From 34f29d8b60ea937dcfc9bcf4f6826ec1a0817395 Mon Sep 17 00:00:00 2001
From: Simon Zhang <yuwei1.zhang@intel.com>
Date: Tue, 3 Nov 2020 23:48:03 +0800
Subject: tls: fix picotls engine crypto multi-thread issue

Type: fix

Signed-off-by: Simon Zhang <yuwei1.zhang@intel.com>
Change-Id: Ib454ccae5a81f91a744db82b72c7f1fcb29aa0cc
---
 src/plugins/tlspicotls/pico_vpp_crypto.c | 8 +++++++-
 src/plugins/tlspicotls/tls_picotls.c     | 8 +++++---
 src/plugins/tlspicotls/tls_picotls.h     | 1 +
 3 files changed, 13 insertions(+), 4 deletions(-)

(limited to 'src/plugins/tlspicotls')

diff --git a/src/plugins/tlspicotls/pico_vpp_crypto.c b/src/plugins/tlspicotls/pico_vpp_crypto.c
index e497e5e8af7..8e724ea8b1a 100644
--- a/src/plugins/tlspicotls/pico_vpp_crypto.c
+++ b/src/plugins/tlspicotls/pico_vpp_crypto.c
@@ -18,12 +18,14 @@
 #include <picotls/openssl.h>
 #include <picotls.h>
 
-#include "pico_vpp_crypto.h"
+#include <tlspicotls/pico_vpp_crypto.h>
+#include <tlspicotls/tls_picotls.h>
 
 typedef void (*ptls_vpp_do_transform_fn) (ptls_cipher_context_t *, void *,
 					  const void *, size_t);
 
 vnet_crypto_main_t *cm = &crypto_main;
+extern picotls_main_t picotls_main;
 
 struct cipher_context_t
 {
@@ -117,8 +119,10 @@ ptls_vpp_crypto_cipher_setup_crypto (ptls_cipher_context_t * _ctx, int is_enc,
       assert (0);
     }
 
+  clib_rwlock_writer_lock (&picotls_main.crypto_keys_rw_lock);
   ctx->key_index = vnet_crypto_key_add (vm, algo,
 					(u8 *) key, _ctx->algo->key_size);
+  clib_rwlock_writer_unlock (&picotls_main.crypto_keys_rw_lock);
 
   return 0;
 }
@@ -232,8 +236,10 @@ ptls_vpp_crypto_aead_setup_crypto (ptls_aead_context_t * _ctx, int is_enc,
 
   ctx->alg = alg;
 
+  clib_rwlock_writer_lock (&picotls_main.crypto_keys_rw_lock);
   ctx->op.key_index =
     vnet_crypto_key_add (vm, ctx->alg, (void *) key, key_len);
+  clib_rwlock_writer_unlock (&picotls_main.crypto_keys_rw_lock);
   ctx->chunk_index = 0;
 
   ctx->super.do_decrypt = ptls_vpp_crypto_aead_decrypt;
diff --git a/src/plugins/tlspicotls/tls_picotls.c b/src/plugins/tlspicotls/tls_picotls.c
index 62782c6c113..32bc2a3c57a 100644
--- a/src/plugins/tlspicotls/tls_picotls.c
+++ b/src/plugins/tlspicotls/tls_picotls.c
@@ -1,8 +1,8 @@
 #include <math.h>
 
-#include "certs.h"
-#include "tls_picotls.h"
-#include "pico_vpp_crypto.h"
+#include <tlspicotls/certs.h>
+#include <tlspicotls/tls_picotls.h>
+#include <tlspicotls/pico_vpp_crypto.h>
 
 picotls_main_t picotls_main;
 
@@ -574,6 +574,8 @@ tls_picotls_init (vlib_main_t * vm)
 
   vec_validate (pm->ctx_pool, num_threads - 1);
 
+  clib_rwlock_init (&picotls_main.crypto_keys_rw_lock);
+
   tls_register_engine (&picotls_engine, CRYPTO_ENGINE_PICOTLS);
 
   return error;
diff --git a/src/plugins/tlspicotls/tls_picotls.h b/src/plugins/tlspicotls/tls_picotls.h
index 92f7b0f9ed5..27341f6f4bd 100644
--- a/src/plugins/tlspicotls/tls_picotls.h
+++ b/src/plugins/tlspicotls/tls_picotls.h
@@ -45,6 +45,7 @@ typedef struct picotls_main_
 {
   picotls_ctx_t ***ctx_pool;
   picotls_listen_ctx_t *lctx_pool;
+  clib_rwlock_t crypto_keys_rw_lock;
 } picotls_main_t;
 
 #endif /* __included_quic_certs_h__ */
-- 
cgit 1.2.3-korg