* [PATCH 0/2] crypto: fix TLS PSK credentials on Windows platforms
@ 2022-10-03 10:27 Daniel P. Berrangé
2022-10-03 10:27 ` [PATCH 1/2] crypto: check for and report errors setting PSK credentials Daniel P. Berrangé
2022-10-03 10:27 ` [PATCH 2/2] tests: avoid DOS line endings in PSK file Daniel P. Berrangé
0 siblings, 2 replies; 7+ messages in thread
From: Daniel P. Berrangé @ 2022-10-03 10:27 UTC (permalink / raw)
To: qemu-devel; +Cc: Bin Meng, Daniel P. Berrangé
A mixup with DOS/UNIX line endings, combined with lack of error
checking, resulted in us not initializing the PSK credentials on the
client side.
Daniel P. Berrangé (2):
crypto: check for and report errors setting PSK credentials
tests: avoid DOS line endings in PSK file
crypto/tlscredspsk.c | 16 +++++++++++++---
tests/unit/crypto-tls-psk-helpers.c | 11 +++++------
2 files changed, 18 insertions(+), 9 deletions(-)
--
2.37.3
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH 1/2] crypto: check for and report errors setting PSK credentials
2022-10-03 10:27 [PATCH 0/2] crypto: fix TLS PSK credentials on Windows platforms Daniel P. Berrangé
@ 2022-10-03 10:27 ` Daniel P. Berrangé
2022-10-03 13:22 ` Bin Meng
2022-10-03 13:53 ` Philippe Mathieu-Daudé via
2022-10-03 10:27 ` [PATCH 2/2] tests: avoid DOS line endings in PSK file Daniel P. Berrangé
1 sibling, 2 replies; 7+ messages in thread
From: Daniel P. Berrangé @ 2022-10-03 10:27 UTC (permalink / raw)
To: qemu-devel; +Cc: Bin Meng, Daniel P. Berrangé
If setting credentials fails, the handshake will later fail to complete
with an obscure error message which is hard to diagnose.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
crypto/tlscredspsk.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/crypto/tlscredspsk.c b/crypto/tlscredspsk.c
index a4f9891274..546cad1c5a 100644
--- a/crypto/tlscredspsk.c
+++ b/crypto/tlscredspsk.c
@@ -109,7 +109,12 @@ qcrypto_tls_creds_psk_load(QCryptoTLSCredsPSK *creds,
goto cleanup;
}
- gnutls_psk_set_server_credentials_file(creds->data.server, pskfile);
+ ret = gnutls_psk_set_server_credentials_file(creds->data.server, pskfile);
+ if (ret < 0) {
+ error_setg(errp, "Cannot set PSK server credentials: %s",
+ gnutls_strerror(ret));
+ goto cleanup;
+ }
gnutls_psk_set_server_dh_params(creds->data.server,
creds->parent_obj.dh_params);
} else {
@@ -135,8 +140,13 @@ qcrypto_tls_creds_psk_load(QCryptoTLSCredsPSK *creds,
goto cleanup;
}
- gnutls_psk_set_client_credentials(creds->data.client,
- username, &key, GNUTLS_PSK_KEY_HEX);
+ ret = gnutls_psk_set_client_credentials(creds->data.client,
+ username, &key, GNUTLS_PSK_KEY_HEX);
+ if (ret < 0) {
+ error_setg(errp, "Cannot set PSK client credentials: %s",
+ gnutls_strerror(ret));
+ goto cleanup;
+ }
}
rv = 0;
--
2.37.3
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH 2/2] tests: avoid DOS line endings in PSK file
2022-10-03 10:27 [PATCH 0/2] crypto: fix TLS PSK credentials on Windows platforms Daniel P. Berrangé
2022-10-03 10:27 ` [PATCH 1/2] crypto: check for and report errors setting PSK credentials Daniel P. Berrangé
@ 2022-10-03 10:27 ` Daniel P. Berrangé
2022-10-03 13:24 ` Bin Meng
2022-10-03 13:55 ` Philippe Mathieu-Daudé via
1 sibling, 2 replies; 7+ messages in thread
From: Daniel P. Berrangé @ 2022-10-03 10:27 UTC (permalink / raw)
To: qemu-devel; +Cc: Bin Meng, Daniel P. Berrangé
Using FILE * APIs for writing the PSK file results in translation from
UNIX to DOS line endings on Windows. When the crypto PSK code later
loads the credentials the stray \r will result in failure to load the
PSK credentials into GNUTLS.
