tls: add async processing support

Adds support for tls async processing using OpenSSL.
Adds new CLI command to configure OpenSSL TLS configurations used by
OpenSSL context and session. New CLI format is:
tls openssl set-tls [record-size <size>]
                    [record-split-size <size>]
                    [max-pipelines <size>]
Sets default values to below TLS configuration parameters:
 - first_seg_size: 32MB
 - add_seg_size:   256MB

Type: feature

Signed-off-by: Varun Rapelly <vrapelly@marvell.com>
Change-Id: I990be31fced9e258fdb036f5751cd67594b0bce7

src/plugins/tlsopenssl/tls_openssl.h

@@ -29,12 +29,18 @@
 
 #define DTLSO_MAX_DGRAM 2000
 
+#define ossl_check_err_is_fatal(_ssl, _rv)                                    \
+  if (PREDICT_FALSE (_rv < 0 && SSL_get_error (_ssl, _rv) == SSL_ERROR_SSL))  \
+    return -1;
+
 typedef struct tls_ctx_openssl_
 {
   tls_ctx_t ctx;			/**< First */
   u32 openssl_ctx_index;
   SSL_CTX *client_ssl_ctx;
   SSL *ssl;
+  u32 evt_index[SSL_ASYNC_EVT_MAX];
+  u32 total_async_write;
   BIO *rbio;
   BIO *wbio;
 } openssl_ctx_t;
@@ -63,15 +69,20 @@ typedef struct openssl_main_
   u8 *ciphers;
   int engine_init;
   int async;
+  u32 record_size;
+  u32 record_split_size;
+  u32 max_pipelines;
 } openssl_main_t;
 
 typedef int openssl_resume_handler (tls_ctx_t * ctx, session_t * tls_session);
 
 tls_ctx_t *openssl_ctx_get_w_thread (u32 ctx_index, u8 thread_index);
-int vpp_tls_async_init_event (tls_ctx_t * ctx,
-			      openssl_resume_handler * handler,
-			      session_t * session);
-int vpp_tls_async_update_event (tls_ctx_t * ctx, int eagain);
+int vpp_tls_async_init_events (tls_ctx_t *ctx, openssl_resume_handler *handler,
+			       session_t *session);
+int vpp_tls_async_update_event (tls_ctx_t *ctx, int eagain,
+				ssl_async_evt_type_t type);
+int vpp_tls_async_enqueue_event (openssl_ctx_t *ctx, int evt_type,
+				 transport_send_params_t *sp, int size);
 int tls_async_openssl_callback (SSL * s, void *evt);
 int openssl_evt_free (int event_idx, u8 thread_index);
 void openssl_polling_start (ENGINE * engine);
@@ -80,6 +91,10 @@ void openssl_async_node_enable_disable (u8 is_en);
 clib_error_t *tls_openssl_api_init (vlib_main_t * vm);
 int tls_openssl_set_ciphers (char *ciphers);
 int vpp_openssl_is_inflight (tls_ctx_t * ctx);
+int openssl_read_from_ssl_into_fifo (svm_fifo_t *f, tls_ctx_t *ctx,
+				     u32 max_len);
+void openssl_handle_handshake_failure (tls_ctx_t *ctx);
+void openssl_confirm_app_close (tls_ctx_t *ctx);
 
 #endif /* SRC_PLUGINS_TLSOPENSSL_TLS_OPENSSL_H_ */
 

src/vnet/tls/tls.c

@@ -1258,6 +1258,10 @@ tls_init (vlib_main_t * vm)
   vec_validate (tm->rx_bufs, num_threads - 1);
   vec_validate (tm->tx_bufs, num_threads - 1);
 
+  /*
+   * first_seg_size default value 32MB
+   * add_seg_size default value 256 MB
+   */
   tm->first_seg_size = 32 << 20;
   tm->add_seg_size = 256 << 20;
 

src/vnet/tls/tls.h

@@ -40,6 +40,19 @@
 #define TLS_DBG(_lvl, _fmt, _args...)
 #endif
 
+#define foreach_ssl_async_evt_type                                            \
+  _ (INIT, "SSL_in_init async event")                                         \
+  _ (RD, "Read async event")                                                  \
+  _ (WR, "Write async event")                                                 \
+  _ (MAX, "Maximum async event")
+
+typedef enum ssl_async_evt_type_
+{
+#define _(sym, str) SSL_ASYNC_EVT_##sym,
+  foreach_ssl_async_evt_type
+#undef _
+} ssl_async_evt_type_t;
+
 typedef struct tls_cxt_id_
 {
   session_handle_t app_session_handle;
@@ -66,7 +79,8 @@ STATIC_ASSERT (sizeof (tls_ctx_id_t) <= TRANSPORT_CONN_ID_LEN,
   _ (MIGRATED, "migrated")                                                    \
   _ (NO_APP_SESSION, "no-app-session")                                        \
   _ (RESUME, "resume")                                                        \
-  _ (HS_DONE, "handshake-done")
+  _ (HS_DONE, "handshake-done")                                               \
+  _ (ASYNC_RD, "async-read")
 
 typedef enum tls_conn_flags_bit_
 {
@@ -105,7 +119,6 @@ typedef struct tls_ctx_
   u32 ts_app_index;
   tls_conn_flags_t flags;
   u8 *srv_hostname;
-  u32 evt_index;
   u32 ckpair_index;
   transport_proto_t tls_type;
 } tls_ctx_t;