aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/tlsopenssl/tls_openssl.c
AgeCommit message (Collapse)AuthorFilesLines
2020-02-03tls: refactor for tls async event handlingYu Ping1-61/+50
Type: refactor Make sure one tls ctx has one event availble Thus ctx has the same life time with event, which can simplify the management. Change-Id: I1f4240e7316025d81bb97644946ffa399c00cd76 Signed-off-by: Yu Ping <ping.yu@intel.com>
2020-01-13tls: enable TLS OpenSSL plugin works in 3.0.0Yu Ping1-0/+5
Type: fix Change-Id: Id1602981fcc6efed1b0efe79a1fc8177457acdb5 Signed-off-by: Yu Ping <ping.yu@intel.com>
2020-01-07tls: Make tls CPS test run for a quite long timeYu Ping1-3/+7
Type: fix Change-Id: I8cfb48bd7f92689b296861dd368186408918061b Signed-off-by: Yu Ping <ping.yu@intel.com>
2019-12-05tls: change SSL_has_pending to avoid BIO check errorYu Ping1-2/+2
Type: fix Change-Id: I454aff1b187b75a1328c90e30b9b487377ae5f68 Signed-off-by: Yu Ping <ping.yu@intel.com>
2019-10-09hsa: use crypto_engine_type_t for TLSNathan Skrzypczak1-2/+2
Type: refactor This patch does the following conversions TLS_ENGINE_X -> CRYPTO_ENGINE_X tls_engine_type_t -> crypto_engine_t It does not change numbering of engines Change-Id: I872dfaec3a6713bf4229c84d1ffd98b8b2419995 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-10-09session: Add certificate storeNathan Skrzypczak1-8/+6
Type: feature This changes the behavior of both API calls APPLICATION_TLS_CERT_ADD & APPLICATION_TLS_KEY_ADD certificates and keys aren't bound to an app, they are passed to it via connect / listen using the message queue. This should be followed by a per protocol (QUIC/TLS) crypto_context store to save devrived structs Change-Id: I36873bc8b63b5c72776c69e8cd9febc9cae31882 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-08-20tls: Add C API for TLS openssl to set enginePing Yu1-5/+8
Type: feature Parameters of the engine can be set by C API. After this patch, it is easier to integrate TLS into CSIT test. Change-Id: I063cabf613aabbfad831727551579328705afb41 Signed-off-by: Ping Yu <ping.yu@intel.com>
2019-08-09tls: mark as no lookup transportFlorin Coras1-14/+24
Type:fix Also fix transport close while handshake is ongoing. Change-Id: I004c56d2297d0847c2cb77202f8fba3edaacad29 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-08-08tls: fix close with dataFlorin Coras1-12/+43
Type:fix Also changes the way the ctx is freed. TLS now waits for tcp delete notification before freeing the ctx. Change-Id: I2f606a9ce7b3755ae9d11d6fe714fe11b65dcb98 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-06-29svm: rename fifo tx notifications to reflect useFlorin Coras1-1/+1
Type: refactor Change-Id: I651db44acdcb666a9c63e1037352cf88c68795b5 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-05-16init / exit function orderingDave Barach1-7/+6
The vlib init function subsystem now supports a mix of procedural and formally-specified ordering constraints. We should eliminate procedural knowledge wherever possible. The following schemes are *roughly* equivalent: static clib_error_t *init_runs_first (vlib_main_t *vm) { clib_error_t *error; ... do some stuff... if ((error = vlib_call_init_function (init_runs_next))) return error; ... } VLIB_INIT_FUNCTION (init_runs_first); and static clib_error_t *init_runs_first (vlib_main_t *vm) { ... do some stuff... } VLIB_INIT_FUNCTION (init_runs_first) = { .runs_before = VLIB_INITS("init_runs_next"), }; The first form will [most likely] call "init_runs_next" on the spot. The second form means that "init_runs_first" runs before "init_runs_next," possibly much earlier in the sequence. Please DO NOT construct sets of init functions where A before B actually means A *right before* B. It's not necessary - simply combine A and B - and it leads to hugely annoying debugging exercises when trying to switch from ad-hoc procedural ordering constraints to formal ordering constraints. Change-Id: I5e4353503bf43b4acb11a45fb33c79a5ade8426c Signed-off-by: Dave Barach <dave@barachs.net>
2019-05-08session: send tx events when data is dequeuedFlorin Coras1-0/+3
Change-Id: Ib8cb19361c42e38e3f68d7147358378fff161eb1 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-05-03plugins: clean up plugin descriptionsDave Wallace1-1/+1
- Make plugin descriptions more consistent so the output of "show plugin" can be used in the wiki. Change-Id: I4c6feb11e7dcc5a4cf0848eed37f1d3b035c7dda Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2019-04-18tls: allow engines to customize closeFlorin Coras1-0/+24
Change-Id: I11ac3e4f59206902e5dfc326f815c877c5dd6643 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-04-16svm_fifo rework to avoid contention on cursizeSirshak Das1-7/+7
