[Qemu-devel] [PATCH v2 0/5] Extract TLS handling code from VNC server

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: "Daniel P. Berrange" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: Paolo Bonzini <pbonzini@redhat.com>, Gerd Hoffmann <kraxel@redhat.com>
Subject: [Qemu-devel] [PATCH v2 0/5] Extract TLS handling code from VNC server
Date: Tue, 11 Aug 2015 15:26:38 +0100	[thread overview]
Message-ID: <1439303203-15999-1-git-send-email-berrange@redhat.com> (raw)

This small patch series is a formal submission of another part
of my previous RFC series

  https://lists.gnu.org/archive/html/qemu-devel/2015-04/msg02038.html

Now we have the basic crypto module defined for hash/cipher APIs,
we extend it to also cover TLS credential and TLS session handling
APIs. These new TLS related APIs obsolete the vast majority of the
TLS handling code in the current VNC server. As a result the VNC
server no longer has to worry about conditional compilation for
GNUTLS. It also gives us code reuse for future patches which intend
to add TLS support to chardevs, migration, nbd, etc.

This series deprecates the existing way of configuring TLS for
VNC on the command line, but maintains support for back-compat
reasons.

Since the nice is now totally isolated from the VNC server it is
also practical to provide significant unit test coverage of what
is security critical code.

Aside from the new CLI syntax for configuring TLS with VNC, the
only other functional change is to allow diffie-hellman params
to be loaded from a file, instead of being generated at startup.

Daniel P. Berrange (5):
  crypto: introduce new module for handling TLS credentials
  crypto: add sanity checking of TLS credentials
  crypto: introduce new module for handling TLS sessions
  ui: fix return type for VNC I/O functions to be ssize_t
  ui: convert VNC server to use QCryptoTLSSession

 configure                      |   53 +-
 crypto/Makefile.objs           |    2 +
 crypto/init.c                  |    8 +
 crypto/tlscreds.c              | 1100 +++++++++++++++++++++++++++++++++++++++
 crypto/tlssession.c            |  545 ++++++++++++++++++++
 include/crypto/tlscreds.h      |  151 ++++++
 include/crypto/tlssession.h    |  322 ++++++++++++
 qemu-options.hx                |   58 ++-
 tests/.gitignore               |    7 +
 tests/Makefile                 |   14 +-
 tests/crypto-tls-helpers.c     |  485 ++++++++++++++++++
 tests/crypto-tls-helpers.h     |  133 +++++
 tests/pkix_asn1_tab.c          | 1103 ++++++++++++++++++++++++++++++++++++++++
 tests/test-crypto-tlscreds.c   |  735 ++++++++++++++++++++++++++
 tests/test-crypto-tlssession.c |  535 +++++++++++++++++++
 ui/Makefile.objs               |    2 +-
 ui/vnc-auth-sasl.c             |   36 +-
 ui/vnc-auth-vencrypt.c         |   80 +--
 ui/vnc-tls.c                   |  474 -----------------
 ui/vnc-tls.h                   |   69 ---
 ui/vnc-ws.c                    |   82 +--
 ui/vnc-ws.h                    |    2 -
 ui/vnc.c                       |  369 +++++++++-----
 ui/vnc.h                       |   17 +-
 24 files changed, 5569 insertions(+), 813 deletions(-)
 create mode 100644 crypto/tlscreds.c
 create mode 100644 crypto/tlssession.c
 create mode 100644 include/crypto/tlscreds.h
 create mode 100644 include/crypto/tlssession.h
 create mode 100644 tests/crypto-tls-helpers.c
 create mode 100644 tests/crypto-tls-helpers.h
 create mode 100644 tests/pkix_asn1_tab.c
 create mode 100644 tests/test-crypto-tlscreds.c
 create mode 100644 tests/test-crypto-tlssession.c
 delete mode 100644 ui/vnc-tls.c
 delete mode 100644 ui/vnc-tls.h

-- 
2.4.3

next             reply	other threads:[~2015-08-11 14:27 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-08-11 14:26 Daniel P. Berrange [this message]
2015-08-11 14:26 ` [Qemu-devel] [PATCH v2 1/5] crypto: introduce new module for handling TLS credentials Daniel P. Berrange
2015-08-11 14:26 ` [Qemu-devel] [PATCH v2 2/5] crypto: add sanity checking of " Daniel P. Berrange
2015-08-11 14:26 ` [Qemu-devel] [PATCH v2 3/5] crypto: introduce new module for handling TLS sessions Daniel P. Berrange
2015-08-11 14:26 ` [Qemu-devel] [PATCH v2 4/5] ui: fix return type for VNC I/O functions to be ssize_t Daniel P. Berrange
2015-08-11 14:26 ` [Qemu-devel] [PATCH v2 5/5] ui: convert VNC server to use QCryptoTLSSession Daniel P. Berrange
2015-08-11 16:44   ` Paolo Bonzini
2015-08-11 17:22     ` Daniel P. Berrange

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1439303203-15999-1-git-send-email-berrange@redhat.com \
    --to=berrange@redhat.com \
    --cc=kraxel@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).