diff options
author | Florin Coras <fcoras@cisco.com> | 2019-02-18 20:14:20 -0800 |
---|---|---|
committer | Florin Coras <fcoras@cisco.com> | 2019-02-18 20:43:29 -0800 |
commit | df57ea0a3e20ee45b72dcd01839979e5952f331d (patch) | |
tree | 64aa9a02184a7fe54ec6deeb4f37b3d5479707a2 | |
parent | a27a46eaebee7b1d84a6ce998d9c92048b0654b6 (diff) |
tls: fix openssl/mbedtls use of app_wrk index
Change-Id: I7ccc948357d815a1bd4279a7079cf4db2949183c
Signed-off-by: Florin Coras <fcoras@cisco.com>
-rw-r--r-- | src/plugins/tlsmbedtls/tls_mbedtls.c | 9 | ||||
-rw-r--r-- | src/plugins/tlsopenssl/tls_openssl.c | 9 | ||||
-rw-r--r-- | src/vnet/tls/tls.c | 26 | ||||
-rw-r--r-- | src/vnet/tls/tls.h | 4 |
4 files changed, 29 insertions, 19 deletions
diff --git a/src/plugins/tlsmbedtls/tls_mbedtls.c b/src/plugins/tlsmbedtls/tls_mbedtls.c index 93beebe418c..e1262981cc2 100644 --- a/src/plugins/tlsmbedtls/tls_mbedtls.c +++ b/src/plugins/tlsmbedtls/tls_mbedtls.c @@ -275,6 +275,7 @@ mbedtls_ctx_init_server (tls_ctx_t * ctx) { mbedtls_ctx_t *mc = (mbedtls_ctx_t *) ctx; mbedtls_main_t *mm = &mbedtls_main; + app_worker_t *app_wrk; application_t *app; void *ctx_ptr; int rv; @@ -287,11 +288,15 @@ mbedtls_ctx_init_server (tls_ctx_t * ctx) /* * 1. Cert */ - app = application_get (ctx->parent_app_index); + app_wrk = app_worker_get (ctx->parent_app_wrk_index); + if (!app_wrk) + return -1; + + app = application_get (app_wrk->app_index); if (!app->tls_cert || !app->tls_key) { TLS_DBG (1, " failed\n ! tls cert and/or key not configured %d", - ctx->parent_app_index); + ctx->parent_app_wrk_index); return -1; } diff --git a/src/plugins/tlsopenssl/tls_openssl.c b/src/plugins/tlsopenssl/tls_openssl.c index 0a25ecfa943..e41d50a2b8b 100644 --- a/src/plugins/tlsopenssl/tls_openssl.c +++ b/src/plugins/tlsopenssl/tls_openssl.c @@ -562,15 +562,20 @@ openssl_start_listen (tls_ctx_t * lctx) EVP_PKEY *pkey; u32 olc_index; openssl_listen_ctx_t *olc; + app_worker_t *app_wrk; long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION; openssl_main_t *om = &openssl_main; - app = application_get (lctx->parent_app_index); + app_wrk = app_worker_get (lctx->parent_app_wrk_index); + if (!app_wrk) + return -1; + + app = application_get (app_wrk->app_index); if (!app->tls_cert || !app->tls_key) { TLS_DBG (1, "tls cert and/or key not configured %d", - lctx->parent_app_index); + lctx->parent_app_wrk_index); return -1; } diff --git a/src/vnet/tls/tls.c b/src/vnet/tls/tls.c index 16833a49a96..eda75ff4225 100644 --- a/src/vnet/tls/tls.c +++ b/src/vnet/tls/tls.c @@ -198,7 +198,7 @@ tls_notify_app_accept (tls_ctx_t * ctx) app_listener = listen_session_get_from_handle (lctx->app_session_handle); app_session = session_get (ctx->c_s_index, ctx->c_thread_index); - app_session->app_wrk_index = ctx->parent_app_index; + app_session->app_wrk_index = ctx->parent_app_wrk_index; app_session->connection_index = ctx->tls_ctx_handle; app_session->session_type = app_listener->session_type; app_session->listener_index = app_listener->session_index; @@ -213,7 +213,7 @@ tls_notify_app_accept (tls_ctx_t * ctx) ctx->app_session_handle = session_handle (app_session); session_lookup_add_connection (&ctx->connection, session_handle (app_session)); - ctx->parent_app_index = app_session->app_wrk_index; + ctx->parent_app_wrk_index = app_session->app_wrk_index; app_wrk = app_worker_get (app_session->app_wrk_index); return app_worker_accept_notify (app_wrk, app_session); } @@ -224,7 +224,7 @@ tls_notify_app_connected (tls_ctx_t * ctx, u8 is_failed) session_t *app_session; app_worker_t *app_wrk; - app_wrk = app_worker_get_if_valid (ctx->parent_app_index); + app_wrk = app_worker_get_if_valid (ctx->parent_app_wrk_index); if (!app_wrk) { tls_disconnect_transport (ctx); @@ -235,7 +235,7 @@ tls_notify_app_connected (tls_ctx_t * ctx, u8 is_failed) goto failed; app_session = session_get (ctx->c_s_index, ctx->c_thread_index); - app_session->app_wrk_index = ctx->parent_app_index; + app_session->app_wrk_index = ctx->parent_app_wrk_index; app_session->connection_index = ctx->tls_ctx_handle; app_session->session_type = session_type_from_proto_and_ip (TRANSPORT_PROTO_TLS, ctx->tcp_is_ip4); @@ -375,7 +375,7 @@ tls_session_disconnect_callback (session_t * tls_session) return; } ctx->is_passive_close = 1; - app_wrk = app_worker_get (ctx->parent_app_index); + app_wrk = app_worker_get (ctx->parent_app_wrk_index); app = application_get (app_wrk->app_index); app_session = session_get_from_handle (ctx->app_session_handle); app->cb_fns.session_disconnect_callback (app_session); @@ -451,8 +451,8 @@ tls_session_connected_callback (u32 tls_app_index, u32 ho_ctx_index, app_worker_t *app_wrk; application_t *app; - wrk_index = ho_ctx->parent_app_index; - app_wrk = app_worker_get_if_valid (ho_ctx->parent_app_index); + wrk_index = ho_ctx->parent_app_wrk_index; + app_wrk = app_worker_get_if_valid (ho_ctx->parent_app_wrk_index); if (app_wrk) { api_context = ho_ctx->c_s_index; @@ -529,7 +529,7 @@ tls_connect (transport_endpoint_cfg_t * tep) ctx_index = tls_ctx_half_open_alloc (); ctx = tls_ctx_half_open_get (ctx_index); - ctx->parent_app_index = sep->app_wrk_index; + ctx->parent_app_wrk_index = sep->app_wrk_index; ctx->parent_app_api_context = sep->opaque; ctx->tcp_is_ip4 = sep->is_ip4; if (sep->hostname) @@ -608,7 +608,7 @@ tls_start_listen (u32 app_listener_index, transport_endpoint_t * tep) app_listener = listen_session_get (app_listener_index); lctx = tls_listener_ctx_get (lctx_index); - lctx->parent_app_index = sep->app_wrk_index; + lctx->parent_app_wrk_index = sep->app_wrk_index; lctx->tls_session_handle = tls_al_handle; lctx->app_session_handle = listen_session_get_handle (app_listener); lctx->tcp_is_ip4 = sep->is_ip4; @@ -672,7 +672,7 @@ format_tls_ctx (u8 * s, va_list * args) clib_warning ("app and tls sessions are on different threads!"); s = format (s, "[#%d][TLS] app %u child %u", child_ti, - ctx->parent_app_index, child_si); + ctx->parent_app_wrk_index, child_si); return s; } @@ -709,8 +709,8 @@ format_tls_listener (u8 * s, va_list * args) listen_session_parse_handle (ctx->tls_session_handle, &listener_index, &thread_index); - return format (s, "[TLS] listener app %u child %u", ctx->parent_app_index, - listener_index); + return format (s, "[TLS] listener app %u child %u", + ctx->parent_app_wrk_index, listener_index); } u8 * @@ -718,7 +718,7 @@ format_tls_half_open (u8 * s, va_list * args) { u32 tc_index = va_arg (*args, u32); tls_ctx_t *ctx = tls_ctx_half_open_get (tc_index); - s = format (s, "[TLS] half-open app %u", ctx->parent_app_index); + s = format (s, "[TLS] half-open app %u", ctx->parent_app_wrk_index); tls_ctx_half_open_reader_unlock (); return s; } diff --git a/src/vnet/tls/tls.h b/src/vnet/tls/tls.h index ac0b39b8295..8d1fff3537f 100644 --- a/src/vnet/tls/tls.h +++ b/src/vnet/tls/tls.h @@ -39,7 +39,7 @@ /* *INDENT-OFF* */ typedef CLIB_PACKED (struct tls_cxt_id_ { - u32 parent_app_index; + u32 parent_app_wrk_index; union { session_handle_t app_session_handle; u32 parent_app_api_ctx; @@ -61,7 +61,7 @@ typedef struct tls_ctx_ transport_connection_t connection; tls_ctx_id_t c_tls_ctx_id; }; -#define parent_app_index c_tls_ctx_id.parent_app_index +#define parent_app_wrk_index c_tls_ctx_id.parent_app_wrk_index #define app_session_handle c_tls_ctx_id.app_session_handle #define tls_session_handle c_tls_ctx_id.tls_session_handle #define listener_ctx_index c_tls_ctx_id.listener_ctx_index |