[v6,3/7] qemu-nbd: Use qcrypto_tls_creds_check_endpoint()

Message ID	20210628160914.2461906-4-philmd@redhat.com
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= <philmd@redhat.com> To: qemu-devel@nongnu.org Subject: [PATCH v6 3/7] qemu-nbd: Use qcrypto_tls_creds_check_endpoint() Date: Mon, 28 Jun 2021 18:09:10 +0200 Message-Id: <20210628160914.2461906-4-philmd@redhat.com> In-Reply-To: <20210628160914.2461906-1-philmd@redhat.com> References: <20210628160914.2461906-1-philmd@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=170.10.133.124; envelope-from=philmd@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -31 X-Spam_score: -3.2 X-Spam_bar: --- X-Spam_report: (-3.2 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.375, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action Precedence: list Cc: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= <philmd@redhat.com>, =?utf-8?q?D?= =?utf-8?q?aniel_P=2E_Berrang=C3=A9?= <berrange@redhat.com>, Akihiko Odaki <akihiko.odaki@gmail.com>, qemu-block@nongnu.org Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
Series	crypto: Make QCryptoTLSCreds* structures private \| expand [v6,0/7] crypto: Make QCryptoTLSCreds* structures private [v6,1/7] crypto/tlscreds: Introduce qcrypto_tls_creds_check_endpoint() helper [v6,2/7] block/nbd: Use qcrypto_tls_creds_check_endpoint() [v6,3/7] qemu-nbd: Use qcrypto_tls_creds_check_endpoint() [v6,4/7] chardev/socket: Use qcrypto_tls_creds_check_endpoint() [v6,5/7] migration/tls: Use qcrypto_tls_creds_check_endpoint() [v6,6/7] ui/vnc: Use qcrypto_tls_creds_check_endpoint() [v6,7/7] crypto: Make QCryptoTLSCreds* structures private

Message ID

20210628160914.2461906-4-philmd@redhat.com

State

New

Headers

From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= <philmd@redhat.com>
To: qemu-devel@nongnu.org
Subject: [PATCH v6 3/7] qemu-nbd: Use qcrypto_tls_creds_check_endpoint()
Date: Mon, 28 Jun 2021 18:09:10 +0200
Message-Id: <20210628160914.2461906-4-philmd@redhat.com>
In-Reply-To: <20210628160914.2461906-1-philmd@redhat.com>
References: <20210628160914.2461906-1-philmd@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=170.10.133.124; envelope-from=philmd@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com
X-Spam_score_int: -31
X-Spam_score: -3.2
X-Spam_bar: ---
X-Spam_report: (-3.2 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.375,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= <philmd@redhat.com>, =?utf-8?q?D?=
	=?utf-8?q?aniel_P=2E_Berrang=C3=A9?= <berrange@redhat.com>,
 Akihiko Odaki <akihiko.odaki@gmail.com>, qemu-block@nongnu.org
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: "Qemu-devel"
 <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>

Series

crypto: Make QCryptoTLSCreds* structures private | expand

Commit Message

Philippe Mathieu-Daudé June 28, 2021, 4:09 p.m. UTC

Avoid accessing QCryptoTLSCreds internals by using
the qcrypto_tls_creds_check_endpoint() helper.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 qemu-nbd.c | 19 +++++++------------
 1 file changed, 7 insertions(+), 12 deletions(-)

Comments

Eric Blake June 28, 2021, 7:53 p.m. UTC | #1

On Mon, Jun 28, 2021 at 06:09:10PM +0200, Philippe Mathieu-Daudé wrote:
> Avoid accessing QCryptoTLSCreds internals by using
> the qcrypto_tls_creds_check_endpoint() helper.
> 
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
>  qemu-nbd.c | 19 +++++++------------
>  1 file changed, 7 insertions(+), 12 deletions(-)

