[tls] Keep cipherstream window open until TLS negotiation is complete

When performing a SAN boot, the plainstream window size will be zero (since this is the mechanism used internally to indicate that no data should be fetched via the initial request). This zero value currently propagates to the advertised TCP window size, which prevents the TLS negotiation from completing. Fix by ensuring that the cipherstream window is held open until TLS negotiation is complete, and only then falling back to passing through the plainstream window size. Reported-by: John Wigley <johnwigley#ipxe@acorna.co.uk> Tested-by: John Wigley <johnwigley#ipxe@acorna.co.uk> Signed-off-by: Michael Brown <mcb30@ipxe.org>
2017-05-22 13:17:23 +01:00 · 2017-05-22 13:17:23 +01:00 · 2f12690455
parent de37652044
commit 2f12690455
1 changed files with 16 additions and 0 deletions
--- a/src/net/tls.c
+++ b/src/net/tls.c
@ -2328,6 +2328,21 @@ static int tls_newdata_process_data ( struct tls_session *tls ) {
 	return 0;
 }

+/**
+ * Check flow control window
+ *
+ * @v tls		TLS session
+ * @ret len		Length of window
+ */
+static size_t tls_cipherstream_window ( struct tls_session *tls ) {
+
+	/* Open window until we are ready to accept data */
+	if ( ! tls_ready ( tls ) )
+		return -1UL;
+
+	return xfer_window ( &tls->plainstream );
+}
+
 /**
 * Receive new ciphertext
 *
@ -2390,6 +2405,7 @@ static int tls_cipherstream_deliver ( struct tls_session *tls,
 static struct interface_operation tls_cipherstream_ops[] = {
 	INTF_OP ( xfer_deliver, struct tls_session *,
 		  tls_cipherstream_deliver ),
+	INTF_OP ( xfer_window, struct tls_session *, tls_cipherstream_window ),
 	INTF_OP ( xfer_window_changed, struct tls_session *, tls_tx_resume ),
 	INTF_OP ( intf_close, struct tls_session *, tls_close ),
 };