david/ipxe
david/ipxe
Archived
1
0
Fork 0
Code

[tls] Mark security negotiation as a pending operation

Browse Source 
Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
Michael Brown 2012-06-09 18:58:54 +01:00
parent 5482b0abb6
commit af47789ef2
2 changed files with 18 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/include/ipxe/tls.h
View File

@ -18,6 +18,7 @@ FILE_LICENCE ( GPL2_OR_LATER );
#include <ipxe/sha1.h> #include <ipxe/sha1.h>
#include <ipxe/sha256.h> #include <ipxe/sha256.h>
#include <ipxe/x509.h> #include <ipxe/x509.h>
#include <ipxe/pending.h>
/** A TLS header */ /** A TLS header */
struct tls_header { struct tls_header {
@ -240,10 +241,10 @@ struct tls_session {
/** Certificate validator */ /** Certificate validator */
struct interface validator; struct interface validator;
/** Client has finished security negotiation */ /** Client security negotiation pending operation */
unsigned int client_finished; struct pending_operation client_negotiation;
/** Server has finished security negotiation */ /** Server security negotiation pending operation */
unsigned int server_finished; struct pending_operation server_negotiation;
/** TX sequence number */ /** TX sequence number */
uint64_t tx_seq; uint64_t tx_seq;

16
src/net/tls.c
View File

@ -31,6 +31,7 @@ FILE_LICENCE ( GPL2_OR_LATER );
#include <time.h> #include <time.h>
#include <errno.h> #include <errno.h>
#include <byteswap.h> #include <byteswap.h>
#include <ipxe/pending.h>
#include <ipxe/hmac.h> #include <ipxe/hmac.h>
#include <ipxe/md5.h> #include <ipxe/md5.h>
#include <ipxe/sha1.h> #include <ipxe/sha1.h>
@ -101,7 +102,8 @@ static void tls_set_uint24 ( uint8_t field24[3], unsigned long value ) {
* @ret is_ready TLS session is ready * @ret is_ready TLS session is ready
*/ */
static int tls_ready ( struct tls_session *tls ) { static int tls_ready ( struct tls_session *tls ) {
return ( tls->client_finished && tls->server_finished ); return ( ( ! is_pending ( &tls->client_negotiation ) ) &&
( ! is_pending ( &tls->server_negotiation ) ) );
} }
/****************************************************************************** /******************************************************************************
@ -205,6 +207,10 @@ static void free_tls ( struct refcnt *refcnt ) {
*/ */
static void tls_close ( struct tls_session *tls, int rc ) { static void tls_close ( struct tls_session *tls, int rc ) {
/* Remove pending operations, if applicable */
pending_put ( &tls->client_negotiation );
pending_put ( &tls->server_negotiation );
/* Remove process */ /* Remove process */
process_del ( &tls->process ); process_del ( &tls->process );
@ -1141,7 +1147,7 @@ static int tls_send_finished ( struct tls_session *tls ) {
return rc; return rc;
/* Mark client as finished */ /* Mark client as finished */
tls->client_finished = 1; pending_put ( &tls->client_negotiation );
return 0; return 0;
} }
@ -1489,7 +1495,7 @@ static int tls_new_finished ( struct tls_session *tls,
} }
/* Mark server as finished */ /* Mark server as finished */
tls->server_finished = 1; pending_put ( &tls->server_negotiation );
/* Send notification of a window change */ /* Send notification of a window change */
xfer_window_changed ( &tls->plainstream ); xfer_window_changed ( &tls->plainstream );
@ -2396,6 +2402,10 @@ int add_tls ( struct interface *xfer, const char *name,
tls->handshake_ctx = tls->handshake_sha256_ctx; tls->handshake_ctx = tls->handshake_sha256_ctx;
tls->tx_pending = TLS_TX_CLIENT_HELLO; tls->tx_pending = TLS_TX_CLIENT_HELLO;
/* Add pending operations for server and client Finished messages */
pending_get ( &tls->client_negotiation );
pending_get ( &tls->server_negotiation );
/* Attach to parent interface, mortalise self, and return */ /* Attach to parent interface, mortalise self, and return */
intf_plug_plug ( &tls->plainstream, xfer ); intf_plug_plug ( &tls->plainstream, xfer );
*next = &tls->cipherstream; *next = &tls->cipherstream;