tls: fix openssl/mbedtls use of app_wrk index

Change-Id: I7ccc948357d815a1bd4279a7079cf4db2949183c
Signed-off-by: Florin Coras <fcoras@cisco.com>

diff --git a/src/plugins/tlsmbedtls/tls_mbedtls.c b/src/plugins/tlsmbedtls/tls_mbedtls.c
index 93beebe..e126298 100644 (file)
--- a/src/plugins/tlsmbedtls/tls_mbedtls.c
+++ b/src/plugins/tlsmbedtls/tls_mbedtls.c
@@ -275,6 +275,7 @@ mbedtls_ctx_init_server (tls_ctx_t * ctx)
 {
   mbedtls_ctx_t *mc = (mbedtls_ctx_t *) ctx;
   mbedtls_main_t *mm = &mbedtls_main;
+  app_worker_t *app_wrk;
   application_t *app;
   void *ctx_ptr;
   int rv;
@@ -287,11 +288,15 @@ mbedtls_ctx_init_server (tls_ctx_t * ctx)
   /*
    * 1. Cert
    */
-  app = application_get (ctx->parent_app_index);
+  app_wrk = app_worker_get (ctx->parent_app_wrk_index);
+  if (!app_wrk)
+    return -1;
+
+  app = application_get (app_wrk->app_index);
   if (!app->tls_cert || !app->tls_key)
     {
       TLS_DBG (1, " failed\n  ! tls cert and/or key not configured %d",
-              ctx->parent_app_index);
+              ctx->parent_app_wrk_index);
       return -1;
     }
 

diff --git a/src/plugins/tlsopenssl/tls_openssl.c b/src/plugins/tlsopenssl/tls_openssl.c
index 0a25ecf..e41d50a 100644 (file)
--- a/src/plugins/tlsopenssl/tls_openssl.c
+++ b/src/plugins/tlsopenssl/tls_openssl.c
@@ -562,15 +562,20 @@ openssl_start_listen (tls_ctx_t * lctx)
   EVP_PKEY *pkey;
   u32 olc_index;
   openssl_listen_ctx_t *olc;
+  app_worker_t *app_wrk;
 
   long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION;
   openssl_main_t *om = &openssl_main;
 
-  app = application_get (lctx->parent_app_index);
+  app_wrk = app_worker_get (lctx->parent_app_wrk_index);
+  if (!app_wrk)
+    return -1;
+
+  app = application_get (app_wrk->app_index);
   if (!app->tls_cert || !app->tls_key)
     {
       TLS_DBG (1, "tls cert and/or key not configured %d",
-              lctx->parent_app_index);
+              lctx->parent_app_wrk_index);
       return -1;
     }
 

diff --git a/src/vnet/tls/tls.c b/src/vnet/tls/tls.c
index 16833a4..eda75ff 100644 (file)
--- a/src/vnet/tls/tls.c
+++ b/src/vnet/tls/tls.c
@@ -198,7 +198,7 @@ tls_notify_app_accept (tls_ctx_t * ctx)
   app_listener = listen_session_get_from_handle (lctx->app_session_handle);
 
   app_session = session_get (ctx->c_s_index, ctx->c_thread_index);
-  app_session->app_wrk_index = ctx->parent_app_index;
+  app_session->app_wrk_index = ctx->parent_app_wrk_index;
   app_session->connection_index = ctx->tls_ctx_handle;
   app_session->session_type = app_listener->session_type;
   app_session->listener_index = app_listener->session_index;
@@ -213,7 +213,7 @@ tls_notify_app_accept (tls_ctx_t * ctx)
   ctx->app_session_handle = session_handle (app_session);
   session_lookup_add_connection (&ctx->connection,
                                 session_handle (app_session));
-  ctx->parent_app_index = app_session->app_wrk_index;
+  ctx->parent_app_wrk_index = app_session->app_wrk_index;
   app_wrk = app_worker_get (app_session->app_wrk_index);
   return app_worker_accept_notify (app_wrk, app_session);
 }
@@ -224,7 +224,7 @@ tls_notify_app_connected (tls_ctx_t * ctx, u8 is_failed)
   session_t *app_session;
   app_worker_t *app_wrk;
 
