summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorOfer Heifetz <oferh@marvell.com>2023-02-02 06:57:26 -0800
committerFlorin Coras <florin.coras@gmail.com>2023-02-03 03:58:51 +0000
commit701ba9cfe3f724d3b57d6397756a571d8469fbdf (patch)
treed97bed162ebaeb1efcfa522b2e85b07b29981abb
parent42b5a8767c8ba61d3fc7b531b3bc66525f9e3feb (diff)
tls: openssl: fix SSL_read partial read scenario
When application performs SSL_read from the app rx-fifo, it can pre-allocate multiple segments, but there is an issue if the OpenSSL manages to partially fill in the first segment, in this case, since data is assumed to be copied over by OpenSSL to the pre-allocated segments(s), vpp uses svm_fifo_enqueue_nocopy API which performs zero copy by passing the pre-allocated segment to SSL_read. If the decrypted data size is smaller than the pre-allocated fifo segment buffer size, application will fetch buffers including zero in the area not filled in by SSL_read. Type: fix Signed-off-by: Ofer Heifetz <oferh@marvell.com> Change-Id: I941a89b17d567d86e5bd2c35785f1df043c33f38 (cherry picked from commit 905ec8797790380e134714e15ff3341eeeabb05e)
-rw-r--r--src/plugins/tlsopenssl/tls_openssl.c18
1 files changed, 10 insertions, 8 deletions
diff --git a/src/plugins/tlsopenssl/tls_openssl.c b/src/plugins/tlsopenssl/tls_openssl.c
index 5ccc492328a..426bf2fe1e5 100644
--- a/src/plugins/tlsopenssl/tls_openssl.c
+++ b/src/plugins/tlsopenssl/tls_openssl.c
@@ -186,18 +186,20 @@ openssl_read_from_ssl_into_fifo (svm_fifo_t * f, SSL * ssl)
return 0;
}
- for (i = 1; i < n_fs; i++)
+ if (read == (int) fs[0].len)
{
- rv = SSL_read (ssl, fs[i].data, fs[i].len);
- read += rv > 0 ? rv : 0;
-
- if (rv < (int) fs[i].len)
+ for (i = 1; i < n_fs; i++)
{
- ossl_check_err_is_fatal (ssl, rv);
- break;
+ rv = SSL_read (ssl, fs[i].data, fs[i].len);
+ read += rv > 0 ? rv : 0;
+
+ if (rv < (int) fs[i].len)
+ {
+ ossl_check_err_is_fatal (ssl, rv);
+ break;
+ }
}
}
-
svm_fifo_enqueue_nocopy (f, read);
return read;