X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fplugins%2Ftlsopenssl%2Ftls_openssl.c;h=73e5cc0af351f259c00c53fe3e0a92dbd3ddbfc2;hb=006e6f8add638fab16f7adc099d46d3bfb0efb9a;hp=f5722917bccdba17ef7e9d4f8e594f01ad31fe90;hpb=e43832c7e77b8b008ab452386b143bb3f7f5be40;p=vpp.git

diff --git a/src/plugins/tlsopenssl/tls_openssl.c b/src/plugins/tlsopenssl/tls_openssl.c
index f5722917bcc..73e5cc0af35 100644
--- a/src/plugins/tlsopenssl/tls_openssl.c
+++ b/src/plugins/tlsopenssl/tls_openssl.c
@@ -167,13 +167,26 @@ vpp_ssl_async_process_event (tls_ctx_t * ctx,
     {
       SSL_set_async_callback (oc->ssl, (void *) engine_cb->callback,
 			      (void *) engine_cb->arg);
-      TLS_DBG ("set callback to engine %p\n", engine_cb->callback);
+      TLS_DBG (2, "set callback to engine %p\n", engine_cb->callback);
     }
-  /* associated fd with context for return */
-  TLS_DBG ("completed assoicated fd with tls session\n");
   return 0;
 
 }
+
+/* Due to engine busy stat, VPP need to retry later */
+static int
+vpp_ssl_async_retry_func (tls_ctx_t * ctx, openssl_resume_handler * handler)
+{
+  openssl_ctx_t *oc = (openssl_ctx_t *) ctx;
+
+  if (vpp_add_async_run_event (ctx, handler))
+    {
+      SSL_set_async_estatus (oc->ssl, 0);
+    }
+  return 0;
+
+}
+
 #endif
 
 int
@@ -182,6 +195,7 @@ openssl_ctx_handshake_rx (tls_ctx_t * ctx, stream_session_t * tls_session)
   openssl_ctx_t *oc = (openssl_ctx_t *) ctx;
   int rv = 0, err;
 #ifdef HAVE_OPENSSL_ASYNC
+  int estatus;
   openssl_resume_handler *myself;
 #endif
 
@@ -200,9 +214,14 @@ openssl_ctx_handshake_rx (tls_ctx_t * ctx, stream_session_t * tls_session)
       err = SSL_get_error (oc->ssl, rv);
       openssl_try_handshake_write (oc, tls_session);
 #ifdef HAVE_OPENSSL_ASYNC
-      if (err == SSL_ERROR_WANT_ASYNC)
+      myself = openssl_ctx_handshake_rx;
+      if (SSL_get_async_estatus (oc->ssl, &estatus)
+	  && (estatus == ENGINE_STATUS_RETRY))
+	{
+	  vpp_ssl_async_retry_func (ctx, myself);
+	}
+      else if (err == SSL_ERROR_WANT_ASYNC)
 	{
-	  myself = openssl_ctx_handshake_rx;
 	  vpp_ssl_async_process_event (ctx, myself);
 	}
 #endif
@@ -427,6 +446,9 @@ openssl_ctx_init_client (tls_ctx_t * ctx)
   stream_session_t *tls_session;
   const SSL_METHOD *method;
   int rv, err;
+#ifdef HAVE_OPENSSL_ASYNC
+  openssl_resume_handler *handler;
+#endif
 
   method = SSLv23_client_method ();
   if (method == NULL)
@@ -444,6 +466,10 @@ openssl_ctx_init_client (tls_ctx_t * ctx)
 
   SSL_CTX_set_ecdh_auto (oc->ssl_ctx, 1);
   SSL_CTX_set_mode (oc->ssl_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
+#ifdef HAVE_OPENSSL_ASYNC
+  if (om->async)
+    SSL_CTX_set_mode (oc->ssl_ctx, SSL_MODE_ASYNC);
+#endif
   rv = SSL_CTX_set_cipher_list (oc->ssl_ctx, (const char *) ciphers);
   if (rv != 1)
     {
@@ -489,6 +515,14 @@ openssl_ctx_init_client (tls_ctx_t * ctx)
       rv = SSL_do_handshake (oc->ssl);
       err = SSL_get_error (oc->ssl, rv);
       openssl_try_handshake_write (oc, tls_session);
+#ifdef HAVE_OPENSSL_ASYNC
+      if (err == SSL_ERROR_WANT_ASYNC)
+	{
+	  handler = (openssl_resume_handler *) openssl_ctx_handshake_rx;
+	  vpp_ssl_async_process_event (ctx, handler);
+	  break;
+	}
+#endif
       if (err != SSL_ERROR_WANT_WRITE)
 	break;
     }