[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH v3 0/7] Extract TLS handling code from VNC server
From: |
Daniel P. Berrange |
Subject: |
[Qemu-devel] [PATCH v3 0/7] Extract TLS handling code from VNC server |
Date: |
Wed, 12 Aug 2015 14:29:30 +0100 |
This small patch series is a formal submission of another part
of my previous series
v1: https://lists.gnu.org/archive/html/qemu-devel/2015-04/msg02038.html
v2: https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg01267.html
Now we have the basic crypto module defined for hash/cipher APIs,
we extend it to also cover TLS credential and TLS session handling
APIs. These new TLS related APIs obsolete the vast majority of the
TLS handling code in the current VNC server. As a result the VNC
server no longer has to worry about conditional compilation for
GNUTLS. It also gives us code reuse for future patches which intend
to add TLS support to chardevs, migration, nbd, etc.
This series deprecates the existing way of configuring TLS for
VNC on the command line, but maintains support for back-compat
reasons.
Since the nice is now totally isolated from the VNC server it is
also practical to provide significant unit test coverage of what
is security critical code.
Aside from the new CLI syntax for configuring TLS with VNC, the
only other functional change is to allow diffie-hellman params
to be loaded from a file, instead of being generated at startup.
Changes in v3:
- Switched "tls-creds" object to be just an abstract base class
- Created "tls-creds-anon" object subclass in new file
- Created "tls-creds-x509" object subclass in new file
Daniel P. Berrange (7):
crypto: introduce new base module for TLS credentials
crypto: introduce new module for TLS anonymous credentials
crypto: introduce new module for TLS x509 credentials
crypto: add sanity checking of TLS x509 credentials
crypto: introduce new module for handling TLS sessions
ui: fix return type for VNC I/O functions to be ssize_t
ui: convert VNC server to use QCryptoTLSSession
configure | 53 +-
crypto/Makefile.objs | 4 +
crypto/init.c | 10 +
crypto/tlscreds.c | 264 +++++++++
crypto/tlscredsanon.c | 235 ++++++++
crypto/tlscredspriv.h | 41 ++
crypto/tlscredsx509.c | 821 ++++++++++++++++++++++++++++
crypto/tlssession.c | 578 ++++++++++++++++++++
include/crypto/tlscreds.h | 74 +++
include/crypto/tlscredsanon.h | 113 ++++
include/crypto/tlscredsx509.h | 115 ++++
include/crypto/tlssession.h | 322 +++++++++++
qemu-options.hx | 75 ++-
tests/.gitignore | 7 +
tests/Makefile | 14 +-
tests/crypto-tls-x509-helpers.c | 486 +++++++++++++++++
tests/crypto-tls-x509-helpers.h | 133 +++++
tests/pkix_asn1_tab.c | 1103 ++++++++++++++++++++++++++++++++++++++
tests/test-crypto-tlscredsx509.c | 734 +++++++++++++++++++++++++
tests/test-crypto-tlssession.c | 534 ++++++++++++++++++
ui/Makefile.objs | 2 +-
ui/vnc-auth-sasl.c | 36 +-
ui/vnc-auth-vencrypt.c | 80 +--
ui/vnc-tls.c | 474 ----------------
ui/vnc-tls.h | 69 ---
ui/vnc-ws.c | 82 +--
ui/vnc-ws.h | 2 -
ui/vnc.c | 360 ++++++++-----
ui/vnc.h | 17 +-
29 files changed, 6025 insertions(+), 813 deletions(-)
create mode 100644 crypto/tlscreds.c
create mode 100644 crypto/tlscredsanon.c
create mode 100644 crypto/tlscredspriv.h
create mode 100644 crypto/tlscredsx509.c
create mode 100644 crypto/tlssession.c
create mode 100644 include/crypto/tlscreds.h
create mode 100644 include/crypto/tlscredsanon.h
create mode 100644 include/crypto/tlscredsx509.h
create mode 100644 include/crypto/tlssession.h
create mode 100644 tests/crypto-tls-x509-helpers.c
create mode 100644 tests/crypto-tls-x509-helpers.h
create mode 100644 tests/pkix_asn1_tab.c
create mode 100644 tests/test-crypto-tlscredsx509.c
create mode 100644 tests/test-crypto-tlssession.c
delete mode 100644 ui/vnc-tls.c
delete mode 100644 ui/vnc-tls.h
--
2.4.3
- [Qemu-devel] [PATCH v3 0/7] Extract TLS handling code from VNC server,
Daniel P. Berrange <=
- [Qemu-devel] [PATCH v3 2/7] crypto: introduce new module for TLS anonymous credentials, Daniel P. Berrange, 2015/08/12
- [Qemu-devel] [PATCH v3 1/7] crypto: introduce new base module for TLS credentials, Daniel P. Berrange, 2015/08/12
- [Qemu-devel] [PATCH v3 3/7] crypto: introduce new module for TLS x509 credentials, Daniel P. Berrange, 2015/08/12
- [Qemu-devel] [PATCH v3 6/7] ui: fix return type for VNC I/O functions to be ssize_t, Daniel P. Berrange, 2015/08/12
- [Qemu-devel] [PATCH v3 5/7] crypto: introduce new module for handling TLS sessions, Daniel P. Berrange, 2015/08/12
- [Qemu-devel] [PATCH v3 7/7] ui: convert VNC server to use QCryptoTLSSession, Daniel P. Berrange, 2015/08/12
- [Qemu-devel] [PATCH v3 4/7] crypto: add sanity checking of TLS x509 credentials, Daniel P. Berrange, 2015/08/12