aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins
diff options
context:
space:
mode:
authorSimon Zhang <yuwei1.zhang@intel.com>2020-11-03 23:48:03 +0800
committerFlorin Coras <florin.coras@gmail.com>2020-11-04 02:57:52 +0000
commit34f29d8b60ea937dcfc9bcf4f6826ec1a0817395 (patch)
treec8cce3efeb763a5fa9ef7654f6139e8ecc2fe540 /src/plugins
parent89235c7ac70dd02848de14c697c3b3bf3895d4b2 (diff)
tls: fix picotls engine crypto multi-thread issue
Type: fix Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com> Change-Id: Ib454ccae5a81f91a744db82b72c7f1fcb29aa0cc
Diffstat (limited to 'src/plugins')
-rw-r--r--src/plugins/tlspicotls/pico_vpp_crypto.c8
-rw-r--r--src/plugins/tlspicotls/tls_picotls.c8
-rw-r--r--src/plugins/tlspicotls/tls_picotls.h1
3 files changed, 13 insertions, 4 deletions
diff --git a/src/plugins/tlspicotls/pico_vpp_crypto.c b/src/plugins/tlspicotls/pico_vpp_crypto.c
index e497e5e8af7..8e724ea8b1a 100644
--- a/src/plugins/tlspicotls/pico_vpp_crypto.c
+++ b/src/plugins/tlspicotls/pico_vpp_crypto.c
@@ -18,12 +18,14 @@
#include <picotls/openssl.h>
#include <picotls.h>
-#include "pico_vpp_crypto.h"
+#include <tlspicotls/pico_vpp_crypto.h>
+#include <tlspicotls/tls_picotls.h>
typedef void (*ptls_vpp_do_transform_fn) (ptls_cipher_context_t *, void *,
const void *, size_t);
vnet_crypto_main_t *cm = &crypto_main;
+extern picotls_main_t picotls_main;
struct cipher_context_t
{
@@ -117,8 +119,10 @@ ptls_vpp_crypto_cipher_setup_crypto (ptls_cipher_context_t * _ctx, int is_enc,
assert (0);
}
+ clib_rwlock_writer_lock (&picotls_main.crypto_keys_rw_lock);
ctx->key_index = vnet_crypto_key_add (vm, algo,
(u8 *) key, _ctx->algo->key_size);
+ clib_rwlock_writer_unlock (&picotls_main.crypto_keys_rw_lock);
return 0;
}
@@ -232,8 +236,10 @@ ptls_vpp_crypto_aead_setup_crypto (ptls_aead_context_t * _ctx, int is_enc,
ctx->alg = alg;
+ clib_rwlock_writer_lock (&picotls_main.crypto_keys_rw_lock);
ctx->op.key_index =
vnet_crypto_key_add (vm, ctx->alg, (void *) key, key_len);
+ clib_rwlock_writer_unlock (&picotls_main.crypto_keys_rw_lock);
ctx->chunk_index = 0;
ctx->super.do_decrypt = ptls_vpp_crypto_aead_decrypt;
diff --git a/src/plugins/tlspicotls/tls_picotls.c b/src/plugins/tlspicotls/tls_picotls.c
index 62782c6c113..32bc2a3c57a 100644
--- a/src/plugins/tlspicotls/tls_picotls.c
+++ b/src/plugins/tlspicotls/tls_picotls.c
@@ -1,8 +1,8 @@
#include <math.h>
-#include "certs.h"
-#include "tls_picotls.h"
-#include "pico_vpp_crypto.h"
+#include <tlspicotls/certs.h>
+#include <tlspicotls/tls_picotls.h>
+#include <tlspicotls/pico_vpp_crypto.h>
picotls_main_t picotls_main;
@@ -574,6 +574,8 @@ tls_picotls_init (vlib_main_t * vm)
vec_validate (pm->ctx_pool, num_threads - 1);
+ clib_rwlock_init (&picotls_main.crypto_keys_rw_lock);
+
tls_register_engine (&picotls_engine, CRYPTO_ENGINE_PICOTLS);
return error;
diff --git a/src/plugins/tlspicotls/tls_picotls.h b/src/plugins/tlspicotls/tls_picotls.h
index 92f7b0f9ed5..27341f6f4bd 100644
--- a/src/plugins/tlspicotls/tls_picotls.h
+++ b/src/plugins/tlspicotls/tls_picotls.h
@@ -45,6 +45,7 @@ typedef struct picotls_main_
{
picotls_ctx_t ***ctx_pool;
picotls_listen_ctx_t *lctx_pool;
+ clib_rwlock_t crypto_keys_rw_lock;
} picotls_main_t;
#endif /* __included_quic_certs_h__ */