vcl session: switch to generic cert key apis
Remove the deprecated tls apis.
Type: improvement
Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ia1e12bd813671146f0aca22e83d04c23ac13e595
diff --git a/src/vnet/session/application.c b/src/vnet/session/application.c
index 20b0a9e..906a73e 100644
--- a/src/vnet/session/application.c
+++ b/src/vnet/session/application.c
@@ -1320,26 +1320,6 @@
return &app->sm_properties;
}
-clib_error_t *
-vnet_app_add_tls_cert (vnet_app_add_tls_cert_args_t * a)
-{
- /* Deprected, will be remove after 20.01 */
- app_cert_key_pair_t *ckpair;
- ckpair = app_cert_key_pair_get_default ();
- ckpair->cert = vec_dup (a->cert);
- return 0;
-}
-
-clib_error_t *
-vnet_app_add_tls_key (vnet_app_add_tls_key_args_t * a)
-{
- /* Deprected, will be remove after 20.01 */
- app_cert_key_pair_t *ckpair;
- ckpair = app_cert_key_pair_get_default ();
- ckpair->key = vec_dup (a->key);
- return 0;
-}
-
static void
application_format_listeners (application_t * app, int verbose)
{
@@ -1706,8 +1686,10 @@
vnet_app_add_cert_key_pair (vnet_app_add_cert_key_pair_args_t * a)
{
app_cert_key_pair_t *ckpair = app_cert_key_pair_alloc ();
- ckpair->cert = vec_dup (a->cert);
- ckpair->key = vec_dup (a->key);
+ vec_validate (ckpair->cert, a->cert_len - 1);
+ clib_memcpy_fast (ckpair->cert, a->cert, a->cert_len);
+ vec_validate (ckpair->key, a->key_len - 1);
+ clib_memcpy_fast (ckpair->key, a->key, a->key_len);
a->index = ckpair->cert_key_index;
return 0;
}
@@ -1749,7 +1731,7 @@
clib_error_t *
application_init (vlib_main_t * vm)
{
- /* Add a certificate with index 0 to support legacy apis */
+ /* Index 0 was originally used by legacy apis, maintain as invalid */
(void) app_cert_key_pair_alloc ();
app_main.last_crypto_engine = CRYPTO_ENGINE_LAST;
app_main.app_by_name = hash_create_vec (0, sizeof (u8), sizeof (uword));
diff --git a/src/vnet/session/application_interface.h b/src/vnet/session/application_interface.h
index 9614257..b2e0ef9 100644
--- a/src/vnet/session/application_interface.h
+++ b/src/vnet/session/application_interface.h
@@ -178,6 +178,8 @@
{
u8 *cert;
u8 *key;
+ u32 cert_len;
+ u32 key_len;
u32 index;
} vnet_app_add_cert_key_pair_args_t;
@@ -271,8 +273,6 @@
int vnet_unlisten (vnet_unlisten_args_t * a);
int vnet_disconnect_session (vnet_disconnect_args_t * a);
-clib_error_t *vnet_app_add_tls_cert (vnet_app_add_tls_cert_args_t * a);
-clib_error_t *vnet_app_add_tls_key (vnet_app_add_tls_key_args_t * a);
int vnet_app_add_cert_key_pair (vnet_app_add_cert_key_pair_args_t * a);
int vnet_app_del_cert_key_pair (u32 index);
/** Ask for app cb on pair deletion */
diff --git a/src/vnet/session/session.api b/src/vnet/session/session.api
index 091b876..53e2834 100644
--- a/src/vnet/session/session.api
+++ b/src/vnet/session/session.api
@@ -13,7 +13,7 @@
* limitations under the License.
