2fb5ff4985
Added new `ssl` based socket implementation. For now we are using hard-coded PSK and only support TLS 1.3 One can use it via sock_set_default_impl RPCs Nvme/TCP published secure channel specification (TP 8011) Which is based on TLS 1.3 and PSK. So this is a primary but not the oly use case. Before any SSL connection can be established we need to create SSL context. The context should be client/server aware. Similar to regular sockets, to establish connection server must call SSL_accept and client must call SSL_connect. For now I'm using PSK and not certificates since we aim this for NVMe/TCP TP-8011 which supports only PSK. Adding certificates later on will be very easy. The complication with SSL state machine during accep and connect comes with returned SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. According to documentation, call have to be repeated in this case. Using openssl here for TLS from user space. openssl also has support for kTLS. Will be part of the next changes. openssl doesn't have implemetation for iovec only basic SSL_read and SSL_write. So adding here SSL_readv and SSL_writev wrappers. Tested using: ./build/examples/hello_sock -N ssl -H 127.0.0.1 -P 12345 ./build/examples/hello_sock -N ssl -H 127.0.0.1 -P 12345 -S Also tested using: nvmf_tgt + sock_set_default_impl + perf Signed-off-by: Boris Glimcher <Boris.Glimcher@emc.com> Change-Id: Ie730077c5c581b7e112c18f5f9e1b683015e7b4b Signed-off-by: Boris Glimcher <Boris.Glimcher@emc.com> Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/12327 Community-CI: Broadcom CI <spdk-ci.pdl@broadcom.com> Community-CI: Mellanox Build Bot Reviewed-by: Ben Walker <benjamin.walker@intel.com> Reviewed-by: Jim Harris <james.r.harris@intel.com> Reviewed-by: Shuhei Matsumoto <smatsumoto@nvidia.com> Tested-by: SPDK CI Jenkins <sys_sgci@intel.com> |
||
|---|---|---|
| .. | ||
| accel | ||
| bdev | ||
| blob | ||
| blobfs | ||
| env_dpdk | ||
| event | ||
| scheduler | ||
| sock | ||
| Makefile | ||