diff options
author | Simon Zhang <yuwei1.zhang@intel.com> | 2020-11-03 23:48:03 +0800 |
---|---|---|
committer | Florin Coras <florin.coras@gmail.com> | 2020-11-04 02:57:52 +0000 |
commit | 34f29d8b60ea937dcfc9bcf4f6826ec1a0817395 (patch) | |
tree | c8cce3efeb763a5fa9ef7654f6139e8ecc2fe540 /src/plugins | |
parent | 89235c7ac70dd02848de14c697c3b3bf3895d4b2 (diff) |
tls: fix picotls engine crypto multi-thread issue
Type: fix
Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
Change-Id: Ib454ccae5a81f91a744db82b72c7f1fcb29aa0cc
Diffstat (limited to 'src/plugins')
-rw-r--r-- | src/plugins/tlspicotls/pico_vpp_crypto.c | 8 | ||||
-rw-r--r-- | src/plugins/tlspicotls/tls_picotls.c | 8 | ||||
-rw-r--r-- | src/plugins/tlspicotls/tls_picotls.h | 1 |
3 files changed, 13 insertions, 4 deletions
diff --git a/src/plugins/tlspicotls/pico_vpp_crypto.c b/src/plugins/tlspicotls/pico_vpp_crypto.c index e497e5e8af7..8e724ea8b1a 100644 --- a/src/plugins/tlspicotls/pico_vpp_crypto.c +++ b/src/plugins/tlspicotls/pico_vpp_crypto.c @@ -18,12 +18,14 @@ #include <picotls/openssl.h> #include <picotls.h> -#include "pico_vpp_crypto.h" +#include <tlspicotls/pico_vpp_crypto.h> +#include <tlspicotls/tls_picotls.h> typedef void (*ptls_vpp_do_transform_fn) (ptls_cipher_context_t *, void *, const void *, size_t); vnet_crypto_main_t *cm = &crypto_main; +extern picotls_main_t picotls_main; struct cipher_context_t { @@ -117,8 +119,10 @@ ptls_vpp_crypto_cipher_setup_crypto (ptls_cipher_context_t * _ctx, int is_enc, assert (0); } + clib_rwlock_writer_lock (&picotls_main.crypto_keys_rw_lock); ctx->key_index = vnet_crypto_key_add (vm, algo, (u8 *) key, _ctx->algo->key_size); + clib_rwlock_writer_unlock (&picotls_main.crypto_keys_rw_lock); return 0; } @@ -232,8 +236,10 @@ ptls_vpp_crypto_aead_setup_crypto (ptls_aead_context_t * _ctx, int is_enc, ctx->alg = alg; + clib_rwlock_writer_lock (&picotls_main.crypto_keys_rw_lock); ctx->op.key_index = vnet_crypto_key_add (vm, ctx->alg, (void *) key, key_len); + clib_rwlock_writer_unlock (&picotls_main.crypto_keys_rw_lock); ctx->chunk_index = 0; ctx->super.do_decrypt = ptls_vpp_crypto_aead_decrypt; diff --git a/src/plugins/tlspicotls/tls_picotls.c b/src/plugins/tlspicotls/tls_picotls.c index 62782c6c113..32bc2a3c57a 100644 --- a/src/plugins/tlspicotls/tls_picotls.c +++ b/src/plugins/tlspicotls/tls_picotls.c @@ -1,8 +1,8 @@ #include <math.h> -#include "certs.h" -#include "tls_picotls.h" -#include "pico_vpp_crypto.h" +#include <tlspicotls/certs.h> +#include <tlspicotls/tls_picotls.h> +#include <tlspicotls/pico_vpp_crypto.h> picotls_main_t picotls_main; @@ -574,6 +574,8 @@ tls_picotls_init (vlib_main_t * vm) vec_validate (pm->ctx_pool, num_threads - 1); + clib_rwlock_init (&picotls_main.crypto_keys_rw_lock); + tls_register_engine (&picotls_engine, CRYPTO_ENGINE_PICOTLS); return error; diff --git a/src/plugins/tlspicotls/tls_picotls.h b/src/plugins/tlspicotls/tls_picotls.h index 92f7b0f9ed5..27341f6f4bd 100644 --- a/src/plugins/tlspicotls/tls_picotls.h +++ b/src/plugins/tlspicotls/tls_picotls.h @@ -45,6 +45,7 @@ typedef struct picotls_main_ { picotls_ctx_t ***ctx_pool; picotls_listen_ctx_t *lctx_pool; + clib_rwlock_t crypto_keys_rw_lock; } picotls_main_t; #endif /* __included_quic_certs_h__ */ |