From nobody Sat Apr 27 21:33:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=philmd@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=philmd@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1623932319; cv=none; d=zohomail.com; s=zohoarc; b=ZaNp12eNIjuh51QUF8cWGVSbOhSW+QHr4tuwo/kkkdGlON032xnkkNRHQ5doRePkOHmhz7QBzOdlVLSxQ26/CdzEumL9F4b5qNI1JvWCYb8XnK0/VTt/gs3Jo71q4HVjHUjY7EYd4Zf6zUm30DXDUA/aNS62KUiDn2MFYo6mmGo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1623932319; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=u0szslgGWkXREoQifXmaYK6z/LFg8qkIY67jvHG2HCU=; b=mOXu6SIkruS2T8Bre2wPONihBbkl657aWZFfkzqkfh8NiftHluueiSe4RZ8u5/9v7YtpwPIsy0B7DIbjmjxXYUDF/CIZHIH9e+5wb6ryAidApz1t5YNKeVnm3BbBiIr40SiRTGsTabyo7o404buB9lyFkBA8fr6GaMhyK2k8LUc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=philmd@redhat.com; dmarc=pass header.from= (p=none dis=none) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1623932319658749.980704215726; Thu, 17 Jun 2021 05:18:39 -0700 (PDT) Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-287-gbWnwU-qNM2eIjITgd51cA-1; Thu, 17 Jun 2021 08:18:37 -0400 Received: by mail-wm1-f70.google.com with SMTP id u17-20020a05600c19d1b02901af4c4deac5so2099797wmq.7 for ; Thu, 17 Jun 2021 05:18:37 -0700 (PDT) Return-Path: Return-Path: Received: from x1w.. (93.red-83-35-24.dynamicip.rima-tde.net. [83.35.24.93]) by smtp.gmail.com with ESMTPSA id i9sm2147102wrn.13.2021.06.17.05.18.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 17 Jun 2021 05:18:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1623932318; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=u0szslgGWkXREoQifXmaYK6z/LFg8qkIY67jvHG2HCU=; b=EYSxSq04hgWaB1AdQYOTcBKub4T9GM2R8owPsmqZt/IChWzB3rVE89d2cvzpRA8GzJvadh 43rJfQuHGiPGu2VRV0Ezp+XnCt3s65k0RjklIt0lHFvh3xNP/gP9hjUlxBAGlVaCnjvWnG Xcg6097HM04mf0zS6zz3zvWNepVhU80= X-MC-Unique: gbWnwU-qNM2eIjITgd51cA-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=u0szslgGWkXREoQifXmaYK6z/LFg8qkIY67jvHG2HCU=; b=p3WFtFQk4TB0Vu71dHqk/RFPOOyB61jArO7yPryt7U4e4C0ksANtm2dixtNxSfEtXS AYdhwUOCdElPr6Ewx4zf+x4kpzy0SoPheBTOIyBS/BZ3pNPfJbAKsSQjGzyRr11fhugu WBPD0RN0WjiJL06IBCiyrkWmjwIkpHxQbrB40CjDToFO53602CdIp0CtKj0Nz2/3z9u8 N1UNzQ/Cc8QjIETizl4sy7Mhff4n680Iekqw2znh2Dd+qcAznKpkJ920ekYuY2012qQi ALPbs+1unr5ra1UkU2n0SC1TfJeebQPcJGATaJLWvYMJy3ePobLsUfTbG7mzXI13tDx1 c9QA== X-Gm-Message-State: AOAM5313CcplKT9QCpUIs7LYSUs1kJIqVAo2NNVrvWUIwOrqK0Slxlc5 ArTEemx/UzEVGnstRSOgjc0uqhvD54CbZ/W35FA/4HIrbhVARCwphpmM3skBteqxXe7EmeC4nqK XBvZu6mGbkxXJ0g== X-Received: by 2002:a05:6000:184a:: with SMTP id c10mr5232351wri.232.1623932316558; Thu, 17 Jun 2021 05:18:36 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxN5acs7AP9wz1+J7adMWiUM5Q9XoruQoYp5RfMBAEDeWD6w1lwNkEbjk7KsTU6dxEDe0/ysw== X-Received: by 2002:a05:6000:184a:: with SMTP id c10mr5232333wri.232.1623932316390; Thu, 17 Jun 2021 05:18:36 -0700 (PDT) From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Richard Henderson , =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= Subject: [PATCH v5 1/6] crypto/tlscreds: Introduce qcrypto_tls_creds_check_endpoint() helper Date: Thu, 17 Jun 2021 14:18:25 +0200 Message-Id: <20210617121830.2776182-2-philmd@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210617121830.2776182-1-philmd@redhat.com> References: <20210617121830.2776182-1-philmd@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Introduce the qcrypto_tls_creds_check_endpoint() helper to access QCryptoTLSCreds internal 'endpoint' field. Reviewed-by: Richard Henderson Reviewed-by: Daniel P. Berrang=C3=A9 Signed-off-by: Philippe Mathieu-Daud=C3=A9 --- include/crypto/tlscreds.h | 14 ++++++++++++++ crypto/tlscreds.c | 12 ++++++++++++ 2 files changed, 26 insertions(+) diff --git a/include/crypto/tlscreds.h b/include/crypto/tlscreds.h index d0808e391e9..a14e44fac15 100644 --- a/include/crypto/tlscreds.h +++ b/include/crypto/tlscreds.h @@ -65,5 +65,19 @@ struct QCryptoTLSCredsClass { CryptoTLSCredsReload reload; }; =20 +/** + * qcrypto_tls_creds_check_endpoint: + * @creds: pointer to a TLS credentials object + * @endpoint: type of network endpoint that will be using the credentials + * @errp: pointer to a NULL-initialized error object + * + * Check whether the credentials is setup according to + * the type of @endpoint argument. + * + * Returns