Reviewed-by: Eric Blake <eblake@redhat.com>

Akihiko Odaki June 29, 2021, 2:52 a.m. UTC | #2

Tested-by: Akihiko Odaki <akihiko.odaki@gmail.com>

2021年6月29日(火) 1:09 Philippe Mathieu-Daudé <philmd@redhat.com>:
>
> Avoid accessing QCryptoTLSCreds internals by using
> the qcrypto_tls_creds_check_endpoint() helper.
>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
>  qemu-nbd.c | 19 +++++++------------
>  1 file changed, 7 insertions(+), 12 deletions(-)
>
> diff --git a/qemu-nbd.c b/qemu-nbd.c
> index 93ef4e288fd..26ffbf15af0 100644
> --- a/qemu-nbd.c
> +++ b/qemu-nbd.c
> @@ -43,6 +43,7 @@
>  #include "io/channel-socket.h"
>  #include "io/net-listener.h"
>  #include "crypto/init.h"
> +#include "crypto/tlscreds.h"
>  #include "trace/control.h"
>  #include "qemu-version.h"
>
> @@ -422,18 +423,12 @@ static QCryptoTLSCreds *nbd_get_tls_creds(const char *id, bool list,
>          return NULL;
>      }
>
> -    if (list) {
> -        if (creds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_CLIENT) {
> -            error_setg(errp,
> -                       "Expecting TLS credentials with a client endpoint");
> -            return NULL;
> -        }
> -    } else {
> -        if (creds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
> -            error_setg(errp,
> -                       "Expecting TLS credentials with a server endpoint");
> -            return NULL;
> -        }
> +    if (!qcrypto_tls_creds_check_endpoint(creds,
> +                                          list
> +                                          ? QCRYPTO_TLS_CREDS_ENDPOINT_CLIENT
> +                                          : QCRYPTO_TLS_CREDS_ENDPOINT_SERVER,
> +                                          errp)) {
> +        return NULL;
>      }
>      object_ref(obj);
>      return creds;
> --
> 2.31.1
>

Philippe Mathieu-Daudé June 29, 2021, 7:01 a.m. UTC | #3

On 6/29/21 4:52 AM, Akihiko Odaki wrote:
> Tested-by: Akihiko Odaki <akihiko.odaki@gmail.com>

Thanks! Does this apply to this single patch or the
whole series (since this patch depends on patch #1)?

> 2021年6月29日(火) 1:09 Philippe Mathieu-Daudé <philmd@redhat.com>:
>>
>> Avoid accessing QCryptoTLSCreds internals by using
>> the qcrypto_tls_creds_check_endpoint() helper.
>>
>> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
>> ---
>>  qemu-nbd.c | 19 +++++++------------
>>  1 file changed, 7 insertions(+), 12 deletions(-)

Akihiko Odaki June 29, 2021, 1:30 p.m. UTC | #4

I tested only with qemu-nbd. Other files were compiled successfully
but I have not tested them.

On Tue, Jun 29, 2021 at 4:01 PM Philippe Mathieu-Daudé
<philmd@redhat.com> wrote:
>
> On 6/29/21 4:52 AM, Akihiko Odaki wrote:
> > Tested-by: Akihiko Odaki <akihiko.odaki@gmail.com>
>
> Thanks! Does this apply to this single patch or the
> whole series (since this patch depends on patch #1)?
>
> > 2021年6月29日(火) 1:09 Philippe Mathieu-Daudé <philmd@redhat.com>:
> >>
> >> Avoid accessing QCryptoTLSCreds internals by using
> >> the qcrypto_tls_creds_check_endpoint() helper.
> >>
> >> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> >> ---
> >>  qemu-nbd.c | 19 +++++++------------
> >>  1 file changed, 7 insertions(+), 12 deletions(-)
>

diff --git a/qemu-nbd.c b/qemu-nbd.c
index 93ef4e288fd..26ffbf15af0 100644
--- a/qemu-nbd.c
+++ b/qemu-nbd.c
@@ -43,6 +43,7 @@ 
 #include "io/channel-socket.h"
 #include "io/net-listener.h"
 #include "crypto/init.h"
+#include "crypto/tlscreds.h"
 #include "trace/control.h"
 #include "qemu-version.h"
 
@@ -422,18 +423,12 @@  static QCryptoTLSCreds *nbd_get_tls_creds(const char *id, bool list,
         return NULL;
     }
 
-    if (list) {
-        if (creds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_CLIENT) {
-            error_setg(errp,
-                       "Expecting TLS credentials with a client endpoint");
-            return NULL;
-        }
-    } else {
-        if (creds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
-            error_setg(errp,
-                       "Expecting TLS credentials with a server endpoint");
-            return NULL;
-        }
+    if (!qcrypto_tls_creds_check_endpoint(creds,
+                                          list
+                                          ? QCRYPTO_TLS_CREDS_ENDPOINT_CLIENT
+                                          : QCRYPTO_TLS_CREDS_ENDPOINT_SERVER,
+                                          errp)) {
+        return NULL;
     }
     object_ref(obj);
     return creds;

[v6,3/7] qemu-nbd: Use qcrypto_tls_creds_check_endpoint()

Commit Message

Comments

Patch