[tls] Mark security negotiation as a pending operation
Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
parent
5482b0abb6
commit
af47789ef2
@ -18,6 +18,7 @@ FILE_LICENCE ( GPL2_OR_LATER );
|
|||||||
#include <ipxe/sha1.h>
|
#include <ipxe/sha1.h>
|
||||||
#include <ipxe/sha256.h>
|
#include <ipxe/sha256.h>
|
||||||
#include <ipxe/x509.h>
|
#include <ipxe/x509.h>
|
||||||
|
#include <ipxe/pending.h>
|
||||||
|
|
||||||
/** A TLS header */
|
/** A TLS header */
|
||||||
struct tls_header {
|
struct tls_header {
|
||||||
@ -240,10 +241,10 @@ struct tls_session {
|
|||||||
/** Certificate validator */
|
/** Certificate validator */
|
||||||
struct interface validator;
|
struct interface validator;
|
||||||
|
|
||||||
/** Client has finished security negotiation */
|
/** Client security negotiation pending operation */
|
||||||
unsigned int client_finished;
|
struct pending_operation client_negotiation;
|
||||||
/** Server has finished security negotiation */
|
/** Server security negotiation pending operation */
|
||||||
unsigned int server_finished;
|
struct pending_operation server_negotiation;
|
||||||
|
|
||||||
/** TX sequence number */
|
/** TX sequence number */
|
||||||
uint64_t tx_seq;
|
uint64_t tx_seq;
|
||||||
|
@ -31,6 +31,7 @@ FILE_LICENCE ( GPL2_OR_LATER );
|
|||||||
#include <time.h>
|
#include <time.h>
|
||||||
#include <errno.h>
|
#include <errno.h>
|
||||||
#include <byteswap.h>
|
#include <byteswap.h>
|
||||||
|
#include <ipxe/pending.h>
|
||||||
#include <ipxe/hmac.h>
|
#include <ipxe/hmac.h>
|
||||||
#include <ipxe/md5.h>
|
#include <ipxe/md5.h>
|
||||||
#include <ipxe/sha1.h>
|
#include <ipxe/sha1.h>
|
||||||
@ -101,7 +102,8 @@ static void tls_set_uint24 ( uint8_t field24[3], unsigned long value ) {
|
|||||||
* @ret is_ready TLS session is ready
|
* @ret is_ready TLS session is ready
|
||||||
*/
|
*/
|
||||||
static int tls_ready ( struct tls_session *tls ) {
|
static int tls_ready ( struct tls_session *tls ) {
|
||||||
return ( tls->client_finished && tls->server_finished );
|
return ( ( ! is_pending ( &tls->client_negotiation ) ) &&
|
||||||
|
( ! is_pending ( &tls->server_negotiation ) ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
/******************************************************************************
|
/******************************************************************************
|
||||||
@ -205,6 +207,10 @@ static void free_tls ( struct refcnt *refcnt ) {
|
|||||||
*/
|
*/
|
||||||
static void tls_close ( struct tls_session *tls, int rc ) {
|
static void tls_close ( struct tls_session *tls, int rc ) {
|
||||||
|
|
||||||
|
/* Remove pending operations, if applicable */
|
||||||
|
pending_put ( &tls->client_negotiation );
|
||||||
|
pending_put ( &tls->server_negotiation );
|
||||||
|
|
||||||
/* Remove process */
|
/* Remove process */
|
||||||
process_del ( &tls->process );
|
process_del ( &tls->process );
|
||||||
|
|
||||||
@ -1141,7 +1147,7 @@ static int tls_send_finished ( struct tls_session *tls ) {
|
|||||||
return rc;
|
return rc;
|
||||||
|
|
||||||
/* Mark client as finished */
|
/* Mark client as finished */
|
||||||
tls->client_finished = 1;
|
pending_put ( &tls->client_negotiation );
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -1489,7 +1495,7 @@ static int tls_new_finished ( struct tls_session *tls,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Mark server as finished */
|
/* Mark server as finished */
|
||||||
tls->server_finished = 1;
|
pending_put ( &tls->server_negotiation );
|
||||||
|
|
||||||
/* Send notification of a window change */
|
/* Send notification of a window change */
|
||||||
xfer_window_changed ( &tls->plainstream );
|
xfer_window_changed ( &tls->plainstream );
|
||||||
@ -2396,6 +2402,10 @@ int add_tls ( struct interface *xfer, const char *name,
|
|||||||
tls->handshake_ctx = tls->handshake_sha256_ctx;
|
tls->handshake_ctx = tls->handshake_sha256_ctx;
|
||||||
tls->tx_pending = TLS_TX_CLIENT_HELLO;
|
tls->tx_pending = TLS_TX_CLIENT_HELLO;
|
||||||
|
|
||||||
|
/* Add pending operations for server and client Finished messages */
|
||||||
|
pending_get ( &tls->client_negotiation );
|
||||||
|
pending_get ( &tls->server_negotiation );
|
||||||
|
|
||||||
/* Attach to parent interface, mortalise self, and return */
|
/* Attach to parent interface, mortalise self, and return */
|
||||||
intf_plug_plug ( &tls->plainstream, xfer );
|
intf_plug_plug ( &tls->plainstream, xfer );
|
||||||
*next = &tls->cipherstream;
|
*next = &tls->cipherstream;
|
||||||
|
Reference in New Issue
Block a user