diff options
Diffstat (limited to 'src/plugins/tlsopenssl')
-rw-r--r-- | src/plugins/tlsopenssl/tls_async.c | 22 | ||||
-rw-r--r-- | src/plugins/tlsopenssl/tls_openssl.c | 26 | ||||
-rw-r--r-- | src/plugins/tlsopenssl/tls_openssl.h | 1 |
3 files changed, 38 insertions, 11 deletions
diff --git a/src/plugins/tlsopenssl/tls_async.c b/src/plugins/tlsopenssl/tls_async.c index 100a75b3332..86604667eb8 100644 --- a/src/plugins/tlsopenssl/tls_async.c +++ b/src/plugins/tlsopenssl/tls_async.c @@ -303,6 +303,18 @@ vpp_tls_async_init_event (tls_ctx_t * ctx, return 1; } +int +vpp_openssl_is_inflight (tls_ctx_t * ctx) +{ + u32 eidx; + openssl_evt_t *event; + eidx = ctx->evt_index; + event = openssl_evt_get (eidx); + + if (event->status == SSL_ASYNC_INFLIGHT) + return 1; + return 0; +} int vpp_tls_async_update_event (tls_ctx_t * ctx, int eagain) @@ -310,13 +322,11 @@ vpp_tls_async_update_event (tls_ctx_t * ctx, int eagain) u32 eidx; openssl_evt_t *event; + eidx = ctx->evt_index; + event = openssl_evt_get (eidx); + event->status = SSL_ASYNC_INFLIGHT; if (eagain) - { - eidx = ctx->evt_index; - event = openssl_evt_get (eidx); - - return tls_async_openssl_callback (0, &event->cb_args); - } + return tls_async_openssl_callback (0, &event->cb_args); return 1; } diff --git a/src/plugins/tlsopenssl/tls_openssl.c b/src/plugins/tlsopenssl/tls_openssl.c index 8e5e73a6cfb..288f0e1ae1e 100644 --- a/src/plugins/tlsopenssl/tls_openssl.c +++ b/src/plugins/tlsopenssl/tls_openssl.c @@ -204,15 +204,22 @@ openssl_check_async_status (tls_ctx_t * ctx, openssl_resume_handler * handler, static void openssl_handle_handshake_failure (tls_ctx_t * ctx) { + session_t *app_session; + if (SSL_is_server (((openssl_ctx_t *) ctx)->ssl)) { /* * Cleanup pre-allocated app session and close transport */ - session_free (session_get (ctx->c_s_index, ctx->c_thread_index)); - ctx->no_app_session = 1; - ctx->c_s_index = SESSION_INVALID_INDEX; - tls_disconnect_transport (ctx); + app_session = + session_get_if_valid (ctx->c_s_index, ctx->c_thread_index); + if (app_session) + { + session_free (app_session); + ctx->no_app_session = 1; + ctx->c_s_index = SESSION_INVALID_INDEX; + tls_disconnect_transport (ctx); + } } else { @@ -295,7 +302,11 @@ openssl_ctx_handshake_rx (tls_ctx_t * ctx, session_t * tls_session) } else { - tls_notify_app_accept (ctx); + /* Need to check transport status */ + if (ctx->is_passive_close) + openssl_handle_handshake_failure (ctx); + else + tls_notify_app_accept (ctx); } TLS_DBG (1, "Handshake for %u complete. TLS cipher is %s", @@ -752,6 +763,11 @@ openssl_handshake_is_over (tls_ctx_t * ctx) static int openssl_transport_close (tls_ctx_t * ctx) { +#ifdef HAVE_OPENSSL_ASYNC + if (vpp_openssl_is_inflight (ctx)) + return 0; +#endif + if (!openssl_handshake_is_over (ctx)) { openssl_handle_handshake_failure (ctx); diff --git a/src/plugins/tlsopenssl/tls_openssl.h b/src/plugins/tlsopenssl/tls_openssl.h index f61d986c3b0..5744dcadb3a 100644 --- a/src/plugins/tlsopenssl/tls_openssl.h +++ b/src/plugins/tlsopenssl/tls_openssl.h @@ -68,6 +68,7 @@ int openssl_engine_register (char *engine, char *alg, int async); void openssl_async_node_enable_disable (u8 is_en); clib_error_t *tls_openssl_api_init (vlib_main_t * vm); int tls_openssl_set_ciphers (char *ciphers); +int vpp_openssl_is_inflight (tls_ctx_t * ctx); /* * fd.io coding-style-patch-verification: ON |