riscv
/
qemu
mirror of https://gitea.goldendeliverer.com/riscv/qemu.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

crypto: Remove qcrypto_tls_session_get_handshake_status 

The correct way of calling qcrypto_tls_session_handshake() requires
calling qcrypto_tls_session_get_handshake_status() right after it so
there's no reason to have a separate method.

Refactor qcrypto_tls_session_handshake() to inform the status in its
own return value and alter the callers accordingly.

No functional change.

Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Acked-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
pull/281/head
Fabiano Rosas 1 year ago
parent
30ee88622e
commit
0b8a70d70f
4 changed files with 35 additions and 71 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 55
      crypto/tlssession.c
  2. 32
      include/crypto/tlssession.h
  3. 7
      io/channel-tls.c
  4. 12
      tests/unit/test-crypto-tlssession.c

55
crypto/tlssession.c
View File

@ -546,45 +546,35 @@ qcrypto_tls_session_handshake(QCryptoTLSSession *session,
Error **errp) Error **errp)
{ {
int ret = gnutls_handshake(session->handle); int ret = gnutls_handshake(session->handle);
if (ret == 0) { if (!ret) {
session->handshakeComplete = true; session->handshakeComplete = true;
return QCRYPTO_TLS_HANDSHAKE_COMPLETE;
}
if (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN) {
int direction = gnutls_record_get_direction(session->handle);
return direction ? QCRYPTO_TLS_HANDSHAKE_SENDING :
QCRYPTO_TLS_HANDSHAKE_RECVING;
}
if (session->rerr || session->werr) {
error_setg(errp, "TLS handshake failed: %s: %s",
gnutls_strerror(ret),
error_get_pretty(session->rerr ?
session->rerr : session->werr));
} else { } else {
if (ret == GNUTLS_E_INTERRUPTED || error_setg(errp, "TLS handshake failed: %s",
ret == GNUTLS_E_AGAIN) { gnutls_strerror(ret));
ret = 1;
} else {
if (session->rerr || session->werr) {
error_setg(errp, "TLS handshake failed: %s: %s",
gnutls_strerror(ret),
error_get_pretty(session->rerr ?
session->rerr : session->werr));
} else {
error_setg(errp, "TLS handshake failed: %s",
gnutls_strerror(ret));
}
ret = -1;
}
} }
error_free(session->rerr); error_free(session->rerr);
error_free(session->werr); error_free(session->werr);
session->rerr = session->werr = NULL; session->rerr = session->werr = NULL;
return ret; return -1;
} }
QCryptoTLSSessionHandshakeStatus
qcrypto_tls_session_get_handshake_status(QCryptoTLSSession *session)
{
if (session->handshakeComplete) {
return QCRYPTO_TLS_HANDSHAKE_COMPLETE;
} else if (gnutls_record_get_direction(session->handle) == 0) {
return QCRYPTO_TLS_HANDSHAKE_RECVING;
} else {
return QCRYPTO_TLS_HANDSHAKE_SENDING;
}
}
int int
qcrypto_tls_session_bye(QCryptoTLSSession *session, Error **errp) qcrypto_tls_session_bye(QCryptoTLSSession *session, Error **errp)
{ {
@ -726,13 +716,6 @@ qcrypto_tls_session_handshake(QCryptoTLSSession *sess,
} }
QCryptoTLSSessionHandshakeStatus
qcrypto_tls_session_get_handshake_status(QCryptoTLSSession *sess)
{
return QCRYPTO_TLS_HANDSHAKE_COMPLETE;
}
int int
qcrypto_tls_session_bye(QCryptoTLSSession *session, Error **errp) qcrypto_tls_session_bye(QCryptoTLSSession *session, Error **errp)
{ {