Problems Addressed: - Contention of cursize by producer and consumer. - Reduce the no of modulo operations. Changes: - Synchronization between producer and consumer changed from cursize to head and tail indexes Implications: reduces the usable size of fifo by 1. - Using weaker memory ordering C++11 atomics to access head and tail based on producer and consumer role. - Head and tail indexes are unsigned 32 bit integers. Additions and subtraction on them are implicit 32 bit Modulo operation. - Adding weaker memory ordering variants of max_enq, max_deq, is_empty and is_full Using them appropriately in all places. Perfomance improvement (iperf3 via Hoststack): iperf3 Server: Marvell ThunderX2(AArch64) - iperf3 Client: Skylake(x86) ~6%(256 rxd/txd) - ~11%(2048 rxd/txd) Change-Id: I1d484e000e437430fdd5a819657d1c6b62443018 Signed-off-by: Sirshak Das <sirshak.das@arm.com> Reviewed-by: Honnappa Nagarahalli <honnappa.nagarahalli@arm.com>
2019-02-18tls: fix openssl/mbedtls use of app_wrk indexFlorin Coras1-2/+7
Change-Id: I7ccc948357d815a1bd4279a7079cf4db2949183c Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-04session: cleanup part 1Florin Coras1-19/+17
Rename core data structures. This will break compatibility for out of tree builtin apps. - stream_session_t to session_t - server_rx/tx_fifo to rx/tx_fifo - stream_session.h to session_types.h - update copyright Change-Id: I414097c6e28bcbea866fbf13b8773c7db3f49325 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-01-28update openssl TLS async to align with openssl master branchPing Yu1-4/+2
Need to align with 3.0.0 version Change-Id: I4e8aec1f1226ce09963a9bbb3a9170d1863059ec Signed-off-by: Ping Yu <ping.yu@intel.com>
2019-01-07Change vpp code to align with openssl interface changePing Yu1-11/+15
PR in openssl community is almost done, and need to change some code in VPP to align with the openssl interface. Change-Id: Ic7da53e507b67b53958760d07738dd774b1c526d Signed-off-by: Ping Yu <ping.yu@intel.com>
2018-10-23c11 safe string handling supportDave Barach1-2/+2
Change-Id: Ied34720ca5a6e6e717eea4e86003e854031b6eab Signed-off-by: Dave Barach <dave@barachs.net>
2018-10-02tls: fix disconnects for sessions with pending dataFlorin Coras1-12/+12
TLS can enqueue events to itself when app session queue cannot be entirely drained. If a pending disconnect is handled before any such event, session layer may try to dequeue data on deallocated sessions. Change-Id: I5bfc4d53ce95bc16b6a01e1b0e644aafa1ca311b Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-09-15tls: fix openssl engine write complete conditionFlorin Coras1-1/+1
Change-Id: Ic1526f6916970ce2b0c4fc0d148d4396fa629b5f Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-09-04add option to allow user to set ciphersPing Yu1-6/+32
Orignal code hard code TLS ciphers, and this patch allows user to set ciphers via CLI, so that user can perform the TLS testing without re-building the code. Change-Id: I0d497f6d906af25bc7a33cee5747f9a1d63e0683 Signed-off-by: Ping Yu <ping.yu@intel.com>
2018-08-17optimize init_server to reduce session overheadPing Yu1-32/+98
move un-necessary session based operation to listener split orignal openssl ctx to be session based ctx and listen ctx Change-Id: Id6c54f47b0e2171fd8924a45efcd5266ce5402d5 Signed-off-by: Ping Yu <ping.yu@intel.com>
2018-07-23tls: avoid possible async handler duplicationPing Yu1-1/+1
One handler is good enough when engine sends out a retry status Thus this patch will just go one branch Change-Id: Id81cb3fa67d2b322b0fe1b2f62cd866cf3491eb4 Signed-off-by: Ping Yu <ping.yu@intel.com>
2018-07-19Add a new communication channel between VPP and openssl enginePing Yu1-4/+23
Thus when engine buffer is full during a burst in performance tesing, this code will help VPP handle retry machansim. Change-Id: I0f9fc05d3dba8a54d34dca4c6137700d6c80f714 Signed-off-by: Ping Yu <ping.yu@intel.com>
2018-07-16Enable openssl TLS async support in client for HW acclerationPing Yu1-0/+15
Change-Id: I003e41786c549c6451a1e9e178f5871d32c20e6e Signed-off-by: Ping Yu <ping.yu@intel.com>
2018-06-15TLS async supportPing Yu1-22/+144
Change-Id: I26194e00dfb85e5cd1c65ff4e6ffd665be2d719b Signed-off-by: Ping Yu <ping.yu@intel.com>
2018-05-31Fix TLS issue to load certification and keyPing Yu1-0/+2
Change-Id: If1ef2d4bc6f90a4d4b6a345c63723117834c6504 Signed-off-by: Ping Yu <ping.yu@intel.com>
2018-03-15tls: add openssl engineFlorin Coras1-0/+675
Change-Id: I6c215858d2c9c620787632b570950b15274c0df2 Signed-off-by: Florin Coras <fcoras@cisco.com>