[PATCH 2/3] io: Support shutdown of TLS channel

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 2/3] io: Support shutdown of TLS channel

From:	Eric Blake
Subject:	[PATCH 2/3] io: Support shutdown of TLS channel
Date:	Fri, 27 Mar 2020 11:19:35 -0500

Gnutls documents that while many apps simply yank out the underlying
transport at the end of communication in the name of efficiency, this
is indistinguishable from a malicious actor terminating the connection
prematurely.  Since our channel I/O code already supports the notion of
a graceful shutdown request, it is time to plumb that through to the
TLS layer, and wait for TLS to give the all clear before then
terminating traffic on the underlying channel.

Note that channel-tls now always advertises shutdown support,
regardless of whether the underlying channel also has that support.

Signed-off-by: Eric Blake <address@hidden>
---
 io/channel-tls.c | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/io/channel-tls.c b/io/channel-tls.c
index 7ec8ceff2f01..f90905823e1d 100644
--- a/io/channel-tls.c
+++ b/io/channel-tls.c
@@ -360,10 +360,35 @@ static int qio_channel_tls_shutdown(QIOChannel *ioc,
                                     Error **errp)
 {
     QIOChannelTLS *tioc = QIO_CHANNEL_TLS(ioc);
+    int ret = 0;

     tioc->shutdown |= how;

-    return qio_channel_shutdown(tioc->master, how, errp);
+    do {
+        switch (how) {
+        case QIO_CHANNEL_SHUTDOWN_READ:
+            /* No TLS counterpart */
+            break;
+        case QIO_CHANNEL_SHUTDOWN_WRITE:
+            ret = qcrypto_tls_session_shutdown(tioc->session, QCRYPTO_SHUT_WR);
+            break;
+        case QIO_CHANNEL_SHUTDOWN_BOTH:
+            ret = qcrypto_tls_session_shutdown(tioc->session,
+                                               QCRYPTO_SHUT_RDWR);
+            break;
+        default:
+            abort();
+        }
+    } while (ret == -EAGAIN);
+    if (ret < 0) {
+        error_setg_errno(errp, -ret, "Cannot shut down TLS channel");
+        return -1;
+    }
+
+    if (qio_channel_has_feature(tioc->master, QIO_CHANNEL_FEATURE_SHUTDOWN)) {
+        return qio_channel_shutdown(tioc->master, how, errp);
+    }
+    return 0;
 }

 static int qio_channel_tls_close(QIOChannel *ioc,
-- 
2.26.0.rc2

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 0/3] nbd: Try for cleaner TLS shutdown, Eric Blake, 2020/03/27
- [PATCH 1/3] crypto: Add qcrypto_tls_shutdown(), Eric Blake, 2020/03/27
  - Re: [PATCH 1/3] crypto: Add qcrypto_tls_shutdown(), Markus Armbruster, 2020/03/31
    - Re: [PATCH 1/3] crypto: Add qcrypto_tls_shutdown(), Eric Blake, 2020/03/31
    - Re: [PATCH 1/3] crypto: Add qcrypto_tls_shutdown(), Daniel P . Berrangé, 2020/03/31
- [PATCH 2/3] io: Support shutdown of TLS channel, Eric Blake <=
  - Re: [PATCH 2/3] io: Support shutdown of TLS channel, Daniel P . Berrangé, 2020/03/27
    - Re: [PATCH 2/3] io: Support shutdown of TLS channel, Eric Blake, 2020/03/27
    - Re: [PATCH 2/3] io: Support shutdown of TLS channel, Daniel P . Berrangé, 2020/03/27
    - Re: [PATCH 2/3] io: Support shutdown of TLS channel, Eric Blake, 2020/03/27
- [PATCH 3/3] nbd: Use shutdown(SHUT_WR) after last item sent, Eric Blake, 2020/03/27
  - Re: [PATCH 3/3] nbd: Use shutdown(SHUT_WR) after last item sent, Daniel P . Berrangé, 2020/03/27
    - Re: [PATCH 3/3] nbd: Use shutdown(SHUT_WR) after last item sent, Eric Blake, 2020/03/27
    - Re: [PATCH 3/3] nbd: Use shutdown(SHUT_WR) after last item sent, Daniel P . Berrangé, 2020/03/27
- Re: [PATCH 0/3] nbd: Try for cleaner TLS shutdown, no-reply, 2020/03/27

Prev by Date: [PATCH 1/3] crypto: Add qcrypto_tls_shutdown()
Next by Date: [PATCH 3/3] nbd: Use shutdown(SHUT_WR) after last item sent
Previous by thread: Re: [PATCH 1/3] crypto: Add qcrypto_tls_shutdown()
Next by thread: Re: [PATCH 2/3] io: Support shutdown of TLS channel
Index(es):
- Date
- Thread