*/
-option version = "3.2.0";
+option version = "4.0.0";
import "vnet/interface_types.api";
import "vnet/ip/ip_types.api";
@@ -125,6 +125,7 @@
@param cert - certificate as a string
*/
autoreply define application_tls_cert_add {
+ option deprecated="to be removed post 21.06";
u32 client_index;
u32 context;
u32 app_index;
@@ -140,6 +141,7 @@
@param key - PEM encoded key as a string
*/
autoreply define application_tls_key_add {
+ option deprecated="to be removed post 21.06";
u32 client_index;
u32 context;
u32 app_index;
diff --git a/src/vnet/session/session_api.c b/src/vnet/session/session_api.c
index 2073a15..2e215f7 100644
--- a/src/vnet/session/session_api.c
+++ b/src/vnet/session/session_api.c
@@ -49,8 +49,6 @@
_(APP_NAMESPACE_ADD_DEL, app_namespace_add_del) \
_(SESSION_RULE_ADD_DEL, session_rule_add_del) \
_(SESSION_RULES_DUMP, session_rules_dump) \
-_(APPLICATION_TLS_CERT_ADD, application_tls_cert_add) \
-_(APPLICATION_TLS_KEY_ADD, application_tls_key_add) \
_(APP_ADD_CERT_KEY_PAIR, app_add_cert_key_pair) \
_(APP_DEL_CERT_KEY_PAIR, app_del_cert_key_pair) \
_(APP_WORKER_ADD_DEL, app_worker_add_del) \
@@ -1065,13 +1063,11 @@
}
clib_memset (a, 0, sizeof (*a));
- vec_validate (a->cert, cert_len);
- vec_validate (a->key, key_len);
- clib_memcpy_fast (a->cert, mp->certkey, cert_len);
- clib_memcpy_fast (a->key, mp->certkey + cert_len, key_len);
+ a->cert = mp->certkey;
+ a->key = mp->certkey + cert_len;
+ a->cert_len = cert_len;
+ a->key_len = key_len;
rv = vnet_app_add_cert_key_pair (a);
- vec_free (a->cert);
- vec_free (a->key);
done:
/* *INDENT-OFF* */
@@ -1100,73 +1096,6 @@
REPLY_MACRO (VL_API_APP_DEL_CERT_KEY_PAIR_REPLY);
}
-/* ### WILL BE DEPRECATED POST 20.01 ### */
-static void
-vl_api_application_tls_cert_add_t_handler (vl_api_application_tls_cert_add_t *
- mp)
-{
- vl_api_application_tls_cert_add_reply_t *rmp;
- app_cert_key_pair_t *ckpair;
- application_t *app;
- u32 cert_len;
- int rv = 0;
- if (session_main_is_enabled () == 0)
- {
- rv = VNET_API_ERROR_FEATURE_DISABLED;
- goto done;
- }
- if (!(app = application_lookup (mp->client_index)))
- {
- rv = VNET_API_ERROR_APPLICATION_NOT_ATTACHED;
- goto done;
- }
- cert_len = clib_net_to_host_u16 (mp->cert_len);
- if (cert_len > 10000)
- {
- rv = VNET_API_ERROR_INVALID_VALUE;
- goto done;
- }
- ckpair = app_cert_key_pair_get_default ();
- vec_validate (ckpair->cert, cert_len);
- clib_memcpy_fast (ckpair->cert, mp->cert, cert_len);
-
-done:
- REPLY_MACRO (VL_API_APPLICATION_TLS_CERT_ADD_REPLY);
-}
-
-/* ### WILL BE DEPRECATED POST 20.01 ### */
-static void
-vl_api_application_tls_key_add_t_handler (vl_api_application_tls_key_add_t *
- mp)
-{
- vl_api_application_tls_key_add_reply_t *rmp;
- app_cert_key_pair_t *ckpair;
- application_t *app;
- u32 key_len;
- int rv = 0;
- if (session_main_is_enabled () == 0)
- {
- rv = VNET_API_ERROR_FEATURE_DISABLED;
- goto done;
- }
- if (!(app = application_lookup (mp->client_index)))
- {
- rv = VNET_API_ERROR_APPLICATION_NOT_ATTACHED;
- goto done;
- }
- key_len = clib_net_to_host_u16 (mp->key_len);
- if (key_len > 10000)
- {
- rv = VNET_API_ERROR_INVALID_VALUE;
- goto done;
- }
- ckpair = app_cert_key_pair_get_default ();
- vec_validate (ckpair->key, key_len);
- clib_memcpy_fast (ckpair->key, mp->key, key_len);
-done:
- REPLY_MACRO (VL_API_APPLICATION_TLS_KEY_ADD_REPLY);
-}
-
static clib_error_t *
application_reaper_cb (u32 client_index)
{