32
include/crypto/tlssession.h
View File

@ -75,12 +75,14 @@
* GINT_TO_POINTER(fd)); * GINT_TO_POINTER(fd));
* *
* while (1) { * while (1) {
* if (qcrypto_tls_session_handshake(sess, errp) < 0) { * int ret = qcrypto_tls_session_handshake(sess, errp);
*
* if (ret < 0) {
* qcrypto_tls_session_free(sess); * qcrypto_tls_session_free(sess);
* return -1; * return -1;
* } * }
* *
* switch(qcrypto_tls_session_get_handshake_status(sess)) { * switch(ret) {
* case QCRYPTO_TLS_HANDSHAKE_COMPLETE: * case QCRYPTO_TLS_HANDSHAKE_COMPLETE:
* if (qcrypto_tls_session_check_credentials(sess, errp) < )) { * if (qcrypto_tls_session_check_credentials(sess, errp) < )) {
* qcrypto_tls_session_free(sess); * qcrypto_tls_session_free(sess);
@ -170,7 +172,7 @@ G_DEFINE_AUTOPTR_CLEANUP_FUNC(QCryptoTLSSession, qcrypto_tls_session_free)
* *
* Validate the peer's credentials after a successful * Validate the peer's credentials after a successful
* TLS handshake. It is an error to call this before * TLS handshake. It is an error to call this before
* qcrypto_tls_session_get_handshake_status() returns * qcrypto_tls_session_handshake() returns
* QCRYPTO_TLS_HANDSHAKE_COMPLETE * QCRYPTO_TLS_HANDSHAKE_COMPLETE
* *
* Returns 0 if the credentials validated, -1 on error * Returns 0 if the credentials validated, -1 on error
@ -226,7 +228,7 @@ void qcrypto_tls_session_set_callbacks(QCryptoTLSSession *sess,
* registered with qcrypto_tls_session_set_callbacks() * registered with qcrypto_tls_session_set_callbacks()
* *
* It is an error to call this before * It is an error to call this before
* qcrypto_tls_session_get_handshake_status() returns * qcrypto_tls_session_handshake() returns
* QCRYPTO_TLS_HANDSHAKE_COMPLETE * QCRYPTO_TLS_HANDSHAKE_COMPLETE
* *
* Returns: the number of bytes sent, * Returns: the number of bytes sent,
@ -256,7 +258,7 @@ ssize_t qcrypto_tls_session_write(QCryptoTLSSession *sess,
* opposed to an error. * opposed to an error.
* *
* It is an error to call this before * It is an error to call this before
* qcrypto_tls_session_get_handshake_status() returns * qcrypto_tls_session_handshake() returns
* QCRYPTO_TLS_HANDSHAKE_COMPLETE * QCRYPTO_TLS_HANDSHAKE_COMPLETE
* *
* Returns: the number of bytes received, * Returns: the number of bytes received,
@ -289,8 +291,7 @@ size_t qcrypto_tls_session_check_pending(QCryptoTLSSession *sess);
* the underlying data channel is non-blocking, then * the underlying data channel is non-blocking, then
* this method may return control before the handshake * this method may return control before the handshake
* is complete. On non-blocking channels the * is complete. On non-blocking channels the
* qcrypto_tls_session_get_handshake_status() method * return value determines whether the handshake
* should be used to determine whether the handshake
* has completed, or is waiting to send or receive * has completed, or is waiting to send or receive
* data. In the latter cases, the caller should setup * data. In the latter cases, the caller should setup
* an event loop watch and call this method again * an event loop watch and call this method again
@ -306,23 +307,6 @@ typedef enum {
QCRYPTO_TLS_HANDSHAKE_RECVING, QCRYPTO_TLS_HANDSHAKE_RECVING,
} QCryptoTLSSessionHandshakeStatus; } QCryptoTLSSessionHandshakeStatus;
/**
* qcrypto_tls_session_get_handshake_status:
* @sess: the TLS session object
*
* Check the status of the TLS handshake. This
* is used with non-blocking data channels to
* determine whether the handshake is waiting
* to send or receive further data to/from the
* remote peer.
*
* Once this returns QCRYPTO_TLS_HANDSHAKE_COMPLETE
* it is permitted to send/receive payload data on
* the channel
*/
QCryptoTLSSessionHandshakeStatus
qcrypto_tls_session_get_handshake_status(QCryptoTLSSession *sess);
typedef enum { typedef enum {
QCRYPTO_TLS_BYE_COMPLETE, QCRYPTO_TLS_BYE_COMPLETE,
QCRYPTO_TLS_BYE_SENDING, QCRYPTO_TLS_BYE_SENDING,