true if the credentials is setup for the endpoint, false otherw= ise + */ +bool qcrypto_tls_creds_check_endpoint(QCryptoTLSCreds *creds, + QCryptoTLSCredsEndpoint endpoint, + Error **errp); =20 #endif /* QCRYPTO_TLSCREDS_H */ diff --git a/crypto/tlscreds.c b/crypto/tlscreds.c index b68735f06fe..084ce0d51ae 100644 --- a/crypto/tlscreds.c +++ b/crypto/tlscreds.c @@ -20,6 +20,7 @@ =20 #include "qemu/osdep.h" #include "qapi/error.h" +#include "qapi-types-crypto.h" #include "qemu/module.h" #include "tlscredspriv.h" #include "trace.h" @@ -259,6 +260,17 @@ qcrypto_tls_creds_finalize(Object *obj) g_free(creds->priority); } =20 +bool qcrypto_tls_creds_check_endpoint(QCryptoTLSCreds *creds, + QCryptoTLSCredsEndpoint endpoint, + Error **errp) +{ + if (creds->endpoint !=3D endpoint) { + error_setg(errp, "Expected TLS credentials for a %s endpoint", + QCryptoTLSCredsEndpoint_str(endpoint)); + return false; + } + return true; +} =20 static const TypeInfo qcrypto_tls_creds_info =3D { .parent =3D TYPE_OBJECT, --=20 2.31.1 From nobody Sat Apr 27 21:33:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=philmd@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=philmd@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1623932324; cv=none; d=zohomail.com; s=zohoarc; b=FGPWvMuMc9QCCklxiRFNRI68nheGklnchO/aJhuAbSIpuJHalL07Wru+wbQCyLq5Eib/KEhrtQpI0rELODnoG5MqNQUmSR0pj9Tlhr66YFBlgGJODsgukhIYyP7tWA77qdgx16Y1siEVqGSiSW6Ipl4uajzU69vHTLWyLw/5kaU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1623932324; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=MJbc/G5LNsyD5V8LmC6w86fKEuSJG2YZCbtV6MI1WEQ=; b=EEWi+Y91lrlEDwLicCn02f0gzs9SwdoHaL8evbP1uMNsAb8qplDr4gaZmrWcFzjgSrmmZ1moTxK9NM1AG7ZVJdmH0GNRhAhikTWYyjKBAFhwMzLCAinrSeHoLeYIXq8ZX8ZOxYHdYLVD5UJS3hbmQD63IdlLeYiMQELQED7sJ3A= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=philmd@redhat.com; dmarc=pass header.from= (p=none dis=none) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1623932324015845.0654639036155; Thu, 17 Jun 2021 05:18:44 -0700 (PDT) Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-412-qWXg6BRNNAqD8ZpOSscdKw-1; Thu, 17 Jun 2021 08:18:41 -0400 Received: by mail-wm1-f70.google.com with SMTP id n21-20020a7bcbd50000b02901a2ee0826aeso2124167wmi.7 for ; Thu, 17 Jun 2021 05:18:41 -0700 (PDT) Return-Path: Return-Path: Received: from x1w.. (93.red-83-35-24.dynamicip.rima-tde.net. [83.35.24.93]) by smtp.gmail.com with ESMTPSA id a24sm4251890wmj.30.2021.06.17.05.18.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 17 Jun 2021 05:18:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1623932323; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=MJbc/G5LNsyD5V8LmC6w86fKEuSJG2YZCbtV6MI1WEQ=; b=E0tAjncx/7wN6mklfatyfYEIKiv5clyjb6lLXsJzie/x+y4PYKCOIXNFSYF2n2XFeXKV3p 6fkhIaGEJCmTTnaJSyejFjwUvFB/JzkIi4H3FbqHR3cgcWSTTqa+nOX6GiMLI21tThe803 ueoQWYW7GQMgB0b5VLPRcPHQp7oNTwQ= X-MC-Unique: qWXg6BRNNAqD8ZpOSscdKw-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=MJbc/G5LNsyD5V8LmC6w86fKEuSJG2YZCbtV6MI1WEQ=; b=ak6lLkdDPwyDA2nQa0BMWhsa2Txau0Q9guDPpR0k31C24NQBny39Z5CzlT6Pct/IdZ D7aGSE3yxwNIptoG7I1bIwOvjLeDnBIxHsb1e9eVhnmk24Oo56x7aJGJnJm5h7V5zha6 mfoDW3SprExHkwCMtACvTs+GsJ3PDKnOCr/8rJV6SXQN+xOwiF6FsJ/E6I4rz3y8s2Pz 7nq2We1+4goa4h2W84N/apAVXU53IQZLTblsxfTCRbhAd8IdAuVmNHwJ6xxH0dtfON7u sCL3IvZH1nkr0Yhr6y7VdhK3pzZSZe0uhMmUPoCT+vjkUCcLWXYG0U438UOdVjufhcXn 8BLA== X-Gm-Message-State: AOAM532gp3N515GUVyCeYwqV2jrzTkOBqLhA2syy8YKI3ttLXtKAN0g0 yeU3Lb8CsBeUPXT39LEfPEiWcWDnXJHfEHyRg3CeiMs9K9SeUpm+1BIVRpwt+dazodXlhKi2HIb FvNK8HU6dKohTeA== X-Received: by 2002:a1c:ed14:: with SMTP id l20mr4727200wmh.20.1623932320800; Thu, 17 Jun 2021 05:18:40 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwuw4KHdgGgrgglIX/lfQd4zE+qGZ71URc9xaY5fYZuHR8g8lq/MdVVtrg8fek+u/8IGxDj8g== X-Received: by 2002:a1c:ed14:: with SMTP id l20mr4727189wmh.20.1623932320692; Thu, 17 Jun 2021 05:18:40 -0700 (PDT) From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Richard Henderson , =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= Subject: [PATCH v5 2/6] block/nbd: Use qcrypto_tls_creds_check_endpoint() Date: Thu, 17 Jun 2021 14:18:26 +0200 Message-Id: <20210617121830.2776182-3-philmd@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210617121830.2776182-1-philmd@redhat.com> References: <20210617121830.2776182-1-philmd@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Avoid accessing QCryptoTLSCreds internals by using the qcrypto_tls_creds_check_endpoint() helper. Reviewed-by: Richard Henderson Reviewed-by: Daniel P. Berrang=C3=A9 Signed-off-by: Philippe Mathieu-Daud=C3=A9 --- block/nbd.c | 6 +++--- blockdev-nbd.c | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/block/nbd.c b/block/nbd.c index 616f9ae6c4d..b13a33c3d21 100644 --- a/block/nbd.c +++ b/block/nbd.c @@ -2159,9 +2159,9 @@ static QCryptoTLSCreds *nbd_get_tls_creds(const char = *id, Error **errp) return NULL; } =20 - if (creds->endpoint !