aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorYu Ping <ping.yu@intel.com>2020-02-19 02:31:22 +0800
committerFlorin Coras <florin.coras@gmail.com>2020-02-19 02:56:43 +0000
commit837826169fd51c1d2bb7703e479447f5d4ffa9a5 (patch)
tree031c125e49ec8816f1d9a9eed81967c13a924b49 /src
parentb9f1f1587504bc8c7db11ce637b20185588dbc16 (diff)
tls: handle disconect and reset in async mode
Type: fix When async is enabled and request is inflight, delay close oepration Change-Id: I713078fe9832c1599e8860fc0a6bb98588f20943 Signed-off-by: Yu Ping <ping.yu@intel.com>
Diffstat (limited to 'src')
-rw-r--r--src/plugins/tlsopenssl/tls_async.c22
-rw-r--r--src/plugins/tlsopenssl/tls_openssl.c26
-rw-r--r--src/plugins/tlsopenssl/tls_openssl.h1
-rw-r--r--src/vnet/tls/tls.c13
4 files changed, 48 insertions, 14 deletions
diff --git a/src/plugins/tlsopenssl/tls_async.c b/src/plugins/tlsopenssl/tls_async.c
index 100a75b3332..86604667eb8 100644
--- a/src/plugins/tlsopenssl/tls_async.c
+++ b/src/plugins/tlsopenssl/tls_async.c
@@ -303,6 +303,18 @@ vpp_tls_async_init_event (tls_ctx_t * ctx,
return 1;
}
+int
+vpp_openssl_is_inflight (tls_ctx_t * ctx)
+{
+ u32 eidx;
+ openssl_evt_t *event;
+ eidx = ctx->evt_index;
+ event = openssl_evt_get (eidx);
+
+ if (event->status == SSL_ASYNC_INFLIGHT)
+ return 1;
+ return 0;
+}
int
vpp_tls_async_update_event (tls_ctx_t * ctx, int eagain)
@@ -310,13 +322,11 @@ vpp_tls_async_update_event (tls_ctx_t * ctx, int eagain)
u32 eidx;
openssl_evt_t *event;
+ eidx = ctx->evt_index;
+ event = openssl_evt_get (eidx);
+ event->status = SSL_ASYNC_INFLIGHT;
if (eagain)
- {
- eidx = ctx->evt_index;
- event = openssl_evt_get (eidx);
-
- return tls_async_openssl_callback (0, &event->cb_args);
- }
+ return tls_async_openssl_callback (0, &event->cb_args);
return 1;
}
diff --git a/src/plugins/tlsopenssl/tls_openssl.c b/src/plugins/tlsopenssl/tls_openssl.c
index 8e5e73a6cfb..288f0e1ae1e 100644
--- a/src/plugins/tlsopenssl/tls_openssl.c
+++ b/src/plugins/tlsopenssl/tls_openssl.c
@@ -204,15 +204,22 @@ openssl_check_async_status (tls_ctx_t * ctx, openssl_resume_handler * handler,
static void
openssl_handle_handshake_failure (tls_ctx_t * ctx)
{
+ session_t *app_session;
+
if (SSL_is_server (((openssl_ctx_t *) ctx)->ssl))
{
/*
* Cleanup pre-allocated app session and close transport
*/
- session_free (session_get (ctx->c_s_index, ctx->c_thread_index));
- ctx->no_app_session = 1;
- ctx->c_s_index = SESSION_INVALID_INDEX;
- tls_disconnect_transport (ctx);
+ app_session =
+ session_get_if_valid (ctx->c_s_index, ctx->c_thread_index);
+ if (app_session)
+ {
+ session_free (app_session);
+ ctx->no_app_session = 1;
+ ctx->c_s_index = SESSION_INVALID_INDEX;
+ tls_disconnect_transport (ctx);
+ }
}
else
{
@@ -295,7 +302,11 @@ openssl_ctx_handshake_rx (tls_ctx_t * ctx, session_t * tls_session)
}
else
{
- tls_notify_app_accept (ctx);
+ /* Need to check transport status */
+ if (ctx->is_passive_close)
+ openssl_handle_handshake_failure (ctx);
+ else
+ tls_notify_app_accept (ctx);
}
TLS_DBG (1, "Handshake for %u complete. TLS cipher is %s",
@@ -752,6 +763,11 @@ openssl_handshake_is_over (tls_ctx_t * ctx)
static int
openssl_transport_close (tls_ctx_t * ctx)
{
+#ifdef HAVE_OPENSSL_ASYNC
+ if (vpp_openssl_is_inflight (ctx))
+ return 0;
+#endif
+
if (!openssl_handshake_is_over (ctx))
{
openssl_handle_handshake_failure (ctx);
diff --git a/src/plugins/tlsopenssl/tls_openssl.h b/src/plugins/tlsopenssl/tls_openssl.h
index f61d986c3b0..5744dcadb3a 100644
--- a/src/plugins/tlsopenssl/tls_openssl.h
+++ b/src/plugins/tlsopenssl/tls_openssl.h
@@ -68,6 +68,7 @@ int openssl_engine_register (char *engine, char *alg, int async);
void openssl_async_node_enable_disable (u8 is_en);
clib_error_t *tls_openssl_api_init (vlib_main_t * vm);
int tls_openssl_set_ciphers (char *ciphers);
+int vpp_openssl_is_inflight (tls_ctx_t * ctx);
/*
* fd.io coding-style-patch-verification: ON
diff --git a/src/vnet/tls/tls.c b/src/vnet/tls/tls.c
index c2616fdde23..257f48cd9ba 100644
--- a/src/vnet/tls/tls.c
+++ b/src/vnet/tls/tls.c
@@ -358,15 +358,22 @@ tls_session_reset_callback (session_t * s)
session_t *app_session;
ctx = tls_ctx_get (s->opaque);
+ ctx->is_passive_close = 1;
tc = &ctx->connection;
if (tls_ctx_handshake_is_over (ctx))
{
session_transport_reset_notify (tc);
session_transport_closed_notify (tc);
+ tls_disconnect_transport (ctx);
+ }
+ else
+ if ((app_session =
+ session_get_if_valid (ctx->c_s_index, ctx->c_thread_index)))
+ {
+ session_free (app_session);
+ ctx->c_s_index = SESSION_INVALID_INDEX;
+ tls_disconnect_transport (ctx);
}
- else if ((app_session = session_get (tc->s_index, tc->thread_index)))
- session_free (app_session);
- tls_disconnect_transport (ctx);
}
int