PolarSSL is now part of ARM Official announcement and rebranded as Mbed TLS.

Adding Asynchronous API on mbedtls

Oct 6, 2015 08:34

Hey All Is there any way to achieve something like OpenSSL's bio pair

We are trying to add callback based asynchronous API in mbedtls where we handled the Network IO separately and fed the tls state machine with networked received data and tls engine processed it and call us back when the data is ready. This will be useful with network lib like libuv.

A glimpse of work(WIP) with openssl can be seen at https://github.com/deleisha/libuv-tls

Is ther any way to achieve this?

Oct 7, 2015 16:12

Pardon me if I have posted in the wrong forum. Am I supposed to post it in "Crypto and SSL questions" ?

and expecting a response.

We would like to add async API's for TLS I/O for mbedtls so that it can be inegrated easily with libraries like libevent, libuv and libev.

Oct 7, 2015 17:48
Nicholas Wilson

It should be fairly easy to do. In our applications, we have an SSLEngine class which has an implementation using the JSSE SSLEngine class (https://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLEngine.html), and an implementation using mbedTLS for non-Java platforms, which sounds just like you're describing.

You can certainly do non-blocking I/O with mbedTLS, you just pass in your read and write callbacks with mbedtls_ssl_set_bio(). You can then feed data to mbedTLS from an event callback by calling mbedtls_ssl_read(), and when that invokes your read callback you feed it the data you want to unwrap. In turn, when you want to wrap data, you write it using mbedtls_ssl_write, and dump the data in your write buffer for asynchronous writing later.

Oct 9, 2015 14:08
Manuel Pégourié-Gonnard

As Nicholas said, I believe our API allows to create what you want by providing adequate callback to the SSL layer and calling mbedtls_ssl_read() when data is available. We're in the process of developing such an asynchronous API for TLS in mbed OS using the same ideas explained by Nicholas and it's working fine.

Oct 9, 2015 16:31

Thanks Nicholas and Manuel Pégourié-Gonnard.

I am pretty much new to mbedtls. So my thought and knowledge might be very limited. Correct me if I am wrong.

yes, mbedtls effectively seems to handle asynchronous with supplied socket. First glance seems to suggest that mbedtls internally handle the network IO.

Our use case is that we want to handle the network IO separately by libuv. We would like to feed the wrapped data to mbedtls ourselves and mbedtls does processing and once it has unwrapped data, give us a callback.

Is there any way to handle this effectively?

Oct 10, 2015 07:07

Oh, Yes After reading code a bit more, We realised mbedtls_set_bio will work for us.

Thanks Again