=3D QCRYPTO_TLS_CREDS_ENDPOINT_CLIENT) { - error_setg(errp, - "Expecting TLS credentials with a client endpoint"); + if (!qcrypto_tls_creds_check_endpoint(creds, + QCRYPTO_TLS_CREDS_ENDPOINT_CLIEN= T, + errp)) { return NULL; } object_ref(obj); diff --git a/blockdev-nbd.c b/blockdev-nbd.c index b264620b98d..bdfa7ed3a5a 100644 --- a/blockdev-nbd.c +++ b/blockdev-nbd.c @@ -108,9 +108,9 @@ static QCryptoTLSCreds *nbd_get_tls_creds(const char *i= d, Error **errp) return NULL; } =20 - if (creds->endpoint !=3D QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) { - error_setg(errp, - "Expecting TLS credentials with a server endpoint"); + if (!qcrypto_tls_creds_check_endpoint(creds, + QCRYPTO_TLS_CREDS_ENDPOINT_SERVE= R, + errp)) { return NULL; } object_ref(obj); --=20 2.31.1 From nobody Sat Apr 27 21:33:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=philmd@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=philmd@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1623932328; cv=none; d=zohomail.com; s=zohoarc; b=b2d5YNZZqoluLJtE1bIDdnisrVk0SBrULNjSpme00UaK9Wazf/ClpuHR5D2bFZVqYLqDbPxLTBoZKL88WN5MQa1pinOYU2YwQtUxYjsPYvDDfEIvWGIFR8s63jmL2+SHHnvmydHPqkpkNWGIaXpE88xQOSkiKxK1+WEcgu2ukwk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1623932328; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=VkLBHkfXJxaMXYLk4+jG0GG7cEqqzru53ecaYrh3wFE=; b=SePptiDRVoN7l7RA/PwonlsJSbfqybNVgyqgazv3cGFHMvxfsF9yBxIecjVnuoCcsp6EHTAACmfqUVQw0aRHG0crwyBnVtELtY7wCusAKjvFFvaQgsEvJ6PRy/7c9fFhQH7X1fFmLHc7m4/2ZpZO/WMt1b7VZKyZElzz4zgVZdY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=philmd@redhat.com; dmarc=pass header.from= (p=none dis=none) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 162393232850252.63900168227792; Thu, 17 Jun 2021 05:18:48 -0700 (PDT) Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com [209.85.221.70]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-510-3OKtgEKMP--Dpj-YRs_XkQ-1; Thu, 17 Jun 2021 08:18:46 -0400 Received: by mail-wr1-f70.google.com with SMTP id u16-20020a5d51500000b029011a6a17cf62so2542652wrt.13 for ; Thu, 17 Jun 2021 05:18:46 -0700 (PDT) Return-Path: Return-Path: Received: from x1w.. (93.red-83-35-24.dynamicip.rima-tde.net. [83.35.24.93]) by smtp.gmail.com with ESMTPSA id y16sm1819986wrp.51.2021.06.17.05.18.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 17 Jun 2021 05:18:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1623932327; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=VkLBHkfXJxaMXYLk4+jG0GG7cEqqzru53ecaYrh3wFE=; b=KzHpLeNnjh6ELsqrnZ47q0O0Dm/gybPo71LNFBd9AxfJBeLvRN9OkHjiiwCQiai+BtICwR gSv2kCr/QcE/vK3iGyvgRFd2DSBwNol7cpZKJ0C46QHyyoAMvkAqxQLItFCFzQhHycFzA+ U/Ce3HeWZ/nv6yK9JyPKmqBqGfsBTYU= X-MC-Unique: 3OKtgEKMP--Dpj-YRs_XkQ-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=VkLBHkfXJxaMXYLk4+jG0GG7cEqqzru53ecaYrh3wFE=; b=MFgN3Ki0aUAjRIZujdItj/EzAAFRuwJq0j8i1A0haWz0saoBM8iHI2JM+K1QZa+iB2 KaHXa8ogd0o2pYVf+aS+ghBU9M3XUWcXT+1nSj38/NTBJcqWrCsEMLxvVHWHk0J/HJB8 e/HUt+upliylldpAxBhj1h8WuYl4hVeP/ozcnNrUu6NxVSyYcjfSz9zIbDdShvGXPE7X eReWqcmPPxVSdeldeN8kbSW4zKIAnMpydWx0t/WGE5Tmjnwc5FWk7nlJ2X7hHlzE/a+I BCJ3g6HRuIqU+YvCM0eRzLm/p7PxbioEEO7+6Eb0/O/NZd1nW60gTWgVreS7JZTCbLyO lQGA== X-Gm-Message-State: AOAM532ewclXuhFpSCnSBgBML6vt0icz3UdRKISTkW2oUJaBkTdqE0Fv l+Z59nAkzlXrVTgocAwjI1MbldW2Gm/v523I93n/Jeef8rvkv29Lqb/fRddrrIx7PpQ1FC8kGZ1 +1xhQfir70wHqbw== X-Received: by 2002:a1c:770b:: with SMTP id t11mr4786467wmi.79.1623932325074; Thu, 17 Jun 2021 05:18:45 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyc2+JpOlLSCoO05wiBJmcQKnPmsj4Ah3lWnaZDOe8m/Kj2YhXBWG+wcIiWplGOUiU3aEfe9g== X-Received: by 2002:a1c:770b:: with SMTP id t11mr4786456wmi.79.1623932324961; Thu, 17 