Flush TLS 1.3 NewSessionTicket messages together.
There's no sense in flushing twice in one flight. This means when writing a message is finally synchronous, we don't need the intermediate state at all. Change-Id: Iaca60d64917f82dce0456a8b15de4ee00f2d557b Reviewed-on: https://boringssl-review.googlesource.com/12103 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin
Adam Langley
parent
8e816eb7b6
commit
0a011fc49f
@ -47,7 +47,7 @@ enum server_hs_state_t {
|
|||||||
state_process_channel_id,
|
state_process_channel_id,
|
||||||
state_process_client_finished,
|
state_process_client_finished,
|
||||||
state_send_new_session_ticket,
|
state_send_new_session_ticket,
|
||||||
state_flush_new_session_ticket,
|
state_flush_new_session_tickets,
|
||||||
state_done,
|
state_done,
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -601,6 +601,10 @@ static enum ssl_hs_wait_t do_process_client_finished(SSL *ssl,
|
|||||||
return ssl_hs_ok;
|
return ssl_hs_ok;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* TLS 1.3 recommends single-use tickets, so issue multiple tickets in case the
|
||||||
|
* client makes several connections before getting a renewal. */
|
||||||
|
static const int kNumTickets = 2;
|
||||||
|
|
||||||
static enum ssl_hs_wait_t do_send_new_session_ticket(SSL *ssl,
|
static enum ssl_hs_wait_t do_send_new_session_ticket(SSL *ssl,
|
||||||
SSL_HANDSHAKE *hs) {
|
SSL_HANDSHAKE *hs) {
|
||||||
SSL_SESSION *session = ssl->s3->new_session;
|
SSL_SESSION *session = ssl->s3->new_session;
|
||||||
@ -635,8 +639,12 @@ static enum ssl_hs_wait_t do_send_new_session_ticket(SSL *ssl,
|
|||||||
}
|
}
|
||||||
|
|
||||||
hs->session_tickets_sent++;
|
hs->session_tickets_sent++;
|
||||||
|
if (hs->session_tickets_sent >= kNumTickets) {
|
||||||
|
hs->state = state_flush_new_session_tickets;
|
||||||
|
} else {
|
||||||
|
hs->state = state_send_new_session_ticket;
|
||||||
|
}
|
||||||
|
|
||||||
hs->state = state_flush_new_session_ticket;
|
|
||||||
return ssl_hs_write_message;
|
return ssl_hs_write_message;
|
||||||
|
|
||||||
err:
|
err:
|
||||||
@ -644,17 +652,9 @@ err:
|
|||||||
return ssl_hs_error;
|
return ssl_hs_error;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* TLS 1.3 recommends single-use tickets, so issue multiple tickets in case the
|
static enum ssl_hs_wait_t do_flush_new_session_tickets(SSL *ssl,
|
||||||
* client makes several connections before getting a renewal. */
|
|
||||||
static const int kNumTickets = 2;
|
|
||||||
|
|
||||||
static enum ssl_hs_wait_t do_flush_new_session_ticket(SSL *ssl,
|
|
||||||
SSL_HANDSHAKE *hs) {
|
SSL_HANDSHAKE *hs) {
|
||||||
if (hs->session_tickets_sent >= kNumTickets) {
|
|
||||||
hs->state = state_done;
|
hs->state = state_done;
|
||||||
} else {
|
|
||||||
hs->state = state_send_new_session_ticket;
|
|
||||||
}
|
|
||||||
return ssl_hs_flush;
|
return ssl_hs_flush;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -719,8 +719,8 @@ enum ssl_hs_wait_t tls13_server_handshake(SSL *ssl) {
|
|||||||
case state_send_new_session_ticket:
|
case state_send_new_session_ticket:
|
||||||
ret = do_send_new_session_ticket(ssl, hs);
|
ret = do_send_new_session_ticket(ssl, hs);
|
||||||
break;
|
break;
|
||||||
case state_flush_new_session_ticket:
|
case state_flush_new_session_tickets:
|
||||||
ret = do_flush_new_session_ticket(ssl, hs);
|
ret = do_flush_new_session_tickets(ssl, hs);
|
||||||
break;
|
break;
|
||||||
case state_done:
|
case state_done:
|
||||||
ret = ssl_hs_ok;
|
ret = ssl_hs_ok;
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user