aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins
diff options
context:
space:
mode:
authorFlorin Coras <fcoras@cisco.com>2023-10-17 11:59:49 -0700
committerDave Barach <vpp@barachs.net>2024-09-26 20:44:34 +0000
commitd0e8bd75f6371d09f31f48ffaf5843dce86ca8e6 (patch)
tree60afbb7769d3c4abce413d5055387ef031c975d5 /src/plugins
parent2193fd06492ee0f9a8c9b89fe665ecbc4d50cefe (diff)
tls: cleanup engine hs cb and improve ctx formatting
Handshake completion is now tracked via a ctx flag so we no longer need ctx_handshake_is_over. Also, as we no longer prealloc application sessions, improve ctx state formatting. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If48588ecde13e56fb99d1a46238bda53ed4eae1b
Diffstat (limited to 'src/plugins')
-rw-r--r--src/plugins/tlsmbedtls/tls_mbedtls.c14
-rw-r--r--src/plugins/tlsopenssl/tls_openssl.c14
-rw-r--r--src/plugins/tlspicotls/tls_picotls.c15
3 files changed, 9 insertions, 34 deletions
diff --git a/src/plugins/tlsmbedtls/tls_mbedtls.c b/src/plugins/tlsmbedtls/tls_mbedtls.c
index af04f1adeb0..2f4757e28a1 100644
--- a/src/plugins/tlsmbedtls/tls_mbedtls.c
+++ b/src/plugins/tlsmbedtls/tls_mbedtls.c
@@ -396,6 +396,8 @@ mbedtls_ctx_handshake_rx (tls_ctx_t * ctx)
if (mc->ssl.state != MBEDTLS_SSL_HANDSHAKE_OVER)
return 0;
+ ctx->flags |= TLS_CONN_F_HS_DONE;
+
/*
* Handshake complete
*/
@@ -532,17 +534,10 @@ mbedtls_ctx_read (tls_ctx_t * ctx, session_t * tls_session)
return enq;
}
-static u8
-mbedtls_handshake_is_over (tls_ctx_t * ctx)
-{
- mbedtls_ctx_t *mc = (mbedtls_ctx_t *) ctx;
- return (mc->ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER);
-}
-
static int
mbedtls_transport_close (tls_ctx_t * ctx)
{
- if (!mbedtls_handshake_is_over (ctx))
+ if (!(ctx->flags & TLS_CONN_F_HS_DONE))
{
session_close (session_get_from_handle (ctx->tls_session_handle));
return 0;
@@ -554,7 +549,7 @@ mbedtls_transport_close (tls_ctx_t * ctx)
static int
mbedtls_transport_reset (tls_ctx_t *ctx)
{
- if (!mbedtls_handshake_is_over (ctx))
+ if (!(ctx->flags & TLS_CONN_F_HS_DONE))
{
session_close (session_get_from_handle (ctx->tls_session_handle));
return 0;
@@ -590,7 +585,6 @@ const static tls_engine_vft_t mbedtls_engine = {
.ctx_init_client = mbedtls_ctx_init_client,
.ctx_write = mbedtls_ctx_write,
.ctx_read = mbedtls_ctx_read,
- .ctx_handshake_is_over = mbedtls_handshake_is_over,
.ctx_start_listen = mbedtls_start_listen,
.ctx_stop_listen = mbedtls_stop_listen,
.ctx_transport_close = mbedtls_transport_close,
diff --git a/src/plugins/tlsopenssl/tls_openssl.c b/src/plugins/tlsopenssl/tls_openssl.c
index 19aae3ffadc..c8e685f20c5 100644
--- a/src/plugins/tlsopenssl/tls_openssl.c
+++ b/src/plugins/tlsopenssl/tls_openssl.c
@@ -1037,15 +1037,6 @@ openssl_ctx_init_server (tls_ctx_t * ctx)
return 0;
}
-static u8
-openssl_handshake_is_over (tls_ctx_t * ctx)
