aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/tlspicotls/tls_picotls.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/plugins/tlspicotls/tls_picotls.c')
-rw-r--r--src/plugins/tlspicotls/tls_picotls.c55
1 files changed, 38 insertions, 17 deletions
diff --git a/src/plugins/tlspicotls/tls_picotls.c b/src/plugins/tlspicotls/tls_picotls.c
index ba1fdd8c05c..7375b928206 100644
--- a/src/plugins/tlspicotls/tls_picotls.c
+++ b/src/plugins/tlspicotls/tls_picotls.c
@@ -27,11 +27,11 @@ static ptls_key_exchange_algorithm_t *default_key_exchange[] = {
static u32
picotls_ctx_alloc (void)
{
- u8 thread_id = vlib_get_thread_index ();
+ u32 thread_id = vlib_get_thread_index ();
picotls_main_t *pm = &picotls_main;
picotls_ctx_t **ctx;
- pool_get (pm->ctx_pool[thread_id], ctx);
+ pool_get_aligned_safe (pm->ctx_pool[thread_id], ctx, CLIB_CACHE_LINE_BYTES);
if (!(*ctx))
*ctx = clib_mem_alloc (sizeof (picotls_ctx_t));
@@ -179,8 +179,7 @@ picotls_stop_listen (tls_ctx_t * lctx)
static void
picotls_handle_handshake_failure (tls_ctx_t * ctx)
{
- session_free (session_get (ctx->c_s_index, ctx->c_thread_index));
- ctx->no_app_session = 1;
+ ctx->flags |= TLS_CONN_F_NO_APP_SESSION;
ctx->c_s_index = SESSION_INVALID_INDEX;
tls_disconnect_transport (ctx);
}
@@ -205,6 +204,22 @@ picotls_transport_close (tls_ctx_t * ctx)
}
static int
+picotls_transport_reset (tls_ctx_t *ctx)
+{
+ if (!picotls_handshake_is_over (ctx))
+ {
+ picotls_handle_handshake_failure (ctx);
+ return 0;
+ }
+
+ session_transport_reset_notify (&ctx->connection);
+ session_transport_closed_notify (&ctx->connection);
+ tls_disconnect_transport (ctx);
+
+ return 0;
+}
+
+static int
picotls_app_close (tls_ctx_t * ctx)
{
session_t *app_session;
@@ -213,7 +228,7 @@ picotls_app_close (tls_ctx_t * ctx)
if (!svm_fifo_max_dequeue_cons (app_session->tx_fifo))
picotls_confirm_app_close (ctx);
else
- ctx->app_closed = 1;
+ ctx->flags |= TLS_CONN_F_APP_CLOSED;
return 0;
}
@@ -224,14 +239,14 @@ picotls_do_handshake (picotls_ctx_t *ptls_ctx, session_t *tcp_session)
int rv = PTLS_ERROR_IN_PROGRESS, write = 0, i = 0, read = 0, len;
svm_fifo_t *tcp_rx_fifo = tcp_session->rx_fifo;
ptls_buffer_t *buf = &ptls_ctx->read_buffer;
- const int n_segs = 2, max_len = 16384;
+ u32 n_segs = 2, max_len = 16384;
ptls_t *tls = ptls_ctx->tls;
svm_fifo_seg_t fs[n_segs];
uword deq_now;
ptls_buffer_init (buf, "", 0);
- len = svm_fifo_segments (tcp_rx_fifo, 0, fs, n_segs, max_len);
+ len = svm_fifo_segments (tcp_rx_fifo, 0, fs, &n_segs, max_len);
if (len <= 0)
return 0;
@@ -309,7 +324,7 @@ ptls_tcp_to_app_write (picotls_ctx_t *ptls_ctx, svm_fifo_t *app_rx_fifo,
u32 ai = 0, thread_index, min_buf_len, to_copy, left, wrote = 0;
ptls_buffer_t *buf = &ptls_ctx->read_buffer;
int ret, i = 0, read = 0, tcp_len, n_fs_app;
- const int n_segs = 4, max_len = 1 << 16;
+ u32 n_segs = 4, max_len = 1 << 16;
svm_fifo_seg_t tcp_fs[n_segs], app_fs[n_segs];
picotls_main_t *pm = &picotls_main;
uword deq_now;
