diff options
-rw-r--r-- | src/plugins/tlsopenssl/tls_async.c | 34 | ||||
-rw-r--r-- | src/plugins/tlsopenssl/tls_openssl.c | 26 | ||||
-rw-r--r-- | src/plugins/tlsopenssl/tls_openssl.h | 3 |
3 files changed, 27 insertions, 36 deletions
diff --git a/src/plugins/tlsopenssl/tls_async.c b/src/plugins/tlsopenssl/tls_async.c index 50124a63678..facb94ec253 100644 --- a/src/plugins/tlsopenssl/tls_async.c +++ b/src/plugins/tlsopenssl/tls_async.c @@ -142,6 +142,7 @@ openssl_engine_register (char *engine_name, char *algorithm) } if (registered < 0) { + clib_error ("engine %s is not regisered in VPP", engine_name); return 0; } @@ -151,6 +152,7 @@ openssl_engine_register (char *engine_name, char *algorithm) if (engine == NULL) { + clib_warning ("Failed to find engine ENGINE_by_id %s", engine_name); return 0; } @@ -245,7 +247,7 @@ openssl_evt_alloc (void) } int -openssl_async_run (void *evt) +tls_async_openssl_callback (SSL * s, void *evt) { openssl_evt_t *event, *event_tail; openssl_async_t *om = &openssl_async_main; @@ -299,7 +301,7 @@ vpp_add_async_pending_event (tls_ctx_t * ctx, event->handler = handler; event->cb_args.event_index = eidx; event->cb_args.thread_index = thread_id; - event->engine_callback.callback = openssl_async_run; + event->engine_callback.callback = tls_async_openssl_callback; event->engine_callback.arg = &event->cb_args; /* add to pending list */ @@ -326,11 +328,11 @@ vpp_add_async_run_event (tls_ctx_t * ctx, openssl_resume_handler * handler) event->handler = handler; event->cb_args.event_index = eidx; event->cb_args.thread_index = thread_id; - event->engine_callback.callback = openssl_async_run; + event->engine_callback.callback = tls_async_openssl_callback; event->engine_callback.arg = &event->cb_args; /* This is a retry event, and need to put to ring to make it run again */ - return openssl_async_run (&event->cb_args); + return tls_async_openssl_callback (NULL, &event->cb_args); } @@ -365,26 +367,10 @@ event_handler (void *tls_async) void dasync_polling () { - openssl_async_t *om = &openssl_async_main; - openssl_evt_t *event; - int *evt_pending; - openssl_tls_callback_t *engine_cb; - u8 thread_index = vlib_get_thread_index (); - - /* POC code here to simulate the engine to call callback */ - evt_pending = &om->status[thread_index].evt_pending_head; - while (*evt_pending >= 0) - { - TLS_DBG (2, "polling... current head = %d\n", *evt_pending); - event = openssl_evt_get_w_thread (*evt_pending, thread_index); - *evt_pending = event->next; - if (event->status == SSL_ASYNC_PENDING) - { - engine_cb = &event->engine_callback; - (*engine_cb->callback) (engine_cb->arg); - } - } - +/* dasync is a fake async device, and could not be polled. + * We have added code in the dasync engine to triggered the callback already, + * so nothing can be done here + */ } void diff --git a/src/plugins/tlsopenssl/tls_openssl.c b/src/plugins/tlsopenssl/tls_openssl.c index 7994cc5d981..d07e0f89838 100644 --- a/src/plugins/tlsopenssl/tls_openssl.c +++ b/src/plugins/tlsopenssl/tls_openssl.c @@ -185,8 +185,7 @@ vpp_ssl_async_process_event (tls_ctx_t * ctx, engine_cb = vpp_add_async_pending_event (ctx, handler); if (engine_cb) { - SSL_set_async_callback (oc->ssl, (void *) engine_cb->callback, - (void *) engine_cb->arg); + SSL_set_async_callback_arg (oc->ssl, (void *) engine_cb->arg); TLS_DBG (2, "set callback to engine %p\n", engine_cb->callback); } return 0; @@ -201,7 +200,7 @@ vpp_ssl_async_retry_func (tls_ctx_t * ctx, openssl_resume_handler * handler) if (vpp_add_async_run_event (ctx, handler)) { - SSL_set_async_estatus (oc->ssl, 0); + SSL_clear_async_status (oc->ssl); } return 0; @@ -230,19 +229,23 @@ openssl_ctx_handshake_rx (tls_ctx_t * ctx, stream_session_t * tls_session) break; } +#ifdef HAVE_OPENSSL_ASYNC + myself = openssl_ctx_handshake_rx; + vpp_ssl_async_process_event (ctx, myself); +#endif + rv = SSL_do_handshake (oc->ssl); err = SSL_get_error (oc->ssl, rv); openssl_try_handshake_write (oc, tls_session); #ifdef HAVE_OPENSSL_ASYNC - myself = openssl_ctx_handshake_rx; - if (SSL_get_async_estatus (oc->ssl, &estatus) - && (estatus == ENGINE_STATUS_RETRY)) - { - vpp_ssl_async_retry_func (ctx, myself); - } - else if (err == SSL_ERROR_WANT_ASYNC) + if (err == SSL_ERROR_WANT_ASYNC) { - vpp_ssl_async_process_event (ctx, myself); + SSL_get_async_status (oc->ssl, &estatus); + + if (estatus == ASYNC_STATUS_EAGAIN) + { + vpp_ssl_async_retry_func (ctx, myself); + } } #endif @@ -587,6 +590,7 @@ openssl_start_listen (tls_ctx_t * lctx) #ifdef HAVE_OPENSSL_ASYNC if (om->async) SSL_CTX_set_mode (ssl_ctx, SSL_MODE_ASYNC); + SSL_CTX_set_async_callback (ssl_ctx, tls_async_openssl_callback); #endif SSL_CTX_set_options (ssl_ctx, flags); SSL_CTX_set_ecdh_auto (ssl_ctx, 1); diff --git a/src/plugins/tlsopenssl/tls_openssl.h b/src/plugins/tlsopenssl/tls_openssl.h index e802f4523ea..712b4cac628 100644 --- a/src/plugins/tlsopenssl/tls_openssl.h +++ b/src/plugins/tlsopenssl/tls_openssl.h @@ -53,7 +53,7 @@ typedef struct openssl_main_ typedef struct openssl_tls_callback_ { - int (*callback) (void *arg); + int (*callback) (SSL * ssl, void *arg); void *arg; } openssl_tls_callback_t; @@ -66,6 +66,7 @@ openssl_tls_callback_t *vpp_add_async_pending_event (tls_ctx_t * ctx, handler); int vpp_add_async_run_event (tls_ctx_t * ctx, openssl_resume_handler * handler); +int tls_async_openssl_callback (SSL * s, void *evt); void openssl_polling_start (ENGINE * engine); int openssl_engine_register (char *engine, char *alg); void openssl_async_node_enable_disable (u8 is_en); |