summaryrefslogtreecommitdiffstats
path: root/src/vnet/tls/tls.c
AgeCommit message (Collapse)AuthorFilesLines
2022-05-04tls: free app session if connect notify refusedFlorin Coras1-2/+2
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Iee6784c37a835b49d962ae6f87c279cbe65dde15
2022-04-11tls: fix connected notifications with no app wrkFlorin Coras1-5/+9
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I805131b4e3d0cb2fab1d3bf76db659c67522c2e8
2022-04-07tls http: run config fns after init onesFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ia4d8aaafeb3629f421601edffefe9c61c3e69dba
2022-03-30tls: support to reinitialise ca_chain wo restartSaravanan Murugesan1-0/+6
Type: improvement Signed-off-by: Saravanan Murugesan <sarmurug@cisco.com> Change-Id: I90e90678ae6586019cc842f9d504d53991cfabe4
2022-03-18vppinfra: refactor *_will_expand() functionsDamjan Marion1-2/+1
Type: refactor Change-Id: I3625eacf9e04542ca8778df5d46075a8654642c7 Signed-off-by: Damjan Marion <damarion@cisco.com>
2022-02-28tls: handle read write ssl errorsFlorin Coras1-0/+10
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If5eed7dac4951f0510a4b4b092f66f44d0d3cacd
2022-02-28tls: Receive only when the app_session is availableSaravanan Murugesan1-0/+5
Type: fix Signed-off-by: Saravanan Murugesan <sarmurug@cisco.com> Change-Id: Icfd5e3c0bb034684c7bc43be46927294536ba08a
2022-02-17tls http srtp: fix session index for listenersFlorin Coras1-0/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If5e6d0e8c686ea93674d6201c38b3a4d1c4786a5
2022-02-10session: use transport endpoint cfg for listenFlorin Coras1-1/+1
Makes it similar to connects. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I38c328670054e1a9ba4dc4ea8fe7519a5a09e8be
2022-02-05session: track bytes dequeued in snd paramsFlorin Coras1-2/+1
Also reset send params flags before calling transports to avoid explicit resets in all transports. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I1da7b3fab009728e7fee4199425ced933fa8a122
2021-12-21tls: don't add listen to lookup tableFilip Tehlar1-0/+1
Type: fix Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I0432dd0209f9c7702a8497161e21e178ee243bb1
2021-11-19tls: add option to config additional segment sizeFlorin Coras1-4/+8
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Idf3b49ec61bf5da498ffdd8cebab7148fce73f5f
2021-06-17tls: increase engine bits room in handle to support custom engine typejxm1-1/+1
Type: improvement Signed-off-by: jxm <jiangxiaoming@outlook.com> Change-Id: I80a51e841f9727b68d1de713b6b6d51675ef53c5
2021-05-29tls: fix handling of failed connectsFlorin Coras1-16/+18
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ifbf43dd69aa07be485fe7fa01c917512e423036e
2021-05-20tls svm: prealloc tcp fifo chunks before ssl writeFlorin Coras1-1/+3
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I7c47b55ec6f0c83f2d13e0e737d0559a32f7c837
2021-05-18tls: fix dtls with no workersFlorin Coras1-6/+6
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Iecc33fda7f28c037289775ffe0525a50f89a2b8c
2021-05-14tls: switch dtls to vc and track half-opensFlorin Coras1-4/+59
Also adds support for half-open support transport migration. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id04c194138956336f93246bbed0332a7030c67e2
2021-05-12tls: switch to vc service and track half-open sessionsFlorin Coras1-12/+63
Half-open tls sessions are now tracked by the app worker and are cleaned up only when tcp cleans up its half-open session, i.e., independent of when the established tls context is allocated. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If5d594d7095192dd527daf4ea1358ffeccdfcc7a
2021-05-07session: connects seg manager is always firstFlorin Coras1-2/+0