@@ -321,7 +336,7 @@ ptls_tcp_to_app_write (picotls_ctx_t *ptls_ctx, svm_fifo_t *app_rx_fifo,
if (n_fs_app <= 0)
return 0;
- tcp_len = svm_fifo_segments (tcp_rx_fifo, 0, tcp_fs, n_segs, max_len);
+ tcp_len = svm_fifo_segments (tcp_rx_fifo, 0, tcp_fs, &n_segs, max_len);
if (tcp_len <= 0)
return 0;
@@ -437,6 +452,7 @@ picotls_ctx_read (tls_ctx_t *ctx, session_t *tcp_session)
}
}
+ ctx->flags |= TLS_CONN_F_HS_DONE;
if (!svm_fifo_max_dequeue (tcp_session->rx_fifo))
return 0;
}
@@ -445,7 +461,7 @@ picotls_ctx_read (tls_ctx_t *ctx, session_t *tcp_session)
app_session = session_get_from_handle (ctx->app_session_handle);
wrote = ptls_tcp_to_app_write (ptls_ctx, app_session->rx_fifo, tcp_rx_fifo);
- if (wrote && app_session->session_state >= SESSION_STATE_READY)
+ if (wrote)
tls_notify_app_enqueue (ctx, app_session);
if (ptls_ctx->read_buffer_offset || svm_fifo_max_dequeue (tcp_rx_fifo))
@@ -489,7 +505,7 @@ ptls_app_to_tcp_write (picotls_ctx_t *ptls_ctx, session_t *app_session,
{
u32 wrote = 0, max_enq, thread_index, app_buf_len, left, ti = 0;
int read = 0, rv, i = 0, len, n_tcp_segs = 4, deq_len;
- const int n_app_segs = 2, min_chunk = 2048;
+ u32 n_app_segs = 2, min_chunk = 2048;
svm_fifo_seg_t app_fs[n_app_segs], tcp_fs[n_tcp_segs];
picotls_main_t *pm = &picotls_main;
ptls_buffer_t _buf, *buf = &_buf;
@@ -500,7 +516,7 @@ ptls_app_to_tcp_write (picotls_ctx_t *ptls_ctx, session_t *app_session,
thread_index = app_session->thread_index;
app_tx_fifo = app_session->tx_fifo;
- len = svm_fifo_segments (app_tx_fifo, 0, app_fs, n_app_segs, max_len);
+ len = svm_fifo_segments (app_tx_fifo, 0, app_fs, &n_app_segs, max_len);
if (len <= 0)
return 0;
@@ -625,7 +641,7 @@ picotls_ctx_write (tls_ctx_t *ctx, session_t *app_session,
check_tls_fifo:
- if (ctx->app_closed)
+ if (ctx->flags & TLS_CONN_F_APP_CLOSED)
picotls_app_close (ctx);
/* Deschedule and wait for deq notification if fifo is almost full */
@@ -722,6 +738,13 @@ picotls_init_client_ptls_ctx (ptls_context_t **client_ptls_ctx)
return 0;
}
+int
+picotls_reinit_ca_chain (void)
+{
+ /* Not supported yet */
+ return 0;
+}
+
const static tls_engine_vft_t picotls_engine = {
.ctx_alloc = picotls_ctx_alloc,
.ctx_free = picotls_ctx_free,
@@ -735,7 +758,9 @@ const static tls_engine_vft_t picotls_engine = {
.ctx_read = picotls_ctx_read,
.ctx_write = picotls_ctx_write,
.ctx_transport_close = picotls_transport_close,
+ .ctx_transport_reset = picotls_transport_reset,
.ctx_app_close = picotls_app_close,
+ .ctx_reinit_cachain = picotls_reinit_ca_chain,
};
static clib_error_t *
@@ -761,18 +786,14 @@ tls_picotls_init (vlib_main_t * vm)
return error;
}
-/* *INDENT-OFF* */
VLIB_INIT_FUNCTION (tls_picotls_init) = {
.runs_after = VLIB_INITS ("tls_init"),
};
-/* *INDENT-ON* */
-/* *INDENT-OFF* */
VLIB_PLUGIN_REGISTER () = {
.version = VPP_BUILD_VER,
.description = "Transport Layer Security (TLS) Engine, Picotls Based",
};
-/* *INDENT-ON* */
/*
* fd.io coding-style-patch-verification: ON