diff options
| author |   Nicolas PLANEL <nplanel@cisco.com> | 2025-02-28 19:59:14 +0100 |
|---|---|---|
| committer |   Damjan Marion <dmarion@0xa5.net> | 2025-04-04 15:02:44 +0000 |
| commit | f479eeb76b4a1aa0bfd3adf888a8679e27875fd8 (patch) | |
| tree | 3ba0e29f4c5e5ab07a45ecafbf8f6f60730e3e84 /src/vnet/crypto/crypto.c | |
| parent | 6fa7a0e408d1737b9ba2f809518e9b7ad2b51ac3 (diff) | |
crypto: make configurable crypto engines
Add a configuration sections crypto-engines, it works like plugins syntax :
The following configuration will load and register only openssl engine
'''
crypto-engines {
default {disable}
openssl {enable}
}
'''
And this one will load all engines except openssl
'''
crypto-engines {
default {enable}
openssl {disable}
}
'''
Type: feature
Change-Id: Ia637db93b497d0c4333704f3c024e85de3941791
Signed-off-by: Nicolas PLANEL <nplanel@cisco.com>
Signed-off-by: Nicolas PLANEL <nplanel@gmail.com>
Signed-off-by: Nicolas PLANEL <nplanel@cisco.com>
Diffstat (limited to 'src/vnet/crypto/crypto.c')
| -rw-r--r-- | src/vnet/crypto/crypto.c | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/src/vnet/crypto/crypto.c b/src/vnet/crypto/crypto.c index d1a6a6b12a1..765dc499078 100644 --- a/src/vnet/crypto/crypto.c +++ b/src/vnet/crypto/crypto.c @@ -18,6 +18,8 @@ VLIB_REGISTER_LOG_CLASS (crypto_main_log, static) = { #define log_debug(f, ...) \ vlib_log (VLIB_LOG_LEVEL_DEBUG, crypto_main_log.class, f, ##__VA_ARGS__) +#define log_notice(f, ...) \ + vlib_log (VLIB_LOG_LEVEL_NOTICE, crypto_main_log.class, f, ##__VA_ARGS__) #define log_err(f, ...) \ vlib_log (VLIB_LOG_LEVEL_ERR, crypto_main_log.class, f, ##__VA_ARGS__) @@ -564,11 +566,14 @@ static void vnet_crypto_load_engines (vlib_main_t *vm) { vlib_thread_main_t *tm = vlib_get_thread_main (); + vnet_crypto_main_t *cm = &crypto_main; + vnet_crypto_config_t *pc; u8 *path; char *p; u32 path_len; struct dirent *entry; DIR *dp; + uword *config_index; path = os_get_exec_path (); log_debug ("exec path is %s", path); @@ -623,6 +628,31 @@ vnet_crypto_load_engines (vlib_main_t *vm) continue; } + /* follow crypto-engines config section directive */ + config_index = hash_get_mem (cm->config_index_by_name, r->name); + if (config_index) + { + pc = vec_elt_at_index (cm->configs, config_index[0]); + if (pc->is_disabled) + { + log_notice ("crypto disabled: %s", r->name); + dlclose (handle); + continue; + } + if (cm->default_disabled && pc->is_enabled == 0) + { + log_notice ("crypto disabled (default): %s", r->name); + dlclose (handle); + continue; + } + } + else if (cm->default_disabled) + { + log_notice ("crypto disabled (default): %s", r->name); + dlclose (handle); + continue; + } + if (r->per_thread_data_sz) { u64 sz = |