From nobody Sun Feb 8 22:18:00 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=philmd@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=philmd@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1623860554; cv=none; d=zohomail.com; s=zohoarc; b=MSV7x3eI4L1ZggfPPku1mXNqN9dylbg2W3POIzDTqmT/oKacHHhxFTZ3TNRjscqTCrCLDFQWOZ0v069rWL7vyz/sKvrZLvPFNHVPQibjCIwAGgEdwd8zVqy7m2D+9mYyj+sbcGs1iGDnaLZfCNw1dm8ITBqbMtJcPk6jDEHSytw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1623860554; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=RMxZr8Rcry5WDgOL8lQycwuNpe1OS06Iy/sfLZSVq0s=; b=Prlr4Vso0q3ZgBeFsc0xp0UweGsHVtNCO5tqhcEKMHrzDYr5HLMHFOT/ZK0F5VSJJ1QepgljNvvDPVxTESxL13APhpHq2E8kEGzSwdKFKMNe1qjK4jABcYzNjE+52iSnvWVrW2t9G6Rtn9cnHIcv6l6rjjbUgqDqRVlv9+AXDz0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=philmd@redhat.com; dmarc=pass header.from= (p=none dis=none) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1623860554881553.4046402051868; Wed, 16 Jun 2021 09:22:34 -0700 (PDT) Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com [209.85.221.69]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-199-Ft7m50dzOnqdt0hSeWzdrw-1; Wed, 16 Jun 2021 12:22:32 -0400 Received: by mail-wr1-f69.google.com with SMTP id t10-20020a5d49ca0000b029011a61d5c96bso1497785wrs.11 for ; Wed, 16 Jun 2021 09:22:32 -0700 (PDT) Return-Path: Return-Path: Received: from x1w.. (93.red-83-35-24.dynamicip.rima-tde.net. [83.35.24.93]) by smtp.gmail.com with ESMTPSA id o20sm5470293wms.3.2021.06.16.09.22.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Jun 2021 09:22:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1623860553; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=RMxZr8Rcry5WDgOL8lQycwuNpe1OS06Iy/sfLZSVq0s=; b=jUm/IaBclHwBfARz1VsIbJhmFGhrZR+HdvbNtjzcIUe5KvHWqqsGjvIWZlYer/kWezCfvr NDXHxuUzRmsfMOyw23cK++aLGP5YjIkGM6DmVkbHfc04t1OWrjQzv0KSbB8AFvzqAFLr9T N7z71rOZNsHdJkZBXiIl4JUxSH2bQgg= X-MC-Unique: Ft7m50dzOnqdt0hSeWzdrw-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=RMxZr8Rcry5WDgOL8lQycwuNpe1OS06Iy/sfLZSVq0s=; b=jsXF337iOe6NKFUaFC6gJt7QGujJw7dVcq9TLCm1CN+43ske80p4k2k2BVIepeCFFI /s8zbG32HWA3zXbpmaZals8q18IJvKr+pULBxOjSBVm3bBtVqFpBqDzAfYuKi3XzQBFi Iq8u7MNmblJCwl+Fa5u1aoj6Q1R9yaEBQt3yoYduKRaRO5n2o3PL68H2GlECIa31NqQy VqiJuQy7TI6veQif5QmhNjgwPwpedhJZHiMAthKOd5alSj0qy1aoIzjNwo24RXLrHO29 MYCbfotwElKWLACXi4kTX9rlwx69wgq5Z/1b/2ezHCGjR5vE658UE7pEs1+8IwCGyPgq tXWw== X-Gm-Message-State: AOAM530pWSL13fBx7IW/bLDm6KLoqctyXInso0xvKO9UfoaOwzxk05eL oZbZRmaV+SBZpGmeo3yueUDmVNNCh5q5VHTJsSG9AJudFxFOzUvKNwhu8r7WhgNKy9oQI/dy1eE qqho8jfTCIxeiwA== X-Received: by 2002:a1c:bad6:: with SMTP id k205mr12496222wmf.171.1623860551188; Wed, 16 Jun 2021 09:22:31 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzObt1DCt9M9foiHycfxkymJzjcVhLdybGnUd5eUqWk7jNa+LtDTCRtn49RA2kofMmJfp87kQ== X-Received: by 2002:a1c:bad6:: with SMTP id k205mr12496205wmf.171.1623860551015; Wed, 16 Jun 2021 09:22:31 -0700 (PDT) From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Subject: [PATCH v4 1/7] crypto/tlscreds: Introduce qcrypto_tls_creds_check_endpoint() helper Date: Wed, 16 Jun 2021 18:22:19 +0200 Message-Id: <20210616162225.2517463-2-philmd@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210616162225.2517463-1-philmd@redhat.com> References: <20210616162225.2517463-1-philmd@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Introduce the qcrypto_tls_creds_check_endpoint() helper to access QCryptoTLSCreds internal 'endpoint' field. Signed-off-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: Daniel P. Berrang=C3=A9 Reviewed-by: Richard Henderson --- include/crypto/tlscreds.h | 14 ++++++++++++++ crypto/tlscreds.c | 12 ++++++++++++ 2 files changed, 26 insertions(+) diff --git a/include/crypto/tlscreds.h b/include/crypto/tlscreds.h index d0808e391e9..a14e44fac15 100644 --- a/include/crypto/tlscreds.h +++ b/include/crypto/tlscreds.h @@ -65,5 +65,19 @@ struct QCryptoTLSCredsClass { CryptoTLSCredsReload reload; }; =20 +/** + * qcrypto_tls_creds_check_endpoint: + * @creds: pointer to a TLS credentials object + * @endpoint: type of network endpoint that will be using the credentials + * @errp: pointer to a NULL-initialized error object + * + * Check whether the credentials is setup according to + * the type of @endpoint argument. + * + * Returns true if the credentials is setup for the endpoint, false otherw= ise + */ +bool qcrypto_tls_creds_check_endpoint(QCryptoTLSCreds *creds, + QCryptoTLSCredsEndpoint endpoint, + Error **errp); =20 #endif /* QCRYPTO_TLSCREDS_H */ diff --git a/crypto/tlscreds.c b/crypto/tlscreds.c index b68735f06fe..084ce0d51ae 100644 --- a/crypto/tlscreds.c +++ b/crypto/tlscreds.c @@ -20,6 +20,7 @@ =20 #include "qemu/osdep.h" #include "qapi/error.h" +#include "qapi-types-crypto.h" #include "qemu/module.h" #include "tlscredspriv.h" #include "trace.h" @@ -259,6 +260,17 @@ qcrypto_tls_creds_finalize(Object *obj) g_free(creds->priority); } =20 +bool qcrypto_tls_creds_check_endpoint(QCryptoTLSCreds *creds, + QCryptoTLSCredsEndpoint endpoint, + Error **errp) +{ + if (creds->endpoint !