Jun 2021 05:18:44 -0700 (PDT) From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Richard Henderson , =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= Subject: [PATCH v5 3/6] chardev/socket: Use qcrypto_tls_creds_check_endpoint() Date: Thu, 17 Jun 2021 14:18:27 +0200 Message-Id: <20210617121830.2776182-4-philmd@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210617121830.2776182-1-philmd@redhat.com> References: <20210617121830.2776182-1-philmd@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Avoid accessing QCryptoTLSCreds internals by using the qcrypto_tls_creds_check_endpoint() helper. Reviewed-by: Richard Henderson Reviewed-by: Daniel P. Berrang=C3=A9 Signed-off-by: Philippe Mathieu-Daud=C3=A9 --- chardev/char-socket.c | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/chardev/char-socket.c b/chardev/char-socket.c index daa89fe5d1d..d0fb5459638 100644 --- a/chardev/char-socket.c +++ b/chardev/char-socket.c @@ -1402,18 +1402,12 @@ static void qmp_chardev_open_socket(Chardev *chr, return; } object_ref(OBJECT(s->tls_creds)); - if (is_listen) { - if (s->tls_creds->endpoint !=3D QCRYPTO_TLS_CREDS_ENDPOINT_SER= VER) { - error_setg(errp, "%s", - "Expected TLS credentials for server endpoint"); - return; - } - } else { - if (s->tls_creds->endpoint !=3D QCRYPTO_TLS_CREDS_ENDPOINT_CLI= ENT) { - error_setg(errp, "%s", - "Expected TLS credentials for client endpoint"); - return; - } + if (!qcrypto_tls_creds_check_endpoint(s->tls_creds, + is_listen + ? QCRYPTO_TLS_CREDS_ENDPOINT_SER= VER + : QCRYPTO_TLS_CREDS_ENDPOINT_CLI= ENT, + errp)) { + return; } } s->tls_authz =3D g_strdup(sock->tls_authz); --=20 2.31.1 From nobody Sat Apr 27 21:33:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=philmd@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=philmd@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1623932332; cv=none; d=zohomail.com; s=zohoarc; b=F/5BtLelzGbZL+B6ZihegjawmWqPuOsgZzEgTbx9U4/dzZhCIVTYBMM5UsgqXCHpfvL5rJrBgj1K52Jm0FchG3Vpd66p4VvF8sYz3utPO+nDGik9s82jNcnrFkZQMdyuukYUjO3fnJOnvkPZGZAb1CEjfx1jhzY3CLtYqO4tGy8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1623932332; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=TD8DXvgsYWHHJcVzYutELY0M+7fBmJca4T5Y2PtlOCw=; b=n1H3mA5rrc9s+g0EYCleFYlZe+YYxG+mzSS56gDPLKdC8e7l6BW+Iwx+y/mReR9NItnI1GUXRBHeloyY0xr8SQN1MQ5GiG8IFU7s2B3yMUjKOLYlMrRzDKJ9h9NBZh+6RXz3bZ55HMILPsNv2xClrlbtErBLe45sUxmCph/7vaY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=philmd@redhat.com; dmarc=pass header.from= (p=none dis=none) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1623932332414787.8659918528859; Thu, 17 Jun 2021 05:18:52 -0700 (PDT) Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-419-EskDKTl4MCuB5b7AJwB4OA-1; Thu, 17 Jun 2021 08:18:50 -0400 Received: by mail-wm1-f72.google.com with SMTP id h9-20020a05600c3509b02901b985251fdcso2120970wmq.9 for ; Thu, 17 Jun 2021 05:18:50 -0700 (PDT) Return-Path: Return-Path: Received: from x1w.. (93.red-83-35-24.dynamicip.rima-tde.net. [83.35.24.93]) by smtp.gmail.com with ESMTPSA id c13sm5444582wrb.5.2021.06.17.05.18.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 17 Jun 2021 05:18:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1623932331; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=TD8DXvgsYWHHJcVzYutELY0M+7fBmJca4T5Y2PtlOCw=; b=gKBSTHYcxsCaeEw0acsw2rQZBSipBUzqtKuZNqwbfu4eLuRtvFQCGa74XWogFas7kZysfG vIdraaxYf6D4oYitdj9PajU1OmfFyxrCw5UN+imEJS/ciOiqbFcHTuYMLx5NOSa+4AA6Fg e6n6jVCHAjI9X7LFGCmVzbh0sg1qyqU= X-MC-Unique: EskDKTl4MCuB5b7AJwB4OA-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=TD8DXvgsYWHHJcVzYutELY0M+7fBmJca4T5Y2PtlOCw=; b=hGBx7z9bn0x2+IdBUVt3lrYpx+E+kXBJ+CpoG/ovSPG2ZdZhj/Gc+Z6036QPqSRMTM I6V6S2o+m/+UZDXfjMDYJzNIhFXXjbZv7HmIUQpg2nsw4Ye27nF9dI1eC6IonjpB0lFa 1nKIwnIctkmZb7J34mznXuxl/28wY16IcfhfBoytgqCuPAX3elzrcJO/2JHbxUzPjPOm hNBSDZoPO4f8GBHhsmn7tyAuNmZNavq9mA1ELSiqBlgz/U6AqKW0FZfhEie+gXiTQ7xv CvBiF9OQ9xR3mDzjCXNSg3pEjqbf2UevZIgQ5mpU2c7+V8MSNj+BvzxDbXsLb8Tr7L8h /EXg== X-Gm-Message-State: AOAM530IGDxDzdTmdlVRSNrBBj6a3f+jA94MvqYQCOSxnP/RBSlfrums IRT7l080+BRcGm8xvn9HDwMiWroA/ESZD6H7LCrhn6GKPTIMELtrURYIinwdKFpDBl5si/SXI1l Rn+bdVTw3ranMgA== X-Received: by 2002:a5d:414e:: with SMTP id c14mr5230775wrq.81.1623932329243; Thu, 17 Jun 2021 05:18:49 