TLS DNS: Simplify tls_cycle_input()
This commit simplifies code flow in the tls_cycle_input() and makes the incoming data processing similar to that in TCP DNS. In particular, now we decipher all the the incoming data before making a single isc__nm_process_sock_buffer() call. Previously we would try to decipher data bit-by-bit before trying to process the deciphered bit via isc__nm_process_sock_buffer(). Doing like before made the code much less predictable, in particular in the areas like when reading is paused or resumed. The newer approach also allowed us to get rid of some old kludges.
This commit is contained in:
Artem Boldariev
@@ -1086,20 +1086,8 @@ tls_cycle_input(isc_nmsocket_t *sock) {
|
||||
if (sock->tls.state == TLS_STATE_IO) {
|
||||
size_t len;
|
||||
|
||||
/* 1. Decrypt the incoming data */
|
||||
for (;;) {
|
||||
/*
|
||||
* There is a similar branch in
|
||||
* isc__nm_process_sock_buffer() which is sufficient to
|
||||
* stop excessive processing in TCP. However, as we wrap
|
||||
* this call in a loop, we need to have it here in order
|
||||
* to limit the number of loop iterations (and,
|
||||
* consequently, the number of messages processed).
|
||||
*/
|
||||
if (atomic_load(&sock->ah) >= STREAM_CLIENTS_PER_CONN) {
|
||||
isc__nm_stop_reading(sock);
|
||||
break;
|
||||
}
|
||||
|
||||
(void)SSL_peek(sock->tls.tls, &(char){ '\0' }, 0);
|
||||
|
||||
int pending = SSL_pending(sock->tls.tls);
|
||||
@@ -1120,34 +1108,22 @@ tls_cycle_input(isc_nmsocket_t *sock) {
|
||||
sock->buf_size - sock->buf_len,
|
||||
&len);
|
||||
if (rv != 1) {
|
||||
/*
|
||||
* Process what's in the buffer so far
|
||||
*/
|
||||
result = isc__nm_process_sock_buffer(
|
||||
sock);
|
||||
if (result != ISC_R_SUCCESS) {
|
||||
goto failure;
|
||||
}
|
||||
/*
|
||||
* FIXME: Should we call
|
||||
* isc__nm_failed_read_cb()?
|
||||
*/
|
||||
break;
|
||||
}
|
||||
|
||||
INSIST((size_t)pending == len);
|
||||
|
||||
sock->buf_len += len;
|
||||
}
|
||||
result = isc__nm_process_sock_buffer(sock);
|
||||
if (result != ISC_R_SUCCESS) {
|
||||
goto failure;
|
||||
}
|
||||
|
||||
if (pending == 0) {
|
||||
} else {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
/* 2. Process the incoming data */
|
||||
result = isc__nm_process_sock_buffer(sock);
|
||||
if (result != ISC_R_SUCCESS) {
|
||||
goto failure;
|
||||
}
|
||||
} else if (!SSL_is_init_finished(sock->tls.tls)) {
|
||||
if (SSL_is_server(sock->tls.tls)) {
|
||||
rv = SSL_accept(sock->tls.tls);
|
||||
|
||||
Reference in New Issue
Block a user