summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFlorin Coras <fcoras@cisco.com>2019-02-18 20:14:20 -0800
committerFlorin Coras <fcoras@cisco.com>2019-02-18 20:43:29 -0800
commitdf57ea0a3e20ee45b72dcd01839979e5952f331d (patch)
tree64aa9a02184a7fe54ec6deeb4f37b3d5479707a2
parenta27a46eaebee7b1d84a6ce998d9c92048b0654b6 (diff)
tls: fix openssl/mbedtls use of app_wrk index
Change-Id: I7ccc948357d815a1bd4279a7079cf4db2949183c Signed-off-by: Florin Coras <fcoras@cisco.com>
-rw-r--r--src/plugins/tlsmbedtls/tls_mbedtls.c9
-rw-r--r--src/plugins/tlsopenssl/tls_openssl.c9
-rw-r--r--src/vnet/tls/tls.c26
-rw-r--r--src/vnet/tls/tls.h4
4 files changed, 29 insertions, 19 deletions
diff --git a/src/plugins/tlsmbedtls/tls_mbedtls.c b/src/plugins/tlsmbedtls/tls_mbedtls.c
index 93beebe418c..e1262981cc2 100644
--- a/src/plugins/tlsmbedtls/tls_mbedtls.c
+++ b/src/plugins/tlsmbedtls/tls_mbedtls.c
@@ -275,6 +275,7 @@ mbedtls_ctx_init_server (tls_ctx_t * ctx)
{
mbedtls_ctx_t *mc = (mbedtls_ctx_t *) ctx;
mbedtls_main_t *mm = &mbedtls_main;
+ app_worker_t *app_wrk;
application_t *app;
void *ctx_ptr;
int rv;
@@ -287,11 +288,15 @@ mbedtls_ctx_init_server (tls_ctx_t * ctx)
/*
* 1. Cert
*/
- app = application_get (ctx->parent_app_index);
+ app_wrk = app_worker_get (ctx->parent_app_wrk_index);
+ if (!app_wrk)
+ return -1;
+
+ app = application_get (app_wrk->app_index);
if (!app->tls_cert || !app->tls_key)
{
TLS_DBG (1, " failed\n ! tls cert and/or key not configured %d",
- ctx->parent_app_index);
+ ctx->parent_app_wrk_index);
return -1;
}
diff --git a/src/plugins/tlsopenssl/tls_openssl.c b/src/plugins/tlsopenssl/tls_openssl.c
index 0a25ecfa943..e41d50a2b8b 100644
--- a/src/plugins/tlsopenssl/tls_openssl.c
+++ b/src/plugins/tlsopenssl/tls_openssl.c
@@ -562,15 +562,20 @@ openssl_start_listen (tls_ctx_t * lctx)
EVP_PKEY *pkey;
u32 olc_index;
openssl_listen_ctx_t *olc;
+ app_worker_t *app_wrk;
long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION;
openssl_main_t *om = &openssl_main;
- app = application_get (lctx->parent_app_index);
+ app_wrk = app_worker_get (lctx->parent_app_wrk_index);
+ if (!app_wrk)
+ return -1;
+
+ app = application_get (app_wrk->app_index);
if (!app->tls_cert || !app->tls_key)
{
TLS_DBG (1, "tls cert and/or key not configured %d",
- lctx->parent_app_index);
+ lctx->parent_app_wrk_index);
return -1;
}
diff --git a/src/vnet/tls/tls.c b/src/vnet/tls/tls.c
index 16833a49a96..eda75ff4225 100644
--- a/src/vnet/tls/tls.c
+++ b/src/vnet/tls/tls.c
@@ -198,7 +198,7 @@ tls_notify_app_accept (tls_ctx_t * ctx)
app_listener = listen_session_get_from_handle (lctx->app_session_handle);
app_session = session_get (ctx->c_s_index, ctx->c_thread_index);
- app_session->app_wrk_index = ctx->parent_app_index;
+ app_session->app_wrk_index = ctx->parent_app_wrk_index;
app_session->connection_index = ctx->tls_ctx_handle;
app_session->session_type = app_listener->session_type;
app_session->listener_index = app_listener->session_index;
@@ -213,7 +213,7 @@ tls_notify_app_accept (tls_ctx_t * ctx)
ctx->app_session_handle = session_handle (app_session);
session_lookup_add_connection (&ctx->connection,
session_handle (app_session));
- ctx->parent_app_index = app_session->app_wrk_index;
+ ctx->parent_app_wrk_index = app_session->app_wrk_index;
app_wrk = app_worker_get (app_session->app_wrk_index);
return app_worker_accept_notify (app_wrk, app_session);
}
@@ -224,7 +224,7 @@ tls_notify_app_connected (tls_ctx_t * ctx, u8 is_failed)
session_t *app_session;
app_worker_t *app_wrk;
- app_wrk = app_worker_get_if_valid (ctx->parent_app_index);
+ app_wrk = app_worker_get_if_valid (ctx->parent_app_wrk_index);
if (!app_wrk)
{
tls_disconnect_transport (ctx);