=3D endpoint) { + error_setg(errp, "Expected TLS credentials for a %s endpoint", + QCryptoTLSCredsEndpoint_str(endpoint)); + return false; + } + return true; +} =20 static const TypeInfo qcrypto_tls_creds_info =3D { .parent =3D TYPE_OBJECT, --=20 2.31.1 From nobody Sun Feb 8 22:18:00 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=philmd@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=philmd@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1623860558; cv=none; d=zohomail.com; s=zohoarc; b=jcVQq8kf5ZwIRubHOq7edyMieziYJlik0UVverlNL7xef46kxtc4bZGYFTes4xQS1AGBAh4P63xwIwlg8fCum0cEbkjEd7/lrq2K7TOyWqrxeoLUPQkltpD0FiWXiUQHH/vf+pdHscIl9SGnlYc70oOZOXEqdbbplUWjv3FYn20= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1623860558; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=WUQdFiF4I9usEoqcWuw9jovz2j6QkV4ypfDpy+yQNBk=; b=XsjvRvr7DZNdRpZpwF8FV9ZXjAmLM4LeE1ENI1xkfStjgQ/mR2Wfjr6nJj7FYJULGWo3pTRwToJvovxed7Q/o7YOjuGNP5i+so9pp0Kn+pZ9QiDjMpyjhsbBjxXKLweLovnEJ8JgP5pmgFOfY2FmxzA0r3ZPTVTZe9ZVmk+Zl2E= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=philmd@redhat.com; dmarc=pass header.from= (p=none dis=none) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1623860558560469.08403358625753; Wed, 16 Jun 2021 09:22:38 -0700 (PDT) Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com [209.85.221.72]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-474-nKScMqxaO5mAvXxnPNmq-A-1; Wed, 16 Jun 2021 12:22:36 -0400 Received: by mail-wr1-f72.google.com with SMTP id d9-20020adffbc90000b029011a3b249b10so1503291wrs.3 for ; Wed, 16 Jun 2021 09:22:36 -0700 (PDT) Return-Path: Return-Path: Received: from x1w.. (93.red-83-35-24.dynamicip.rima-tde.net. [83.35.24.93]) by smtp.gmail.com with ESMTPSA id p11sm2597966wrx.85.2021.06.16.09.22.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Jun 2021 09:22:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1623860557; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=WUQdFiF4I9usEoqcWuw9jovz2j6QkV4ypfDpy+yQNBk=; b=N+FHnqhz+dD86n2H7pRHisHXOnGUcKVeKH1xY0gJc2N/nfwvzEnGGRMqfP9tQRrk8dsgt5 jxNrzw6LpMbGVWDlBpcdco0vpbXN46SsBgr4WZjJ+XWFk8iWrPgafgIwQb83ZEWf08hMKO BP9r4ZwTFQhxsmFY1PA2FD65H7e3pFM= X-MC-Unique: nKScMqxaO5mAvXxnPNmq-A-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=WUQdFiF4I9usEoqcWuw9jovz2j6QkV4ypfDpy+yQNBk=; b=r4S04emqCXg8Ex2rftWCzIKQDDNwCHfxLNE/k6yI6jqxnrAkXfa89a5W8cRE/ePFXD w95WOa5WG8784wWDC3KAmTsma1EOFOBSOkfVQY29ryJ2IZQOCjoQQ1EHIjgwpuo54HX1 jZaAQ/manZBlrXH80PA3WnxIlBuzwc66r733WoIsnOk6fZKEdI0O6+pm3nHMH1cycGq7 ff6ya/uVopr5kXsU3YJl4mbdos9z6jLxrSITze4lhSgaNittEuC4uq5JW9URDjA/ccMp 8dZRjGqkBJGxQz6tVRmY4IhChdXeRJyU+YD97cSROj9xGCs/e4MPO9dfyl8BF+hsdOKw v09Q== X-Gm-Message-State: AOAM532AOWun4opLsC4cgk1OyqTElV1NDos3UqouHIYAeyxkwC5GyFom n5q+lmYJ6Pi6hbTl8TJfnNb+DUv+SdEybbk6PySS8mxsj8egl/TdBSt6fiGGbNqSMIve9nvOuqF /JA1YWLnEKRt9og== X-Received: by 2002:adf:a284:: with SMTP id s4mr225635wra.397.1623860555385; Wed, 16 Jun 2021 09:22:35 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzerqdDFU+hrqhimAnDSgDiDsfgbQps0VofL3pbs+7SiCYB6M5sh6Z0xAMETkiwiKp9ceV3bA== X-Received: by 2002:adf:a284:: with SMTP id s4mr225615wra.397.1623860555199; Wed, 16 Jun 2021 09:22:35 -0700 (PDT) From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Subject: [PATCH v4 2/7] block/nbd: Use qcrypto_tls_creds_check_endpoint() Date: Wed, 16 Jun 2021 18:22:20 +0200 Message-Id: <20210616162225.2517463-3-philmd@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210616162225.2517463-1-philmd@redhat.com> References: <20210616162225.2517463-1-philmd@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Avoid accessing QCryptoTLSCreds internals by using the qcrypto_tls_creds_check_endpoint() helper. Signed-off-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: Daniel P. Berrang=C3=A9 Reviewed-by: Richard Henderson --- block/nbd.c | 6 +++--- blockdev-nbd.c | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/block/nbd.c b/block/nbd.c index 616f9ae6c4d..b13a33c3d21 100644 --- a/block/nbd.c +++ b/block/nbd.c @@ -2159,9 +2159,9 @@ static QCryptoTLSCreds *nbd_get_tls_creds(const char = *id, Error **errp) return NULL; } =20 - if (creds->endpoint !=3D QCRYPTO_TLS_CREDS_ENDPOINT_CLIENT) { - error_setg(errp, - "Expecting TLS credentials with a client endpoint"); + if (!qcrypto_tls_creds_check_endpoint(creds, + QCRYPTO_TLS_CREDS_ENDPOINT_CLIEN= T, + errp)) { return NULL; } object_ref(obj); diff --git a/blockdev-nbd.c b/blockdev-nbd.c index b264620b98d..bdfa7ed3a5a 100644 --- a/blockdev-nbd.c +++ b/blockdev-nbd.c @@ -108,9 +108,9 @@ static QCryptoTLSCreds *nbd_get_tls_creds(const char *i= d, Error **errp) return NULL; } =20 - if (creds->endpoint !