Add helpers and all regress tests are passed

bufferevent_mbedtls.c

@@ -47,7 +47,7 @@
 #include "mm-internal.h"
 
 struct mbedtls_context {
-	mbedtls_ssl_context *ssl;
+	mbedtls_dyncontext *ssl;
 	mbedtls_net_context net;
 };
 static void *
@@ -65,7 +65,7 @@ mbedtls_context_free(void *ssl, int flags)
 {
 	struct mbedtls_context *ctx = ssl;
 	if (flags & BEV_OPT_CLOSE_ON_FREE)
-		mbedtls_ssl_free(ctx->ssl);
+		bufferevent_mbedtls_dyncontext_free(ctx->ssl);
 	mm_free(ctx);
 }
 static int
@@ -309,7 +309,7 @@ bufferevent_get_mbedtls_error(struct bufferevent *bufev)
 static struct le_ssl_ops le_mbedtls_ops = {
 	mbedtls_context_init,
 	mbedtls_context_free,
-	(void (*)(void *))mbedtls_ssl_free,
+	(void (*)(void *))bufferevent_mbedtls_dyncontext_free,
 	mbedtls_context_renegotiate,
 	mbedtls_context_write,
 	mbedtls_context_read,
@@ -352,7 +352,7 @@ bufferevent_mbedtls_filter_new(struct event_base *base,
 
 err:
 	if (options & BEV_OPT_CLOSE_ON_FREE)
-		mbedtls_ssl_free(ssl);
+		bufferevent_mbedtls_dyncontext_free(ssl);
 	return NULL;
 }
 
@@ -407,3 +407,19 @@ bufferevent_mbedtls_socket_new(struct event_base *base, evutil_socket_t fd,
 err:
 	return NULL;
 }
+
+mbedtls_dyncontext *
+bufferevent_mbedtls_dyncontext_new(struct mbedtls_ssl_config *conf)
+{
+	mbedtls_dyncontext *ctx = mm_calloc(1, sizeof(*ctx));
+	mbedtls_ssl_init(ctx);
+	mbedtls_ssl_setup(ctx, conf);
+	return ctx;
+}
+
+void
+bufferevent_mbedtls_dyncontext_free(mbedtls_dyncontext *ctx)
+{
+	mbedtls_ssl_free(ctx);
+	mm_free(ctx);
+}

include/event2/bufferevent_ssl.h

@@ -183,6 +183,9 @@ unsigned long bufferevent_get_openssl_error(struct bufferevent *bev);
 #endif
 #if defined(EVENT__HAVE_MBEDTLS) || defined(EVENT_IN_DOXYGEN_)
 struct mbedtls_ssl_context;
+struct mbedtls_ssl_config;
+typedef struct mbedtls_ssl_context mbedtls_dyncontext;
+
 /**
    Create a new SSL bufferevent to send its data over another bufferevent.
 
@@ -198,7 +201,7 @@ EVENT2_EXPORT_SYMBOL
 struct bufferevent *
 bufferevent_mbedtls_filter_new(struct event_base *base,
     struct bufferevent *underlying,
-    struct mbedtls_ssl_context *ssl,
+    mbedtls_dyncontext *ssl,
     enum bufferevent_ssl_state state,
     int options);
 
@@ -216,7 +219,7 @@ EVENT2_EXPORT_SYMBOL
 struct bufferevent *
 bufferevent_mbedtls_socket_new(struct event_base *base,
     evutil_socket_t fd,
-    struct mbedtls_ssl_context *ssl,
+    mbedtls_dyncontext *ssl,
     enum bufferevent_ssl_state state,
     int options);
 
@@ -249,10 +252,20 @@ bufferevent_mbedtls_get_ssl(struct bufferevent *bufev);
 EVENT2_EXPORT_SYMBOL
 int bufferevent_mbedtls_renegotiate(struct bufferevent *bev);
 
-/** Return the most recent OpenSSL error reported on an SSL bufferevent. */
+/** Return the most recent MbedTLS error reported on an SSL bufferevent. */
 EVENT2_EXPORT_SYMBOL
 unsigned long bufferevent_get_mbedtls_error(struct bufferevent *bev);
 
+/** Create a new heap-based MbedTLS context for use it in bufferevent_mbedtls_* functions */
+EVENT2_EXPORT_SYMBOL
+mbedtls_dyncontext *
+bufferevent_mbedtls_dyncontext_new(struct mbedtls_ssl_config *conf);
+
+/** Deallocate heap-based MbedTLS context */
+EVENT2_EXPORT_SYMBOL
+void
+bufferevent_mbedtls_dyncontext_free(mbedtls_dyncontext *ctx);
+
 #endif
 
