From: "Daniel P. Berrangé" <berrange@redhat.com>
To: Eric Blake <eblake@redhat.com>
Cc: Markus Armbruster <armbru@redhat.com>,
qemu-block@nongnu.org, qemu-devel@nongnu.org
Subject: Re: [PATCH 1/3] crypto: Add qcrypto_tls_shutdown()
Date: Tue, 31 Mar 2020 16:33:06 +0100 [thread overview]
Message-ID: <20200331153306.GM353752@redhat.com> (raw)
In-Reply-To: <9491a050-e873-dcf0-8fa0-6f4316bcf06a@redhat.com>
On Tue, Mar 31, 2020 at 10:17:49AM -0500, Eric Blake wrote:
> On 3/31/20 3:30 AM, Markus Armbruster wrote:
> > Eric Blake <eblake@redhat.com> writes:
> >
> > > Gnutls documents that applications that want to distinguish between a
> > > clean end-of-communication and a malicious client abruptly tearing the
> > > underlying transport out of under our feet need to use gnutls_bye().
> > > Our channel code is already set up to allow shutdown requests, but we
> > > weren't forwarding those to gnutls. To make that work, we first need
> > > a new entry point that can isolate the rest of our code from the
> > > gnutls interface.
> > >
>
> > > +int qcrypto_tls_session_shutdown(QCryptoTLSSession *session,
> > > + QCryptoShutdownMode how)
>
> >
> > This is a thin wrapper around gnutls_bye(). I understand this is an
> > abstraction layer backed by GnuTLS. Not sure abstracting from just one
> > concrete thing is a good idea, but that's way out of scope here.
>
> If we ever add an alternative TLS implementation to gnutls, then the
> abstraction is useful. But I'm not sure how likely that is, so maybe Dan
> has more insight why he chose this design originally.
The abstraction serves several purposes.
First, it means that we don't need #ifdefs wrt GNUTLS in every piece of
QEMU code that involves TLS. They are isolated in the crypto/ code only.
Related to that, it means that anything that touches GNUTLS APIs directly
gets funnelled via the crypto maintainer for review.
It is easy to mis-use many of the GNUTLS APIs, and so the abstraction
serves to apply/enforce a more desirable usage policy on the rest of
the QEMU code, making it harder to screw up TLS.
Much of this is based on learning from libvirt code where the usage of
GNUTLS was not nearly so well encapsulated and increased burden.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2020-03-31 15:34 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-27 16:19 [PATCH 0/3] nbd: Try for cleaner TLS shutdown Eric Blake
2020-03-27 16:19 ` [PATCH 1/3] crypto: Add qcrypto_tls_shutdown() Eric Blake
2020-03-31 8:30 ` Markus Armbruster
2020-03-31 15:17 ` Eric Blake
2020-03-31 15:33 ` Daniel P. Berrangé [this message]
2020-03-27 16:19 ` [PATCH 2/3] io: Support shutdown of TLS channel Eric Blake
2020-03-27 16:40 ` Daniel P. Berrangé
2020-03-27 17:29 ` Eric Blake
2020-03-27 17:43 ` Daniel P. Berrangé
2020-03-27 18:46 ` Eric Blake
2020-03-27 16:19 ` [PATCH 3/3] nbd: Use shutdown(SHUT_WR) after last item sent Eric Blake
2020-03-27 16:35 ` Daniel P. Berrangé
2020-03-27 17:42 ` Eric Blake
2020-03-27 17:47 ` Daniel P. Berrangé
2020-03-27 18:44 ` [PATCH 0/3] nbd: Try for cleaner TLS shutdown no-reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200331153306.GM353752@redhat.com \
--to=berrange@redhat.com \
--cc=armbru@redhat.com \
--cc=eblake@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).