diff options
| -rw-r--r-- | src/core/httpcli/httpcli_security_connector.c | 9 | ||||
| -rw-r--r-- | src/core/security/handshake.c | 27 | ||||
| -rw-r--r-- | src/core/security/handshake.h | 5 | ||||
| -rw-r--r-- | src/core/security/security_connector.c | 28 | ||||
| -rw-r--r-- | src/core/security/security_connector.h | 1 |
5 files changed, 34 insertions, 36 deletions
diff --git a/src/core/httpcli/httpcli_security_connector.c b/src/core/httpcli/httpcli_security_connector.c index a4cd00d9a0..86f34db1d0 100644 --- a/src/core/httpcli/httpcli_security_connector.c +++ b/src/core/httpcli/httpcli_security_connector.c @@ -55,7 +55,6 @@ static void httpcli_ssl_destroy(grpc_security_connector *sc) { tsi_ssl_handshaker_factory_destroy(c->handshaker_factory); } if (c->secure_peer_name != NULL) gpr_free(c->secure_peer_name); - tsi_handshaker_destroy(sc->handshaker); gpr_free(sc); } @@ -65,20 +64,20 @@ static void httpcli_ssl_do_handshake( grpc_httpcli_ssl_channel_security_connector *c = (grpc_httpcli_ssl_channel_security_connector *)sc; tsi_result result = TSI_OK; + tsi_handshaker *handshaker; if (c->handshaker_factory == NULL) { cb(user_data, GRPC_SECURITY_ERROR, nonsecure_endpoint, NULL); return; } - tsi_handshaker_destroy(sc->handshaker); - sc->handshaker = NULL; result = tsi_ssl_handshaker_factory_create_handshaker( - c->handshaker_factory, c->secure_peer_name, &sc->handshaker); + c->handshaker_factory, c->secure_peer_name, &handshaker); if (result != TSI_OK) { gpr_log(GPR_ERROR, "Handshaker creation failed with error %s.", tsi_result_to_string(result)); cb(user_data, GRPC_SECURITY_ERROR, nonsecure_endpoint, NULL); } else { - grpc_do_security_handshake(sc, nonsecure_endpoint, cb, user_data); + grpc_do_security_handshake(handshaker, sc, nonsecure_endpoint, cb, + user_data); } } diff --git a/src/core/security/handshake.c b/src/core/security/handshake.c index 23830ed5a1..62208ca8f2 100644 --- a/src/core/security/handshake.c +++ b/src/core/security/handshake.c @@ -44,6 +44,7 @@ typedef struct { grpc_security_connector *connector; + tsi_handshaker *handshaker; unsigned char *handshake_buffer; size_t handshake_buffer_size; grpc_endpoint *wrapped_endpoint; @@ -77,6 +78,8 @@ static void security_handshake_done(grpc_security_handshake *h, } if (h->handshake_buffer != NULL) gpr_free(h->handshake_buffer); gpr_slice_buffer_destroy(&h->left_overs); + tsi_handshaker_destroy(h->handshaker); + GRPC_SECURITY_CONNECTOR_UNREF(h->connector, "handshake"); gpr_free(h); } @@ -89,8 +92,8 @@ static void on_peer_checked(void *user_data, grpc_security_status status) { security_handshake_done(h, 0); return; } - result = tsi_handshaker_create_frame_protector(h->connector->handshaker, NULL, - &protector); + result = + tsi_handshaker_create_frame_protector(h->handshaker, NULL, &protector); if (result != TSI_OK) { gpr_log(GPR_ERROR, "Frame protector creation failed with error %s.", tsi_result_to_string(result)); @@ -107,8 +110,7 @@ static void on_peer_checked(void *user_data, grpc_security_status status) { static void check_peer(grpc_security_handshake *h) { grpc_security_status peer_status; tsi_peer peer; - tsi_result result = - tsi_handshaker_extract_peer(h->connector->handshaker, &peer); + tsi_result result = tsi_handshaker_extract_peer(h->handshaker, &peer); if (result != TSI_OK) { gpr_log(GPR_ERROR, "Peer extraction failed with error %s", @@ -136,7 +138,7 @@ static void send_handshake_bytes_to_peer(grpc_security_handshake *h) { do { size_t to_send_size = h->handshake_buffer_size - offset; result = tsi_handshaker_get_bytes_to_send_to_peer( - h->connector->handshaker, h->handshake_buffer + offset, &to_send_size); + h->handshaker, h->handshake_buffer + offset, &to_send_size); offset += to_send_size; if (result == TSI_INCOMPLETE_DATA) { h->handshake_buffer_size *= 2; @@ -193,12 +195,11 @@ static void on_handshake_data_received_from_peer( for (i = 0; i < nslices; i++) { consumed_slice_size = GPR_SLICE_LENGTH(slices[i]); result = tsi_handshaker_process_bytes_from_peer( - h->connector->handshaker, GPR_SLICE_START_PTR(slices[i]), - &consumed_slice_size); - if (!tsi_handshaker_is_in_progress(h->connector->handshaker)) break; + h->handshaker, GPR_SLICE_START_PTR(slices[i]), &consumed_slice_size); + if (!tsi_handshaker_is_in_progress(h->handshaker)) break; } - if (tsi_handshaker_is_in_progress(h->connector->handshaker)) { + if (tsi_handshaker_is_in_progress(h->handshaker)) { /* We may need more data. */ if (result == TSI_INCOMPLETE_DATA) { /* TODO(klempner,jboeuf): This should probably use the client setup @@ -258,7 +259,7 @@ static void on_handshake_data_sent_to_peer(void *handshake, } /* We may be done. */ - if (tsi_handshaker_is_in_progress(h->connector->handshaker)) { + if (tsi_handshaker_is_in_progress(h->handshaker)) { /* TODO(klempner,jboeuf): This should probably use the client setup deadline */ grpc_endpoint_notify_on_read( @@ -268,13 +269,15 @@ static void on_handshake_data_sent_to_peer(void *handshake, } } -void grpc_do_security_handshake(grpc_security_connector *connector, +void grpc_do_security_handshake(tsi_handshaker *handshaker, + grpc_security_connector *connector, grpc_endpoint *nonsecure_endpoint, grpc_security_handshake_done_cb cb, void *user_data) { grpc_security_handshake *h = gpr_malloc(sizeof(grpc_security_handshake)); memset(h, 0, sizeof(grpc_security_handshake)); - h->connector = connector; + h->handshaker = handshaker; + h->connector = GRPC_SECURITY_CONNECTOR_REF(connector, "handshake"); h->handshake_buffer_size = GRPC_INITIAL_HANDSHAKE_BUFFER_SIZE; h->handshake_buffer = gpr_malloc(h->handshake_buffer_size); h->wrapped_endpoint = nonsecure_endpoint; diff --git a/src/core/security/handshake.h b/src/core/security/handshake.h index 1739855d69..d7e4a30580 100644 --- a/src/core/security/handshake.h +++ b/src/core/security/handshake.h @@ -38,8 +38,9 @@ #include "src/core/security/security_connector.h" -/* Calls the callback upon completion. */ -void grpc_do_security_handshake(grpc_security_connector *connector, +/* Calls the callback upon completion. Takes owership of handshaker. */ +void grpc_do_security_handshake(tsi_handshaker *handshaker, + grpc_security_connector *connector, grpc_endpoint *nonsecure_endpoint, grpc_security_handshake_done_cb cb, void *user_data); diff --git a/src/core/security/security_connector.c b/src/core/security/security_connector.c index 922b92adea..983ac7635d 100644 --- a/src/core/security/security_connector.c +++ b/src/core/security/security_connector.c @@ -222,13 +222,11 @@ typedef struct { static void fake_channel_destroy(grpc_security_connector *sc) { grpc_channel_security_connector *c = (grpc_channel_security_connector *)sc; grpc_credentials_unref(c->request_metadata_creds); - tsi_handshaker_destroy(sc->handshaker); GRPC_AUTH_CONTEXT_UNREF(sc->auth_context, "connector"); gpr_free(sc); } static void fake_server_destroy(grpc_security_connector *sc) { - tsi_handshaker_destroy(sc->handshaker); GRPC_AUTH_CONTEXT_UNREF(sc->auth_context, "connector"); gpr_free(sc); } @@ -286,18 +284,16 @@ static void fake_channel_do_handshake(grpc_security_connector *sc, grpc_endpoint *nonsecure_endpoint, grpc_security_handshake_done_cb cb, void *user_data) { - tsi_handshaker_destroy(sc->handshaker); - sc->handshaker = tsi_create_fake_handshaker(1); - grpc_do_security_handshake(sc, nonsecure_endpoint, cb, user_data); + grpc_do_security_handshake(tsi_create_fake_handshaker(1), sc, + nonsecure_endpoint, cb, user_data); } static void fake_server_do_handshake(grpc_security_connector *sc, grpc_endpoint *nonsecure_endpoint, grpc_security_handshake_done_cb cb, void *user_data) { - tsi_handshaker_destroy(sc->handshaker); - sc->handshaker = tsi_create_fake_handshaker(0); - grpc_do_security_handshake(sc, nonsecure_endpoint, cb, user_data); + grpc_do_security_handshake(tsi_create_fake_handshaker(0), sc, + nonsecure_endpoint, cb, user_data); } static grpc_security_connector_vtable fake_channel_vtable = { @@ -358,7 +354,6 @@ static void ssl_channel_destroy(grpc_security_connector *sc) { if (c->overridden_target_name != NULL) gpr_free(c->overridden_target_name); tsi_peer_destruct(&c->peer); GRPC_AUTH_CONTEXT_UNREF(sc->auth_context, "connector"); - tsi_handshaker_destroy(sc->handshaker); gpr_free(sc); } @@ -369,7 +364,6 @@ static void ssl_server_destroy(grpc_security_connector *sc) { tsi_ssl_handshaker_factory_destroy(c->handshaker_factory); } GRPC_AUTH_CONTEXT_UNREF(sc->auth_context, "connector"); - tsi_handshaker_destroy(sc->handshaker); gpr_free(sc); } @@ -378,8 +372,6 @@ static grpc_security_status ssl_create_handshaker( const char *peer_name, tsi_handshaker **handshaker) { tsi_result result = TSI_OK; if (handshaker_factory == NULL) return GRPC_SECURITY_ERROR; - tsi_handshaker_destroy(*handshaker); - *handshaker = NULL; result = tsi_ssl_handshaker_factory_create_handshaker( handshaker_factory, is_client ? peer_name : NULL, handshaker); if (result != TSI_OK) { @@ -396,15 +388,17 @@ static void ssl_channel_do_handshake(grpc_security_connector *sc, void *user_data) { grpc_ssl_channel_security_connector *c = (grpc_ssl_channel_security_connector *)sc; + tsi_handshaker *handshaker; grpc_security_status status = ssl_create_handshaker( c->handshaker_factory, 1, c->overridden_target_name != NULL ? c->overridden_target_name : c->target_name, - &sc->handshaker); + &handshaker); if (status != GRPC_SECURITY_OK) { cb(user_data, status, nonsecure_endpoint, NULL); } else { - grpc_do_security_handshake(sc, nonsecure_endpoint, cb, user_data); + grpc_do_security_handshake(handshaker, sc, nonsecure_endpoint, cb, + user_data); } } @@ -414,12 +408,14 @@ static void ssl_server_do_handshake(grpc_security_connector *sc, void *user_data) { grpc_ssl_server_security_connector *c = (grpc_ssl_server_security_connector *)sc; + tsi_handshaker *handshaker; grpc_security_status status = - ssl_create_handshaker(c->handshaker_factory, 0, NULL, &sc->handshaker); + ssl_create_handshaker(c->handshaker_factory, 0, NULL, &handshaker); if (status != GRPC_SECURITY_OK) { cb(user_data, status, nonsecure_endpoint, NULL); } else { - grpc_do_security_handshake(sc, nonsecure_endpoint, cb, user_data); + grpc_do_security_handshake(handshaker, sc, nonsecure_endpoint, cb, + user_data); } } diff --git a/src/core/security/security_connector.h b/src/core/security/security_connector.h index 76d860d277..5fc1db382e 100644 --- a/src/core/security/security_connector.h +++ b/src/core/security/security_connector.h @@ -84,7 +84,6 @@ struct grpc_security_connector { gpr_refcount refcount; int is_client_side; const char *url_scheme; - tsi_handshaker *handshaker; grpc_auth_context *auth_context; /* Populated after the peer is checked. */ }; |