narenas
/
opengnsys_ipxe
mirror of https://github.com/ipxe/ipxe.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[tls] Add missing call to tls_tx_resume() when restarting negotiation 

The restart of negotiation triggered by a HelloRequest currently does
not call tls_tx_resume() and so may end up leaving the connection in
an idle state in which the pending ClientHello is never sent.

Fix by calling tls_tx_resume() as part of tls_restart(), since the
call to tls_tx_resume() logically belongs alongside the code that sets
bits in tls->tx_pending.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
pull/94/head
Michael Brown 2019-08-16 22:40:19 +01:00
parent d8a1958ba5
commit fd96acb7de
1 changed files with 24 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
src/net/tls.c
View File

@ -940,6 +940,27 @@ static void tls_verify_handshake ( struct tls_connection *tls, void *out ) {
****************************************************************************** ******************************************************************************
*/ */
/**
* Resume TX state machine
*
* @v tls TLS connection
*/
static void tls_tx_resume ( struct tls_connection *tls ) {
process_add ( &tls->process );
}
/**
* Resume TX state machine for all connections within a session
*
* @v session TLS session
*/
static void tls_tx_resume_all ( struct tls_session *session ) {
struct tls_connection *tls;
list_for_each_entry ( tls, &session->conn, list )
tls_tx_resume ( tls );
}
/** /**
* Restart negotiation * Restart negotiation
* *
@ -961,31 +982,11 @@ static void tls_restart ( struct tls_connection *tls ) {
/* (Re)start negotiation */ /* (Re)start negotiation */
tls->tx_pending = TLS_TX_CLIENT_HELLO; tls->tx_pending = TLS_TX_CLIENT_HELLO;
tls_tx_resume ( tls );
pending_get ( &tls->client_negotiation ); pending_get ( &tls->client_negotiation );
pending_get ( &tls->server_negotiation ); pending_get ( &tls->server_negotiation );
} }
/**
* Resume TX state machine
*
* @v tls TLS connection
*/
static void tls_tx_resume ( struct tls_connection *tls ) {
process_add ( &tls->process );
}
/**
* Resume TX state machine for all connections within a session
*
* @v session TLS session
*/
static void tls_tx_resume_all ( struct tls_session *session ) {
struct tls_connection *tls;
list_for_each_entry ( tls, &session->conn, list )
tls_tx_resume ( tls );
}
/** /**
* Transmit Handshake record * Transmit Handshake record
* *
@ -3086,7 +3087,8 @@ int add_tls ( struct interface *xfer, const char *name,
intf_init ( &tls->plainstream, &tls_plainstream_desc, &tls->refcnt ); intf_init ( &tls->plainstream, &tls_plainstream_desc, &tls->refcnt );
intf_init ( &tls->cipherstream, &tls_cipherstream_desc, &tls->refcnt ); intf_init ( &tls->cipherstream, &tls_cipherstream_desc, &tls->refcnt );
intf_init ( &tls->validator, &tls_validator_desc, &tls->refcnt ); intf_init ( &tls->validator, &tls_validator_desc, &tls->refcnt );
process_init ( &tls->process, &tls_process_desc, &tls->refcnt ); process_init_stopped ( &tls->process, &tls_process_desc,
&tls->refcnt );
tls->version = TLS_VERSION_TLS_1_2; tls->version = TLS_VERSION_TLS_1_2;
tls_clear_cipher ( tls, &tls->tx_cipherspec ); tls_clear_cipher ( tls, &tls->tx_cipherspec );
tls_clear_cipher ( tls, &tls->tx_cipherspec_pending ); tls_clear_cipher ( tls, &tls->tx_cipherspec_pending );