aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/tlsopenssl/tls_openssl.c
diff options
context:
space:
mode:
authorOfer Heifetz <oferh@marvell.com>2023-02-02 06:57:26 -0800
committerFlorin Coras <florin.coras@gmail.com>2023-02-02 18:36:29 +0000
commit905ec8797790380e134714e15ff3341eeeabb05e (patch)
treea9d388e1990bd88fe8b457e6f58a54f0c66b90ae /src/plugins/tlsopenssl/tls_openssl.c
parent9b02f72fedfdce4dbd64539cb41870347eb67d1d (diff)
tls: openssl: fix SSL_read partial read scenario
When application performs SSL_read from the app rx-fifo, it can pre-allocate multiple segments, but there is an issue if the OpenSSL manages to partially fill in the first segment, in this case, since data is assumed to be copied over by OpenSSL to the pre-allocated segments(s), vpp uses svm_fifo_enqueue_nocopy API which performs zero copy by passing the pre-allocated segment to SSL_read. If the decrypted data size is smaller than the pre-allocated fifo segment buffer size, application will fetch buffers including zero in the area not filled in by SSL_read. Type: fix Signed-off-by: Ofer Heifetz <oferh@marvell.com> Change-Id: I941a89b17d567d86e5bd2c35785f1df043c33f38
Diffstat (limited to 'src/plugins/tlsopenssl/tls_openssl.c')
-rw-r--r--src/plugins/tlsopenssl/tls_openssl.c18
1 files changed, 10 insertions, 8 deletions
diff --git a/src/plugins/tlsopenssl/tls_openssl.c b/src/plugins/tlsopenssl/tls_openssl.c
index 5ccc492328a..426bf2fe1e5 100644
--- a/src/plugins/tlsopenssl/tls_openssl.c
+++ b/src/plugins/tlsopenssl/tls_openssl.c
@@ -186,18 +186,20 @@ openssl_read_from_ssl_into_fifo (svm_fifo_t * f, SSL * ssl)
return 0;
}
- for (i = 1; i < n_fs; i++)
+ if (read == (int) fs[0].len)
{
- rv = SSL_read (ssl, fs[i].data, fs[i].len);
- read += rv > 0 ? rv : 0;
-
- if (rv < (int) fs[i].len)
+ for (i = 1; i < n_fs; i++)
{
- ossl_check_err_is_fatal (ssl, rv);
- break;
+ rv = SSL_read (ssl, fs[i].data, fs[i].len);
+ read += rv > 0 ? rv : 0;
+
+ if (rv < (int) fs[i].len)
+ {
+ ossl_check_err_is_fatal (ssl, rv);
+ break;
+ }
}
}
-
svm_fifo_enqueue_nocopy (f, read);
return read;