[v2] crypto: Make QCryptoTLSCreds* structures private

[PATCH v2 2/7] block/nbd: Use qcrypto_tls_creds_check_endpoint()

Posted by Philippe Mathieu-Daudé 4 years ago

Avoid accessing QCryptoTLSCreds internals by using
the qcrypto_tls_creds_check_endpoint() helper.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
 block/nbd.c    | 3 ++-
 blockdev-nbd.c | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/block/nbd.c b/block/nbd.c
index 616f9ae6c4d..c3523ebf785 100644
--- a/block/nbd.c
+++ b/block/nbd.c
@@ -2159,7 +2159,8 @@ static QCryptoTLSCreds *nbd_get_tls_creds(const char *id, Error **errp)
         return NULL;
     }
 
-    if (creds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_CLIENT) {
+    if (!qcrypto_tls_creds_check_endpoint(creds,
+                                          QCRYPTO_TLS_CREDS_ENDPOINT_CLIENT)) {
         error_setg(errp,
                    "Expecting TLS credentials with a client endpoint");
         return NULL;
diff --git a/blockdev-nbd.c b/blockdev-nbd.c
index b264620b98d..b6023052ac7 100644
--- a/blockdev-nbd.c
+++ b/blockdev-nbd.c
@@ -108,7 +108,8 @@ static QCryptoTLSCreds *nbd_get_tls_creds(const char *id, Error **errp)
         return NULL;
     }
 
-    if (creds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
+    if (!qcrypto_tls_creds_check_endpoint(creds,
+                                          QCRYPTO_TLS_CREDS_ENDPOINT_SERVER)) {
         error_setg(errp,
                    "Expecting TLS credentials with a server endpoint");
         return NULL;
-- 
2.31.1

Re: [PATCH v2 2/7] block/nbd: Use qcrypto_tls_creds_check_endpoint()

Posted by Daniel P. Berrangé 4 years ago

On Tue, Jun 15, 2021 at 06:47:46PM +0200, Philippe Mathieu-Daudé wrote:
> Avoid accessing QCryptoTLSCreds internals by using
> the qcrypto_tls_creds_check_endpoint() helper.
> 
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
>  block/nbd.c    | 3 ++-
>  blockdev-nbd.c | 3 ++-
>  2 files changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/block/nbd.c b/block/nbd.c
> index 616f9ae6c4d..c3523ebf785 100644
> --- a/block/nbd.c
> +++ b/block/nbd.c
> @@ -2159,7 +2159,8 @@ static QCryptoTLSCreds *nbd_get_tls_creds(const char *id, Error **errp)
>          return NULL;
>      }
>  
> -    if (creds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_CLIENT) {
> +    if (!qcrypto_tls_creds_check_endpoint(creds,
> +                                          QCRYPTO_TLS_CREDS_ENDPOINT_CLIENT)) {
>          error_setg(errp,
>                     "Expecting TLS credentials with a client endpoint");

I'd suggest we pass 'errp' into the qcrypto_tls_creds_check_endpoint
method, so we don't duplicate the error message in all callers.

>          return NULL;
> diff --git a/blockdev-nbd.c b/blockdev-nbd.c
> index b264620b98d..b6023052ac7 100644
> --- a/blockdev-nbd.c
> +++ b/blockdev-nbd.c
> @@ -108,7 +108,8 @@ static QCryptoTLSCreds *nbd_get_tls_creds(const char *id, Error **errp)
>          return NULL;
>      }
>  
> -    if (creds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
> +    if (!qcrypto_tls_creds_check_endpoint(creds,
> +                                          QCRYPTO_TLS_CREDS_ENDPOINT_SERVER)) {
>          error_setg(errp,
>                     "Expecting TLS credentials with a server endpoint");
>          return NULL;
> -- 
> 2.31.1
> 

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

[PATCH v2 1/7] crypto/tlscreds: Introduce qcrypto_tls_creds_check_endpoint() helper
[PATCH v2 2/7] block/nbd: Use qcrypto_tls_creds_check_endpoint()
[PATCH v2 3/7] chardev/socket: Use qcrypto_tls_creds_check_endpoint()
[PATCH v2 4/7] migration/tls: Use qcrypto_tls_creds_check_endpoint()
[PATCH v2 5/7] crypto/tlssession: Introduce qcrypto_tls_creds_check_endpoint() helper
[PATCH v2 6/7] ui/vnc: Use qcrypto_tls_session_check_role()
[PATCH v2 7/7] crypto: Make QCryptoTLSCreds* structures private