@@ -235,7 +235,7 @@ tls_notify_app_connected (tls_ctx_t * ctx, u8 is_failed)
goto failed;
app_session = session_get (ctx->c_s_index, ctx->c_thread_index);
- app_session->app_wrk_index = ctx->parent_app_index;
+ app_session->app_wrk_index = ctx->parent_app_wrk_index;
app_session->connection_index = ctx->tls_ctx_handle;
app_session->session_type =
session_type_from_proto_and_ip (TRANSPORT_PROTO_TLS, ctx->tcp_is_ip4);
@@ -375,7 +375,7 @@ tls_session_disconnect_callback (session_t * tls_session)
return;
}
ctx->is_passive_close = 1;
- app_wrk = app_worker_get (ctx->parent_app_index);
+ app_wrk = app_worker_get (ctx->parent_app_wrk_index);
app = application_get (app_wrk->app_index);
app_session = session_get_from_handle (ctx->app_session_handle);
app->cb_fns.session_disconnect_callback (app_session);
@@ -451,8 +451,8 @@ tls_session_connected_callback (u32 tls_app_index, u32 ho_ctx_index,
app_worker_t *app_wrk;
application_t *app;
- wrk_index = ho_ctx->parent_app_index;
- app_wrk = app_worker_get_if_valid (ho_ctx->parent_app_index);
+ wrk_index = ho_ctx->parent_app_wrk_index;
+ app_wrk = app_worker_get_if_valid (ho_ctx->parent_app_wrk_index);
if (app_wrk)
{
api_context = ho_ctx->c_s_index;
@@ -529,7 +529,7 @@ tls_connect (transport_endpoint_cfg_t * tep)
ctx_index = tls_ctx_half_open_alloc ();
ctx = tls_ctx_half_open_get (ctx_index);
- ctx->parent_app_index = sep->app_wrk_index;
+ ctx->parent_app_wrk_index = sep->app_wrk_index;
ctx->parent_app_api_context = sep->opaque;
ctx->tcp_is_ip4 = sep->is_ip4;
if (sep->hostname)
@@ -608,7 +608,7 @@ tls_start_listen (u32 app_listener_index, transport_endpoint_t * tep)
app_listener = listen_session_get (app_listener_index);
lctx = tls_listener_ctx_get (lctx_index);
- lctx->parent_app_index = sep->app_wrk_index;
+ lctx->parent_app_wrk_index = sep->app_wrk_index;
lctx->tls_session_handle = tls_al_handle;
lctx->app_session_handle = listen_session_get_handle (app_listener);
lctx->tcp_is_ip4 = sep->is_ip4;
@@ -672,7 +672,7 @@ format_tls_ctx (u8 * s, va_list * args)
clib_warning ("app and tls sessions are on different threads!");
s = format (s, "[#%d][TLS] app %u child %u", child_ti,
- ctx->parent_app_index, child_si);
+ ctx->parent_app_wrk_index, child_si);
return s;
}
@@ -709,8 +709,8 @@ format_tls_listener (u8 * s, va_list * args)
listen_session_parse_handle (ctx->tls_session_handle, &listener_index,
&thread_index);
- return format (s, "[TLS] listener app %u child %u", ctx->parent_app_index,
- listener_index);
+ return format (s, "[TLS] listener app %u child %u",
+ ctx->parent_app_wrk_index, listener_index);
}
u8 *
@@ -718,7 +718,7 @@ format_tls_half_open (u8 * s, va_list * args)
{
u32 tc_index = va_arg (*args, u32);
tls_ctx_t *ctx = tls_ctx_half_open_get (tc_index);
- s = format (s, "[TLS] half-open app %u", ctx->parent_app_index);
+ s = format (s, "[TLS] half-open app %u", ctx->parent_app_wrk_index);
tls_ctx_half_open_reader_unlock ();
return s;
}
diff --git a/src/vnet/tls/tls.h b/src/vnet/tls/tls.h
index ac0b39b8295..8d1fff3537f 100644
--- a/src/vnet/tls/tls.h
+++ b/src/vnet/tls/tls.h
@@ -39,7 +39,7 @@
/* *INDENT-OFF* */
typedef CLIB_PACKED (struct tls_cxt_id_
{
- u32 parent_app_index;
+ u32 parent_app_wrk_index;
union {
session_handle_t app_session_handle;
u32 parent_app_api_ctx;
@@ -61,7 +61,7 @@ typedef struct tls_ctx_
transport_connection_t connection;
tls_ctx_id_t c_tls_ctx_id;
};
-#define parent_app_index c_tls_ctx_id.parent_app_index
+#define parent_app_wrk_index c_tls_ctx_id.parent_app_wrk_index
#define app_session_handle c_tls_ctx_id.app_session_handle
#define tls_session_handle c_tls_ctx_id.tls_session_handle
#define listener_ctx_index c_tls_ctx_id.listener_ctx_index