7
io/channel-tls.c
View File

@ -162,16 +162,17 @@ static void qio_channel_tls_handshake_task(QIOChannelTLS *ioc,
GMainContext *context) GMainContext *context)
{ {
Error *err = NULL; Error *err = NULL;
QCryptoTLSSessionHandshakeStatus status; int status;
status = qcrypto_tls_session_handshake(ioc->session, &err);
if (qcrypto_tls_session_handshake(ioc->session, &err) < 0) { if (status < 0) {
trace_qio_channel_tls_handshake_fail(ioc); trace_qio_channel_tls_handshake_fail(ioc);
qio_task_set_error(task, err); qio_task_set_error(task, err);
qio_task_complete(task); qio_task_complete(task);
return; return;
} }
status = qcrypto_tls_session_get_handshake_status(ioc->session);
if (status == QCRYPTO_TLS_HANDSHAKE_COMPLETE) { if (status == QCRYPTO_TLS_HANDSHAKE_COMPLETE) {
trace_qio_channel_tls_handshake_complete(ioc); trace_qio_channel_tls_handshake_complete(ioc);
if (qcrypto_tls_session_check_credentials(ioc->session, if (qcrypto_tls_session_check_credentials(ioc->session,

12
tests/unit/test-crypto-tlssession.c
View File

@ -158,8 +158,7 @@ static void test_crypto_tls_session_psk(void)
rv = qcrypto_tls_session_handshake(serverSess, rv = qcrypto_tls_session_handshake(serverSess,
&error_abort); &error_abort);
g_assert(rv >= 0); g_assert(rv >= 0);
if (qcrypto_tls_session_get_handshake_status(serverSess) == if (rv == QCRYPTO_TLS_HANDSHAKE_COMPLETE) {
QCRYPTO_TLS_HANDSHAKE_COMPLETE) {
serverShake = true; serverShake = true;
} }
} }
@ -167,8 +166,7 @@ static void test_crypto_tls_session_psk(void)
rv = qcrypto_tls_session_handshake(clientSess, rv = qcrypto_tls_session_handshake(clientSess,
&error_abort); &error_abort);
g_assert(rv >= 0); g_assert(rv >= 0);
if (qcrypto_tls_session_get_handshake_status(clientSess) == if (rv == QCRYPTO_TLS_HANDSHAKE_COMPLETE) {
QCRYPTO_TLS_HANDSHAKE_COMPLETE) {
clientShake = true; clientShake = true;
} }
} }
@ -352,8 +350,7 @@ static void test_crypto_tls_session_x509(const void *opaque)
rv = qcrypto_tls_session_handshake(serverSess, rv = qcrypto_tls_session_handshake(serverSess,
&error_abort); &error_abort);
g_assert(rv >= 0); g_assert(rv >= 0);
if (qcrypto_tls_session_get_handshake_status(serverSess) == if (rv == QCRYPTO_TLS_HANDSHAKE_COMPLETE) {
QCRYPTO_TLS_HANDSHAKE_COMPLETE) {
serverShake = true; serverShake = true;
} }
} }
@ -361,8 +358,7 @@ static void test_crypto_tls_session_x509(const void *opaque)
rv = qcrypto_tls_session_handshake(clientSess, rv = qcrypto_tls_session_handshake(clientSess,
&error_abort); &error_abort);
g_assert(rv >= 0); g_assert(rv >= 0);
if (qcrypto_tls_session_get_handshake_status(clientSess) == if (rv == QCRYPTO_TLS_HANDSHAKE_COMPLETE) {
QCRYPTO_TLS_HANDSHAKE_COMPLETE) {
clientShake = true; clientShake = true;
} }
} }

Write Preview
Loading…
Cancel
Save