-  app_wrk = app_worker_get_if_valid (ctx->parent_app_index);
+  app_wrk = app_worker_get_if_valid (ctx->parent_app_wrk_index);
   if (!app_wrk)
     {
       tls_disconnect_transport (ctx);
@@ -235,7 +235,7 @@ tls_notify_app_connected (tls_ctx_t * ctx, u8 is_failed)
     goto failed;
 
   app_session = session_get (ctx->c_s_index, ctx->c_thread_index);
-  app_session->app_wrk_index = ctx->parent_app_index;
+  app_session->app_wrk_index = ctx->parent_app_wrk_index;
   app_session->connection_index = ctx->tls_ctx_handle;
   app_session->session_type =
     session_type_from_proto_and_ip (TRANSPORT_PROTO_TLS, ctx->tcp_is_ip4);
@@ -375,7 +375,7 @@ tls_session_disconnect_callback (session_t * tls_session)
       return;
     }
   ctx->is_passive_close = 1;
-  app_wrk = app_worker_get (ctx->parent_app_index);
+  app_wrk = app_worker_get (ctx->parent_app_wrk_index);
   app = application_get (app_wrk->app_index);
   app_session = session_get_from_handle (ctx->app_session_handle);
   app->cb_fns.session_disconnect_callback (app_session);
@@ -451,8 +451,8 @@ tls_session_connected_callback (u32 tls_app_index, u32 ho_ctx_index,
       app_worker_t *app_wrk;
       application_t *app;
 
-      wrk_index = ho_ctx->parent_app_index;
-      app_wrk = app_worker_get_if_valid (ho_ctx->parent_app_index);
+      wrk_index = ho_ctx->parent_app_wrk_index;
+      app_wrk = app_worker_get_if_valid (ho_ctx->parent_app_wrk_index);
       if (app_wrk)
        {
          api_context = ho_ctx->c_s_index;
@@ -529,7 +529,7 @@ tls_connect (transport_endpoint_cfg_t * tep)
 
   ctx_index = tls_ctx_half_open_alloc ();
   ctx = tls_ctx_half_open_get (ctx_index);
-  ctx->parent_app_index = sep->app_wrk_index;
+  ctx->parent_app_wrk_index = sep->app_wrk_index;
   ctx->parent_app_api_context = sep->opaque;
   ctx->tcp_is_ip4 = sep->is_ip4;
   if (sep->hostname)
@@ -608,7 +608,7 @@ tls_start_listen (u32 app_listener_index, transport_endpoint_t * tep)
   app_listener = listen_session_get (app_listener_index);
 
   lctx = tls_listener_ctx_get (lctx_index);
-  lctx->parent_app_index = sep->app_wrk_index;
+  lctx->parent_app_wrk_index = sep->app_wrk_index;
   lctx->tls_session_handle = tls_al_handle;
   lctx->app_session_handle = listen_session_get_handle (app_listener);
   lctx->tcp_is_ip4 = sep->is_ip4;
@@ -672,7 +672,7 @@ format_tls_ctx (u8 * s, va_list * args)
     clib_warning ("app and tls sessions are on different threads!");
 
   s = format (s, "[#%d][TLS] app %u child %u", child_ti,
-             ctx->parent_app_index, child_si);
+             ctx->parent_app_wrk_index, child_si);
   return s;
 }
 
@@ -709,8 +709,8 @@ format_tls_listener (u8 * s, va_list * args)
 
   listen_session_parse_handle (ctx->tls_session_handle, &listener_index,
                               &thread_index);
-  return format (s, "[TLS] listener app %u child %u", ctx->parent_app_index,
-                listener_index);
+  return format (s, "[TLS] listener app %u child %u",
+                ctx->parent_app_wrk_index, listener_index);
 }
 
 u8 *
@@ -718,7 +718,7 @@ format_tls_half_open (u8 * s, va_list * args)
 {
   u32 tc_index = va_arg (*args, u32);
   tls_ctx_t *ctx = tls_ctx_half_open_get (tc_index);
-  s = format (s, "[TLS] half-open app %u", ctx->parent_app_index);
+  s = format (s, "[TLS] half-open app %u", ctx->parent_app_wrk_index);
   tls_ctx_half_open_reader_unlock ();
   return s;
 }

diff --git a/src/vnet/tls/tls.h b/src/vnet/tls/tls.h
index ac0b39b..8d1fff3 100644 (file)
--- a/src/vnet/tls/tls.h
+++ b/src/vnet/tls/tls.h
@@ -39,7 +39,7 @@
 /* *INDENT-OFF* */
 typedef CLIB_PACKED (struct tls_cxt_id_
 {
-  u32 parent_app_index;
+  u32 parent_app_wrk_index;
   union {
     session_handle_t app_session_handle;
     u32 parent_app_api_ctx;
@@ -61,7 +61,7 @@ typedef struct tls_ctx_
     transport_connection_t connection;
     tls_ctx_id_t c_tls_ctx_id;
   };
-#define parent_app_index c_tls_ctx_id.parent_app_index
+#define parent_app_wrk_index c_tls_ctx_id.parent_app_wrk_index
 #define app_session_handle c_tls_ctx_id.app_session_handle
 #define tls_session_handle c_tls_ctx_id.tls_session_handle
 #define listener_ctx_index c_tls_ctx_id.listener_ctx_index