Message ID | 20210628160914.2461906-4-philmd@redhat.com |
---|---|
State | New |
Headers | show |
Series | crypto: Make QCryptoTLSCreds* structures private | expand |
On Mon, Jun 28, 2021 at 06:09:10PM +0200, Philippe Mathieu-Daudé wrote: > Avoid accessing QCryptoTLSCreds internals by using > the qcrypto_tls_creds_check_endpoint() helper. > > Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> > --- > qemu-nbd.c | 19 +++++++------------ > 1 file changed, 7 insertions(+), 12 deletions(-) Reviewed-by: Eric Blake <eblake@redhat.com>
Tested-by: Akihiko Odaki <akihiko.odaki@gmail.com> 2021年6月29日(火) 1:09 Philippe Mathieu-Daudé <philmd@redhat.com>: > > Avoid accessing QCryptoTLSCreds internals by using > the qcrypto_tls_creds_check_endpoint() helper. > > Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> > --- > qemu-nbd.c | 19 +++++++------------ > 1 file changed, 7 insertions(+), 12 deletions(-) > > diff --git a/qemu-nbd.c b/qemu-nbd.c > index 93ef4e288fd..26ffbf15af0 100644 > --- a/qemu-nbd.c > +++ b/qemu-nbd.c > @@ -43,6 +43,7 @@ > #include "io/channel-socket.h" > #include "io/net-listener.h" > #include "crypto/init.h" > +#include "crypto/tlscreds.h" > #include "trace/control.h" > #include "qemu-version.h" > > @@ -422,18 +423,12 @@ static QCryptoTLSCreds *nbd_get_tls_creds(const char *id, bool list, > return NULL; > } > > - if (list) { > - if (creds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_CLIENT) { > - error_setg(errp, > - "Expecting TLS credentials with a client endpoint"); > - return NULL; > - } > - } else { > - if (creds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) { > - error_setg(errp, > - "Expecting TLS credentials with a server endpoint"); > - return NULL; > - } > + if (!qcrypto_tls_creds_check_endpoint(creds, > + list > + ? QCRYPTO_TLS_CREDS_ENDPOINT_CLIENT > + : QCRYPTO_TLS_CREDS_ENDPOINT_SERVER, > + errp)) { > + return NULL; > } > object_ref(obj); > return creds; > -- > 2.31.1 >
On 6/29/21 4:52 AM, Akihiko Odaki wrote: > Tested-by: Akihiko Odaki <akihiko.odaki@gmail.com> Thanks! Does this apply to this single patch or the whole series (since this patch depends on patch #1)? > 2021年6月29日(火) 1:09 Philippe Mathieu-Daudé <philmd@redhat.com>: >> >> Avoid accessing QCryptoTLSCreds internals by using >> the qcrypto_tls_creds_check_endpoint() helper. >> >> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> >> --- >> qemu-nbd.c | 19 +++++++------------ >> 1 file changed, 7 insertions(+), 12 deletions(-)
I tested only with qemu-nbd. Other files were compiled successfully but I have not tested them. On Tue, Jun 29, 2021 at 4:01 PM Philippe Mathieu-Daudé <philmd@redhat.com> wrote: > > On 6/29/21 4:52 AM, Akihiko Odaki wrote: > > Tested-by: Akihiko Odaki <akihiko.odaki@gmail.com> > > Thanks! Does this apply to this single patch or the > whole series (since this patch depends on patch #1)? > > > 2021年6月29日(火) 1:09 Philippe Mathieu-Daudé <philmd@redhat.com>: > >> > >> Avoid accessing QCryptoTLSCreds internals by using > >> the qcrypto_tls_creds_check_endpoint() helper. > >> > >> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> > >> --- > >> qemu-nbd.c | 19 +++++++------------ > >> 1 file changed, 7 insertions(+), 12 deletions(-) >
diff --git a/qemu-nbd.c b/qemu-nbd.c index 93ef4e288fd..26ffbf15af0 100644 --- a/qemu-nbd.c +++ b/qemu-nbd.c @@ -43,6 +43,7 @@ #include "io/channel-socket.h" #include "io/net-listener.h" #include "crypto/init.h" +#include "crypto/tlscreds.h" #include "trace/control.h" #include "qemu-version.h" @@ -422,18 +423,12 @@ static QCryptoTLSCreds *nbd_get_tls_creds(const char *id, bool list, return NULL; } - if (list) { - if (creds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_CLIENT) { - error_setg(errp, - "Expecting TLS credentials with a client endpoint"); - return NULL; - } - } else { - if (creds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) { - error_setg(errp, - "Expecting TLS credentials with a server endpoint"); - return NULL; - } + if (!qcrypto_tls_creds_check_endpoint(creds, + list + ? QCRYPTO_TLS_CREDS_ENDPOINT_CLIENT + : QCRYPTO_TLS_CREDS_ENDPOINT_SERVER, + errp)) { + return NULL; } object_ref(obj); return creds;
Avoid accessing QCryptoTLSCreds internals by using the qcrypto_tls_creds_check_endpoint() helper. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> --- qemu-nbd.c | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-)