From 2f126904555f3890a5c05868bb615d2fd62f8b0c Mon Sep 17 00:00:00 2001 From: Michael Brown Date: Mon, 22 May 2017 13:17:23 +0100 Subject: [PATCH] [tls] Keep cipherstream window open until TLS negotiation is complete When performing a SAN boot, the plainstream window size will be zero (since this is the mechanism used internally to indicate that no data should be fetched via the initial request). This zero value currently propagates to the advertised TCP window size, which prevents the TLS negotiation from completing. Fix by ensuring that the cipherstream window is held open until TLS negotiation is complete, and only then falling back to passing through the plainstream window size. Reported-by: John Wigley Tested-by: John Wigley Signed-off-by: Michael Brown --- src/net/tls.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/src/net/tls.c b/src/net/tls.c index 90f9f976..2b809a62 100644 --- a/src/net/tls.c +++ b/src/net/tls.c @@ -2328,6 +2328,21 @@ static int tls_newdata_process_data ( struct tls_session *tls ) { return 0; } +/** + * Check flow control window + * + * @v tls TLS session + * @ret len Length of window + */ +static size_t tls_cipherstream_window ( struct tls_session *tls ) { + + /* Open window until we are ready to accept data */ + if ( ! tls_ready ( tls ) ) + return -1UL; + + return xfer_window ( &tls->plainstream ); +} + /** * Receive new ciphertext * @@ -2390,6 +2405,7 @@ static int tls_cipherstream_deliver ( struct tls_session *tls, static struct interface_operation tls_cipherstream_ops[] = { INTF_OP ( xfer_deliver, struct tls_session *, tls_cipherstream_deliver ), + INTF_OP ( xfer_window, struct tls_session *, tls_cipherstream_window ), INTF_OP ( xfer_window_changed, struct tls_session *, tls_tx_resume ), INTF_OP ( intf_close, struct tls_session *, tls_close ), };