Selaa lähdekoodia

[tls] Mark security negotiation as a pending operation

Signed-off-by: Michael Brown <mcb30@ipxe.org>
tags/v1.20.1
Michael Brown 12 vuotta sitten
vanhempi
commit
af47789ef2
2 muutettua tiedostoa jossa 18 lisäystä ja 7 poistoa
  1. 5
    4
      src/include/ipxe/tls.h
  2. 13
    3
      src/net/tls.c

+ 5
- 4
src/include/ipxe/tls.h Näytä tiedosto

@@ -18,6 +18,7 @@ FILE_LICENCE ( GPL2_OR_LATER );
18 18
 #include <ipxe/sha1.h>
19 19
 #include <ipxe/sha256.h>
20 20
 #include <ipxe/x509.h>
21
+#include <ipxe/pending.h>
21 22
 
22 23
 /** A TLS header */
23 24
 struct tls_header {
@@ -240,10 +241,10 @@ struct tls_session {
240 241
 	/** Certificate validator */
241 242
 	struct interface validator;
242 243
 
243
-	/** Client has finished security negotiation */
244
-	unsigned int client_finished;
245
-	/** Server has finished security negotiation */
246
-	unsigned int server_finished;
244
+	/** Client security negotiation pending operation */
245
+	struct pending_operation client_negotiation;
246
+	/** Server security negotiation pending operation */
247
+	struct pending_operation server_negotiation;
247 248
 
248 249
 	/** TX sequence number */
249 250
 	uint64_t tx_seq;

+ 13
- 3
src/net/tls.c Näytä tiedosto

@@ -31,6 +31,7 @@ FILE_LICENCE ( GPL2_OR_LATER );
31 31
 #include <time.h>
32 32
 #include <errno.h>
33 33
 #include <byteswap.h>
34
+#include <ipxe/pending.h>
34 35
 #include <ipxe/hmac.h>
35 36
 #include <ipxe/md5.h>
36 37
 #include <ipxe/sha1.h>
@@ -101,7 +102,8 @@ static void tls_set_uint24 ( uint8_t field24[3], unsigned long value ) {
101 102
  * @ret is_ready	TLS session is ready
102 103
  */
103 104
 static int tls_ready ( struct tls_session *tls ) {
104
-	return ( tls->client_finished && tls->server_finished );
105
+	return ( ( ! is_pending ( &tls->client_negotiation ) ) &&
106
+		 ( ! is_pending ( &tls->server_negotiation ) ) );
105 107
 }
106 108
 
107 109
 /******************************************************************************
@@ -205,6 +207,10 @@ static void free_tls ( struct refcnt *refcnt ) {
205 207
  */
206 208
 static void tls_close ( struct tls_session *tls, int rc ) {
207 209
 
210
+	/* Remove pending operations, if applicable */
211
+	pending_put ( &tls->client_negotiation );
212
+	pending_put ( &tls->server_negotiation );
213
+
208 214
 	/* Remove process */
209 215
 	process_del ( &tls->process );
210 216
 
@@ -1141,7 +1147,7 @@ static int tls_send_finished ( struct tls_session *tls ) {
1141 1147
 		return rc;
1142 1148
 
1143 1149
 	/* Mark client as finished */
1144
-	tls->client_finished = 1;
1150
+	pending_put ( &tls->client_negotiation );
1145 1151
 
1146 1152
 	return 0;
1147 1153
 }
@@ -1489,7 +1495,7 @@ static int tls_new_finished ( struct tls_session *tls,
1489 1495
 	}
1490 1496
 
1491 1497
 	/* Mark server as finished */
1492
-	tls->server_finished = 1;
1498
+	pending_put ( &tls->server_negotiation );
1493 1499
 
1494 1500
 	/* Send notification of a window change */
1495 1501
 	xfer_window_changed ( &tls->plainstream );
@@ -2396,6 +2402,10 @@ int add_tls ( struct interface *xfer, const char *name,
2396 2402
 	tls->handshake_ctx = tls->handshake_sha256_ctx;
2397 2403
 	tls->tx_pending = TLS_TX_CLIENT_HELLO;
2398 2404
 
2405
+	/* Add pending operations for server and client Finished messages */
2406
+	pending_get ( &tls->client_negotiation );
2407
+	pending_get ( &tls->server_negotiation );
2408
+
2399 2409
 	/* Attach to parent interface, mortalise self, and return */
2400 2410
 	intf_plug_plug ( &tls->plainstream, xfer );
2401 2411
 	*next = &tls->cipherstream;

Loading…
Peruuta
Tallenna