=3D QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) { - error_setg(errp, - "Expecting TLS credentials with a server endpoint"); + if (!qcrypto_tls_creds_check_endpoint(creds, + QCRYPTO_TLS_CREDS_ENDPOINT_SERVE= R, + errp)) { return NULL; } object_ref(obj); --=20 2.31.1 From nobody Sun Feb 8 22:18:00 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=philmd@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=philmd@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1623860607; cv=none; d=zohomail.com; s=zohoarc; b=iRA+uiUiiHhOABDhNXf1oLM1xzwy1ap1SKB5wB1GptQYPqhpSLCNfRl5YV1hu+JPjkpdOoPwO2s/dPI5IX9w94iV4nDXM4iGWcpvpuroVltqw3MTPEBQejG8uLIe5kntNbGw2uJi56c8MxdimrnUPQAa+hDuLbcKwSFHloT2hr4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1623860607; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=k9Lp1hpOHTUDUkB6RWqmF0u0II8iRadKEZCA3yeM8Ts=; b=JXbSXZ04jP12qh/ohmrxceLBp1zzMqwOnc6yShAwjKCo1rOGpso4+4MGK8eJ+R/nfw7azwCrQFI9whoCg0FwVIGyxnLTr06HnhIakj9gRaEWyIchZ3oyv7z0n1qT6mmqfMUiMP/hRptfUF1Sz5UI83Sme4DImWDNd1RBuSxQ1Qg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=philmd@redhat.com; dmarc=pass header.from= (p=none dis=none) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1623860607725833.1578157707547; Wed, 16 Jun 2021 09:23:27 -0700 (PDT) Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com [209.85.221.70]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-445-4hT9HsUfOd6Oi1X1DIr90A-1; Wed, 16 Jun 2021 12:22:40 -0400 Received: by mail-wr1-f70.google.com with SMTP id q15-20020adfc50f0000b0290111f48b865cso1507561wrf.4 for ; Wed, 16 Jun 2021 09:22:40 -0700 (PDT) Return-Path: Return-Path: Received: from x1w.. (93.red-83-35-24.dynamicip.rima-tde.net. [83.35.24.93]) by smtp.gmail.com with ESMTPSA id v17sm3275382wrp.36.2021.06.16.09.22.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Jun 2021 09:22:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1623860606; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=k9Lp1hpOHTUDUkB6RWqmF0u0II8iRadKEZCA3yeM8Ts=; b=WeSvjPVg1LZffMhP11ZPPgl1gaAuT4O8VmWTkWgqRd/9NilfoEXBfknCNkKlklI8uFLIsm xS6ILIw5AYVK5UB2YLImIx08X7NNWRUrhdNjoSXWJghT5wsHQQKHMulBE3466ihMUpoDK6 /h+Kui8u+v2AioqkiRH1MVq2h1S60AU= X-MC-Unique: 4hT9HsUfOd6Oi1X1DIr90A-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=k9Lp1hpOHTUDUkB6RWqmF0u0II8iRadKEZCA3yeM8Ts=; b=sQEYUPPjHZygER10IcEYmeHYs8vJ1+bOwMSmQ0aKva+VDjkLv3cIBbKTpQ7Cfvg/jn vv4nHUFGo7N1QjLP2NvM6q80QGPWYyFfNWAtGT27rLCy0AQzLX6hdTDZ+q8jh64X3rCb 1lsGHYKmimijjoXdS3sSJPpUReJqQVIFeWvTXUOB6Hagom0KrPu+GH9sYp1UbWn/obL3 COrK9V5WcEYx4U1Iae0N7ZDoOJ8m8ODDId6NMmwvJZLXYB3+vF4g54XrHIH2V+AW6AwL jB1RvYoagj8YDbWUYUPufX7pa9T4n4NL9Sz7hdLPpuiIFGMhFBRSQd9wuJ2Q4MSrYZf/ m7pw== X-Gm-Message-State: AOAM531LmhZIHMNm7DOLplohRgR8eiYsPTSElQjcTc0Ym73p+mNq25gR Ifo4jNox+EdOctwmc4tnE6XDFMDMv3beAZKuLK6uOqWgCcZkZfxZhJ51CHvgqH/ugdma26+tLyY VEEAQk52C8D4nuQ== X-Received: by 2002:a1c:a785:: with SMTP id q127mr779523wme.152.1623860559586; Wed, 16 Jun 2021 09:22:39 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw2q0FNzByA2T8pqjfp3wFtkJ7fe8iaB43Gzj9lUVtPORVbvITlbcidS0lIJEAAHx9Mi1HBxA== X-Received: by 2002:a1c:a785:: with SMTP id q127mr779514wme.152.1623860559436; Wed, 16 Jun 2021 09:22:39 -0700 (PDT) From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Subject: [PATCH v4 3/7] chardev/socket: Use qcrypto_tls_creds_check_endpoint() Date: Wed, 16 Jun 2021 18:22:21 +0200 Message-Id: <20210616162225.2517463-4-philmd@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210616162225.2517463-1-philmd@redhat.com> References: <20210616162225.2517463-1-philmd@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Avoid accessing QCryptoTLSCreds internals by using the qcrypto_tls_creds_check_endpoint() helper. Signed-off-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: Daniel P. Berrang=C3=A9 Reviewed-by: Richard Henderson --- chardev/char-socket.c | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/chardev/char-socket.c b/chardev/char-socket.c index daa89fe5d1d..d0fb5459638 100644 --- a/chardev/char-socket.c +++ b/chardev/char-socket.c @@ -1402,18 +1402,12 @@ static void qmp_chardev_open_socket(Chardev *chr, return; } object_ref(OBJECT(s->tls_creds)); - if (is_listen) { - if (s->tls_creds->endpoint !=3D QCRYPTO_TLS_CREDS_ENDPOINT_SER= VER) { - error_setg(errp, "%s", - "Expected TLS credentials for server endpoint"); - return; - } - } else { - if (s->tls_creds->endpoint !