From 7dbc8ebe54f4ddb83e337be152e9b8405f52e577 Mon Sep 17 00:00:00 2001 From: Aloys Augustin Date: Mon, 2 Aug 2021 17:42:23 +0200 Subject: quic: do not update crypto keys from workers The vnet_crypto_key_add should only be called from the main thread. This patch works around this limitation by allocating one key per worker and updating it on the fly everytime we need to do a crypto operation. This solution is far from ideal, but quicly has a strong assumption that it can use a key immediately after determining it, so making the key creation asynchronous is not a possibility. Signed-off-by: Aloys Augustin Change-Id: I19fc5814195156003c36a73bb616738ba9d828f7 Type: fix --- src/plugins/quic/quic.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'src/plugins/quic/quic.c') diff --git a/src/plugins/quic/quic.c b/src/plugins/quic/quic.c index 26f2216a3d8..499eb8bc776 100644 --- a/src/plugins/quic/quic.c +++ b/src/plugins/quic/quic.c @@ -2563,14 +2563,19 @@ quic_init (vlib_main_t * vm) qm->vnet_crypto_enabled = 1; if (qm->vnet_crypto_enabled == 1) { + u8 empty_key[32] = {}; quic_register_cipher_suite (CRYPTO_ENGINE_VPP, quic_crypto_cipher_suites); qm->default_crypto_engine = CRYPTO_ENGINE_VPP; + vec_validate (qm->per_thread_crypto_key_indices, num_threads); + for (i = 0; i < num_threads; i++) + { + qm->per_thread_crypto_key_indices[i] = vnet_crypto_key_add ( + vm, VNET_CRYPTO_ALG_AES_256_CTR, empty_key, 32); + } } qm->max_packets_per_key = DEFAULT_MAX_PACKETS_PER_KEY; - clib_rwlock_init (&qm->crypto_keys_quic_rw_lock); - qm->default_quic_cc = QUIC_CC_RENO; vec_free (a->name); -- cgit 1.2.3-korg