diff options
| author |   Florin Coras <fcoras@cisco.com> | 2024-02-26 18:11:43 -0800 |
|---|---|---|
| committer |   Dave Barach <vpp@barachs.net> | 2024-02-27 18:49:20 +0000 |
| commit | ea158d64a0aa0673807c74ce00fc854519ba589c (patch) | |
| tree | 65deb34e1effc647d943aebb128524b12849026a | |
| parent | 7c90be5e2963e7852754e963cc92fca0b64c3bb7 (diff) | |
tls: pass reset ntf to engines
Type: improvement
Change-Id: Ie042605e50656229874b7a93638f0f04c894410f
Signed-off-by: Florin Coras <fcoras@cisco.com>
| -rw-r--r-- | src/plugins/tlsmbedtls/tls_mbedtls.c | 16 | ||||
| -rw-r--r-- | src/plugins/tlsopenssl/tls_openssl.c | 17 | ||||
| -rw-r--r-- | src/plugins/tlspicotls/tls_picotls.c | 17 | ||||
| -rw-r--r-- | src/vnet/tls/tls.c | 31 | ||||
| -rw-r--r-- | src/vnet/tls/tls.h | 1 |
5 files changed, 60 insertions, 22 deletions
diff --git a/src/plugins/tlsmbedtls/tls_mbedtls.c b/src/plugins/tlsmbedtls/tls_mbedtls.c index ca454199edc..00ac7fe6e17 100644 --- a/src/plugins/tlsmbedtls/tls_mbedtls.c +++ b/src/plugins/tlsmbedtls/tls_mbedtls.c @@ -552,6 +552,21 @@ mbedtls_transport_close (tls_ctx_t * ctx) } static int +mbedtls_transport_reset (tls_ctx_t *ctx) +{ + if (!mbedtls_handshake_is_over (ctx)) + { + session_close (session_get_from_handle (ctx->tls_session_handle)); + return 0; + } + + session_transport_reset_notify (&ctx->connection); + session_transport_closed_notify (&ctx->connection); + tls_disconnect_transport (ctx); + return 0; +} + +static int mbedtls_app_close (tls_ctx_t * ctx) { tls_disconnect_transport (ctx); @@ -579,6 +594,7 @@ const static tls_engine_vft_t mbedtls_engine = { .ctx_start_listen = mbedtls_start_listen, .ctx_stop_listen = mbedtls_stop_listen, .ctx_transport_close = mbedtls_transport_close, + .ctx_transport_reset = mbedtls_transport_reset, .ctx_app_close = mbedtls_app_close, .ctx_reinit_cachain = mbedtls_reinit_ca_chain, }; diff --git a/src/plugins/tlsopenssl/tls_openssl.c b/src/plugins/tlsopenssl/tls_openssl.c index 6c5f6cd9c7c..5e58913342b 100644 --- a/src/plugins/tlsopenssl/tls_openssl.c +++ b/src/plugins/tlsopenssl/tls_openssl.c @@ -1061,6 +1061,22 @@ openssl_transport_close (tls_ctx_t * ctx) } static int +openssl_transport_reset (tls_ctx_t *ctx) +{ + if (!openssl_handshake_is_over (ctx)) + { + openssl_handle_handshake_failure (ctx); + return 0; + } + + session_transport_reset_notify (&ctx->connection); + session_transport_closed_notify (&ctx->connection); + tls_disconnect_transport (ctx); + + return 0; +} + +static int openssl_app_close (tls_ctx_t * ctx) { openssl_ctx_t *oc = (openssl_ctx_t *) ctx; @@ -1151,6 +1167,7 @@ const static tls_engine_vft_t openssl_engine = { .ctx_start_listen = openssl_start_listen, .ctx_stop_listen = openssl_stop_listen, .ctx_transport_close = openssl_transport_close, + .ctx_transport_reset = openssl_transport_reset, .ctx_app_close = openssl_app_close, .ctx_reinit_cachain = openssl_reinit_ca_chain, }; diff --git a/src/plugins/tlspicotls/tls_picotls.c b/src/plugins/tlspicotls/tls_picotls.c index f6b267f0901..0ab2488e4f4 100644 --- a/src/plugins/tlspicotls/tls_picotls.c +++ b/src/plugins/tlspicotls/tls_picotls.c @@ -205,6 +205,22 @@ picotls_transport_close (tls_ctx_t * ctx) } static int +picotls_transport_reset (tls_ctx_t *ctx) +{ + if (!picotls_handshake_is_over (ctx)) + { + picotls_handle_handshake_failure (ctx); + return 0; + } + + session_transport_reset_notify (&ctx->connection); + session_transport_closed_notify (&ctx->connection); + tls_disconnect_transport (ctx); + + return 0; +} + +static int picotls_app_close (tls_ctx_t * ctx) { session_t *app_session; @@ -742,6 +758,7 @@ const static tls_engine_vft_t picotls_engine = { .ctx_read = picotls_ctx_read, .ctx_write = picotls_ctx_write, .ctx_transport_close = picotls_transport_close, + .ctx_transport_reset = picotls_transport_reset, .ctx_app_close = picotls_app_close, .ctx_reinit_cachain = picotls_reinit_ca_chain, }; diff --git a/src/vnet/tls/tls.c b/src/vnet/tls/tls.c index 60a819571cf..3c06498e6e0 100644 --- a/src/vnet/tls/tls.c +++ b/src/vnet/tls/tls.c @@ -406,6 +406,12 @@ tls_ctx_transport_close (tls_ctx_t * ctx) } static inline int +tls_ctx_transport_reset (tls_ctx_t *ctx) +{ + return tls_vfts[ctx->tls_ctx_engine].ctx_transport_reset (ctx); +} + +static inline int tls_ctx_app_close (tls_ctx_t * ctx) { return tls_vfts[ctx->tls_ctx_engine].ctx_app_close (ctx); @@ -440,32 +446,13 @@ tls_notify_app_io_error (tls_ctx_t *ctx) } void -tls_session_reset_callback (session_t * s) +tls_session_reset_callback (session_t *ts) { tls_ctx_t *ctx; - transport_connection_t *tc; - session_t *app_session; - ctx = tls_ctx_get (s->opaque); + ctx = tls_ctx_get_w_thread (ts->opaque, ts->thread_index); ctx->flags |= TLS_CONN_F_PASSIVE_CLOSE; - tc = &ctx->connection; - if (tls_ctx_handshake_is_over (ctx)) - { - session_transport_reset_notify (tc); - session_transport_closed_notify (tc); - tls_disconnect_transport (ctx); - } - else - { - app_session = session_get_if_valid (ctx->c_s_index, ctx->c_thread_index); - if (app_session) - { - session_free (app_session); - ctx->c_s_index = SESSION_INVALID_INDEX; - ctx->flags |= TLS_CONN_F_NO_APP_SESSION; - tls_disconnect_transport (ctx); - } - } + tls_ctx_transport_reset (ctx); } static void diff --git a/src/vnet/tls/tls.h b/src/vnet/tls/tls.h index f678867e664..f7a3ad02e30 100644 --- a/src/vnet/tls/tls.h +++ b/src/vnet/tls/tls.h @@ -144,6 +144,7 @@ typedef struct tls_engine_vft_ int (*ctx_start_listen) (tls_ctx_t * ctx); int (*ctx_stop_listen) (tls_ctx_t * ctx); int (*ctx_transport_close) (tls_ctx_t * ctx); + int (*ctx_transport_reset) (tls_ctx_t *ctx); int (*ctx_app_close) (tls_ctx_t * ctx); int (*ctx_reinit_cachain) (void); } tls_engine_vft_t; |