diff options
author | Florin Coras <fcoras@cisco.com> | 2023-10-17 11:59:49 -0700 |
---|---|---|
committer | Dave Barach <vpp@barachs.net> | 2024-09-26 20:44:34 +0000 |
commit | d0e8bd75f6371d09f31f48ffaf5843dce86ca8e6 (patch) | |
tree | 60afbb7769d3c4abce413d5055387ef031c975d5 /src/plugins | |
parent | 2193fd06492ee0f9a8c9b89fe665ecbc4d50cefe (diff) |
tls: cleanup engine hs cb and improve ctx formatting
Handshake completion is now tracked via a ctx flag so we no longer need
ctx_handshake_is_over.
Also, as we no longer prealloc application sessions, improve ctx state
formatting.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: If48588ecde13e56fb99d1a46238bda53ed4eae1b
Diffstat (limited to 'src/plugins')
-rw-r--r-- | src/plugins/tlsmbedtls/tls_mbedtls.c | 14 | ||||
-rw-r--r-- | src/plugins/tlsopenssl/tls_openssl.c | 14 | ||||
-rw-r--r-- | src/plugins/tlspicotls/tls_picotls.c | 15 |
3 files changed, 9 insertions, 34 deletions
diff --git a/src/plugins/tlsmbedtls/tls_mbedtls.c b/src/plugins/tlsmbedtls/tls_mbedtls.c index af04f1adeb0..2f4757e28a1 100644 --- a/src/plugins/tlsmbedtls/tls_mbedtls.c +++ b/src/plugins/tlsmbedtls/tls_mbedtls.c @@ -396,6 +396,8 @@ mbedtls_ctx_handshake_rx (tls_ctx_t * ctx) if (mc->ssl.state != MBEDTLS_SSL_HANDSHAKE_OVER) return 0; + ctx->flags |= TLS_CONN_F_HS_DONE; + /* * Handshake complete */ @@ -532,17 +534,10 @@ mbedtls_ctx_read (tls_ctx_t * ctx, session_t * tls_session) return enq; } -static u8 -mbedtls_handshake_is_over (tls_ctx_t * ctx) -{ - mbedtls_ctx_t *mc = (mbedtls_ctx_t *) ctx; - return (mc->ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER); -} - static int mbedtls_transport_close (tls_ctx_t * ctx) { - if (!mbedtls_handshake_is_over (ctx)) + if (!(ctx->flags & TLS_CONN_F_HS_DONE)) { session_close (session_get_from_handle (ctx->tls_session_handle)); return 0; @@ -554,7 +549,7 @@ mbedtls_transport_close (tls_ctx_t * ctx) static int mbedtls_transport_reset (tls_ctx_t *ctx) { - if (!mbedtls_handshake_is_over (ctx)) + if (!(ctx->flags & TLS_CONN_F_HS_DONE)) { session_close (session_get_from_handle (ctx->tls_session_handle)); return 0; @@ -590,7 +585,6 @@ const static tls_engine_vft_t mbedtls_engine = { .ctx_init_client = mbedtls_ctx_init_client, .ctx_write = mbedtls_ctx_write, .ctx_read = mbedtls_ctx_read, - .ctx_handshake_is_over = mbedtls_handshake_is_over, .ctx_start_listen = mbedtls_start_listen, .ctx_stop_listen = mbedtls_stop_listen, .ctx_transport_close = mbedtls_transport_close, diff --git a/src/plugins/tlsopenssl/tls_openssl.c b/src/plugins/tlsopenssl/tls_openssl.c index 19aae3ffadc..c8e685f20c5 100644 --- a/src/plugins/tlsopenssl/tls_openssl.c +++ b/src/plugins/tlsopenssl/tls_openssl.c @@ -1037,15 +1037,6 @@ openssl_ctx_init_server (tls_ctx_t * ctx) return 0; } -static u8 -openssl_handshake_is_over (tls_ctx_t * ctx) -{ - openssl_ctx_t *mc = (openssl_ctx_t *) ctx; - if (!mc->ssl) - return 0; - return SSL_is_init_finished (mc->ssl); -} - static int openssl_transport_close (tls_ctx_t * ctx) { @@ -1054,7 +1045,7 @@ openssl_transport_close (tls_ctx_t * ctx) return 0; #endif - if (!openssl_handshake_is_over (ctx)) + if (!