wolfsentry integration: avoid redundant and frivolous dispatches (ssl.c wolfSSL_connect(), wolfSSL_negotiate(), wolfSSL_accept(); tls13.c wolfSSL_connect_TLSv13(), wolfSSL_accept_TLSv13()).

2022-07-27 13:24:52 -05:00
parent feb911c612
commit ed449d5b20
2 changed files with 19 additions and 4 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@ -11853,7 +11853,8 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
        #endif

 #ifdef WOLFSSL_WOLFSENTRY_HOOKS
-        if (ssl->ConnectFilter) {
+        if ((ssl->ConnectFilter != NULL) &&
+            (ssl->options.connectState == CONNECT_BEGIN)) {
            wolfSSL_netfilter_decision_t res;
            if ((ssl->ConnectFilter(ssl, ssl->ConnectFilter_arg, &res) ==
                 WOLFSSL_SUCCESS) &&
@ -12324,7 +12325,13 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
        WOLFSSL_ENTER("SSL_accept()");

 #ifdef WOLFSSL_WOLFSENTRY_HOOKS
-        if (ssl->AcceptFilter) {
+        if ((ssl->AcceptFilter != NULL) &&
+            ((ssl->options.acceptState == ACCEPT_BEGIN)
+#ifdef HAVE_SECURE_RENEGOTIATION
+             || (ssl->options.acceptState == ACCEPT_BEGIN_RENEG)
+#endif
+                ))
+        {
            wolfSSL_netfilter_decision_t res;
            if ((ssl->AcceptFilter(ssl, ssl->AcceptFilter_arg, &res) ==
                 WOLFSSL_SUCCESS) &&
--- a/src/tls13.c
+++ b/src/tls13.c
@ -9746,7 +9746,9 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
    }

 #ifdef WOLFSSL_WOLFSENTRY_HOOKS
-    if (ssl->ConnectFilter) {
+    if ((ssl->ConnectFilter != NULL) &&
+        (ssl->options.connectState == CONNECT_BEGIN))
+    {
        wolfSSL_netfilter_decision_t res;
        if ((ssl->ConnectFilter(ssl, ssl->ConnectFilter_arg, &res) ==
             WOLFSSL_SUCCESS) &&
@ -10781,7 +10783,13 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
    }

 #ifdef WOLFSSL_WOLFSENTRY_HOOKS
-    if (ssl->AcceptFilter) {
+    if ((ssl->AcceptFilter != NULL) &&
+            ((ssl->options.acceptState == TLS13_ACCEPT_BEGIN)
+#ifdef HAVE_SECURE_RENEGOTIATION
+             || (ssl->options.acceptState == TLS13_ACCEPT_BEGIN_RENEG)
+#endif
+                ))
+    {
        wolfSSL_netfilter_decision_t res;
        if ((ssl->AcceptFilter(ssl, ssl->AcceptFilter_arg, &res) ==
             WOLFSSL_SUCCESS) &&