From patchwork Tue Nov 15 14:23:28 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Antoine Damhet X-Patchwork-Id: 13043759 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id E9B7BC4332F for ; Tue, 15 Nov 2022 14:24:20 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ouwqu-0006zB-Lx; Tue, 15 Nov 2022 09:23:52 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ouwqs-0006u4-H3 for qemu-devel@nongnu.org; Tue, 15 Nov 2022 09:23:50 -0500 Received: from mail.cri.epita.fr ([91.243.117.197] helo=mail-2.srv.cri.epita.fr) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ouwqq-0004j6-Mc for qemu-devel@nongnu.org; Tue, 15 Nov 2022 09:23:50 -0500 Received: from localhost (unknown [185.123.26.202]) (Authenticated sender: damhet_a) by mail-2.srv.cri.epita.fr (Postfix) with ESMTPSA id 4D9D23FC81; Tue, 15 Nov 2022 15:23:43 +0100 (CET) From: antoine.damhet@shadow.tech To: qemu-devel@nongnu.org Cc: vm@shadow.tech, Antoine Damhet , =?utf-8?q?D?= =?utf-8?q?aniel_P=2E_Berrang=C3=A9?= Subject: [PATCH 1/2] crypto: TLS: introduce `check_pending` Date: Tue, 15 Nov 2022 15:23:28 +0100 Message-Id: <20221115142329.92524-2-antoine.damhet@shadow.tech> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221115142329.92524-1-antoine.damhet@shadow.tech> References: <20221115142329.92524-1-antoine.damhet@shadow.tech> MIME-Version: 1.0 Received-SPF: pass client-ip=91.243.117.197; envelope-from=SRS0=Pw4Z=3P=lse.epita.fr=xdbob@cri.epita.fr; helo=mail-2.srv.cri.epita.fr X-Spam_score_int: -15 X-Spam_score: -1.6 X-Spam_bar: - X-Spam_report: (-1.6 / 5.0 requ) BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Antoine Damhet The new `qcrypto_tls_session_check_pending` function allows the caller to know if data have already been consumed from the backend and is already available. Signed-off-by: Antoine Damhet Reviewed-by: Daniel P. Berrangé --- crypto/tlssession.c | 14 ++++++++++++++ include/crypto/tlssession.h | 11 +++++++++++ 2 files changed, 25 insertions(+) diff --git a/crypto/tlssession.c b/crypto/tlssession.c index b302d835d2..1e98f44e0d 100644 --- a/crypto/tlssession.c +++ b/crypto/tlssession.c @@ -493,6 +493,13 @@ qcrypto_tls_session_read(QCryptoTLSSession *session, } +size_t +qcrypto_tls_session_check_pending(QCryptoTLSSession *session) +{ + return gnutls_record_check_pending(session->handle); +} + + int qcrypto_tls_session_handshake(QCryptoTLSSession *session, Error **errp) @@ -615,6 +622,13 @@ qcrypto_tls_session_read(QCryptoTLSSession *sess, } +size_t +qcrypto_tls_session_check_pending(QCryptoTLSSession *session) +{ + return 0; +} + + int qcrypto_tls_session_handshake(QCryptoTLSSession *sess, Error **errp) diff --git a/include/crypto/tlssession.h b/include/crypto/tlssession.h index 15b9cef086..571049bd0e 100644 --- a/include/crypto/tlssession.h +++ b/include/crypto/tlssession.h @@ -248,6 +248,17 @@ ssize_t qcrypto_tls_session_read(QCryptoTLSSession *sess, char *buf, size_t len); +/** + * qcrypto_tls_session_check_pending: + * @sess: the TLS session object + * + * Check if there are unread data in the TLS buffers that have + * already been read from the underlying data source. + * + * Returns: the number of bytes available or zero + */ +size_t qcrypto_tls_session_check_pending(QCryptoTLSSession *sess); + /** * qcrypto_tls_session_handshake: * @sess: the TLS session object From patchwork Tue Nov 15 14:23:29 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Antoine Damhet X-Patchwork-Id: 13043758 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 97B7FC4332F for ; Tue, 15 Nov 2022 14:24:17 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ouwqt-0006wP-Tp; Tue, 15 Nov 2022 09:23:51 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ouwqs-0006u3-H3 