TLS server: Add internal callbacks get_failed, get_*_alerts

These can be used to implement cleaner termination of the handshake in case of failures. Signed-off-by: Jouni Malinen <j@w1.fi>
5 years ago · f08ab18bf9
parent b642ab4062
commit f08ab18bf9
4 changed files with 38 additions and 0 deletions
--- a/src/crypto/tls_internal.c
+++ b/src/crypto/tls_internal.c
@ -726,12 +726,20 @@ int tls_connection_client_hello_ext(void *tls_ctx, struct tls_connection *conn,

 int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn)
 {
+#ifdef CONFIG_TLS_INTERNAL_SERVER
+	if (conn->server)
+		return tlsv1_server_get_failed(conn->server);
+#endif /* CONFIG_TLS_INTERNAL_SERVER */
 	return 0;
 }


 int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn)
 {
+#ifdef CONFIG_TLS_INTERNAL_SERVER
+	if (conn->server)
+		return tlsv1_server_get_read_alerts(conn->server);
+#endif /* CONFIG_TLS_INTERNAL_SERVER */
 	return 0;
 }

@ -739,6 +747,10 @@ int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn)
 int tls_connection_get_write_alerts(void *tls_ctx,
 				    struct tls_connection *conn)
 {
+#ifdef CONFIG_TLS_INTERNAL_SERVER
+	if (conn->server)
+		return tlsv1_server_get_write_alerts(conn->server);
+#endif /* CONFIG_TLS_INTERNAL_SERVER */
 	return 0;
 }

--- a/src/tls/tlsv1_server.c
+++ b/src/tls/tlsv1_server.c
@ -204,6 +204,7 @@ failed:
 		msg = tlsv1_server_send_alert(conn, conn->alert_level,
 					      conn->alert_description,
 					      out_len);
+		conn->write_alerts++;
 	}

 	return msg;
@ -296,6 +297,7 @@ int tlsv1_server_decrypt(struct tlsv1_server *conn,
 			}
 			tlsv1_server_log(conn, "Received alert %d:%d",
 					 out_pos[0], out_pos[1]);
+			conn->read_alerts++;
 			if (out_pos[0] == TLS_ALERT_LEVEL_WARNING) {
 				/* Continue processing */
 				pos += used;
@ -708,6 +710,24 @@ void tlsv1_server_set_log_cb(struct tlsv1_server *conn,
 }


+int tlsv1_server_get_failed(struct tlsv1_server *conn)
+{
+	return conn->state == FAILED;
+}
+
+
+int tlsv1_server_get_read_alerts(struct tlsv1_server *conn)
+{
+	return conn->read_alerts;
+}
+
+
+int tlsv1_server_get_write_alerts(struct tlsv1_server *conn)
+{
+	return conn->write_alerts;
+}
+
+
 #ifdef CONFIG_TESTING_OPTIONS
 void tlsv1_server_set_test_flags(struct tlsv1_server *conn, u32 flags)
 {
--- a/src/tls/tlsv1_server.h
+++ b/src/tls/tlsv1_server.h
@ -48,6 +48,10 @@ void tlsv1_server_set_session_ticket_cb(struct tlsv1_server *conn,
 void tlsv1_server_set_log_cb(struct tlsv1_server *conn,
 			     void (*cb)(void *ctx, const char *msg), void *ctx);

+int tlsv1_server_get_failed(struct tlsv1_server *conn);
+int tlsv1_server_get_read_alerts(struct tlsv1_server *conn);
+int tlsv1_server_get_write_alerts(struct tlsv1_server *conn);
+
 void tlsv1_server_set_test_flags(struct tlsv1_server *conn, u32 flags);

 #endif /* TLSV1_SERVER_H */
--- a/src/tls/tlsv1_server_i.h
+++ b/src/tls/tlsv1_server_i.h
@ -30,6 +30,8 @@ struct tlsv1_server {
 	u8 alert_level;
 	u8 alert_description;

+	int read_alerts, write_alerts;
+
 	struct crypto_public_key *client_rsa_key;

 	struct tls_verify_hash verify;