From d09236d17d86a5d50166b2017f8f30a560c6e1b8 Mon Sep 17 00:00:00 2001 From: Florin Coras Date: Thu, 8 Aug 2019 17:38:26 -0700 Subject: tls: mark as no lookup transport Type:fix Also fix transport close while handshake is ongoing. Change-Id: I004c56d2297d0847c2cb77202f8fba3edaacad29 Signed-off-by: Florin Coras --- src/plugins/tlsopenssl/tls_openssl.c | 38 +++++++++++++++++++++++------------- src/vnet/session/session.c | 2 +- src/vnet/tls/tls.c | 2 ++ 3 files changed, 27 insertions(+), 15 deletions(-) diff --git a/src/plugins/tlsopenssl/tls_openssl.c b/src/plugins/tlsopenssl/tls_openssl.c index ee6b0e3172e..8d0fd36a04f 100644 --- a/src/plugins/tlsopenssl/tls_openssl.c +++ b/src/plugins/tlsopenssl/tls_openssl.c @@ -205,6 +205,28 @@ vpp_ssl_async_retry_func (tls_ctx_t * ctx, openssl_resume_handler * handler) #endif +static void +openssl_handle_handshake_failure (tls_ctx_t * ctx) +{ + if (SSL_is_server (((openssl_ctx_t *) ctx)->ssl)) + { + /* + * Cleanup pre-allocated app session and close transport + */ + session_free (session_get (ctx->c_s_index, ctx->c_thread_index)); + ctx->no_app_session = 1; + ctx->c_s_index = SESSION_INVALID_INDEX; + tls_disconnect_transport (ctx); + } + else + { + /* + * Also handles cleanup of the pre-allocated session + */ + tls_notify_app_connected (ctx, /* is failed */ 1); + } +} + int openssl_ctx_handshake_rx (tls_ctx_t * ctx, session_t * tls_session) { @@ -240,19 +262,7 @@ openssl_ctx_handshake_rx (tls_ctx_t * ctx, session_t * tls_session) ERR_error_string (ERR_get_error (), buf); clib_warning ("Err: %s", buf); - /* - * Cleanup pre-allocated app session and close transport - */ - if (SSL_is_server (oc->ssl)) - { - session_free (session_get (ctx->c_s_index, - ctx->c_thread_index)); - ctx->no_app_session = 1; - ctx->c_s_index = SESSION_INVALID_INDEX; - tls_disconnect_transport (ctx); - } - else - tls_notify_app_connected (ctx, /* is failed */ 1); + openssl_handle_handshake_failure (ctx); return -1; } @@ -758,7 +768,7 @@ openssl_transport_close (tls_ctx_t * ctx) { if (!openssl_handshake_is_over (ctx)) { - session_close (session_get_from_handle (ctx->tls_session_handle)); + openssl_handle_handshake_failure (ctx); return 0; } session_transport_closing_notify (&ctx->connection); diff --git a/src/vnet/session/session.c b/src/vnet/session/session.c index 33f1e26fd6d..7b53a47023a 100644 --- a/src/vnet/session/session.c +++ b/src/vnet/session/session.c @@ -235,7 +235,7 @@ session_delete (session_t * s) /* Delete from the main lookup table. */ if ((rv = session_lookup_del_session (s))) - clib_warning ("hash delete error, rv %d", rv); + clib_warning ("session %u hash delete rv %d", s->session_index, rv); session_free_w_fifos (s); } diff --git a/src/vnet/tls/tls.c b/src/vnet/tls/tls.c index 1358f9cb345..4fff72f1cda 100644 --- a/src/vnet/tls/tls.c +++ b/src/vnet/tls/tls.c @@ -411,6 +411,7 @@ tls_session_accept_callback (session_t * tls_session) tls_session->opaque = ctx_handle; ctx->tls_session_handle = session_handle (tls_session); ctx->listener_ctx_index = tls_listener->opaque; + ctx->c_flags |= TRANSPORT_CONNECTION_F_NO_LOOKUP; /* Preallocate app session. Avoids allocating a session post handshake * on tls_session rx and potentially invalidating the session pool */ @@ -469,6 +470,7 @@ tls_session_connected_callback (u32 tls_app_index, u32 ho_ctx_index, ctx->c_thread_index = vlib_get_thread_index (); ctx->tls_ctx_handle = ctx_handle; + ctx->c_flags |= TRANSPORT_CONNECTION_F_NO_LOOKUP; TLS_DBG (1, "TCP connect for %u returned %u. New connection [%u]%x", ho_ctx_index, is_fail, vlib_get_thread_index (), -- cgit 1.2.3-korg