 #ifdef __cplusplus

test/regress.h

@@ -146,7 +146,6 @@ void init_ssl(void);
 #ifdef EVENT__HAVE_MBEDTLS
 #include <mbedtls/ssl.h>
 mbedtls_ssl_config *get_mbedtls_config(int endpoint);
-mbedtls_ssl_context *mbedtls_ssl_new(mbedtls_ssl_config *config);
 #endif
 
 void * basic_test_setup(const struct testcase_t *testcase);

test/regress_http.c

@@ -168,7 +168,7 @@ https_bev(struct event_base *base, void *arg)
 static struct bufferevent *
 https_mbedtls_bev(struct event_base *base, void *arg)
 {
-	mbedtls_ssl_context *ssl = mbedtls_ssl_new(get_mbedtls_config(MBEDTLS_SSL_IS_SERVER));
+	mbedtls_dyncontext *ssl = bufferevent_mbedtls_dyncontext_new(get_mbedtls_config(MBEDTLS_SSL_IS_SERVER));
 	return bufferevent_mbedtls_socket_new(
 		base, -1, ssl, BUFFEREVENT_SSL_ACCEPTING,
 		BEV_OPT_CLOSE_ON_FREE);
@@ -558,7 +558,7 @@ create_bev(struct event_base *base, evutil_socket_t fd, int ssl_mask, int flags_
 #endif
 	} else if (ssl_mask & HTTP_MBEDTLS) {
 #ifdef EVENT__HAVE_MBEDTLS
-		mbedtls_ssl_context *ssl = mbedtls_ssl_new(get_mbedtls_config(MBEDTLS_SSL_IS_CLIENT));
+		mbedtls_dyncontext *ssl = bufferevent_mbedtls_dyncontext_new(get_mbedtls_config(MBEDTLS_SSL_IS_CLIENT));
 		if (ssl_mask & HTTP_SSL_FILTER) {
 			struct bufferevent *underlying =
 			bufferevent_socket_new(base, fd, flags);

test/regress_mbedtls.c

@@ -51,7 +51,7 @@
 #undef SSL_get_peer_certificate
 #define SSL_get_peer_certificate mbedtls_ssl_get_peer_cert
 #define SSL_get1_peer_certificate mbedtls_ssl_get_peer_cert
-#define SSL_new mbedtls_ssl_new
+#define SSL_new bufferevent_mbedtls_dyncontext_new
 #define SSL_use_certificate(a, b) \
 	do {                          \
 	} while (0);
@@ -80,8 +80,6 @@ const struct testcase_setup_t mbedtls_setup = {
 #define ssl_setup mbedtls_setup
 #include "regress_ssl.c"
 static mbedtls_ssl_config *the_mbedtls_conf[2] = {NULL, NULL};
-static mbedtls_ssl_context *the_mbedtls_ctx[1024] = {NULL};
-static int the_mbedtls_ctx_count = 0;
 static mbedtls_entropy_context entropy;
 static mbedtls_ctr_drbg_context ctr_drbg;
 static mbedtls_x509_crt *the_cert;
@@ -282,7 +280,6 @@ mbedtls_test_setup(const struct testcase_t *testcase)
 static int
 mbedtls_test_cleanup(const struct testcase_t *testcase, void *ptr)
 {
-	int i;
 	int ret = basic_test_cleanup(testcase, ptr);
 	if (!ret) {
 		return ret;
@@ -303,9 +300,6 @@ mbedtls_test_cleanup(const struct testcase_t *testcase, void *ptr)
 	mbedtls_pk_free(the_key);
 	free(the_key);
 
-	for (i = 0; i < the_mbedtls_ctx_count; i++) {
-		mbedtls_ssl_free(the_mbedtls_ctx[i]);
-	}
 	if (the_mbedtls_conf[0]) {
 		mbedtls_ssl_config_free(the_mbedtls_conf[0]);
 		free(the_mbedtls_conf[0]);
@@ -320,16 +314,6 @@ mbedtls_test_cleanup(const struct testcase_t *testcase, void *ptr)
 	return 1;
 }
 
-mbedtls_ssl_context *
-mbedtls_ssl_new(mbedtls_ssl_config *config)
-{
-	mbedtls_ssl_context *ssl = malloc(sizeof(*ssl));
-	mbedtls_ssl_init(ssl);
-	mbedtls_ssl_setup(ssl, config);
-	the_mbedtls_ctx[the_mbedtls_ctx_count++] = ssl;
-	return ssl;
-}
-
 static int
 bio_rwcount_read(void *ctx, unsigned char *out, size_t outlen)
 {