=3D QCRYPTO_TLS_CREDS_ENDPOINT_CLI= ENT) { - error_setg(errp, "%s", - "Expected TLS credentials for client endpoint"); - return; - } + if (!qcrypto_tls_creds_check_endpoint(s->tls_creds, + is_listen + ? QCRYPTO_TLS_CREDS_ENDPOINT_SER= VER + : QCRYPTO_TLS_CREDS_ENDPOINT_CLI= ENT, + errp)) { + return; } } s->tls_authz =3D g_strdup(sock->tls_authz); --=20 2.31.1 From nobody Sun Feb 8 22:18:00 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=philmd@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=philmd@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1623860567; cv=none; d=zohomail.com; s=zohoarc; b=RYB2SXmVls9lO7jkxVzdaesQBb5iR6INBPfNq4LCResB1KJC2AA2I7+djNoxCm8si3evkpGvJoKJUHXBdBMJtD7L+wmUEyLEFyxBpYPYIT4E8tQZ15240HTSo6KpNoGYYRb398/nYs+letg+4sn0eQaxokvadNmJYjgHZNo+bcI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1623860567; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=xExdDe4N+GemsTc4t2mEkAP+Zb7Tj4gyC4bIiLrVVZE=; b=kP1g05vpKz3aX98K5ECUcFubpR60/Zls7XZ4Re/9XXrphm79zz1PWhEk/QgORCvNFzkNBjk9iHnxHxxdvNZgfJA8N6Y4DWG89vc8h8XLwyv1nZ0259sThktbJaw4uDKDob2HGzcuChzh5xlDz9sZlaD7u5mgV0V6Ez1rXk8azSU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=philmd@redhat.com; dmarc=pass header.from= (p=none dis=none) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1623860567028711.645849214058; Wed, 16 Jun 2021 09:22:47 -0700 (PDT) Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com [209.85.221.71]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-145-yjsiqGEqMY2nD55_OSi3fg-1; Wed, 16 Jun 2021 12:22:44 -0400 Received: by mail-wr1-f71.google.com with SMTP id s8-20020adff8080000b0290114e1eeb8c6so1482839wrp.23 for ; Wed, 16 Jun 2021 09:22:44 -0700 (PDT) Return-Path: Return-Path: Received: from x1w.. (93.red-83-35-24.dynamicip.rima-tde.net. [83.35.24.93]) by smtp.gmail.com with ESMTPSA id z17sm2645973wrt.60.2021.06.16.09.22.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Jun 2021 09:22:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1623860566; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=xExdDe4N+GemsTc4t2mEkAP+Zb7Tj4gyC4bIiLrVVZE=; b=P/gA7FaS+IDhv4AbbgRrkceU0efra7cMYOCMa530OP2DUW0BY47jzqpgzi9Ub+0abwE194 t3YMH4GqPauRTgLFO1J5IFIt7UMmOe74cED1oq3P8lCuiqackSMuWdprNgYRKE0z34KMoX QT+/THkF5UwFXliFbCchi6Kw5CL6Av8= X-MC-Unique: yjsiqGEqMY2nD55_OSi3fg-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=xExdDe4N+GemsTc4t2mEkAP+Zb7Tj4gyC4bIiLrVVZE=; b=FB1X30uX8M56lkftHKABZJscFw6hxNTL+f0hvis2v5leRycAsg1yfeMzuji2OlXN7Z OeDiS4VMFzR7EXBIeRQ1A87Sw5GNpZxJ4sjBAaWbsYdQP3W/OUEyzUeV9GEz+eYM4VUz 9yxF8uY371vsVxAU66rT0pHhbeExUk+ZlQhQBWdfd13cXqSMkZQ50Dll9/ra624oUNpB 91DPugz2AR5MWmxvtraTpyj5C2EG4fobCw6BOmP0h+27UsyZJtD4tc5/yg74hwoAng9C 9SldewxFKwMPArlj2ibSAt3rGP2iYJwYZlG4nAyj50CEukSN9cBL5IrTTAPNuW1xz5Z4 F0jw== X-Gm-Message-State: AOAM532IjViubHhTviDl9DzVM4HtcLbw49ddCJJpXd9GRoYqbZo5A4cs 2SdS0I8qz85AougNEiK145Gh5BdNOjKGdriSzxxFJHPmHquJc0nlTOFGd9v8O2WIQK1Uh60LWYB M/xnI0NPouutikw== X-Received: by 2002:adf:9084:: with SMTP id i4mr264045wri.23.1623860563690; Wed, 16 Jun 2021 09:22:43 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz4FWPI4rSW/7Fl3ABL8A5d3xEHe8JRbTVo85W7RW+Y/dZfWooCgU7n+1cEjvpIFpBs33cQ2Q== X-Received: by 2002:adf:9084:: with SMTP id i4mr264029wri.23.1623860563529; Wed, 16 Jun 2021 09:22:43 -0700 (PDT) From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Subject: [PATCH v4 4/7] migration/tls: Use qcrypto_tls_creds_check_endpoint() Date: Wed, 16 Jun 2021 18:22:22 +0200 Message-Id: <20210616162225.2517463-5-philmd@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210616162225.2517463-1-philmd@redhat.com> References: <20210616162225.2517463-1-philmd@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Avoid accessing QCryptoTLSCreds internals by using the qcrypto_tls_creds_check_endpoint() helper. Signed-off-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: Daniel P. Berrang=C3=A9 Reviewed-by: Richard Henderson --- migration/tls.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/migration/tls.c b/migration/tls.c index abb149d8325..ca1ea3bbdd4 100644 --- a/migration/tls.c +++ b/migration/tls.c @@ -49,11 +49,7 @@ migration_tls_get_creds(MigrationState *s, s->parameters.tls_creds); return NULL; } - if (ret->endpoint !=3D endpoint) { - error_setg(errp, - "Expected TLS credentials for a %s endpoint", - endpoint =3D=3D QCRYPTO_TLS_CREDS_ENDPOINT_CLIENT ? - "client" : "server"); + if (!qcrypto_tls_creds_check_endpoint(ret, endpoint, errp)) { return NULL; } =20 --=20 2.31.1 From nobody Sun Feb 8 22:18:00 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=philmd@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=philmd@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1623860571; cv=none; d=zohomail.com; s=zohoarc; b=hk+zAuF9ygaOATzAUzS/EcHECd20Ns7AdXUNctMWDKZVm9YquGdb1Y6wVCTClDsw9o3PSHVxNuvvSXGVv8cRi7d4eoIwSOx8ul+hKpj1zZ3Abii9v7KE7eTRG0JTqxGgFWnxHWF+OKGAQnYrpEgcg1KJaFqwT82+DbYXOXaVJA0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1623860571; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=IQ+2M3Z1Th/Ec7i/HdYyIDKbmYICi5tPJM7BdnimDks=; b=CGrGWPLNVkNYei6KOvMFzfVTIhl0ssG70rbQcqpAXVzqpQWtG8BvbQCHgiOjjvtNVVvYvyzJWUcQ+2yguqY8jmypNJliZjgox3jz2zJKCDl5DnCpQxBuX3ogZ/K19kVqiSm2ZbsJeSXi1QOh0W93PqvateBMHnB1LQrYlWJ42hk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=philmd@redhat.com; dmarc=pass