* [PATCH 0/2] crypto: fix TLS PSK credentials on Windows platforms @ 2022-10-03 10:27 Daniel P. Berrangé 2022-10-03 10:27 ` [PATCH 1/2] crypto: check for and report errors setting PSK credentials Daniel P. Berrangé 2022-10-03 10:27 ` [PATCH 2/2] tests: avoid DOS line endings in PSK file Daniel P. Berrangé 0 siblings, 2 replies; 7+ messages in thread From: Daniel P. Berrangé @ 2022-10-03 10:27 UTC (permalink / raw) To: qemu-devel; +Cc: Bin Meng, Daniel P. Berrangé A mixup with DOS/UNIX line endings, combined with lack of error checking, resulted in us not initializing the PSK credentials on the client side. Daniel P. Berrangé (2): crypto: check for and report errors setting PSK credentials tests: avoid DOS line endings in PSK file crypto/tlscredspsk.c | 16 +++++++++++++--- tests/unit/crypto-tls-psk-helpers.c | 11 +++++------ 2 files changed, 18 insertions(+), 9 deletions(-) -- 2.37.3 ^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH 1/2] crypto: check for and report errors setting PSK credentials 2022-10-03 10:27 [PATCH 0/2] crypto: fix TLS PSK credentials on Windows platforms Daniel P. Berrangé @ 2022-10-03 10:27 ` Daniel P. Berrangé 2022-10-03 13:22 ` Bin Meng 2022-10-03 13:53 ` Philippe Mathieu-Daudé via 2022-10-03 10:27 ` [PATCH 2/2] tests: avoid DOS line endings in PSK file Daniel P. Berrangé 1 sibling, 2 replies; 7+ messages in thread From: Daniel P. Berrangé @ 2022-10-03 10:27 UTC (permalink / raw) To: qemu-devel; +Cc: Bin Meng, Daniel P. Berrangé If setting credentials fails, the handshake will later fail to complete with an obscure error message which is hard to diagnose. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- crypto/tlscredspsk.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/crypto/tlscredspsk.c b/crypto/tlscredspsk.c index a4f9891274..546cad1c5a 100644 --- a/crypto/tlscredspsk.c +++ b/crypto/tlscredspsk.c @@ -109,7 +109,12 @@ qcrypto_tls_creds_psk_load(QCryptoTLSCredsPSK *creds, goto cleanup; } - gnutls_psk_set_server_credentials_file(creds->data.server, pskfile); + ret = gnutls_psk_set_server_credentials_file(creds->data.server, pskfile); + if (ret < 0) { + error_setg(errp, "Cannot set PSK server credentials: %s", + gnutls_strerror(ret)); + goto cleanup; + } gnutls_psk_set_server_dh_params(creds->data.server, creds->parent_obj.dh_params); } else { @@ -135,8 +140,13 @@ qcrypto_tls_creds_psk_load(QCryptoTLSCredsPSK *creds, goto cleanup; } - gnutls_psk_set_client_credentials(creds->data.client, - username, &key, GNUTLS_PSK_KEY_HEX); + ret = gnutls_psk_set_client_credentials(creds->data.client, + username, &key, GNUTLS_PSK_KEY_HEX); + if (ret < 0) { + error_setg(errp, "Cannot set PSK client credentials: %s", + gnutls_strerror(ret)); + goto cleanup; + } } rv = 0; -- 2.37.3 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH 1/2] crypto: check for and report errors setting PSK credentials 2022-10-03 10:27 ` [PATCH 1/2] crypto: check for and report errors setting PSK credentials Daniel P. Berrangé @ 2022-10-03 13:22 ` Bin Meng 2022-10-03 13:53 ` Philippe Mathieu-Daudé via 1 sibling, 0 replies; 7+ messages in thread From: Bin Meng @ 2022-10-03 13:22 UTC (permalink / raw) To: Daniel P. Berrangé; +Cc: qemu-devel On Mon, Oct 3, 2022 at 6:27 PM Daniel P. Berrangé <berrange@redhat.com> wrote: > > If setting credentials fails, the handshake will later fail to complete > with an obscure error message which is hard to diagnose. > > Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> > --- > crypto/tlscredspsk.c | 16 +++++++++++++--- > 1 file changed, 13 insertions(+), 3 deletions(-) > Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Tested-by: Bin Meng <bmeng.cn@gmail.com> ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 1/2] crypto: check for and report errors setting PSK credentials 2022-10-03 10:27 ` [PATCH 1/2] crypto: check for and report errors setting PSK credentials Daniel P. Berrangé 2022-10-03 13:22 ` Bin Meng @ 2022-10-03 13:53 ` Philippe Mathieu-Daudé via 1 sibling, 0 replies; 7+ messages in thread From: Philippe Mathieu-Daudé via @ 2022-10-03 13:53 UTC (permalink / raw) To: Daniel P. Berrangé, qemu-devel; +Cc: Bin Meng On 3/10/22 12:27, Daniel P. Berrangé wrote: > If setting credentials fails, the handshake will later fail to complete > with an obscure error message which is hard to diagnose. > > Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> > --- > crypto/tlscredspsk.c | 16 +++++++++++++--- > 1 file changed, 13 insertions(+), 3 deletions(-) Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> ^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH 2/2] tests: avoid DOS line