ligang/vpp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

tls: fix openssl/mbedtls use of app_wrk index

Browse Source 
Change-Id: I7ccc948357d815a1bd4279a7079cf4db2949183c
Signed-off-by: Florin Coras <fcoras@cisco.com>
This commit is contained in:
Florin Coras
2019-02-18 20:14:20 -08:00
parent a27a46eaeb
commit df57ea0a3e
4 changed files with 29 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/plugins/tlsmbedtls/tls_mbedtls.c
View File

@ -275,6 +275,7 @@ mbedtls_ctx_init_server (tls_ctx_t * ctx)
{
mbedtls_ctx_t *mc = (mbedtls_ctx_t *) ctx;
mbedtls_main_t *mm = &mbedtls_main;
app_worker_t *app_wrk;
application_t *app;
void *ctx_ptr;
int rv;
@ -287,11 +288,15 @@ mbedtls_ctx_init_server (tls_ctx_t * ctx)
/*
* 1. Cert
*/
app = application_get (ctx->parent_app_index);
app_wrk = app_worker_get (ctx->parent_app_wrk_index);
if (!app_wrk)
return -1;
app = application_get (app_wrk->app_index);
if (!app->tls_cert || !app->tls_key)
{
TLS_DBG (1, " failed\n ! tls cert and/or key not configured %d",
ctx->parent_app_index);
ctx->parent_app_wrk_index);
return -1;
}

9
src/plugins/tlsopenssl/tls_openssl.c
View File

@ -562,15 +562,20 @@ openssl_start_listen (tls_ctx_t * lctx)
EVP_PKEY *pkey;
u32 olc_index;
openssl_listen_ctx_t *olc;
app_worker_t *app_wrk;
long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION;
openssl_main_t *om = &openssl_main;
app = application_get (lctx->parent_app_index);
app_wrk = app_worker_get (lctx->parent_app_wrk_index);
if (!app_wrk)
return -1;
app = application_get (app_wrk->app_index);
if (!app->tls_cert || !app->tls_key)
{
TLS_DBG (1, "tls cert and/or key not configured %d",
lctx->parent_app_index);
lctx->parent_app_wrk_index);
return -1;
}