By convention, connects segment manager will be first. Therefore it will be the one with the first segment wherein lies the app's message queue. Saves us the trouble of allocating it on first connect, if app started by listening, and we no longer need to track if it's assignable to a listener or if it can be removed. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Iba9a8ffaab618eeb41ec2144dcfee62d006dc7a2
2021-05-02tls: cleanup dtls migrated contextFlorin Coras1-4/+7
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I433cc1b7a29f785a431618641317bbfbbe2cf2f4
2021-04-23tls quic: improve error reportingFlorin Coras1-6/+7
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I92f0c1f7c0f4696fa12071440a643aa703d6306f
2021-04-22vcl session: refactor passing of crypto contextFlorin Coras1-11/+36
Pass tls/quic crypto context using extended config instead of bloating conect/listen messages. Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0bc637ae310e6c31ef1e16847501dcb81453ee94
2021-03-29tls: fix app_worker_connect_notify param erroryedg1-1/+1
Type: fix Signed-off-by: yedongggang <yedg@wangsu.com> Change-Id: I5ec690e71fa9119a7bf1cfcb6e36263aa732eff0
2021-03-11session tls: deq notifications for custom txFlorin Coras1-0/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I6ed2104e9d79c367ca36460047586f9b632c3315
2021-02-09tls: dtls initial implementationFlorin Coras1-22/+231
Type: feature Basic dtls transport protocol implementation that relies on openssl wire protocol implementation. Retries/timeouts not yet supported. To test using vcl test apps, first ensure all arp entries are properly resolved and subsequently: server: vcl_server -p dtls 1234 client: vcl_client -p dtls <server-ip> 1234 -U -N 2000000 -T 1460 -X Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I04b4516a8fe9ce85ba230bcdd891f33a900046ed
2020-12-18tls: add custom openssl bioFlorin Coras1-0/+1
The bio interacts directly with the session so it avoids using an intermediary mem bio and, implicitly, higher memory consumption and an extra memcpy. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ifb675cfd12df86396a7a738a6cd4d0882c69ad2f
2020-10-26tls: separate init from enableFlorin Coras1-29/+50
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Icdeddeffd95492ca34f37e1904b1f5f6d150a6bc
2020-10-21tls: enable cert key pair setting for connectjiangxiaoming1-0/+1
Type: improvement Signed-off-by: jiangxiaoming <jiangxiaoming@outlook.com> Change-Id: Ie0e6d48d65b0b8b493e9d49cfdf93c645523659a
2020-09-24session tcp udp tls quic: improve cli formattingFlorin Coras1-4/+5
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Iae5dbb8aaaf82d8e95c2ee8bbbe6844c9dd49f80
2020-09-23tls: fix session format assert crash in connected callbackjiangxiaoming1-9/+8
Type: fix Signed-off-by: jiangxiaoming <jiangxiaoming@outlook.com> Change-Id: I61b7988bf6a49a51041bc6085d5f0f4689ff45a6
2020-04-25tls: improve cli state reportingFlorin Coras1-3/+12
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I02d60134d6069764da75dc6d206b376a0d46998e
2020-04-25session vcl: propagate transport cleanup notificationsFlorin Coras1-1/+6
Type: improvement Can be used to force app to close a connection on which it still waits for data. Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I7c3a8245cbbc23728e4408feb63a659a11f718ed
2020-04-04session tls: support tls deschedulingFlorin Coras1-8/+19
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ieb8bb9c6deb92479fdd3e045778fe5ae4782d1ea
2020-04-04session tls: improve app transports tx schedulingFlorin Coras1-13/+9
Type: improvement - allow apps to request rescheduling of tx events via SESSION_F_CUSTOM_TX flag - limit max burst per session custom tx dispatch In tls - use the new infra to reschedule tx events - use max burst bytes as upper limit to number of bytes to be encrypted Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I544a5a3337af7ebdff3406b776adf30cf96ebf3c
2020-04-03session: improve error reportingFlorin Coras1-8/+9
Type: improvement Change-Id: I9dd850a1ce85b0adb5136233f176117e0ee38817 Signed-off-by: Florin Coras <fcoras@cisco.com>