(ctx->flags & TLS_CONN_F_HS_DONE)) { openssl_handle_handshake_failure (ctx); return 0; @@ -1066,7 +1057,7 @@ openssl_transport_close (tls_ctx_t * ctx) static int openssl_transport_reset (tls_ctx_t *ctx) { - if (!openssl_handshake_is_over (ctx)) + if (!(ctx->flags & TLS_CONN_F_HS_DONE)) { openssl_handle_handshake_failure (ctx); return 0; @@ -1166,7 +1157,6 @@ const static tls_engine_vft_t openssl_engine = { .ctx_init_client = openssl_ctx_init_client, .ctx_write = openssl_ctx_write, .ctx_read = openssl_ctx_read, - .ctx_handshake_is_over = openssl_handshake_is_over, .ctx_start_listen = openssl_start_listen, .ctx_stop_listen = openssl_stop_listen, .ctx_transport_close = openssl_transport_close, diff --git a/src/plugins/tlspicotls/tls_picotls.c b/src/plugins/tlspicotls/tls_picotls.c index 7375b928206..9459cb776b5 100644 --- a/src/plugins/tlspicotls/tls_picotls.c +++ b/src/plugins/tlspicotls/tls_picotls.c @@ -88,14 +88,6 @@ picotls_lctx_get (u32 lctx_index) return pool_elt_at_index (picotls_main.lctx_pool, lctx_index); } -static u8 -picotls_handshake_is_over (tls_ctx_t * ctx) -{ - picotls_ctx_t *ptls_ctx = (picotls_ctx_t *) ctx; - assert (ptls_ctx->tls); - return ptls_handshake_is_complete (ptls_ctx->tls); -} - static int picotls_try_handshake_write (picotls_ctx_t * ptls_ctx, session_t * tls_session, ptls_buffer_t * buf) @@ -194,7 +186,7 @@ picotls_confirm_app_close (tls_ctx_t * ctx) static int picotls_transport_close (tls_ctx_t * ctx) { - if (!picotls_handshake_is_over (ctx)) + if (!(ctx->flags & TLS_CONN_F_HS_DONE)) { picotls_handle_handshake_failure (ctx); return 0; @@ -206,7 +198,7 @@ picotls_transport_close (tls_ctx_t * ctx) static int picotls_transport_reset (tls_ctx_t *ctx) { - if (!picotls_handshake_is_over (ctx)) + if (!(ctx->flags & TLS_CONN_F_HS_DONE)) { picotls_handle_handshake_failure (ctx); return 0; @@ -435,7 +427,7 @@ picotls_ctx_read (tls_ctx_t *ctx, session_t *tcp_session) if (PREDICT_FALSE (!ptls_handshake_is_complete (ptls_ctx->tls))) { picotls_do_handshake (ptls_ctx, tcp_session); - if (picotls_handshake_is_over (ctx)) + if (ctx->flags & TLS_CONN_F_HS_DONE) { if (ptls_is_server (ptls_ctx->tls)) { @@ -750,7 +742,6 @@ const static tls_engine_vft_t picotls_engine = { .ctx_free = picotls_ctx_free, .ctx_get = picotls_ctx_get, .ctx_get_w_thread = picotls_ctx_get_w_thread, - .ctx_handshake_is_over = picotls_handshake_is_over, .ctx_start_listen = picotls_start_listen, .ctx_stop_listen = picotls_stop_listen, .ctx_init_server = picotls_ctx_init_server, |