header.from= (p=none dis=none) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1623860571484494.54135614246866; Wed, 16 Jun 2021 09:22:51 -0700 (PDT) Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com [209.85.221.72]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-438-Um-WSw4MOimpfY8lVBj6cA-1; Wed, 16 Jun 2021 12:22:49 -0400 Received: by mail-wr1-f72.google.com with SMTP id z4-20020adfe5440000b0290114f89c9931so1485059wrm.17 for ; Wed, 16 Jun 2021 09:22:48 -0700 (PDT) Return-Path: Return-Path: Received: from x1w.. (93.red-83-35-24.dynamicip.rima-tde.net. [83.35.24.93]) by smtp.gmail.com with ESMTPSA id w8sm2829292wre.70.2021.06.16.09.22.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Jun 2021 09:22:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1623860570; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=IQ+2M3Z1Th/Ec7i/HdYyIDKbmYICi5tPJM7BdnimDks=; b=Xbh8ypVzRM+IGY40VC8PDvbQ7CFwJYGHdHyXVog/ycKpWzS18xUK27KCfb0Vwjb2KH/I// fMZGQnI70L9gydLWETbbsJkR0Elx6bLN6YV6pCFvsYBmsweO2ZaF46/Jtku7zrii8NxFpO fwYzlETcp91dCNONwSL/RwpIRZ8Y80o= X-MC-Unique: Um-WSw4MOimpfY8lVBj6cA-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=IQ+2M3Z1Th/Ec7i/HdYyIDKbmYICi5tPJM7BdnimDks=; b=ffS2e1qoOLR7/zpdvofinZTrlJ3N6S8x9oq6gmxklYjVIpJk1bBXUyv8Gw4d8HjqsB n0546IptrRA73CbtTXdXIdk6VXWwbROUh7td2Jsv0vwF/W6GVVsbbmz+iOx59JJR6V8d xLVZZuDVsc4dYiJ4a709CMnuU1L5K8KxMuK/h7uWkH7drDu65gyaIsNjxbFKQ+BaZoYK CHAnycZ+qZYnFHgvHDNgbsUl5roksZyQ5NEFixuzB3rxSpX35MLW2b6G3RAIb5qO19QB DjzfQmgniuL/9D0qwv6IFtFpGs8UBfG2os3YO2qCqSiX/T4ptXSLl4JaAZzpQFldXU+s 4nWA== X-Gm-Message-State: AOAM532coA+vNOuSAFHInCuMb0YSwFfUn6tqgf9umekyCQgGvWDVIB5M gJjKsBM8W1znUZ8w6DaB6HXA+15o6jfJ6TP+uoKp7M9FCfFZBH/qV3HLgNBjLjGrIY2A1544De7 OoKGCMvc+GfEygQ== X-Received: by 2002:a1c:7210:: with SMTP id n16mr11912085wmc.75.1623860568026; Wed, 16 Jun 2021 09:22:48 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyMaZiq/ObnBOCKWpuK/AJV8Y1V+dp7UYZKVzWUM5D9TQdZXCVM/nmylcAX4JIhWohomBRgtA== X-Received: by 2002:a1c:7210:: with SMTP id n16mr11912068wmc.75.1623860567839; Wed, 16 Jun 2021 09:22:47 -0700 (PDT) From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Subject: [PATCH v4 5/7] crypto/tlssession: Introduce qcrypto_tls_creds_check_endpoint() helper Date: Wed, 16 Jun 2021 18:22:23 +0200 Message-Id: <20210616162225.2517463-6-philmd@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210616162225.2517463-1-philmd@redhat.com> References: <20210616162225.2517463-1-philmd@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Introduce the qcrypto_tls_creds_check_endpoint() helper to avoid accessing QCryptoTLSCreds internal 'endpoint' field directly. Signed-off-by: Philippe Mathieu-Daud=C3=A9 --- include/crypto/tlssession.h | 15 +++++++++++++++ crypto/tlssession.c | 7 +++++++ 2 files changed, 22 insertions(+) diff --git a/include/crypto/tlssession.h b/include/crypto/tlssession.h index 15b9cef086c..2fb0bb02d9f 100644 --- a/include/crypto/tlssession.h +++ b/include/crypto/tlssession.h @@ -162,6 +162,21 @@ void qcrypto_tls_session_free(QCryptoTLSSession *sess); =20 G_DEFINE_AUTOPTR_CLEANUP_FUNC(QCryptoTLSSession, qcrypto_tls_session_free) =20 +/** + * qcrypto_tls_session_check_role: + * @creds: pointer to a TLS credentials object + * @endpoint: role of the TLS session, client or server + * @errp: pointer to a NULL-initialized error object + * + * Check whether the session object operates according to + * the role of the @endpoint argument. + * + * Returns true if the session is setup for the endpoint role, false other= wise + */ +bool qcrypto_tls_session_check_role(QCryptoTLSCreds *creds, + QCryptoTLSCredsEndpoint endpoint, + Error **errp); + /** * qcrypto_tls_session_check_credentials: * @sess: the TLS session object diff --git a/crypto/tlssession.c b/crypto/tlssession.c index 33203e8ca71..4e614b73a28 100644 --- a/crypto/tlssession.c +++ b/crypto/tlssession.c @@ -640,3 +640,10 @@ qcrypto_tls_session_get_peer_name(QCryptoTLSSession *s= ess) } =20 #endif + +bool qcrypto_tls_session_check_role(QCryptoTLSCreds *creds, + QCryptoTLSCredsEndpoint endpoint, + Error **errp) +{ + return qcrypto_tls_creds_check_endpoint(creds, endpoint, errp); +} --=20 2.31.1 From nobody Sun Feb 8 22:18:00 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=philmd@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=philmd@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1623860576; cv=none; d=zohomail.com; s=zohoarc; b=WVppOhYrFUDTT8QFL4pm3wKC4Vp4pxfpLzZpkhhkqXV/ROpoyfcppLqhXFS6jN4QbjrYFzcd5CWa6JA1k+CFPneEcCwdQJ/M+VokinjJZj0lE/RDiqkOryBVaJkpwkW2s2xqW6rP8VMAnETe2nn6oMk25KXAN+KiFx9zqXXNgAM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1623860576; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=4C/sIPJIJ9x04mkRkFeW0rAiiCZBP7NEySvc0zgDkpg=; b=XPpR/zDX1dRCB9xDOVyozOJG+Hlgg/9NWwItSmrqUXNiO7txjcHI3Gthf5LUMlZX7WXwpGBgTECRbCBuC4w+wbqUnu4pZtmOsIXmwbaLDxEn+3BLg2OMzS+oarpOjEbKOA0ndcPbFPwiRttVYpqYHDqyX+qT9+zICtnCIrZLJAo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=philmd@redhat.com; dmarc=pass