X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fplugins%2Ftlsopenssl%2Ftls_openssl.c;h=0a25ecfa9438c33d94f52cd7ea0c5d088a97ff1e;hb=288eaab5964b9211350acad8d742fae4789577fe;hp=744a07a254eda027ee9272f29ae9ec913306a97e;hpb=35e22ceafae6410e317b1ff82f33d0547de6d46f;p=vpp.git diff --git a/src/plugins/tlsopenssl/tls_openssl.c b/src/plugins/tlsopenssl/tls_openssl.c index 744a07a254e..0a25ecfa943 100644 --- a/src/plugins/tlsopenssl/tls_openssl.c +++ b/src/plugins/tlsopenssl/tls_openssl.c @@ -40,7 +40,7 @@ openssl_ctx_alloc (void) if (!(*ctx)) *ctx = clib_mem_alloc (sizeof (openssl_ctx_t)); - memset (*ctx, 0, sizeof (openssl_ctx_t)); + clib_memset (*ctx, 0, sizeof (openssl_ctx_t)); (*ctx)->ctx.c_thread_index = thread_index; (*ctx)->ctx.tls_ctx_engine = TLS_ENGINE_OPENSSL; (*ctx)->ctx.app_session_handle = SESSION_INVALID_HANDLE; @@ -87,7 +87,7 @@ openssl_listen_ctx_alloc (void) pool_get (om->lctx_pool, lctx); - memset (lctx, 0, sizeof (openssl_listen_ctx_t)); + clib_memset (lctx, 0, sizeof (openssl_listen_ctx_t)); lctx->openssl_lctx_index = lctx - om->lctx_pool; return lctx->openssl_lctx_index; } @@ -105,14 +105,13 @@ openssl_lctx_get (u32 lctx_index) } static int -openssl_try_handshake_read (openssl_ctx_t * oc, - stream_session_t * tls_session) +openssl_try_handshake_read (openssl_ctx_t * oc, session_t * tls_session) { u32 deq_max, deq_now; svm_fifo_t *f; int wrote, rv; - f = tls_session->server_rx_fifo; + f = tls_session->rx_fifo; deq_max = svm_fifo_max_dequeue (f); if (!deq_max) return 0; @@ -137,8 +136,7 @@ openssl_try_handshake_read (openssl_ctx_t * oc, } static int -openssl_try_handshake_write (openssl_ctx_t * oc, - stream_session_t * tls_session) +openssl_try_handshake_write (openssl_ctx_t * oc, session_t * tls_session) { u32 enq_max, deq_now; svm_fifo_t *f; @@ -147,7 +145,7 @@ openssl_try_handshake_write (openssl_ctx_t * oc, if (BIO_ctrl_pending (oc->rbio) <= 0) return 0; - f = tls_session->server_tx_fifo; + f = tls_session->tx_fifo; enq_max = svm_fifo_max_enqueue (f); if (!enq_max) return 0; @@ -158,7 +156,7 @@ openssl_try_handshake_write (openssl_ctx_t * oc, return 0; svm_fifo_enqueue_nocopy (f, read); - tls_add_vpp_q_evt (f, FIFO_EVENT_APP_TX); + tls_add_vpp_q_tx_evt (tls_session); if (read < enq_max) { @@ -185,8 +183,7 @@ vpp_ssl_async_process_event (tls_ctx_t * ctx, engine_cb = vpp_add_async_pending_event (ctx, handler); if (engine_cb) { - SSL_set_async_callback (oc->ssl, (void *) engine_cb->callback, - (void *) engine_cb->arg); + SSL_set_async_callback_arg (oc->ssl, (void *) engine_cb->arg); TLS_DBG (2, "set callback to engine %p\n", engine_cb->callback); } return 0; @@ -197,12 +194,10 @@ vpp_ssl_async_process_event (tls_ctx_t * ctx, static int vpp_ssl_async_retry_func (tls_ctx_t * ctx, openssl_resume_handler * handler) { - openssl_ctx_t *oc = (openssl_ctx_t *) ctx; if (vpp_add_async_run_event (ctx, handler)) - { - SSL_set_async_estatus (oc->ssl, 0); - } + return 1; + return 0; } @@ -210,7 +205,7 @@ vpp_ssl_async_retry_func (tls_ctx_t * ctx, openssl_resume_handler * handler) #endif int -openssl_ctx_handshake_rx (tls_ctx_t * ctx, stream_session_t * tls_session) +openssl_ctx_handshake_rx (tls_ctx_t * ctx, session_t * tls_session) { openssl_ctx_t *oc = (openssl_ctx_t *) ctx; int rv = 0, err; @@ -230,19 +225,23 @@ openssl_ctx_handshake_rx (tls_ctx_t * ctx, stream_session_t * tls_session) break; } +#ifdef HAVE_OPENSSL_ASYNC + myself = openssl_ctx_handshake_rx; + vpp_ssl_async_process_event (ctx, myself); +#endif + rv = SSL_do_handshake (oc->ssl); err = SSL_get_error (oc->ssl, rv); openssl_try_handshake_write (oc, tls_session); #ifdef HAVE_OPENSSL_ASYNC - myself = openssl_ctx_handshake_rx; - if (SSL_get_async_estatus (oc->ssl, &estatus) - && (estatus == ENGINE_STATUS_RETRY)) - { - vpp_ssl_async_retry_func (ctx, myself); - } - else if (err == SSL_ERROR_WANT_ASYNC) + if (err == SSL_ERROR_WANT_ASYNC) { - vpp_ssl_async_process_event (ctx, myself); + SSL_get_async_status (oc->ssl, &estatus); + + if (estatus == ASYNC_STATUS_EAGAIN) + { + vpp_ssl_async_retry_func (ctx, myself); + } } #endif @@ -298,15 +297,15 @@ openssl_ctx_handshake_rx (tls_ctx_t * ctx, stream_session_t * tls_session) } static inline int -openssl_ctx_write (tls_ctx_t * ctx, stream_session_t * app_session) +openssl_ctx_write (tls_ctx_t * ctx, session_t * app_session) { openssl_ctx_t *oc = (openssl_ctx_t *) ctx; int wrote = 0, rv, read, max_buf = 100 * TLS_CHUNK_SIZE, max_space; u32 enq_max, deq_max, deq_now, to_write; - stream_session_t *tls_session; + session_t *tls_session; svm_fifo_t *f; - f = app_session->server_tx_fifo; + f = app_session->tx_fifo; deq_max = svm_fifo_max_dequeue (f); if (!deq_max) goto check_tls_fifo; @@ -318,23 +317,23 @@ openssl_ctx_write (tls_ctx_t * ctx, stream_session_t * app_session) wrote = SSL_write (oc->ssl, svm_fifo_head (f), to_write); if (wrote <= 0) { - tls_add_vpp_q_evt (app_session->server_tx_fifo, FIFO_EVENT_APP_TX); + tls_add_vpp_q_builtin_tx_evt (app_session); goto check_tls_fifo; } - svm_fifo_dequeue_drop (app_session->server_tx_fifo, wrote); + svm_fifo_dequeue_drop (app_session->tx_fifo, wrote); if (wrote < deq_now) { to_write = clib_min (svm_fifo_max_read_chunk (f), deq_now - wrote); rv = SSL_write (oc->ssl, svm_fifo_head (f), to_write); if (rv > 0) { - svm_fifo_dequeue_drop (app_session->server_tx_fifo, rv); + svm_fifo_dequeue_drop (app_session->tx_fifo, rv); wrote += rv; } } if (wrote < deq_max) - tls_add_vpp_q_evt (app_session->server_tx_fifo, FIFO_EVENT_APP_TX); + tls_add_vpp_q_builtin_tx_evt (app_session); check_tls_fifo: @@ -342,11 +341,11 @@ check_tls_fifo: return wrote; tls_session = session_get_from_handle (ctx->tls_session_handle); - f = tls_session->server_tx_fifo; + f = tls_session->tx_fifo; enq_max = svm_fifo_max_enqueue (f); if (!enq_max) { - tls_add_vpp_q_evt (app_session->server_tx_fifo, FIFO_EVENT_APP_TX); + tls_add_vpp_q_builtin_tx_evt (app_session); return wrote; } @@ -354,12 +353,12 @@ check_tls_fifo: read = BIO_read (oc->rbio, svm_fifo_tail (f), deq_now); if (read <= 0) { - tls_add_vpp_q_evt (app_session->server_tx_fifo, FIFO_EVENT_APP_TX); + tls_add_vpp_q_builtin_tx_evt (app_session); return wrote; } svm_fifo_enqueue_nocopy (f, read); - tls_add_vpp_q_evt (f, FIFO_EVENT_APP_TX); + tls_add_vpp_q_tx_evt (tls_session); if (read < enq_max && BIO_ctrl_pending (oc->rbio) > 0) { @@ -370,18 +369,18 @@ check_tls_fifo: } if (BIO_ctrl_pending (oc->rbio) > 0) - tls_add_vpp_q_evt (app_session->server_tx_fifo, FIFO_EVENT_APP_TX); + tls_add_vpp_q_builtin_tx_evt (app_session); return wrote; } static inline int -openssl_ctx_read (tls_ctx_t * ctx, stream_session_t * tls_session) +openssl_ctx_read (tls_ctx_t * ctx, session_t * tls_session) { int read, wrote = 0, max_space, max_buf = 100 * TLS_CHUNK_SIZE, rv; openssl_ctx_t *oc = (openssl_ctx_t *) ctx; u32 deq_max, enq_max, deq_now, to_read; - stream_session_t *app_session; + session_t *app_session; svm_fifo_t *f; if (PREDICT_FALSE (SSL_in_init (oc->ssl))) @@ -390,7 +389,7 @@ openssl_ctx_read (tls_ctx_t * ctx, stream_session_t * tls_session) return 0; } - f = tls_session->server_rx_fifo; + f = tls_session->rx_fifo; deq_max = svm_fifo_max_dequeue (f); max_space = max_buf - BIO_ctrl_pending (oc->wbio); max_space = max_space < 0 ? 0 : max_space; @@ -402,7 +401,7 @@ openssl_ctx_read (tls_ctx_t * ctx, stream_session_t * tls_session) wrote = BIO_write (oc->wbio, svm_fifo_head (f), to_read); if (wrote <= 0) { - tls_add_vpp_q_evt (tls_session->server_rx_fifo, FIFO_EVENT_BUILTIN_RX); + tls_add_vpp_q_builtin_rx_evt (tls_session); goto check_app_fifo; } svm_fifo_dequeue_drop (f, wrote); @@ -417,7 +416,7 @@ openssl_ctx_read (tls_ctx_t * ctx, stream_session_t * tls_session) } } if (svm_fifo_max_dequeue (f)) - tls_add_vpp_q_evt (tls_session->server_rx_fifo, FIFO_EVENT_BUILTIN_RX); + tls_add_vpp_q_builtin_rx_evt (tls_session); check_app_fifo: @@ -425,11 +424,11 @@ check_app_fifo: return wrote; app_session = session_get_from_handle (ctx->app_session_handle); - f = app_session->server_rx_fifo; + f = app_session->rx_fifo; enq_max = svm_fifo_max_enqueue (f); if (!enq_max) { - tls_add_vpp_q_evt (tls_session->server_rx_fifo, FIFO_EVENT_BUILTIN_RX); + tls_add_vpp_q_builtin_rx_evt (tls_session); return wrote; } @@ -437,7 +436,7 @@ check_app_fifo: read = SSL_read (oc->ssl, svm_fifo_tail (f), deq_now); if (read <= 0) { - tls_add_vpp_q_evt (tls_session->server_rx_fifo, FIFO_EVENT_BUILTIN_RX); + tls_add_vpp_q_builtin_rx_evt (tls_session); return wrote; } svm_fifo_enqueue_nocopy (f, read); @@ -451,7 +450,7 @@ check_app_fifo: tls_notify_app_enqueue (ctx, app_session); if (BIO_ctrl_pending (oc->wbio) > 0) - tls_add_vpp_q_evt (tls_session->server_rx_fifo, FIFO_EVENT_BUILTIN_RX); + tls_add_vpp_q_builtin_rx_evt (tls_session); return wrote; } @@ -462,7 +461,7 @@ openssl_ctx_init_client (tls_ctx_t * ctx) long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION; openssl_ctx_t *oc = (openssl_ctx_t *) ctx; openssl_main_t *om = &openssl_main; - stream_session_t *tls_session; + session_t *tls_session; const SSL_METHOD *method; int rv, err; #ifdef HAVE_OPENSSL_ASYNC @@ -587,6 +586,7 @@ openssl_start_listen (tls_ctx_t * lctx) #ifdef HAVE_OPENSSL_ASYNC if (om->async) SSL_CTX_set_mode (ssl_ctx, SSL_MODE_ASYNC); + SSL_CTX_set_async_callback (ssl_ctx, tls_async_openssl_callback); #endif SSL_CTX_set_options (ssl_ctx, flags); SSL_CTX_set_ecdh_auto (ssl_ctx, 1); @@ -660,7 +660,7 @@ openssl_ctx_init_server (tls_ctx_t * ctx) openssl_ctx_t *oc = (openssl_ctx_t *) ctx; u32 olc_index = ctx->tls_ssl_ctx; openssl_listen_ctx_t *olc; - stream_session_t *tls_session; + session_t *tls_session; int rv, err; #ifdef HAVE_OPENSSL_ASYNC openssl_resume_handler *handler;