tls: remove api boilerplate

[vpp.git] / src / plugins / tlsopenssl / tls_openssl.c

diff --git a/src/plugins/tlsopenssl/tls_openssl.c b/src/plugins/tlsopenssl/tls_openssl.c
index ee6b0e3..589d76d 100644 (file)
--- a/src/plugins/tlsopenssl/tls_openssl.c
+++ b/src/plugins/tlsopenssl/tls_openssl.c
@@ -16,6 +16,7 @@
 #include <openssl/ssl.h>
 #include <openssl/conf.h>
 #include <openssl/err.h>
+
 #ifdef HAVE_OPENSSL_ASYNC
 #include <openssl/async.h>
 #endif
@@ -26,9 +27,9 @@
 #include <ctype.h>
 #include <tlsopenssl/tls_openssl.h>
 
-#define MAX_CRYPTO_LEN 16
+#define MAX_CRYPTO_LEN 64
 
-static openssl_main_t openssl_main;
+openssl_main_t openssl_main;
 static u32
 openssl_ctx_alloc (void)
 {
@@ -205,6 +206,28 @@ vpp_ssl_async_retry_func (tls_ctx_t * ctx, openssl_resume_handler * handler)
 
 #endif
 
+static void
+openssl_handle_handshake_failure (tls_ctx_t * ctx)
+{
+  if (SSL_is_server (((openssl_ctx_t *) ctx)->ssl))
+    {
+      /*
+       * Cleanup pre-allocated app session and close transport
+       */
+      session_free (session_get (ctx->c_s_index, ctx->c_thread_index));
+      ctx->no_app_session = 1;
+      ctx->c_s_index = SESSION_INVALID_INDEX;
+      tls_disconnect_transport (ctx);
+    }
+  else
+    {
+      /*
+       * Also handles cleanup of the pre-allocated session
+       */
+      tls_notify_app_connected (ctx, /* is failed */ 1);
+    }
+}
+
 int
 openssl_ctx_handshake_rx (tls_ctx_t * ctx, session_t * tls_session)
 {
@@ -240,19 +263,7 @@ openssl_ctx_handshake_rx (tls_ctx_t * ctx, session_t * tls_session)
          ERR_error_string (ERR_get_error (), buf);
          clib_warning ("Err: %s", buf);
 
-         /*
-          * Cleanup pre-allocated app session and close transport
-          */
-         if (SSL_is_server (oc->ssl))
-           {
-             session_free (session_get (ctx->c_s_index,
-                                        ctx->c_thread_index));
-             ctx->no_app_session = 1;
-             ctx->c_s_index = SESSION_INVALID_INDEX;
-             tls_disconnect_transport (ctx);
-           }
-         else
-           tls_notify_app_connected (ctx, /* is failed */ 1);
+         openssl_handle_handshake_failure (ctx);
          return -1;
        }
 
@@ -758,7 +769,7 @@ openssl_transport_close (tls_ctx_t * ctx)
 {
   if (!openssl_handshake_is_over (ctx))
     {
-      session_close (session_get_from_handle (ctx->tls_session_handle));
+      openssl_handle_handshake_failure (ctx);
       return 0;
     }
   session_transport_closing_notify (&ctx->connection);
@@ -840,7 +851,7 @@ tls_init_ca_chain (void)
   return (rv < 0 ? -1 : 0);
 }
 
-static int
+int
 tls_openssl_set_ciphers (char *ciphers)
 {
   openssl_main_t *om = &openssl_main;
@@ -866,8 +877,10 @@ tls_openssl_init (vlib_main_t * vm)
 {
   vlib_thread_main_t *vtm = vlib_get_thread_main ();
   openssl_main_t *om = &openssl_main;
+  clib_error_t *error = 0;
   u32 num_threads;
 
+  error = tls_openssl_api_init (vm);
   num_threads = 1 /* main thread */  + vtm->n_threads;
 
   SSL_library_init ();
@@ -889,7 +902,7 @@ tls_openssl_init (vlib_main_t * vm)
   tls_openssl_set_ciphers
     ("ALL:!ADH:!LOW:!EXP:!MD5:!RC4-SHA:!DES-CBC3-SHA:@STRENGTH");
 
-  return 0;
+  return error;
 }
 /* *INDENT-OFF* */
 VLIB_INIT_FUNCTION (tls_openssl_init) =
@@ -951,7 +964,7 @@ tls_openssl_set_command_fn (vlib_main_t * vm, unformat_input_t * input,
     }
   else
     {
-      if (!openssl_engine_register (engine_name, engine_alg))
+      if (openssl_engine_register (engine_name, engine_alg) < 0)
        {
          return clib_error_return (0, "failed to register %s polling",
                                    engine_name);