tls: avoid possible async handler duplication

[vpp.git] / src / plugins / tlsopenssl / tls_openssl.c

diff --git a/src/plugins/tlsopenssl/tls_openssl.c b/src/plugins/tlsopenssl/tls_openssl.c
index f572291..73e5cc0 100644 (file)
--- a/src/plugins/tlsopenssl/tls_openssl.c
+++ b/src/plugins/tlsopenssl/tls_openssl.c
@@ -167,13 +167,26 @@ vpp_ssl_async_process_event (tls_ctx_t * ctx,
     {
       SSL_set_async_callback (oc->ssl, (void *) engine_cb->callback,
                              (void *) engine_cb->arg);
-      TLS_DBG ("set callback to engine %p\n", engine_cb->callback);
+      TLS_DBG (2, "set callback to engine %p\n", engine_cb->callback);
     }
-  /* associated fd with context for return */
-  TLS_DBG ("completed assoicated fd with tls session\n");
   return 0;
 
 }
+
+/* Due to engine busy stat, VPP need to retry later */
+static int
+vpp_ssl_async_retry_func (tls_ctx_t * ctx, openssl_resume_handler * handler)
+{
+  openssl_ctx_t *oc = (openssl_ctx_t *) ctx;
+
+  if (vpp_add_async_run_event (ctx, handler))
+    {
+      SSL_set_async_estatus (oc->ssl, 0);
+    }
+  return 0;
+
+}
+
 #endif
 
 int
@@ -182,6 +195,7 @@ openssl_ctx_handshake_rx (tls_ctx_t * ctx, stream_session_t * tls_session)
   openssl_ctx_t *oc = (openssl_ctx_t *) ctx;
   int rv = 0, err;
 #ifdef HAVE_OPENSSL_ASYNC
+  int estatus;
   openssl_resume_handler *myself;
 #endif
 
@@ -200,9 +214,14 @@ openssl_ctx_handshake_rx (tls_ctx_t * ctx, stream_session_t * tls_session)
       err = SSL_get_error (oc->ssl, rv);
       openssl_try_handshake_write (oc, tls_session);
 #ifdef HAVE_OPENSSL_ASYNC
-      if (err == SSL_ERROR_WANT_ASYNC)
+      myself = openssl_ctx_handshake_rx;
+      if (SSL_get_async_estatus (oc->ssl, &estatus)
+         && (estatus == ENGINE_STATUS_RETRY))
+       {
+         vpp_ssl_async_retry_func (ctx, myself);
+       }
+      else if (err == SSL_ERROR_WANT_ASYNC)
        {
-         myself = openssl_ctx_handshake_rx;
          vpp_ssl_async_process_event (ctx, myself);
        }
 #endif
@@ -427,6 +446,9 @@ openssl_ctx_init_client (tls_ctx_t * ctx)
   stream_session_t *tls_session;
   const SSL_METHOD *method;
   int rv, err;
+#ifdef HAVE_OPENSSL_ASYNC
+  openssl_resume_handler *handler;
+#endif
 
   method = SSLv23_client_method ();
   if (method == NULL)
@@ -444,6 +466,10 @@ openssl_ctx_init_client (tls_ctx_t * ctx)
 
   SSL_CTX_set_ecdh_auto (oc->ssl_ctx, 1);
   SSL_CTX_set_mode (oc->ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
+#ifdef HAVE_OPENSSL_ASYNC
+  if (om->async)
+    SSL_CTX_set_mode (oc->ssl_ctx, SSL_MODE_ASYNC);
+#endif
   rv = SSL_CTX_set_cipher_list (oc->ssl_ctx, (const char *) ciphers);
   if (rv != 1)
     {
@@ -489,6 +515,14 @@ openssl_ctx_init_client (tls_ctx_t * ctx)
       rv = SSL_do_handshake (oc->ssl);
       err = SSL_get_error (oc->ssl, rv);
       openssl_try_handshake_write (oc, tls_session);
+#ifdef HAVE_OPENSSL_ASYNC
+      if (err == SSL_ERROR_WANT_ASYNC)
+       {
+         handler = (openssl_resume_handler *) openssl_ctx_handshake_rx;
+         vpp_ssl_async_process_event (ctx, handler);
+         break;
+       }
+#endif
       if (err != SSL_ERROR_WANT_WRITE)
        break;
     }