Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[tls] Add missing call to tls_tx_resume() when restarting negotiation
The restart of negotiation triggered by a HelloRequest currently does
not call tls_tx_resume() and so may end up leaving the connection in
an idle state in which the pending ClientHello is never sent.

Fix by calling tls_tx_resume() as part of tls_restart(), since the
call to tls_tx_resume() logically belongs alongside the code that sets
bits in tls->tx_pending.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
  • Loading branch information
mcb30 committed Aug 16, 2019
1 parent d8a1958 commit fd96acb
Showing 1 changed file with 24 additions and 22 deletions.
46 changes: 24 additions & 22 deletions src/net/tls.c
Expand Up @@ -940,6 +940,27 @@ static void tls_verify_handshake ( struct tls_connection *tls, void *out ) {
******************************************************************************
*/

/**
* Resume TX state machine
*
* @v tls TLS connection
*/
static void tls_tx_resume ( struct tls_connection *tls ) {
process_add ( &tls->process );
}

/**
* Resume TX state machine for all connections within a session
*
* @v session TLS session
*/
static void tls_tx_resume_all ( struct tls_session *session ) {
struct tls_connection *tls;

list_for_each_entry ( tls, &session->conn, list )
tls_tx_resume ( tls );
}

/**
* Restart negotiation
*
Expand All @@ -961,31 +982,11 @@ static void tls_restart ( struct tls_connection *tls ) {

/* (Re)start negotiation */
tls->tx_pending = TLS_TX_CLIENT_HELLO;
tls_tx_resume ( tls );
pending_get ( &tls->client_negotiation );
pending_get ( &tls->server_negotiation );
}

/**
* Resume TX state machine
*
* @v tls TLS connection
*/
static void tls_tx_resume ( struct tls_connection *tls ) {
process_add ( &tls->process );
}

/**
* Resume TX state machine for all connections within a session
*
* @v session TLS session
*/
static void tls_tx_resume_all ( struct tls_session *session ) {
struct tls_connection *tls;

list_for_each_entry ( tls, &session->conn, list )
tls_tx_resume ( tls );
}

/**
* Transmit Handshake record
*
Expand Down Expand Up @@ -3086,7 +3087,8 @@ int add_tls ( struct interface *xfer, const char *name,
intf_init ( &tls->plainstream, &tls_plainstream_desc, &tls->refcnt );
intf_init ( &tls->cipherstream, &tls_cipherstream_desc, &tls->refcnt );
intf_init ( &tls->validator, &tls_validator_desc, &tls->refcnt );
process_init ( &tls->process, &tls_process_desc, &tls->refcnt );
process_init_stopped ( &tls->process, &tls_process_desc,
&tls->refcnt );
tls->version = TLS_VERSION_TLS_1_2;
tls_clear_cipher ( tls, &tls->tx_cipherspec );
tls_clear_cipher ( tls, &tls->tx_cipherspec_pending );
Expand Down

0 comments on commit fd96acb

Please sign in to comment.