summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorOfer Heifetz <oferh@marvell.com>2023-02-02 06:57:26 -0800
committerFlorin Coras <florin.coras@gmail.com>2023-02-02 18:36:29 +0000
commit905ec8797790380e134714e15ff3341eeeabb05e (patch)
treea9d388e1990bd88fe8b457e6f58a54f0c66b90ae
parent9b02f72fedfdce4dbd64539cb41870347eb67d1d (diff)
tls: openssl: fix SSL_read partial read scenario
When application performs SSL_read from the app rx-fifo, it can pre-allocate multiple segments, but there is an issue if the OpenSSL manages to partially fill in the first segment, in this case, since data is assumed to be copied over by OpenSSL to the pre-allocated segments(s), vpp uses svm_fifo_enqueue_nocopy API which performs zero copy by passing the pre-allocated segment to SSL_read. If the decrypted data size is smaller than the pre-allocated fifo segment buffer size, application will fetch buffers including zero in the area not filled in by SSL_read. Type: fix Signed-off-by: Ofer Heifetz <oferh@marvell.com> Change-Id: I941a89b17d567d86e5bd2c35785f1df043c33f38
-rw-r--r--src/plugins/tlsopenssl/tls_openssl.c18
1 files changed, 10 insertions, 8 deletions
diff --git a/src/plugins/tlsopenssl/tls_openssl.c b/src/plugins/tlsopenssl/tls_openssl.c
index 5ccc492328a..426bf2fe1e5 100644
--- a/src/plugins/tlsopenssl/tls_openssl.c
+++ b/src/plugins/tlsopenssl/tls_openssl.c
@@ -186,18 +186,20 @@ openssl_read_from_ssl_into_fifo (svm_fifo_t * f, SSL * ssl)
return 0;
}
- for (i = 1; i < n_fs; i++)
+ if (read == (int) fs[0].len)
{
- rv = SSL_read (ssl, fs[i].data, fs[i].len);
- read += rv > 0 ? rv : 0;
-
- if (rv < (int) fs[i].len)
+ for (i = 1; i < n_fs; i++)
{
- ossl_check_err_is_fatal (ssl, rv);
- break;
+ rv = SSL_read (ssl, fs[i].data, fs[i].len);
+ read += rv > 0 ? rv : 0;
+
+ if (rv < (int) fs[i].len)
+ {
+ ossl_check_err_is_fatal (ssl, rv);
+ break;
+ }
}
}
-
svm_fifo_enqueue_nocopy (f, read);
return read;