[tls] Mark security negotiation as a pending operation

Signed-off-by: Michael Brown <mcb30@ipxe.org>

diff --git a/src/include/ipxe/tls.h b/src/include/ipxe/tls.h
index 7de1f19e8e7082c3b512622d204baf60ee8b8378..4273e4e5401e1118179924125df1a3455fa58ce8 100644 (file)
--- a/src/include/ipxe/tls.h
+++ b/src/include/ipxe/tls.h
@@ -18,6 +18,7 @@ FILE_LICENCE ( GPL2_OR_LATER );
 #include <ipxe/sha1.h>
 #include <ipxe/sha256.h>
 #include <ipxe/x509.h>
+#include <ipxe/pending.h>
 
 /** A TLS header */
 struct tls_header {
@@ -240,10 +241,10 @@ struct tls_session {
        /** Certificate validator */
        struct interface validator;
 
-       /** Client has finished security negotiation */
-       unsigned int client_finished;
-       /** Server has finished security negotiation */
-       unsigned int server_finished;
+       /** Client security negotiation pending operation */
+       struct pending_operation client_negotiation;
+       /** Server security negotiation pending operation */
+       struct pending_operation server_negotiation;
 
        /** TX sequence number */
        uint64_t tx_seq;

diff --git a/src/net/tls.c b/src/net/tls.c
index 97e013d7bfc1accb1e53141f1d934480fe116f73..8d6620d3fa6b885edfe2675855e0e809d0a3aa67 100644 (file)
--- a/src/net/tls.c
+++ b/src/net/tls.c
@@ -31,6 +31,7 @@ FILE_LICENCE ( GPL2_OR_LATER );
 #include <time.h>
 #include <errno.h>
 #include <byteswap.h>
+#include <ipxe/pending.h>
 #include <ipxe/hmac.h>
 #include <ipxe/md5.h>
 #include <ipxe/sha1.h>
@@ -101,7 +102,8 @@ static void tls_set_uint24 ( uint8_t field24[3], unsigned long value ) {
  * @ret is_ready       TLS session is ready
  */
 static int tls_ready ( struct tls_session *tls ) {
-       return ( tls->client_finished && tls->server_finished );
+       return ( ( ! is_pending ( &tls->client_negotiation ) ) &&
+                ( ! is_pending ( &tls->server_negotiation ) ) );
 }
 
 /******************************************************************************
@@ -205,6 +207,10 @@ static void free_tls ( struct refcnt *refcnt ) {
  */
 static void tls_close ( struct tls_session *tls, int rc ) {
 
+       /* Remove pending operations, if applicable */
+       pending_put ( &tls->client_negotiation );
+       pending_put ( &tls->server_negotiation );
+
        /* Remove process */
        process_del ( &tls->process );
 
@@ -1141,7 +1147,7 @@ static int tls_send_finished ( struct tls_session *tls ) {
                return rc;
 
        /* Mark client as finished */
-       tls->client_finished = 1;
+       pending_put ( &tls->client_negotiation );
 
        return 0;
 }
@@ -1489,7 +1495,7 @@ static int tls_new_finished ( struct tls_session *tls,
        }
 
        /* Mark server as finished */
-       tls->server_finished = 1;
+       pending_put ( &tls->server_negotiation );
 
        /* Send notification of a window change */
        xfer_window_changed ( &tls->plainstream );
@@ -2396,6 +2402,10 @@ int add_tls ( struct interface *xfer, const char *name,
        tls->handshake_ctx = tls->handshake_sha256_ctx;
        tls->tx_pending = TLS_TX_CLIENT_HELLO;
 
+       /* Add pending operations for server and client Finished messages */
+       pending_get ( &tls->client_negotiation );
+       pending_get ( &tls->server_negotiation );
+
        /* Attach to parent interface, mortalise self, and return */
        intf_plug_plug ( &tls->plainstream, xfer );
        *next = &tls->cipherstream;