Re: [PATCH 5/5] crypto: propagate errors from TLS session I/O callbacks

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 5/5] crypto: propagate errors from TLS session I/O callbacks

From:	Philippe Mathieu-Daudé
Subject:	Re: [PATCH 5/5] crypto: propagate errors from TLS session I/O callbacks
Date:	Mon, 22 Jul 2024 16:35:43 +0200
User-agent:	Mozilla Thunderbird

On 22/7/24 15:16, Daniel P. Berrangé wrote:

GNUTLS doesn't know how to perform I/O on anything other than plain
FDs, so the TLS session provides it with some I/O callbacks. The
GNUTLS API design requires these callbacks to return a unix errno
value, which means we're currently loosing the useful QEMU "Error"
object.

This changes the I/O callbacks in QEMU to stash the "Error" object
in the QCryptoTLSSession class, and fetch it when seeing an I/O
error returned from GNUTLS, thus preserving useful error messages.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
  crypto/tlssession.c                 | 71 +++++++++++++++++++++++++----
  include/crypto/tlssession.h         | 10 +++-
  io/channel-tls.c                    | 18 ++++----
  tests/unit/test-crypto-tlssession.c | 28 ++++++++++--
  4 files changed, 103 insertions(+), 24 deletions(-)

@@ -505,11 +551,20 @@ qcrypto_tls_session_handshake(QCryptoTLSSession *session,
              ret == GNUTLS_E_AGAIN) {
              ret = 1;
          } else {
-            error_setg(errp, "TLS handshake failed: %s",
-                       gnutls_strerror(ret));
+            if (session->rerr || session->werr) {
+                error_setg(errp, "TLS handshake failed: %s: %s",
+                           gnutls_strerror(ret),
+                           error_get_pretty(session->rerr ? session->rerr : 
session->werr));


Could leverage ternary operator here.

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

+            } else {
+                error_setg(errp, "TLS handshake failed: %s",
+                           gnutls_strerror(ret));
+            }
              ret = -1;
          }
      }
+    error_free(session->rerr);
+    error_free(session->werr);
+    session->rerr = session->werr = NULL;

return ret;

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 0/5] crypto: improve error reporting detail, Daniel P . Berrangé, 2024/07/22
- [PATCH 3/5] crypto: drop gnutls debug logging support, Daniel P . Berrangé, 2024/07/22
  - Re: [PATCH 3/5] crypto: drop gnutls debug logging support, Philippe Mathieu-Daudé, 2024/07/22
    - Re: [PATCH 3/5] crypto: drop gnutls debug logging support, Daniel P . Berrangé, 2024/07/22
- [PATCH 2/5] chardev: add tracing of socket error conditions, Daniel P . Berrangé, 2024/07/22
  - Re: [PATCH 2/5] chardev: add tracing of socket error conditions, Philippe Mathieu-Daudé, 2024/07/22
- [PATCH 4/5] crypto: push error reporting into TLS session I/O APIs, Daniel P . Berrangé, 2024/07/22
  - Re: [PATCH 4/5] crypto: push error reporting into TLS session I/O APIs, Philippe Mathieu-Daudé, 2024/07/22
- [PATCH 5/5] crypto: propagate errors from TLS session I/O callbacks, Daniel P . Berrangé, 2024/07/22
  - Re: [PATCH 5/5] crypto: propagate errors from TLS session I/O callbacks, Philippe Mathieu-Daudé <=
- [PATCH 1/5] qapi: allow for g_autoptr(Error) usage, Daniel P . Berrangé, 2024/07/22
  - Re: [PATCH 1/5] qapi: allow for g_autoptr(Error) usage, Philippe Mathieu-Daudé, 2024/07/22
  - Re: [PATCH 1/5] qapi: allow for g_autoptr(Error) usage, Markus Armbruster, 2024/07/23
    - Re: [PATCH 1/5] qapi: allow for g_autoptr(Error) usage, Daniel P . Berrangé, 2024/07/23
    - Re: [PATCH 1/5] qapi: allow for g_autoptr(Error) usage, Markus Armbruster, 2024/07/24

Prev by Date: Re: [PATCH 3/5] crypto: drop gnutls debug logging support
Next by Date: Re: [PATCH 4/5] crypto: push error reporting into TLS session I/O APIs
Previous by thread: [PATCH 5/5] crypto: propagate errors from TLS session I/O callbacks
Next by thread: [PATCH 1/5] qapi: allow for g_autoptr(Error) usage
Index(es):
- Date
- Thread