From ea158d64a0aa0673807c74ce00fc854519ba589c Mon Sep 17 00:00:00 2001 From: Florin Coras Date: Mon, 26 Feb 2024 18:11:43 -0800 Subject: tls: pass reset ntf to engines Type: improvement Change-Id: Ie042605e50656229874b7a93638f0f04c894410f Signed-off-by: Florin Coras --- src/plugins/tlsmbedtls/tls_mbedtls.c | 16 ++++++++++++++++ src/plugins/tlsopenssl/tls_openssl.c | 17 +++++++++++++++++ src/plugins/tlspicotls/tls_picotls.c | 17 +++++++++++++++++ src/vnet/tls/tls.c | 31 +++++++++---------------------- src/vnet/tls/tls.h | 1 + 5 files changed, 60 insertions(+), 22 deletions(-) diff --git a/src/plugins/tlsmbedtls/tls_mbedtls.c b/src/plugins/tlsmbedtls/tls_mbedtls.c index ca454199edc..00ac7fe6e17 100644 --- a/src/plugins/tlsmbedtls/tls_mbedtls.c +++ b/src/plugins/tlsmbedtls/tls_mbedtls.c @@ -551,6 +551,21 @@ mbedtls_transport_close (tls_ctx_t * ctx) return 0; } +static int +mbedtls_transport_reset (tls_ctx_t *ctx) +{ + if (!mbedtls_handshake_is_over (ctx)) + { + session_close (session_get_from_handle (ctx->tls_session_handle)); + return 0; + } + + session_transport_reset_notify (&ctx->connection); + session_transport_closed_notify (&ctx->connection); + tls_disconnect_transport (ctx); + return 0; +} + static int mbedtls_app_close (tls_ctx_t * ctx) { @@ -579,6 +594,7 @@ const static tls_engine_vft_t mbedtls_engine = { .ctx_start_listen = mbedtls_start_listen, .ctx_stop_listen = mbedtls_stop_listen, .ctx_transport_close = mbedtls_transport_close, + .ctx_transport_reset = mbedtls_transport_reset, .ctx_app_close = mbedtls_app_close, .ctx_reinit_cachain = mbedtls_reinit_ca_chain, }; diff --git a/src/plugins/tlsopenssl/tls_openssl.c b/src/plugins/tlsopenssl/tls_openssl.c index 6c5f6cd9c7c..5e58913342b 100644 --- a/src/plugins/tlsopenssl/tls_openssl.c +++ b/src/plugins/tlsopenssl/tls_openssl.c @@ -1060,6 +1060,22 @@ openssl_transport_close (tls_ctx_t * ctx) return 0; } +static int +openssl_transport_reset (tls_ctx_t *ctx) +{ + if (!openssl_handshake_is_over (ctx)) + { + openssl_handle_handshake_failure (ctx); + return 0; + } + + session_transport_reset_notify (&ctx->connection); + session_transport_closed_notify (&ctx->connection); + tls_disconnect_transport (ctx); + + return 0; +} + static int openssl_app_close (tls_ctx_t * ctx) { @@ -1151,6 +1167,7 @@ const static tls_engine_vft_t openssl_engine = { .ctx_start_listen = openssl_start_listen, .ctx_stop_listen = openssl_stop_listen, .ctx_transport_close = openssl_transport_close, + .ctx_transport_reset = openssl_transport_reset, .ctx_app_close = openssl_app_close, .ctx_reinit_cachain = openssl_reinit_ca_chain, }; diff --git a/src/plugins/tlspicotls/tls_picotls.c b/src/plugins/tlspicotls/tls_picotls.c index f6b267f0901..0ab2488e4f4 100644 --- a/src/plugins/tlspicotls/tls_picotls.c +++ b/src/plugins/tlspicotls/tls_picotls.c @@ -204,6 +204,22 @@ picotls_transport_close (tls_ctx_t * ctx) return 0; } +static int +picotls_transport_reset (tls_ctx_t *ctx) +{ + if (!picotls_handshake_is_over (ctx)) + { + picotls_handle_handshake_failure (ctx); + return 0; + } + + session_transport_reset_notify (&ctx->connection); + session_transport_closed_notify (&ctx->connection); + tls_disconnect_transport (ctx); + + return 0; +} + static int picotls_app_close (tls_ctx_t * ctx) { @@ -742,6 +758,7 @@ const static tls_engine_vft_t picotls_engine = { .ctx_read = picotls_ctx_read, .ctx_write = picotls_ctx_write, .ctx_transport_close = picotls_transport_close, + .ctx_transport_reset = picotls_transport_reset, .ctx_app_close = picotls_app_close, .ctx_reinit_cachain = picotls_reinit_ca_chain, }; diff --git a/src/vnet/tls/tls.c b/src/vnet/tls/tls.c index 60a819571cf..3c06498e6e0 100644 --- a/src/vnet/tls/tls.c +++ b/src/vnet/tls/tls.c @@ -405,6 +405,12 @@ tls_ctx_transport_close (tls_ctx_t * ctx) return tls_vfts[ctx->tls_ctx_engine].ctx_transport_close (ctx); } +static inline int +tls_ctx_transport_reset (tls_ctx_t *ctx) +{ + return tls_vfts[ctx->tls_ctx_engine].ctx_transport_reset (ctx); +} + static inline int tls_ctx_app_close (tls_ctx_t * ctx) { @@ -440,32 +446,13 @@ tls_notify_app_io_error (tls_ctx_t *ctx) } void -tls_session_reset_callback (session_t * s) +tls_session_reset_callback (session_t *ts) { tls_ctx_t *ctx; - transport_connection_t *tc; - session_t *app_session; - ctx = tls_ctx_get (s->opaque); + ctx = tls_ctx_get_w_thread (ts->opaque, ts->thread_index); ctx->flags |= TLS_CONN_F_PASSIVE_CLOSE; - tc = &ctx->connection; - if (tls_ctx_handshake_is_over (ctx)) - { - session_transport_reset_notify (tc); - session_transport_closed_notify (tc); - tls_disconnect_transport (ctx); - } - else - { - app_session = session_get_if_valid (ctx->c_s_index, ctx->c_thread_index); - if (app_session) - { - session_free (app_session); - ctx->c_s_index = SESSION_INVALID_INDEX; - ctx->flags |= TLS_CONN_F_NO_APP_SESSION; - tls_disconnect_transport (ctx); - } - } + tls_ctx_transport_reset (ctx); } static void diff --git a/src/vnet/tls/tls.h b/src/vnet/tls/tls.h index f678867e664..f7a3ad02e30 100644 --- a/src/vnet/tls/tls.h +++ b/src/vnet/tls/tls.h @@ -144,6 +144,7 @@ typedef struct tls_engine_vft_ int (*ctx_start_listen) (tls_ctx_t * ctx); int (*ctx_stop_listen) (tls_ctx_t * ctx); int (*ctx_transport_close) (tls_ctx_t * ctx); + int (*ctx_transport_reset) (tls_ctx_t *ctx); int (*ctx_app_close) (tls_ctx_t * ctx); int (*ctx_reinit_cachain) (void); } tls_engine_vft_t; -- cgit 1.2.3-korg