header.from= (p=none dis=none) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1623860576451691.2927337868454; Wed, 16 Jun 2021 09:22:56 -0700 (PDT) Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com [209.85.221.72]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-347-u6rQn3jwOxKTHBrKvtpV1g-1; Wed, 16 Jun 2021 12:22:53 -0400 Received: by mail-wr1-f72.google.com with SMTP id s8-20020adff8080000b0290114e1eeb8c6so1483023wrp.23 for ; Wed, 16 Jun 2021 09:22:53 -0700 (PDT) Return-Path: Return-Path: Received: from x1w.. (93.red-83-35-24.dynamicip.rima-tde.net. [83.35.24.93]) by smtp.gmail.com with ESMTPSA id s7sm2487468wru.67.2021.06.16.09.22.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Jun 2021 09:22:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1623860574; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=4C/sIPJIJ9x04mkRkFeW0rAiiCZBP7NEySvc0zgDkpg=; b=DPTNHg2/obeaaLStfYEP1I6TC3NQddgg1yfGWsOZ2RmG5K3ZClm5qZWeCM4beiYYUpYub/ DWAi53dp8gtKZSUasyhOkZsm5kLvghTXhV1k0xiizzoNk/CrNPZ4Y6Jg0TJchLQqYe5fLw Oql9kY4KOi9LTKcEeCJkSVR7doxLZ88= X-MC-Unique: u6rQn3jwOxKTHBrKvtpV1g-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=4C/sIPJIJ9x04mkRkFeW0rAiiCZBP7NEySvc0zgDkpg=; b=dXt0GXDuc+MivmGxZF5+wbyla9Bd5dq5sJfBx+gca9QbYGRqJAGgJM6v9BMTVQUHXA bMJjkw7q2G4QJBVY2VQZnJyXRsBE7PdNcrdTeZXiEZMQMp4XOMXb5tf4kfqeFJKGUro6 BotFNZOvnD0BYatq3JMZJceH+aXPsVucVf3rRXcy+vr+z4GQRVdyhX9PoV7GD9f2Ki5p I3NTg1DfXdxbTZotF0Evequ8bvMFo7lAMEM/BxzDf/wI3EhVtpH0ZkxvDHrP7+G9OkyZ VFzmtg27MFp4sWsA+xPvUnx6LANVWT6BxiNSW1T4NJM9REVyo6gjRpenP1ICixVrqGKM oQzw== X-Gm-Message-State: AOAM531ndBC0uiqcoDJeQaAcgfQ87tAknvWH58Ro7wz1eVLnCjx3UAy1 mM8ncx1yuyF6Unjuc4ESWLbpcX7nTIGugrEQIpuDib8OmugNgvW/5FXipaO6tQqJ6AUGzm/eRGi kOqcmdudzhp+Iig== X-Received: by 2002:a5d:4291:: with SMTP id k17mr318612wrq.40.1623860572377; Wed, 16 Jun 2021 09:22:52 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyAamDTN9kWttapdnDQOX34c8MVdT1YlKYD3s8JWP5qlCI7qF1YLTNBTzWLSCps8TQNrMir4A== X-Received: by 2002:a5d:4291:: with SMTP id k17mr318596wrq.40.1623860572254; Wed, 16 Jun 2021 09:22:52 -0700 (PDT) From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Subject: [PATCH v4 6/7] ui/vnc: Use qcrypto_tls_session_check_role() Date: Wed, 16 Jun 2021 18:22:24 +0200 Message-Id: <20210616162225.2517463-7-philmd@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210616162225.2517463-1-philmd@redhat.com> References: <20210616162225.2517463-1-philmd@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Avoid accessing QCryptoTLSCreds internals by using the qcrypto_tls_session_check_role() helper. Signed-off-by: Philippe Mathieu-Daud=C3=A9 --- ui/vnc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ui/vnc.c b/ui/vnc.c index b3d4d7b9a5f..c7c8454b873 100644 --- a/ui/vnc.c +++ b/ui/vnc.c @@ -4080,9 +4080,9 @@ void vnc_display_open(const char *id, Error **errp) } object_ref(OBJECT(vd->tlscreds)); =20 - if (vd->tlscreds->endpoint !=3D QCRYPTO_TLS_CREDS_ENDPOINT_SERVER)= { - error_setg(errp, - "Expecting TLS credentials with a server endpoint"); + if (!qcrypto_tls_session_check_role(vd->tlscreds, + QCRYPTO_TLS_CREDS_ENDPOINT_SER= VER, + errp)) { goto fail; } } --=20 2.31.1 From nobody Sun Feb 8 22:18:00 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=philmd@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=philmd@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1623860582; cv=none; d=zohomail.com; s=zohoarc; b=blktMSlWtxkc7eSf0EzmJ6nGcnnx5X6+vKORtIopKRHjnN3AO1kZnrCzGQXA0xvVnovFYcSjXvKz1HhJXCZTAGYqOqGHE0MRES/ylh5zPZmBellnRcNETjay7CqfNWteu1P/25GZTX1ZDVkMgq7dM5sr9O7LroBzM10yEaQqv98= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1623860582; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=+TBFCsRHnPy3QekBc4UhWQQnO0xBynFqdBEjcvlX/yM=; b=Bxqwb/6cTnbVZ+pAqHgxpjgq/FZCK0axfB47OFZ8S1IWIu7ZW/sSxT1orbwTJaVtShHvfkvfpC4P86BrHeRx55zJgRBRuT55TxvY/BgWoxz0tqCErLgxIXX71HR7ZmjzrR+5EQjTdx4pWekpP5STEl6XBJpjGbx+QNJ1a4Stj4I= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=philmd@redhat.com; dmarc=pass header.from= (p=none dis=none) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1623860582047551.1275311059749; Wed, 16 Jun 2021 09:23:02 -0700 (PDT) Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com [209.85.221.72]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-505-R3tuniOKOQa9FfWl30dioQ-1; Wed, 16 Jun 2021 12:22:58 -0400 Received: by mail-wr1-f72.google.com with SMTP id h10-20020a5d688a0000b0290119c2ce2499so1475637wru.19 for ; Wed, 16 Jun 2021 09:22:58 -0700 (PDT) Return-Path: Return-Path: Received: from x1w.. (93.red-83-35-24.dynamicip.rima-tde.net. [83.35.24.93]) by smtp.gmail.com with ESMTPSA id o11sm2239478wmq.1.2021.06.16.09.22.