for qemu-devel@nongnu.org; Tue, 15 Nov 2022 09:23:50 -0500 Received: from mail.cri.epita.fr ([91.243.117.197] helo=mail-2.srv.cri.epita.fr) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ouwqq-0004jt-Mq for qemu-devel@nongnu.org; Tue, 15 Nov 2022 09:23:50 -0500 Received: from localhost (unknown [185.123.26.202]) (Authenticated sender: damhet_a) by mail-2.srv.cri.epita.fr (Postfix) with ESMTPSA id DAA513FC86; Tue, 15 Nov 2022 15:23:44 +0100 (CET) From: antoine.damhet@shadow.tech To: qemu-devel@nongnu.org Cc: vm@shadow.tech, Antoine Damhet , Charles Frey , =?utf-8?q?Daniel_P=2E_Berrang?= =?utf-8?q?=C3=A9?= Subject: [PATCH 2/2] io/channel-tls: fix handling of bigger read buffers Date: Tue, 15 Nov 2022 15:23:29 +0100 Message-Id: <20221115142329.92524-3-antoine.damhet@shadow.tech> X-Mailer: git-send-email 2.38.1 In-Reply-To: <20221115142329.92524-1-antoine.damhet@shadow.tech> References: <20221115142329.92524-1-antoine.damhet@shadow.tech> MIME-Version: 1.0 Received-SPF: pass client-ip=91.243.117.197; envelope-from=SRS0=Pw4Z=3P=lse.epita.fr=xdbob@cri.epita.fr; helo=mail-2.srv.cri.epita.fr X-Spam_score_int: -15 X-Spam_score: -1.6 X-Spam_bar: - X-Spam_report: (-1.6 / 5.0 requ) BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Antoine Damhet Since the TLS backend can read more data from the underlying QIOChannel we introduce a minimal child GSource to notify if we still have more data available to be read. Signed-off-by: Antoine Damhet Signed-off-by: Charles Frey Reviewed-by: Daniel P. Berrangé --- io/channel-tls.c | 66 +++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 65 insertions(+), 1 deletion(-) diff --git a/io/channel-tls.c b/io/channel-tls.c index 4ce890a538..4f2b8828f9 100644 --- a/io/channel-tls.c +++ b/io/channel-tls.c @@ -388,12 +388,76 @@ static void qio_channel_tls_set_aio_fd_handler(QIOChannel *ioc, qio_channel_set_aio_fd_handler(tioc->master, ctx, io_read, io_write, opaque); } +typedef struct QIOChannelTLSSource QIOChannelTLSSource; +struct QIOChannelTLSSource { + GSource parent; + QIOChannelTLS *tioc; +}; + +static gboolean +qio_channel_tls_source_check(GSource *source) +{ + QIOChannelTLSSource *tsource = (QIOChannelTLSSource *)source; + + return qcrypto_tls_session_check_pending(tsource->tioc->session) > 0; +} + +static gboolean +qio_channel_tls_source_prepare(GSource *source, gint *timeout) +{ + *timeout = -1; + return qio_channel_tls_source_check(source); +} + +static gboolean +qio_channel_tls_source_dispatch(GSource *source, GSourceFunc callback, + gpointer user_data) +{ + return G_SOURCE_CONTINUE; +} + +static void +qio_channel_tls_source_finalize(GSource *source) +{ + QIOChannelTLSSource *tsource = (QIOChannelTLSSource *)source; + + object_unref(OBJECT(tsource->tioc)); +} + +static GSourceFuncs qio_channel_tls_source_funcs = { + qio_channel_tls_source_prepare, + qio_channel_tls_source_check, + qio_channel_tls_source_dispatch, + qio_channel_tls_source_finalize +}; + +static void +qio_channel_tls_read_watch(QIOChannelTLS *tioc, GSource *source) +{ + GSource *child; + QIOChannelTLSSource *tlssource; + + child = g_source_new(&qio_channel_tls_source_funcs, + sizeof(QIOChannelTLSSource)); + tlssource = (QIOChannelTLSSource *)child; + + tlssource->tioc = tioc; + object_ref(OBJECT(tioc)); + + g_source_add_child_source(source, child); +} + static GSource *qio_channel_tls_create_watch(QIOChannel *ioc, GIOCondition condition) { QIOChannelTLS *tioc = QIO_CHANNEL_TLS(ioc); + GSource *source = qio_channel_create_watch(tioc->master, condition); + + if (condition & G_IO_IN) { + qio_channel_tls_read_watch(tioc, source); + } - return qio_channel_create_watch(tioc->master, condition); + return source; } QCryptoTLSSession *