Rather than switching the FILE* APIs to open in binary format, just
switch to the more concise g_file_set_contents API.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
tests/unit/crypto-tls-psk-helpers.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/tests/unit/crypto-tls-psk-helpers.c b/tests/unit/crypto-tls-psk-helpers.c
index 511e08cc9c..c6cc740772 100644
--- a/tests/unit/crypto-tls-psk-helpers.c
+++ b/tests/unit/crypto-tls-psk-helpers.c
@@ -27,15 +27,14 @@
static void
test_tls_psk_init_common(const char *pskfile, const char *user, const char *key)
{
- FILE *fp;
+ g_autoptr(GError) gerr = NULL;
+ g_autofree char *line = g_strdup_printf("%s:%s\n", user, key);
- fp = fopen(pskfile, "w");
- if (fp == NULL) {
- g_critical("Failed to create pskfile %s: %s", pskfile, strerror(errno));
+ g_file_set_contents(pskfile, line, strlen(line), &gerr);
+ if (gerr != NULL) {
+ g_critical("Failed to create pskfile %s: %s", pskfile, gerr->message);
abort();
}
- fprintf(fp, "%s:%s\n", user, key);
- fclose(fp);
}
void test_tls_psk_init(const char *pskfile)
--
2.37.3
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH 1/2] crypto: check for and report errors setting PSK credentials
2022-10-03 10:27 ` [PATCH 1/2] crypto: check for and report errors setting PSK credentials Daniel P. Berrangé
@ 2022-10-03 13:22 ` Bin Meng
2022-10-03 13:53 ` Philippe Mathieu-Daudé via
1 sibling, 0 replies; 7+ messages in thread
From: Bin Meng @ 2022-10-03 13:22 UTC (permalink / raw)
To: Daniel P. Berrangé; +Cc: qemu-devel
On Mon, Oct 3, 2022 at 6:27 PM Daniel P. Berrangé <berrange@redhat.com> wrote:
>
> If setting credentials fails, the handshake will later fail to complete
> with an obscure error message which is hard to diagnose.
>
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
> crypto/tlscredspsk.c | 16 +++++++++++++---
> 1 file changed, 13 insertions(+), 3 deletions(-)
>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 2/2] tests: avoid DOS line endings in PSK file
2022-10-03 10:27 ` [PATCH 2/2] tests: avoid DOS line endings in PSK file Daniel P. Berrangé
@ 2022-10-03 13:24 ` Bin Meng
2022-10-03 13:55 ` Philippe Mathieu-Daudé via
1 sibling, 0 replies; 7+ messages in thread
From: Bin Meng @ 2022-10-03 13:24 UTC (permalink / raw)
To: Daniel P. Berrangé; +Cc: qemu-devel
On Mon, Oct 3, 2022 at 6:27 PM Daniel P. Berrangé <berrange@redhat.com> wrote:
>
> Using FILE * APIs for writing the PSK file results in translation from
> UNIX to DOS line endings on Windows. When the crypto PSK code later
> loads the credentials the stray \r will result in failure to load the
> PSK credentials into GNUTLS.
>
> Rather than switching the FILE* APIs to open in binary format, just
> switch to the more concise g_file_set_contents API.
>
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
> tests/unit/crypto-tls-psk-helpers.c | 11 +++++------
> 1 file changed, 5 insertions(+), 6 deletions(-)
>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 1/2] crypto: check for and report errors setting PSK credentials
2022-10-03 10:27 ` [PATCH 1/2] crypto: check for and report errors setting PSK credentials Daniel P. Berrangé
2022-10-03 13:22 ` Bin Meng
@ 2022-10-03 13:53 ` Philippe Mathieu-Daudé via
1 sibling, 0 replies; 7+ messages in thread
From: Philippe Mathieu-Daudé via @ 2022-10-03 13:53 UTC (permalink / raw)
To: Daniel P. Berrangé, qemu-devel; +Cc: Bin Meng
On 3/10/22 12:27, Daniel P. Berrangé wrote:
> If setting credentials fails, the handshake will later fail to complete
> with an obscure error message which is hard to diagnose.
>
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
> crypto/tlscredspsk.c | 16 +++++++++++++---
> 1 file changed, 13 insertions(+), 3 deletions(-)
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 2/2] tests: avoid DOS line endings in PSK file
2022-10-03 10:27 ` [PATCH 2/2] tests: avoid DOS line endings in PSK file Daniel P. Berrangé
2022-10-03 13:24 ` Bin Meng
@ 2022-10-03 13:55 ` Philippe Mathieu-Daudé via
1 sibling, 0 replies; 7+ messages in thread
From: Philippe Mathieu-Daudé via @ 2022-10-03 13:55 UTC (permalink / raw)
To: Daniel P. Berrangé, qemu-devel; +Cc: Bin Meng
On 3/10/22 12:27, Daniel P. Berrangé wrote:
> Using FILE * APIs for writing the PSK file results in translation from
> UNIX to DOS line endings on Windows. When the crypto PSK code later
> loads the credentials the stray \r will result in failure to load the
> PSK credentials into GNUTLS.
>
> Rather than switching the FILE* APIs to open in binary format, just
> switch to the more concise g_file_set_contents API.
>
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
> tests/unit/crypto-tls-psk-helpers.c | 11 +++++------
> 1 file changed, 5 insertions(+), 6 deletions(-)
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2022-10-03 14:08 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-10-03 10:27 [PATCH 0/2] crypto: fix TLS PSK credentials on Windows platforms Daniel P. Berrangé
2022-10-03 10:27 ` [PATCH 1/2] crypto: check for and report errors setting PSK credentials Daniel P. Berrangé
2022-10-03 13:22 ` Bin Meng
2022-10-03 13:53 ` Philippe Mathieu-Daudé via
2022-10-03 10:27 ` [PATCH 2/2] tests: avoid DOS line endings in PSK file Daniel P. Berrangé
2022-10-03 13:24 ` Bin Meng
2022-10-03 13:55 ` Philippe Mathieu-Daudé via
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).