<SSL_EVENT_KEY_EXCH_MSG_SIGNED> | ||
|
||
The task signs the key verification message before it is sent to the client. | ||
|
||
=head1 SEE ALSO | ||
|
||
L<ssl(3)|ssl(3)>, L<SSL_signal_event(3)|SSL_signal_event(3)> | ||
|
||
=cut |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
=pod | ||
|
||
=head1 NAME | ||
|
||
SSL_signal_event - let SSL know that an event has happened and that processing may continue | ||
|
||
=head1 SYNOPSIS | ||
|
||
#include <openssl/ssl.h> | ||
|
||
int SSL_signal_event(const SSL *ssl, int event, int retcode); | ||
int SSL_signal_event_err(const SSL *ssl, int event, int func, int reason, const char *file, int line); | ||
|
||
=head1 DESCRIPTION | ||
|
||
SSL_signal_event() notifies the SSL engine that an asynchronous event has happened. | ||
|
||
SSL offers callbacks to the application that allow asynchronous processing. In such | ||
cases, methods called by the application may return with -1 and SSL_get_error() will | ||
then indicate SSL_ERROR_WANT_EVENT. The actual event SSL is waiting for can be | ||
retrieved with SSL_want(). | ||
|
||
This will continue to be returned until the proper event is being signalled, usually | ||
by the application that finished the processing. | ||
|
||
SSL_signal_event_err() notifies the SSL engine that an asynchronous event has failed | ||
The result will be -1 and the other information is set via SSLErr() in the calling | ||
thread. | ||
|
||
=head1 NOTES | ||
|
||
It is safe to call SSL_signal_event() from the callback that is starting the event. | ||
It is safe to make several calls for the same event, however only the first will | ||
influence the result. All calls afterwards will be silently ignored. | ||
|
||
The parameter B<retcode> is > 0 for a successfully handled event and <= 0 for | ||
a failure in event handling. How a failure is affecting further SSL processing is | ||
defined per event. | ||
|
||
=head1 RETURN VALUES | ||
|
||
The following return values can currently occur for SSL_signal_event(): | ||
|
||
=over 4 | ||
|
||
=item Z<>0 | ||
|
||
The operation failed; check the error stack to find out the reason. | ||
|
||
=item Z<>1 | ||
|
||
The operation succeeded. | ||
|
||
=back | ||
|
||
=head1 SEE ALSO | ||
|
||
L<ssl_want(3)|ssl_want(3)>, L<SSL_get_error(3)|SSL_get_error(3)> | ||
|
||
=cut |
Oops, something went wrong.