2020-03-25session: api to add new transport typesFlorin Coras1-0/+2
Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If4dee6dba1ea942daa921d566b35cdecdda680ee
2020-02-26tls session: fix unlistenFlorin Coras1-0/+15
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie3bc31fc3df662e087f7931de6c274eb3608a2d8
2020-02-19tls: handle disconect and reset in async modeYu Ping1-3/+10
Type: fix When async is enabled and request is inflight, delay close oepration Change-Id: I713078fe9832c1599e8860fc0a6bb98588f20943 Signed-off-by: Yu Ping <ping.yu@intel.com>
2020-02-14tls: remove session lookup operation in TLSYu Ping1-2/+0
Type: fix Change-Id: I50329bda365d98f9f9d56a58187fb4fb2a4eb461 Signed-off-by: Yu Ping <ping.yu@intel.com>
2020-02-03tls: refactor for tls async event handlingYu Ping1-2/+0
Type: refactor Make sure one tls ctx has one event availble Thus ctx has the same life time with event, which can simplify the management. Change-Id: I1f4240e7316025d81bb97644946ffa399c00cd76 Signed-off-by: Yu Ping <ping.yu@intel.com>
2020-01-08tls: improve connection formatingFlorin Coras1-13/+43
Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Iea8abe33cf33036267ccaf58760abc2f48470202
2020-01-02session: fix listener global endpoint lookupFlorin Coras1-1/+1
Type: fix Ensure listeners for app transport protocols are added to lookup tables using their session endpoints instead of their transport connections, which can override the network connection id in the transport connection. Change-Id: I56fa3666bb1422c0799fc7143cd099751ff6e2e6 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-11-18session: extra checks in session validationSrikanth Akula1-2/+2
Type: fix Adding few extra checks while doign session validationwq! Signed-off-by: Srikanth Akula <srakula@cisco.com> Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I4d18b5ad97d1802ce38a07aeb56b5f35939c1187
2019-10-30tls: fifo size is u32Dave Wallace1-3/+10
- unformat_memory_size() writes to a uword * - Limit cli input to u32 Type: fix Signed-off-by: Dave Wallace <dwallacelf@gmail.com> Change-Id: I453a5633e04f9ee6f2f1a843634f99063a81579b
2019-10-30tls: fix on tcp connection resetZeyu Zhang1-2/+10
VPP would fail in tcp_connection_reset() if the tls or app session was just created. Type: fix Change-Id: I45d107f57e4f3fc468c15ca3392d5e1c413bd690 Signed-off-by: Zeyu Zhang <zeyu.zhang@intel.com>
2019-10-12tls: allow disconnects from main threadFlorin Coras1-1/+4
Type: fix Use api with explicit thread index to retrieve tls contex on close. Change-Id: Ibdc4338747300b7fc8f91ef3e10bcd48ce7ae366 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-10-09hsa: use crypto_engine_type_t for TLSNathan Skrzypczak1-11/+11
Type: refactor This patch does the following conversions TLS_ENGINE_X -> CRYPTO_ENGINE_X tls_engine_type_t -> crypto_engine_t It does not change numbering of engines Change-Id: I872dfaec3a6713bf4229c84d1ffd98b8b2419995 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-10-09session: Add certificate storeNathan Skrzypczak1-0/+2
Type: feature This changes the behavior of both API calls APPLICATION_TLS_CERT_ADD & APPLICATION_TLS_KEY_ADD certificates and keys aren't bound to an app, they are passed to it via connect / listen using the message queue. This should be followed by a per protocol (QUIC/TLS) crypto_context store to save devrived structs Change-Id: I36873bc8b63b5c72776c69e8cd9febc9cae31882 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-08-09tls: mark as no lookup transportFlorin Coras1-0/+2
Type:fix Also fix transport close while handshake is ongoing. Change-Id: I004c56d2297d0847c2cb77202f8fba3edaacad29 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-08-09tls: handle transport resetFlorin Coras1-1/+6
Type:fix Change-Id: I5994fb53dc4b9fd58920b3d67472c38b41db27c2 Signed-off-by: Florin Coras <fcoras@cisco.com>