26
src/vnet/tls/tls.c
View File

@ -198,7 +198,7 @@ tls_notify_app_accept (tls_ctx_t * ctx)
app_listener = listen_session_get_from_handle (lctx->app_session_handle);
app_session = session_get (ctx->c_s_index, ctx->c_thread_index);
app_session->app_wrk_index = ctx->parent_app_index;
app_session->app_wrk_index = ctx->parent_app_wrk_index;
app_session->connection_index = ctx->tls_ctx_handle;
app_session->session_type = app_listener->session_type;
app_session->listener_index = app_listener->session_index;
@ -213,7 +213,7 @@ tls_notify_app_accept (tls_ctx_t * ctx)
ctx->app_session_handle = session_handle (app_session);
session_lookup_add_connection (&ctx->connection,
session_handle (app_session));
ctx->parent_app_index = app_session->app_wrk_index;
ctx->parent_app_wrk_index = app_session->app_wrk_index;
app_wrk = app_worker_get (app_session->app_wrk_index);
return app_worker_accept_notify (app_wrk, app_session);
}
@ -224,7 +224,7 @@ tls_notify_app_connected (tls_ctx_t * ctx, u8 is_failed)
session_t *app_session;
app_worker_t *app_wrk;
app_wrk = app_worker_get_if_valid (ctx->parent_app_index);
app_wrk = app_worker_get_if_valid (ctx->parent_app_wrk_index);
if (!app_wrk)
{
tls_disconnect_transport (ctx);
@ -235,7 +235,7 @@ tls_notify_app_connected (tls_ctx_t * ctx, u8 is_failed)
goto failed;
app_session = session_get (ctx->c_s_index, ctx->c_thread_index);
app_session->app_wrk_index = ctx->parent_app_index;
app_session->app_wrk_index = ctx->parent_app_wrk_index;
app_session->connection_index = ctx->tls_ctx_handle;
app_session->session_type =
session_type_from_proto_and_ip (TRANSPORT_PROTO_TLS, ctx->tcp_is_ip4);
@ -375,7 +375,7 @@ tls_session_disconnect_callback (session_t * tls_session)
return;
}
ctx->is_passive_close = 1;
app_wrk = app_worker_get (ctx->parent_app_index);
app_wrk = app_worker_get (ctx->parent_app_wrk_index);
app = application_get (app_wrk->app_index);
app_session = session_get_from_handle (ctx->app_session_handle);
app->cb_fns.session_disconnect_callback (app_session);
@ -451,8 +451,8 @@ tls_session_connected_callback (u32 tls_app_index, u32 ho_ctx_index,
app_worker_t *app_wrk;
application_t *app;
wrk_index = ho_ctx->parent_app_index;
app_wrk = app_worker_get_if_valid (ho_ctx->parent_app_index);
wrk_index = ho_ctx->parent_app_wrk_index;
app_wrk = app_worker_get_if_valid (ho_ctx->parent_app_wrk_index);
if (app_wrk)
{
api_context = ho_ctx->c_s_index;
@ -529,7 +529,7 @@ tls_connect (transport_endpoint_cfg_t * tep)
ctx_index = tls_ctx_half_open_alloc ();
ctx = tls_ctx_half_open_get (ctx_index);
ctx->parent_app_index = sep->app_wrk_index;
ctx->parent_app_wrk_index = sep->app_wrk_index;
ctx->parent_app_api_context = sep->opaque;
ctx->tcp_is_ip4 = sep->is_ip4;
if (sep->hostname)
@ -608,7 +608,7 @@ tls_start_listen (u32 app_listener_index, transport_endpoint_t * tep)
app_listener = listen_session_get (app_listener_index);
lctx = tls_listener_ctx_get (lctx_index);
lctx->parent_app_index = sep->app_wrk_index;
lctx->parent_app_wrk_index = sep->app_wrk_index;
lctx->tls_session_handle = tls_al_handle;
lctx->app_session_handle = listen_session_get_handle (app_listener);
lctx->tcp_is_ip4 = sep->is_ip4;
@ -672,7 +672,7 @@ format_tls_ctx (u8 * s, va_list * args)
clib_warning ("app and tls sessions are on different threads!");
s = format (s, "[#%d][TLS] app %u child %u", child_ti,
ctx->parent_app_index, child_si);
ctx->parent_app_wrk_index, child_si);
return s;
}
@ -709,8 +709,8 @@ format_tls_listener (u8 * s, va_list * args)
listen_session_parse_handle (ctx->tls_session_handle, &listener_index,
&thread_index);
return format (s, "[TLS] listener app %u child %u", ctx->parent_app_index,
listener_index);
return format (s, "[TLS] listener app %u child %u",
ctx->parent_app_wrk_index, listener_index);
}
u8 *
@ -718,7 +718,7 @@ format_tls_half_open (u8 * s, va_list * args)
{
u32 tc_index = va_arg (*args, u32);
tls_ctx_t *ctx = tls_ctx_half_open_get (tc_index);
s = format (s, "[TLS] half-open app %u", ctx->parent_app_index);
s = format (s, "[TLS] half-open app %u", ctx->parent_app_wrk_index);
tls_ctx_half_open_reader_unlock ();
return s;
}

4
src/vnet/tls/tls.h
View File

@ -39,7 +39,7 @@
/* *INDENT-OFF* */
typedef CLIB_PACKED (struct tls_cxt_id_
{
u32 parent_app_index;
u32 parent_app_wrk_index;
union {
session_handle_t app_session_handle;
u32 parent_app_api_ctx;
@ -61,7 +61,7 @@ typedef struct tls_ctx_
transport_connection_t connection;
tls_ctx_id_t c_tls_ctx_id;
};
#define parent_app_index c_tls_ctx_id.parent_app_index
#define parent_app_wrk_index c_tls_ctx_id.parent_app_wrk_index
#define app_session_handle c_tls_ctx_id.app_session_handle
#define tls_session_handle c_tls_ctx_id.tls_session_handle
#define listener_ctx_index c_tls_ctx_id.listener_ctx_index