endings in PSK file 2022-10-03 10:27 [PATCH 0/2] crypto: fix TLS PSK credentials on Windows platforms Daniel P. Berrangé 2022-10-03 10:27 ` [PATCH 1/2] crypto: check for and report errors setting PSK credentials Daniel P. Berrangé @ 2022-10-03 10:27 ` Daniel P. Berrangé 2022-10-03 13:24 ` Bin Meng 2022-10-03 13:55 ` Philippe Mathieu-Daudé via 1 sibling, 2 replies; 7+ messages in thread From: Daniel P. Berrangé @ 2022-10-03 10:27 UTC (permalink / raw) To: qemu-devel; +Cc: Bin Meng, Daniel P. Berrangé Using FILE * APIs for writing the PSK file results in translation from UNIX to DOS line endings on Windows. When the crypto PSK code later loads the credentials the stray \r will result in failure to load the PSK credentials into GNUTLS. Rather than switching the FILE* APIs to open in binary format, just switch to the more concise g_file_set_contents API. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- tests/unit/crypto-tls-psk-helpers.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/tests/unit/crypto-tls-psk-helpers.c b/tests/unit/crypto-tls-psk-helpers.c index 511e08cc9c..c6cc740772 100644 --- a/tests/unit/crypto-tls-psk-helpers.c +++ b/tests/unit/crypto-tls-psk-helpers.c @@ -27,15 +27,14 @@ static void test_tls_psk_init_common(const char *pskfile, const char *user, const char *key) { - FILE *fp; + g_autoptr(GError) gerr = NULL; + g_autofree char *line = g_strdup_printf("%s:%s\n", user, key); - fp = fopen(pskfile, "w"); - if (fp == NULL) { - g_critical("Failed to create pskfile %s: %s", pskfile, strerror(errno)); + g_file_set_contents(pskfile, line, strlen(line), &gerr); + if (gerr != NULL) { + g_critical("Failed to create pskfile %s: %s", pskfile, gerr->message); abort(); } - fprintf(fp, "%s:%s\n", user, key); - fclose(fp); } void test_tls_psk_init(const char *pskfile) -- 2.37.3 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH 2/2] tests: avoid DOS line endings in PSK file 2022-10-03 10:27 ` [PATCH 2/2] tests: avoid DOS line endings in PSK file Daniel P. Berrangé @ 2022-10-03 13:24 ` Bin Meng 2022-10-03 13:55 ` Philippe Mathieu-Daudé via 1 sibling, 0 replies; 7+ messages in thread From: Bin Meng @ 2022-10-03 13:24 UTC (permalink / raw) To: Daniel P. Berrangé; +Cc: qemu-devel On Mon, Oct 3, 2022 at 6:27 PM Daniel P. Berrangé <berrange@redhat.com> wrote: > > Using FILE * APIs for writing the PSK file results in translation from > UNIX to DOS line endings on Windows. When the crypto PSK code later > loads the credentials the stray \r will result in failure to load the > PSK credentials into GNUTLS. > > Rather than switching the FILE* APIs to open in binary format, just > switch to the more concise g_file_set_contents API. > > Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> > --- > tests/unit/crypto-tls-psk-helpers.c | 11 +++++------ > 1 file changed, 5 insertions(+), 6 deletions(-) > Reviewed-by: Bin Meng <bmeng.cn@gmail.com> Tested-by: Bin Meng <bmeng.cn@gmail.com> ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 2/2] tests: avoid DOS line endings in PSK file 2022-10-03 10:27 ` [PATCH 2/2] tests: avoid DOS line endings in PSK file Daniel P. Berrangé 2022-10-03 13:24 ` Bin Meng @ 2022-10-03 13:55 ` Philippe Mathieu-Daudé via 1 sibling, 0 replies; 7+ messages in thread From: Philippe Mathieu-Daudé via @ 2022-10-03 13:55 UTC (permalink / raw) To: Daniel P. Berrangé, qemu-devel; +Cc: Bin Meng On 3/10/22 12:27, Daniel P. Berrangé wrote: > Using FILE * APIs for writing the PSK file results in translation from > UNIX to DOS line endings on Windows. When the crypto PSK code later > loads the credentials the stray \r will result in failure to load the > PSK credentials into GNUTLS. > > Rather than switching the FILE* APIs to open in binary format, just > switch to the more concise g_file_set_contents API. > > Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> > --- > tests/unit/crypto-tls-psk-helpers.c | 11 +++++------ > 1 file changed, 5 insertions(+), 6 deletions(-) Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2022-10-03 14:08 UTC | newest] Thread overview: 7+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2022-10-03 10:27 [PATCH 0/2] crypto: fix TLS PSK credentials on Windows platforms Daniel P. Berrangé 2022-10-03 10:27 ` [PATCH 1/2] crypto: check for and report errors setting PSK credentials Daniel P. Berrangé 2022-10-03 13:22 ` Bin Meng 2022-10-03 13:53 ` Philippe Mathieu-Daudé via 2022-10-03 10:27 ` [PATCH 2/2] tests: avoid DOS line endings in PSK file Daniel P. Berrangé 2022-10-03 13:24 ` Bin Meng 2022-10-03 13:55 ` Philippe Mathieu-Daudé via
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).