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Jun 2021 09:22:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1623860581; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+TBFCsRHnPy3QekBc4UhWQQnO0xBynFqdBEjcvlX/yM=; b=TItIXoLvbbbz08JIQhOnbQRGFG+EGatsqDBA7DxazYKZHsnY1rdBV2q6KcDXwNTynOjqle tRcIQjf/L6Ox/OhNrlU1U6C+KPoBt9sxh9veW5JaUbPvmqRAn4+C07PBskm5tWm/CfEVFx HYnAFYu88A7XChy4vMJHW7pEh4ci/SQ= X-MC-Unique: R3tuniOKOQa9FfWl30dioQ-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=+TBFCsRHnPy3QekBc4UhWQQnO0xBynFqdBEjcvlX/yM=; b=TPgnalzT0fzB7Q8TO4qBB3KpuC639o3s05R8KYajsmxkI6D1osr1qLt4aAexhjxVc9 lbK8ohW76/vYEMhdmwSsYvvWMWxY7PI2Fc1U2bbTMUDwwDiRk9t1ezdZFu3dkUsf1MNv mG6x1r0rvu/u//QnNc+w0/tYOpLbejMon8lN4klwlG/Es8TPkxGOb7nmVxM0dAvQupvo 2FoEXYIWIDrnyCCr8NUClHJQWF/94PcIbXTNTRfFjGmIcRoM+ZkwBR04s7fqlA2zu7lG dpK8kgiP1CLwJRDCkkNPxGnEQWAlGt47wJ9RDquhfrkAzBNGT0VRgDzIkCcbrts/+nAy qS6g== X-Gm-Message-State: AOAM533cz4FvkMwd1MCudP64CI9jss18j1VtuQxEzxH6h7ezV5l1AzF6 vy5SDseZva900oM9ikE4U9ES0QJBifos9aDXEosce6Qi99oK2oG7MW2TjR9d8JB+s2F8EAoeLbq McvnOVrhtIsOhIQ== X-Received: by 2002:adf:8b4d:: with SMTP id v13mr240853wra.223.1623860576736; Wed, 16 Jun 2021 09:22:56 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy9F7yzGebPj8gjU+MprhpXP98Yri6oymt5PmQrvnuhyDM7bq5olXLPVthCCReFyTtk6TvhDw== X-Received: by 2002:adf:8b4d:: with SMTP id v13mr240834wra.223.1623860576544; Wed, 16 Jun 2021 09:22:56 -0700 (PDT) From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Stefan Weil Subject: [PATCH v4 7/7] crypto: Make QCryptoTLSCreds* structures private Date: Wed, 16 Jun 2021 18:22:25 +0200 Message-Id: <20210616162225.2517463-8-philmd@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210616162225.2517463-1-philmd@redhat.com> References: <20210616162225.2517463-1-philmd@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Code consuming the "crypto/tlscreds*.h" APIs doesn't need to access its internals. Move the structure definitions to the "tlscredspriv.h" private header (only accessible by implementations). The public headers (in include/) still forward-declare the structures typedef. This solves a bug introduced by commit 7de2e856533 which made migration/qemu-file-channel.c include "io/channel-tls.h", itself sometime depends on GNUTLS, leading to build failure on OSX: [2/35] Compiling C object libmigration.fa.p/migration_qemu-file-channel.c= .o FAILED: libmigration.fa.p/migration_qemu-file-channel.c.o cc -Ilibmigration.fa.p -I. -I.. -Iqapi [ ... ] -o libmigration.fa.p/migra= tion_qemu-file-channel.c.o -c ../migration/qemu-file-channel.c In file included from ../migration/qemu-file-channel.c:29: In file included from include/io/channel-tls.h:26: In file included from include/crypto/tlssession.h:24: include/crypto/tlscreds.h:28:10: fatal error: 'gnutls/gnutls.h' file not = found #include ^~~~~~~~~~~~~~~~~ 1 error generated. Reported-by: Stefan Weil Suggested-by: Daniel P. Berrang=C3=A9 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/407 Fixes: 7de2e856533 ("yank: Unregister function when using TLS migration") Signed-off-by: Philippe Mathieu-Daud=C3=A9 --- crypto/tlscredspriv.h | 45 ++++++++++++++++++++++++++++++ include/crypto/tls-cipher-suites.h | 6 ---- include/crypto/tlscreds.h | 16 ----------- include/crypto/tlscredsanon.h | 12 -------- include/crypto/tlscredspsk.h | 12 -------- include/crypto/tlscredsx509.h | 10 ------- crypto/tls-cipher-suites.c | 7 +++++ crypto/tlscredsanon.c | 2 ++ crypto/tlscredspsk.c | 2 ++ crypto/tlscredsx509.c | 1 + crypto/tlssession.c | 1 + 11 files changed, 58 insertions(+), 56 deletions(-) diff --git a/crypto/tlscredspriv.h b/crypto/tlscredspriv.h index 39f1a91c413..df9815a2863 100644 --- a/crypto/tlscredspriv.h +++ b/crypto/tlscredspriv.h @@ -23,6 +23,51 @@ =20 #include "crypto/tlscreds.h" =20 +#ifdef CONFIG_GNUTLS +#include +#endif + +struct QCryptoTLSCreds { + Object parent_obj; + char *dir; + QCryptoTLSCredsEndpoint endpoint; +#ifdef CONFIG_GNUTLS + gnutls_dh_params_t dh_params; +#endif + bool verifyPeer; + char *priority; +}; + +struct QCryptoTLSCredsAnon { + QCryptoTLSCreds parent_obj; +#ifdef CONFIG_GNUTLS + union { + gnutls_anon_server_credentials_t server; + gnutls_anon_client_credentials_t client; + } data; +#endif +}; + +struct QCryptoTLSCredsPSK { + QCryptoTLSCreds parent_obj; + char *username; +#ifdef CONFIG_GNUTLS + union { + gnutls_psk_server_credentials_t server; + gnutls_psk_client_credentials_t client; + } data; +#endif +}; + +struct QCryptoTLSCredsX509 { + QCryptoTLSCreds parent_obj; +#ifdef CONFIG_GNUTLS + gnutls_certificate_credentials_t data; +#endif + bool sanityCheck; + char *passwordid; +}; + #ifdef CONFIG_GNUTLS =20 int qcrypto_tls_creds_get_path(QCryptoTLSCreds *creds, diff --git a/include/crypto/tls-cipher-suites.h b/include/crypto/tls-cipher= -suites.h index bb9ee53e03a..7eb1b76122d 100644 --- a/include/crypto/tls-cipher-suites.h +++ b/include/crypto/tls-cipher-suites.h @@ -19,12 +19,6 @@ typedef struct QCryptoTLSCipherSuites QCryptoTLSCipherSu= ites; DECLARE_INSTANCE_CHECKER(QCryptoTLSCipherSuites, QCRYPTO_TLS_CIPHER_SUITES, TYPE_QCRYPTO_TLS_CIPHER_SUITES) =20 -struct QCryptoTLSCipherSuites { - /* */ - QCryptoTLSCreds parent_obj; - /* */ -}; - /** * qcrypto_tls_cipher_suites_get_data: * @obj: pointer to a TLS cipher suites object diff --git a/include/crypto/tlscreds.h b/include/crypto/tlscreds.h index a14e44fac15..2a8a8570109 100644 --- a/include/crypto/tlscreds.h +++ b/include/crypto/tlscreds.h @@ -24,10 +24,6 @@ #include "qapi/qapi-types-crypto.h" #include "qom/object.h" =20 -#ifdef CONFIG_GNUTLS -#include -#endif - #define TYPE_QCRYPTO_TLS_CREDS "tls-creds" typedef struct QCryptoTLSCreds QCryptoTLSCreds; typedef struct QCryptoTLSCredsClass QCryptoTLSCredsClass; @@ -48,18 +44,6 @@ typedef bool (*CryptoTLSCredsReload)(QCryptoTLSCreds *, = Error **); * certificate credentials. */ =20 -struct QCryptoTLSCreds { - Object parent_obj; - char *dir; - QCryptoTLSCredsEndpoint endpoint; -#ifdef CONFIG_GNUTLS - gnutls_dh_params_t dh_params; -#endif - bool verifyPeer; - char *priority; -}; - - struct QCryptoTLSCredsClass { ObjectClass parent_class; CryptoTLSCredsReload reload; diff --git a/include/crypto/tlscredsanon.h b/include/crypto/tlscredsanon.h index 3f464a38095..bd3023f9ea7 100644 --- a/include/crypto/tlscredsanon.h +++ b/include/crypto/tlscredsanon.h @@ -92,18 +92,6 @@ typedef struct QCryptoTLSCredsAnonClass QCryptoTLSCredsA= nonClass; * */ =20 - -struct QCryptoTLSCredsAnon { - QCryptoTLSCreds parent_obj; -#ifdef CONFIG_GNUTLS - union { - gnutls_anon_server_credentials_t server; - gnutls_anon_client_credentials_t client; - } data; -#endif -}; - - struct QCryptoTLSCredsAnonClass { QCryptoTLSCredsClass parent_class; }; diff --git a/include/crypto/tlscredspsk.h b/include/crypto/tlscredspsk.h index d7e6bdb5edf..bcd07dc4f62 100644 --- a/include/crypto/tlscredspsk.h +++ b/include/crypto/tlscredspsk.h @@ -87,18 +87,6 @@ typedef struct QCryptoTLSCredsPSKClass QCryptoTLSCredsPS= KClass; * The PSK file can be created and managed using psktool. */ =20 -struct QCryptoTLSCredsPSK { - QCryptoTLSCreds parent_obj; - char *username; -#ifdef CONFIG_GNUTLS - union { - gnutls_psk_server_credentials_t server; - gnutls_psk_client_credentials_t client; - } data; -#endif -}; - - struct QCryptoTLSCredsPSKClass { QCryptoTLSCredsClass parent_class; }; diff --git a/include/crypto/tlscredsx509.h b/include/crypto/tlscredsx509.h index c6d89b78819..c4daba21a6b 100644 --- a/include/crypto/tlscredsx509.h +++ b/include/crypto/tlscredsx509.h @@ -96,16 +96,6 @@ typedef struct QCryptoTLSCredsX509Class QCryptoTLSCredsX= 509Class; * */ =20 -struct QCryptoTLSCredsX509 { - QCryptoTLSCreds parent_obj; -#ifdef CONFIG_GNUTLS - gnutls_certificate_credentials_t data; -#endif - bool sanityCheck; - char *passwordid; -}; - - struct QCryptoTLSCredsX509Class { QCryptoTLSCredsClass parent_class; }; diff --git a/crypto/tls-cipher-suites.c b/crypto/tls-cipher-suites.c index 55fb5f7c19d..5e4f5974645 100644 --- a/crypto/tls-cipher-suites.c +++ b/crypto/tls-cipher-suites.c @@ -14,8 +14,15 @@ #include "crypto/tlscreds.h" #include "crypto/tls-cipher-suites.h" #include "hw/nvram/fw_cfg.h" +#include "tlscredspriv.h" #include "trace.h" =20 +struct QCryptoTLSCipherSuites { + /* */ + QCryptoTLSCreds parent_obj; + /* */ +}; + /* * IANA registered TLS ciphers: * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tl= s-parameters-4 diff --git a/crypto/tlscredsanon.c b/crypto/tlscredsanon.c index bea5f76c55d..6fb83639ecd 100644 --- a/crypto/tlscredsanon.c +++ b/crypto/tlscredsanon.c @@ -29,6 +29,8 @@ =20 #ifdef CONFIG_GNUTLS =20 +#include + =20 static int qcrypto_tls_creds_anon_load(QCryptoTLSCredsAnon *creds, diff --git a/crypto/tlscredspsk.c b/crypto/tlscredspsk.c index f5a31108d15..752f2d92bee 100644 --- a/crypto/tlscredspsk.c +++ b/crypto/tlscredspsk.c @@ -29,6 +29,8 @@ =20 #ifdef CONFIG_GNUTLS =20 +#include + static int lookup_key(const char *pskfile, const char *username, gnutls_datum_t *key, Error **errp) diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c index d9d6f4421e5..32948a6bdc4 100644 --- a/crypto/tlscredsx509.c +++ b/crypto/tlscredsx509.c @@ -30,6 +30,7 @@ =20 #ifdef CONFIG_GNUTLS =20 +#include #include =20 =20 diff --git a/crypto/tlssession.c b/crypto/tlssession.c index 4e614b73a28..e5d5675ef30 100644 --- a/crypto/tlssession.c +++ b/crypto/tlssession.c @@ -25,6 +25,7 @@ #include "crypto/tlscredsx509.h" #include "qapi/error.h" #include "authz/base.h" +#include "tlscredspriv.h" #include "trace.h" =20 #ifdef CONFIG_GNUTLS --=20 2.31.1