-{
- openssl_ctx_t *mc = (openssl_ctx_t *) ctx;
- if (!mc->ssl)
- return 0;
- return SSL_is_init_finished (mc->ssl);
-}
-
static int
openssl_transport_close (tls_ctx_t * ctx)
{
@@ -1054,7 +1045,7 @@ openssl_transport_close (tls_ctx_t * ctx)
return 0;
#endif
- if (!openssl_handshake_is_over (ctx))
+ if (!(ctx->flags & TLS_CONN_F_HS_DONE))
{
openssl_handle_handshake_failure (ctx);
return 0;
@@ -1066,7 +1057,7 @@ openssl_transport_close (tls_ctx_t * ctx)
static int
openssl_transport_reset (tls_ctx_t *ctx)
{
- if (!openssl_handshake_is_over (ctx))
+ if (!(ctx->flags & TLS_CONN_F_HS_DONE))
{
openssl_handle_handshake_failure (ctx);
return 0;
@@ -1166,7 +1157,6 @@ const static tls_engine_vft_t openssl_engine = {
.ctx_init_client = openssl_ctx_init_client,
.ctx_write = openssl_ctx_write,
.ctx_read = openssl_ctx_read,
- .ctx_handshake_is_over = openssl_handshake_is_over,
.ctx_start_listen = openssl_start_listen,
.ctx_stop_listen = openssl_stop_listen,
.ctx_transport_close = openssl_transport_close,
diff --git a/src/plugins/tlspicotls/tls_picotls.c b/src/plugins/tlspicotls/tls_picotls.c
index 7375b928206..9459cb776b5 100644
--- a/src/plugins/tlspicotls/tls_picotls.c
+++ b/src/plugins/tlspicotls/tls_picotls.c
@@ -88,14 +88,6 @@ picotls_lctx_get (u32 lctx_index)
return pool_elt_at_index (picotls_main.lctx_pool, lctx_index);
}
-static u8
-picotls_handshake_is_over (tls_ctx_t * ctx)
-{
- picotls_ctx_t *ptls_ctx = (picotls_ctx_t *) ctx;
- assert (ptls_ctx->tls);
- return ptls_handshake_is_complete (ptls_ctx->tls);
-}
-
static int
picotls_try_handshake_write (picotls_ctx_t * ptls_ctx,
session_t * tls_session, ptls_buffer_t * buf)
@@ -194,7 +186,7 @@ picotls_confirm_app_close (tls_ctx_t * ctx)
static int
picotls_transport_close (tls_ctx_t * ctx)
{
- if (!picotls_handshake_is_over (ctx))
+ if (!(ctx->flags & TLS_CONN_F_HS_DONE))
{
picotls_handle_handshake_failure (ctx);
return 0;
@@ -206,7 +198,7 @@ picotls_transport_close (tls_ctx_t * ctx)
static int
picotls_transport_reset (tls_ctx_t *ctx)
{
- if (!picotls_handshake_is_over (ctx))
+ if (!(ctx->flags & TLS_CONN_F_HS_DONE))
{
picotls_handle_handshake_failure (ctx);
return 0;
@@ -435,7 +427,7 @@ picotls_ctx_read (tls_ctx_t *ctx, session_t *tcp_session)
if (PREDICT_FALSE (!ptls_handshake_is_complete (ptls_ctx->tls)))
{
picotls_do_handshake (ptls_ctx, tcp_session);
- if (picotls_handshake_is_over (ctx))
+ if (ctx->flags & TLS_CONN_F_HS_DONE)
{
if (ptls_is_server (ptls_ctx->tls))
{
@@ -750,7 +742,6 @@ const static tls_engine_vft_t picotls_engine = {
.ctx_free = picotls_ctx_free,
.ctx_get = picotls_ctx_get,
.ctx_get_w_thread = picotls_ctx_get_w_thread,
- .ctx_handshake_is_over = picotls_handshake_is_over,
.ctx_start_listen = picotls_start_listen,
.ctx_stop_listen = picotls_stop_listen,
.ctx_init_server = picotls_ctx_init_server,