quic: disable vnet_crypto and batching if no crypto engines are loaded

Type: fix

Change-Id: I95d3f8431b468cefc8777526dd3b988a299f0687
Signed-off-by: MathiasRaoul <mathias.raoul@gmail.com>

diff --git a/src/plugins/quic/quic.c b/src/plugins/quic/quic.c
index 31cfcce..8b11136 100644 (file)
--- a/src/plugins/quic/quic.c
+++ b/src/plugins/quic/quic.c
@@ -2180,8 +2180,11 @@ quic_process_one_rx_packet (u64 udp_session_handle, svm_fifo_t * f,
   if (rv == QUIC_PACKET_TYPE_RECEIVE)
     {
       pctx->ptype = QUIC_PACKET_TYPE_RECEIVE;
-      quic_ctx_t *qctx = quic_ctx_get (pctx->ctx_index, thread_index);
-      quic_crypto_decrypt_packet (qctx, pctx);
+      if (quic_main.vnet_crypto_enabled)
+       {
+         quic_ctx_t *qctx = quic_ctx_get (pctx->ctx_index, thread_index);
+         quic_crypto_decrypt_packet (qctx, pctx);
+       }
       return 0;
     }
   else if (rv == QUIC_PACKET_TYPE_MIGRATE)
@@ -2506,6 +2509,13 @@ quic_init (vlib_main_t * vm)
   qm->default_crypto_engine = CRYPTO_ENGINE_VPP;
   qm->max_packets_per_key = DEFAULT_MAX_PACKETS_PER_KEY;
   clib_rwlock_init (&qm->crypto_keys_quic_rw_lock);
+
+  vnet_crypto_main_t *cm = &crypto_main;
+  if (vec_len (cm->engines) == 0)
+    qm->vnet_crypto_enabled = 0;
+  else
+    qm->vnet_crypto_enabled = 1;
+
   vec_free (a->name);
   return 0;
 }

diff --git a/src/plugins/quic/quic.h b/src/plugins/quic/quic.h
index 98f4ce8..1e83d92 100644 (file)
--- a/src/plugins/quic/quic.h
+++ b/src/plugins/quic/quic.h
@@ -275,6 +275,8 @@ typedef struct quic_main_
   u32 udp_fifo_prealloc;
   u32 connection_timeout;
 
+  u8 vnet_crypto_enabled;
+
   clib_rwlock_t crypto_keys_quic_rw_lock;
 } quic_main_t;
 

diff --git a/src/plugins/quic/quic_crypto.c b/src/plugins/quic/quic_crypto.c
index dd73003..d8fd4a9 100644 (file)
--- a/src/plugins/quic/quic_crypto.c
+++ b/src/plugins/quic/quic_crypto.c
@@ -623,17 +623,27 @@ quic_crypto_aead_setup_crypto (ptls_aead_context_t * _ctx, int is_enc,
       assert (0);
     }
 
-  ctx->super.do_decrypt = quic_crypto_aead_decrypt;
+  if (quic_main.vnet_crypto_enabled)
+    {
+      ctx->super.do_decrypt = quic_crypto_aead_decrypt;
 
-  ctx->super.do_encrypt_init = quic_crypto_aead_encrypt_init;
-  ctx->super.do_encrypt_update = quic_crypto_aead_encrypt_update;
-  ctx->super.do_encrypt_final = quic_crypto_aead_encrypt_final;
-  ctx->super.dispose_crypto = quic_crypto_aead_dispose_crypto;
+      ctx->super.do_encrypt_init = quic_crypto_aead_encrypt_init;
+      ctx->super.do_encrypt_update = quic_crypto_aead_encrypt_update;
+      ctx->super.do_encrypt_final = quic_crypto_aead_encrypt_final;
+      ctx->super.dispose_crypto = quic_crypto_aead_dispose_crypto;
 
-  clib_rwlock_writer_lock (&quic_main.crypto_keys_quic_rw_lock);
-  ctx->key_index = vnet_crypto_key_add (vm, algo,
-                                       (u8 *) key, _ctx->algo->key_size);
-  clib_rwlock_writer_unlock (&quic_main.crypto_keys_quic_rw_lock);
+      clib_rwlock_writer_lock (&quic_main.crypto_keys_quic_rw_lock);
+      ctx->key_index = vnet_crypto_key_add (vm, algo,
+                                           (u8 *) key, _ctx->algo->key_size);
+      clib_rwlock_writer_unlock (&quic_main.crypto_keys_quic_rw_lock);
+    }
+  else
+    {
+      if (!strcmp (ctx->super.algo->name, "AES128-GCM"))
+       ptls_openssl_aes128gcm.setup_crypto (_ctx, is_enc, key);
+      else if (!strcmp (ctx->super.algo->name, "AES256-GCM"))
+       ptls_openssl_aes256gcm.setup_crypto (_ctx, is_enc, key);
+    }
 
   return 0;
 }