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwdMv7ynk6ZaXehHFDJKxanXP6W7zmu7S79z8FQx8V6JiTJrB3ZjCP9Wzn7h+D97bUmthJSTg== X-Received: by 2002:a5d:414e:: with SMTP id c14mr5230765wrq.81.1623932329135; Thu, 17 Jun 2021 05:18:49 -0700 (PDT) From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Richard Henderson , =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= Subject: [PATCH v5 4/6] migration/tls: Use qcrypto_tls_creds_check_endpoint() Date: Thu, 17 Jun 2021 14:18:28 +0200 Message-Id: <20210617121830.2776182-5-philmd@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210617121830.2776182-1-philmd@redhat.com> References: <20210617121830.2776182-1-philmd@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Avoid accessing QCryptoTLSCreds internals by using the qcrypto_tls_creds_check_endpoint() helper. Reviewed-by: Richard Henderson Reviewed-by: Daniel P. Berrang=C3=A9 Signed-off-by: Philippe Mathieu-Daud=C3=A9 --- migration/tls.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/migration/tls.c b/migration/tls.c index abb149d8325..ca1ea3bbdd4 100644 --- a/migration/tls.c +++ b/migration/tls.c @@ -49,11 +49,7 @@ migration_tls_get_creds(MigrationState *s, s->parameters.tls_creds); return NULL; } - if (ret->endpoint !=3D endpoint) { - error_setg(errp, - "Expected TLS credentials for a %s endpoint", - endpoint =3D=3D QCRYPTO_TLS_CREDS_ENDPOINT_CLIENT ? - "client" : "server"); + if (!qcrypto_tls_creds_check_endpoint(ret, endpoint, errp)) { return NULL; } =20 --=20 2.31.1 From nobody Sat Apr 27 21:33:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=philmd@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=philmd@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1623932336; cv=none; d=zohomail.com; s=zohoarc; b=YxydL2BasO0LLlj7aqNRf50IA7H+eMQWOAIeYKc41c1s6hNVWqwIZGJejxzCqkhRez9BI8KC4tGor9+f82HKpfMGqccDRkYE2ihoXH1Ppkq6OGTuY1aIrp92ycu6CKR14gjyy6u4lQ4D+YWr/3uds3AAp01OwhDuMCL3KH2Hhs0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1623932336; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=lA172G+I+IfUfLvJFW+kzkJQJqfkjxqI81rKpGJsFzw=; b=ka5FeerTROSpy3nwFtyy781r+Kz+3l29OlnGpFrvODjNuwLRhCsokmCTRzIoQ8bvzuaFDltKwT8qZO/ipiCyDtoFu3I6RcEJGXwcM/KvhH4IG4C9aduzRCDXhVM7ks2mp4eOiCqQzsCoTWqugMszQwczDm4b59vcWGubBSo6VHw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=philmd@redhat.com; dmarc=pass header.from= (p=none dis=none) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 162393233697743.062503320254905; Thu, 17 Jun 2021 05:18:56 -0700 (PDT) Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com [209.85.221.72]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-548-5W7etzcfNyygT1OGQ6lVdQ-1; Thu, 17 Jun 2021 08:18:54 -0400 Received: by mail-wr1-f72.google.com with SMTP id k25-20020a5d52590000b0290114dee5b660so2849021wrc.16 for ; Thu, 17 Jun 2021 05:18:54 -0700 (PDT) Return-Path: Return-Path: Received: from x1w.. (93.red-83-35-24.dynamicip.rima-tde.net. [83.35.24.93]) by smtp.gmail.com with ESMTPSA id r4sm5188230wrx.24.2021.06.17.05.18.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 17 Jun 2021 05:18:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1623932335; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=lA172G+I+IfUfLvJFW+kzkJQJqfkjxqI81rKpGJsFzw=; b=PRCen3NG3zbRDxSMnGaOjC7Lv/WIVQUjcarHtm4YDh7VBx2jek4Elr0hZKMG+ag/3q2kQu gj87NFDCyGpdBrslnQ3yzJXymZDR0qZV0hXpd+L45xtV6aAwgRO1yQrMk/aCi+qTxAjQta LXJKikSAzfngqshelwmn2gCJrEoJcXM= X-MC-Unique: 5W7etzcfNyygT1OGQ6lVdQ-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=lA172G+I+IfUfLvJFW+kzkJQJqfkjxqI81rKpGJsFzw=; b=hT3vpFJ1hpxrJ+Vh+P/P0dJD9kdLx509MEqzrLhkXe6d9YRePonQPS0pRNlLUKrtsD 4OxyO9P/lAiD12hOfC9IrkaQv2NB6shbp77NNab2Ay2UcOq6lEgBHXD1MtacL6hep2U4 OednO5x3Z7bmEAfvTJOWmFwUHXE4z3M4zQv2QaWxoIRbasgT5q0skA7LRJqOmJEuFlRO zts2JXFLUlWNfsvDAzU9gZTCci3J+BUUWm9wspMthu+3+9JMEmysfnT277SwcBgtxb2f +9+73mmcGG6P0sCZeTMV4QR8Vjn0UyZG0ZrkBDMMzSPcJCUHeyyItFKnBGD11kgzl0Cx Fe0w== X-Gm-Message-State: AOAM532yBZRdbVFLa8K5x/2GMo7ff1Q2lHQ/7FyXGr6y1Q28kVnl5Pk2 xSCq939aQiSeRGiCIXZa8QhVFG/KrKaWRUDDnr794E3dUPnToGXFV0NOFFVlNY3PRHPKRlWlu30 AJtgKoEqZNV+Nww== X-Received: by 2002:a7b:c157:: with SMTP id z23mr4766690wmi.99.1623932333584; Thu, 17 Jun 2021 05:18:53 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwg13/n2h68wYxJqXF2EPeJ5395OW35gkHwl/utKdLGcSocloIgVYfUwwW8cKcgnnHhNReRUw== X-Received: