Re: [PATCH 1/3] crypto: Add qcrypto_tls

qemu-block

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 1/3] crypto: Add qcrypto_tls_shutdown()

From:	Daniel P . Berrangé
Subject:	Re: [PATCH 1/3] crypto: Add qcrypto_tls_shutdown()
Date:	Tue, 31 Mar 2020 16:33:06 +0100
User-agent:	Mutt/1.13.3 (2020-01-12)

On Tue, Mar 31, 2020 at 10:17:49AM -0500, Eric Blake wrote:
> On 3/31/20 3:30 AM, Markus Armbruster wrote:
> > Eric Blake <address@hidden> writes:
> > 
> > > Gnutls documents that applications that want to distinguish between a
> > > clean end-of-communication and a malicious client abruptly tearing the
> > > underlying transport out of under our feet need to use gnutls_bye().
> > > Our channel code is already set up to allow shutdown requests, but we
> > > weren't forwarding those to gnutls.  To make that work, we first need
> > > a new entry point that can isolate the rest of our code from the
> > > gnutls interface.
> > > 
> 
> > > +int qcrypto_tls_session_shutdown(QCryptoTLSSession *session,
> > > +                                 QCryptoShutdownMode how)
> 
> > 
> > This is a thin wrapper around gnutls_bye().  I understand this is an
> > abstraction layer backed by GnuTLS.  Not sure abstracting from just one
> > concrete thing is a good idea, but that's way out of scope here.
> 
> If we ever add an alternative TLS implementation to gnutls, then the
> abstraction is useful.  But I'm not sure how likely that is, so maybe Dan
> has more insight why he chose this design originally.

The abstraction serves several purposes.

First, it means that we don't need #ifdefs wrt GNUTLS in every piece of
QEMU code that involves TLS. They are isolated in the crypto/ code only.

Related to that, it means that anything that touches GNUTLS APIs directly
gets funnelled via the crypto maintainer for review.

It is easy to mis-use many of the GNUTLS APIs, and so the abstraction
serves to apply/enforce a more desirable usage policy on the rest of
the QEMU code, making it harder to screw up TLS.

Much of this is based on learning from libvirt code where the usage of
GNUTLS was not nearly so well encapsulated and increased burden.

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 0/3] nbd: Try for cleaner TLS shutdown, Eric Blake, 2020/03/27
- [PATCH 2/3] io: Support shutdown of TLS channel, Eric Blake, 2020/03/27
  - Re: [PATCH 2/3] io: Support shutdown of TLS channel, Daniel P . Berrangé, 2020/03/27
    - Re: [PATCH 2/3] io: Support shutdown of TLS channel, Eric Blake, 2020/03/27
    - Re: [PATCH 2/3] io: Support shutdown of TLS channel, Daniel P . Berrangé, 2020/03/27
    - Re: [PATCH 2/3] io: Support shutdown of TLS channel, Eric Blake, 2020/03/27
- [PATCH 1/3] crypto: Add qcrypto_tls_shutdown(), Eric Blake, 2020/03/27
  - Re: [PATCH 1/3] crypto: Add qcrypto_tls_shutdown(), Markus Armbruster, 2020/03/31
    - Re: [PATCH 1/3] crypto: Add qcrypto_tls_shutdown(), Eric Blake, 2020/03/31
    - Re: [PATCH 1/3] crypto: Add qcrypto_tls_shutdown(), Daniel P . Berrangé <=
- [PATCH 3/3] nbd: Use shutdown(SHUT_WR) after last item sent, Eric Blake, 2020/03/27
  - Re: [PATCH 3/3] nbd: Use shutdown(SHUT_WR) after last item sent, Daniel P . Berrangé, 2020/03/27
    - Re: [PATCH 3/3] nbd: Use shutdown(SHUT_WR) after last item sent, Eric Blake, 2020/03/27
    - Re: [PATCH 3/3] nbd: Use shutdown(SHUT_WR) after last item sent, Daniel P . Berrangé, 2020/03/27
- Re: [PATCH 0/3] nbd: Try for cleaner TLS shutdown, no-reply, 2020/03/27

Prev by Date: Re: bdrv_drained_begin deadlock with io-threads
Next by Date: Re: bdrv_drained_begin deadlock with io-threads
Previous by thread: Re: [PATCH 1/3] crypto: Add qcrypto_tls_shutdown()
Next by thread: [PATCH 3/3] nbd: Use shutdown(SHUT_WR) after last item sent
Index(es):
- Date
- Thread