by 2002:a7b:c157:: with SMTP id z23mr4766667wmi.99.1623932333423; Thu, 17 Jun 2021 05:18:53 -0700 (PDT) From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Subject: [PATCH v5 5/6] ui/vnc: Use qcrypto_tls_creds_check_endpoint() Date: Thu, 17 Jun 2021 14:18:29 +0200 Message-Id: <20210617121830.2776182-6-philmd@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210617121830.2776182-1-philmd@redhat.com> References: <20210617121830.2776182-1-philmd@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Avoid accessing QCryptoTLSCreds internals by using the qcrypto_tls_creds_check_endpoint() helper. Signed-off-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: Daniel P. Berrang=C3=A9 Reviewed-by: Richard Henderson --- ui/vnc.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ui/vnc.c b/ui/vnc.c index b3d4d7b9a5f..f7d63a16dd5 100644 --- a/ui/vnc.c +++ b/ui/vnc.c @@ -46,6 +46,7 @@ #include "qapi/qapi-commands-ui.h" #include "ui/input.h" #include "crypto/hash.h" +#include "crypto/tlscreds.h" #include "crypto/tlscredsanon.h" #include "crypto/tlscredsx509.h" #include "crypto/random.h" @@ -4080,9 +4081,9 @@ void vnc_display_open(const char *id, Error **errp) } object_ref(OBJECT(vd->tlscreds)); =20 - if (vd->tlscreds->endpoint !=3D QCRYPTO_TLS_CREDS_ENDPOINT_SERVER)= { - error_setg(errp, - "Expecting TLS credentials with a server endpoint"); + if (!qcrypto_tls_creds_check_endpoint(vd->tlscreds, + QCRYPTO_TLS_CREDS_ENDPOINT_S= ERVER, + errp)) { goto fail; } } --=20 2.31.1 From nobody Sat Apr 27 21:33:40 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=philmd@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=philmd@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1623932342; cv=none; d=zohomail.com; s=zohoarc; b=GUE2gmY0XpN/jnd7jh0esZbQsLE2IqGq+KPv8XELWViaTfmLGwGs6D5qK+5Db+kjks7cRxTQusQnoOKi/M33T+/w464KDA1gQymo1z97OWxZc5MWKDcbq82eOPzyr+3AC5CAKarIMkgUfL+MmIcIQSw4S+aWoXeibpMuvaak4c8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1623932342; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=FqLFsVIs5eoXi/VP70H1Pdkb5jHJv3kkDE9nCJoqgbk=; b=jL/YYFkfvxcrhEo6P0oRwiaT5bMy2CSQ0i51jdG6YFV3fR6EIenVqRfolbgFM5wG0PShla4olfjpiZpQiqwjQBK5qvCLHFGFl5XOkuxGHif9vCRVYFl+xH7dA7dyF8aqDRsfDTHz9MrpIlgw21Zbt2jvLg0hHeKIZVa91QY1Co4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=philmd@redhat.com; dmarc=pass header.from= (p=none dis=none) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1623932342073165.5622539405971; Thu, 17 Jun 2021 05:19:02 -0700 (PDT) Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com [209.85.221.70]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-13-5TvYWMtrOgOxVcmlBf5b5A-1; Thu, 17 Jun 2021 08:18:59 -0400 Received: by mail-wr1-f70.google.com with SMTP id k3-20020a5d62830000b029011a69a4d069so2631359wru.21 for ; Thu, 17 Jun 2021 05:18:59 -0700 (PDT) Return-Path: Return-Path: Received: from x1w.. (93.red-83-35-24.dynamicip.rima-tde.net. [83.35.24.93]) by smtp.gmail.com with ESMTPSA id w8sm4887174wmi.45.2021.06.17.05.18.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 17 Jun 2021 05:18:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1623932341; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=FqLFsVIs5eoXi/VP70H1Pdkb5jHJv3kkDE9nCJoqgbk=; b=AiM4+mQ6O9SiflU6QLuf5A0Spn6EKKdTGr6CfeBE3H2Pr66E8lDdywtbzftEoGtK4yXSfR C/2TQvQ21r+YyRsgDslncONbFy5VRrZmsb9iBcZtYYzEqPnM96AHXg8OAeNCIeqbG0oUu8 CeFV0w9sI+gblvRFyCOYFJYw2tFWE1E= X-MC-Unique: 5TvYWMtrOgOxVcmlBf5b5A-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=FqLFsVIs5eoXi/VP70H1Pdkb5jHJv3kkDE9nCJoqgbk=; b=cIN/jiO1iP364v9gkgSn6URlJQSnDPEogxb7oixq1BHJN2lFWOzdp4lbRVOPXuGAbv Usz3woIPVfz1lUEz3esBMzq3N23UyRzOfv539cCILkJNoEqLYLnZcN1u2ivJGwfMHOyM 1N84f40ZYGQ8CU3njLEDOaML7pWkzTRbzK5KihUiwPx99YKoTcg8MuEqBhydrVTg5Op2 UoRayRqiOX/1yApG/E5ELNdLckJ5YmYeSEw2U6r6DTnzpoEVX3QVRT4bhBtbdRGj1W4E VFRsU4xFsN2w6BWwBGUvbVw37H/9xjY2WsoJU2Z/MEyr17w9TIQj0RK7RYQQ4PKhk+9L JOpA== X-Gm-Message-State: AOAM531VSu8ppyPam51dh5Lx/O0G/OMsIgD3TKr9vCYw0xUfxRtKy7QL ZI5eTUvfKXPowOqYYCz/65HcPWTBE5rQqFrX6lqEmeMtTWeV09XvSw43LJXmcQvnepsEgap5kXA KHMPge4Zw+uopsQ== X-Received: by 2002:a5d:4351:: with SMTP id u17mr5308379wrr.47.1623932338054; Thu, 17 Jun 2021 05:18:58 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxOb90tQA1neNAn00mWukDGSs2fVl7NJUrx/5uv5sWLh08f0x03ES54UmqJMbfJTgL/u2VlbA== X-Received: by 2002:a5d:4351:: with SMTP id u17mr5308353wrr.47.1623932337846; Thu, 17 Jun 2021 05:18:57 -0700 (PDT) From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Stefan Weil , =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= Subject: [PATCH v5 6/6] crypto: Make QCryptoTLSCreds* structures private Date: Thu, 17 Jun 2021 14:18:30 +0200 Message-Id: <20210617121830.2776182-7-philmd@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210617121830.2776182-1-philmd@redhat.com> References: <20210617121830.2776182-1-philmd@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Code consuming the "crypto/tlscreds*.h" APIs doesn't need to access its internals. Move the structure definitions to the "tlscredspriv.h" private header (only accessible by implementations). The public headers (in include/) still forward-declare the structures typedef. Note, tlscreds.c and 3 of the 5 modified source files already include "tlscredspriv.h", so only add it to tls-cipher-suites.c and tlssession.c. Removing the internals from the public header solves a bug introduced by commit 7de2e856533 ("yank: Unregister function when using TLS migration") which made migration/qemu-file-channel.c include "io/channel-tls.h", itself sometime depends on GNUTLS, leading to a build failure on OSX: [2/35] Compiling C object libmigration.fa.p/migration_qemu-file-channel.c= .o FAILED: libmigration.fa.p/migration_qemu-file-channel.c.o cc -Ilibmigration.fa.p -I. -I.. -Iqapi [ ... ] -o libmigration.fa.p/migra= tion_qemu-file-channel.c.o -c ../migration/qemu-file-channel.c In file included from ../migration/qemu-file-channel.c:29: In file included from include/io/channel-tls.h:26: In file included from include/crypto/tlssession.h:24: include/crypto/tlscreds.h:28:10: fatal error: 'gnutls/gnutls.h' file not = found #include ^~~~~~~~~~~~~~~~~ 1 error generated. Reported-by: Stefan Weil Suggested-by: Daniel P. Berrang=C3=A9 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/407 Fixes: 7de2e856533 ("yank: Unregister function when using TLS migration") Signed-off-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: Daniel P. Berrang=C3=A9 --- crypto/tlscredspriv.h | 45 ++++++++++++++++++++++++++++++ include/crypto/tls-cipher-suites.h | 6 ---- include/crypto/tlscreds.h | 16 ----------- include/crypto/tlscredsanon.h | 12 -------- include/crypto/tlscredspsk.h | 12 -------- include/crypto/tlscredsx509.h | 10 ------- crypto/tls-cipher-suites.c | 7 +++++ crypto/tlscredsanon.c | 2 ++ crypto/tlscredspsk.c | 2 ++ crypto/tlscredsx509.c | 1 + crypto/tlssession.c | 1 + 11 files changed, 58 insertions(+), 56 deletions(-) diff --git a/crypto/tlscredspriv.h b/crypto/tlscredspriv.h index 39f1a91c413..df9815a2863 100644 --- a/crypto/tlscredspriv.h +++ b/crypto/tlscredspriv.h @@ -23,6 +23,51 @@ =20 #include "crypto/tlscreds.h" =20 +#ifdef CONFIG_GNUTLS +#include +#endif + +struct QCryptoTLSCreds { + Object parent_obj; + char *dir; + QCryptoTLSCredsEndpoint endpoint; +#ifdef CONFIG_GNUTLS + gnutls_dh_params_t dh_params; +#endif + bool verifyPeer; + char *priority; +}; + +struct QCryptoTLSCredsAnon { + QCryptoTLSCreds parent_obj; +#ifdef CONFIG_GNUTLS + union { + gnutls_anon_server_credentials_t server; + gnutls_anon_client_credentials_t client; + } data; +#endif +}; + +struct QCryptoTLSCredsPSK { + QCryptoTLSCreds parent_obj; + char *username; +#ifdef CONFIG_GNUTLS + union { + gnutls_psk_server_credentials_t server; + gnutls_psk_client_credentials_t client; + } data; +#endif +}; + +struct QCryptoTLSCredsX509 { + QCryptoTLSCreds parent_obj; +#ifdef CONFIG_GNUTLS + gnutls_certificate_credentials_t data; +#endif + bool sanityCheck; + char *passwordid; +}; + #ifdef CONFIG_GNUTLS =20 int qcrypto_tls_creds_get_path(QCryptoTLSCreds *creds, diff --git a/include/crypto/tls-cipher-suites.h b/include/crypto/tls-cipher= -suites.h index bb9ee53e03a..7eb1b76122d 100644 --- a/include/crypto/tls-cipher-suites.h +++ b/include/crypto/tls-cipher-suites.h @@ -19,12 +19,6 @@ typedef struct QCryptoTLSCipherSuites QCryptoTLSCipherSu= ites; DECLARE_INSTANCE_CHECKER(QCryptoTLSCipherSuites, QCRYPTO_TLS_CIPHER_SUITES, TYPE_QCRYPTO_TLS_CIPHER_SUITES) =20 -struct QCryptoTLSCipherSuites { - /* */ - QCryptoTLSCreds parent_obj; - /* */ -}; - /** * qcrypto_tls_cipher_suites_get_data: * @obj: pointer to a TLS cipher suites object diff --git a/include/crypto/tlscreds.h b/include/crypto/tlscreds.h index a14e44fac15..2a8a8570109 100644 --- a/include/crypto/tlscreds.h +++ b/include/crypto/tlscreds.h @@ -24,10 +24,6 @@ #include "qapi/qapi-types-crypto.h" #include "qom/object.h" =20 -#ifdef CONFIG_GNUTLS -#include -#endif - #define TYPE_QCRYPTO_TLS_CREDS "tls-creds" typedef struct QCryptoTLSCreds QCryptoTLSCreds; typedef struct QCryptoTLSCredsClass QCryptoTLSCredsClass; @@ -48,18 +44,6 @@ typedef bool (*CryptoTLSCredsReload)(QCryptoTLSCreds *, = Error **); * certificate credentials. */ =20 -struct QCryptoTLSCreds { - Object parent_obj; - char *dir; - QCryptoTLSCredsEndpoint endpoint; -#ifdef CONFIG_GNUTLS - gnutls_dh_params_t dh_params; -#endif - bool verifyPeer; - char *priority; -}; - - struct QCryptoTLSCredsClass { ObjectClass parent_class; CryptoTLSCredsReload reload; diff --git a/include/crypto/tlscredsanon.h b/include/crypto/tlscredsanon.h index 3f464a38095..bd3023f9ea7 100644 --- a/include/crypto/tlscredsanon.h +++ b/include/crypto/tlscredsanon.h @@ -92,18 +92,6 @@ typedef struct QCryptoTLSCredsAnonClass QCryptoTLSCredsA= nonClass; * */ =20 - -struct QCryptoTLSCredsAnon { - QCryptoTLSCreds parent_obj; -#ifdef CONFIG_GNUTLS - union { - gnutls_anon_server_credentials_t server; - gnutls_anon_client_credentials_t client; - } data; -#endif -}; - - struct QCryptoTLSCredsAnonClass { QCryptoTLSCredsClass parent_class; }; diff --git a/include/crypto/tlscredspsk.h b/include/crypto/tlscredspsk.h index d7e6bdb5edf..bcd07dc4f62 100644 --- a/include/crypto/tlscredspsk.h +++ b/include/crypto/tlscredspsk.h @@ -87,18 +87,6 @@ typedef struct QCryptoTLSCredsPSKClass QCryptoTLSCredsPS= KClass; * The PSK file can be created and managed using psktool. */ =20 -struct QCryptoTLSCredsPSK { - QCryptoTLSCreds parent_obj; - char *username; -#ifdef CONFIG_GNUTLS - union { - gnutls_psk_server_credentials_t server; - gnutls_psk_client_credentials_t client; - } data; -#endif -}; - - struct QCryptoTLSCredsPSKClass { QCryptoTLSCredsClass parent_class; }; diff --git a/include/crypto/tlscredsx509.h b/include/crypto/tlscredsx509.h index c6d89b78819..c4daba21a6b 100644 --- a/include/crypto/tlscredsx509.h +++ b/include/crypto/tlscredsx509.h @@ -96,16 +96,6 @@ typedef struct QCryptoTLSCredsX509Class QCryptoTLSCredsX= 509Class; * */ =20 -struct QCryptoTLSCredsX509 { - QCryptoTLSCreds parent_obj; -#ifdef CONFIG_GNUTLS - gnutls_certificate_credentials_t data; -#endif - bool sanityCheck; - char *passwordid; -}; - - struct QCryptoTLSCredsX509Class { QCryptoTLSCredsClass parent_class; }; diff --git a/crypto/tls-cipher-suites.c b/crypto/tls-cipher-suites.c index 55fb5f7c19d..5e4f5974645 100644 --- a/crypto/tls-cipher-suites.c +++ b/crypto/tls-cipher-suites.c @@ -14,8 +14,15 @@ #include "crypto/tlscreds.h" #include "crypto/tls-cipher-suites.h" #include "hw/nvram/fw_cfg.h" +#include "tlscredspriv.h" #include "trace.h" =20 +struct QCryptoTLSCipherSuites { + /* */ + QCryptoTLSCreds parent_obj; + /* */ +}; + /* * IANA registered TLS ciphers: * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tl= s-parameters-4 diff --git a/crypto/tlscredsanon.c b/crypto/tlscredsanon.c index bea5f76c55d..6fb83639ecd 100644 --- a/crypto/tlscredsanon.c +++ b/crypto/tlscredsanon.c @@ -29,6 +29,8 @@ =20 #ifdef CONFIG_GNUTLS =20 +#include + =20 static int qcrypto_tls_creds_anon_load(QCryptoTLSCredsAnon *creds, diff --git a/crypto/tlscredspsk.c b/crypto/tlscredspsk.c index f5a31108d15..752f2d92bee 100644 --- a/crypto/tlscredspsk.c +++ b/crypto/tlscredspsk.c @@ -29,6 +29,8 @@ =20 #ifdef CONFIG_GNUTLS =20 +#include + static int lookup_key(const char *pskfile, const char *username, gnutls_datum_t *key, Error **errp) diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c index d9d6f4421e5..32948a6bdc4 100644 --- a/crypto/tlscredsx509.c +++ b/crypto/tlscredsx509.c @@ -30,6 +30,7 @@ =20 #ifdef CONFIG_GNUTLS =20 +#include #include =20 =20 diff --git a/crypto/tlssession.c b/crypto/tlssession.c index 33203e8ca71..a8db8c76d13 100644 --- a/crypto/tlssession.c +++ b/crypto/tlssession.c @@ -25,6 +25,7 @@ #include "crypto/tlscredsx509.h" #include "qapi/error.h" #include "authz/base.h" +#include "tlscredspriv.h" #include "trace.h" =20 #ifdef CONFIG_GNUTLS --=20 2.31.1