Merge remote-tracking branch 'remotes/berrange/tags/qcrypto-next-pull-request' into staging (debe96fd) · Commits · SUMMER2020 / students / proj-2021291

include/crypto/init.h

+2 −0

Original line number	Diff line number	Diff line
		@@ -21,6 +21,8 @@
		#ifndef QCRYPTO_INIT_H
		#define QCRYPTO_INIT_H

		#include "qapi/error.h"

		int qcrypto_init(Error **errp);

		#endif /* QCRYPTO_INIT_H */

stubs/error-printf.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -4,7 +4,8 @@

		void error_vprintf(const char *fmt, va_list ap)
		{
		if (g_test_initialized() && !g_test_subprocess()) {
		if (g_test_initialized() && !g_test_subprocess() &&
		getenv("QTEST_SILENT_ERRORS")) {
		char *msg = g_strdup_vprintf(fmt, ap);
		g_test_message("%s", msg);
		g_free(msg);

tests/crypto-tls-x509-helpers.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -21,6 +21,7 @@
		#include "qemu/osdep.h"

		#include "crypto-tls-x509-helpers.h"
		#include "crypto/init.h"
		#include "qemu/sockets.h"

		#ifdef QCRYPTO_HAVE_TLS_TEST_SUPPORT
		@@ -95,7 +96,7 @@ static gnutls_x509_privkey_t test_tls_load_key(void)

		void test_tls_init(const char *keyfile)
		{
		gnutls_global_init();
		qcrypto_init(&error_abort);

		if (asn1_array2tree(pkix_asn1_tab, &pkix_asn1, NULL) != ASN1_SUCCESS) {
		abort();

tests/test-crypto-tlscredsx509.c

+2 −9

Original line number	Diff line number	Diff line
		@@ -54,7 +54,7 @@ static QCryptoTLSCreds *test_tls_creds_create(QCryptoTLSCredsEndpoint endpoint,
		"sanity-check", "yes",
		NULL);

		if (*errp) {
		if (!creds) {
		return NULL;
		}
		return QCRYPTO_TLS_CREDS(creds);
		@@ -74,7 +74,6 @@ static void test_tls_creds(const void *opaque)
		struct QCryptoTLSCredsTestData *data =
		(struct QCryptoTLSCredsTestData *)opaque;
		QCryptoTLSCreds *creds;
		Error *err = NULL;

		#define CERT_DIR "tests/test-crypto-tlscredsx509-certs/"
		mkdir(CERT_DIR, 0700);
		@@ -113,17 +112,11 @@ static void test_tls_creds(const void *opaque)
		QCRYPTO_TLS_CREDS_ENDPOINT_SERVER :
		QCRYPTO_TLS_CREDS_ENDPOINT_CLIENT),
		CERT_DIR,
		&err);
		data->expectFail ? NULL : &error_abort);

		if (data->expectFail) {
		error_free(err);
		g_assert(creds == NULL);
		} else {
		if (err) {
		g_printerr("Failed to generate creds: %s\n",
		error_get_pretty(err));
		error_free(err);
		}
		g_assert(creds != NULL);
		}

tests/test-crypto-tlssession.c

+30 −50

Original line number	Diff line number	Diff line
		@@ -52,28 +52,21 @@ static ssize_t testRead(char buf, size_t len, void opaque)

		static QCryptoTLSCreds *test_tls_creds_psk_create(
		QCryptoTLSCredsEndpoint endpoint,
		const char *dir,
		Error **errp)
		const char *dir)
		{
		Error *err = NULL;
		Object *parent = object_get_objects_root();
		Object *creds = object_new_with_props(
		TYPE_QCRYPTO_TLS_CREDS_PSK,
		parent,
		(endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER ?
		"testtlscredsserver" : "testtlscredsclient"),
		&err,
		&error_abort,
		"endpoint", (endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER ?
		"server" : "client"),
		"dir", dir,
		"priority", "NORMAL",
		NULL
		);

		if (err) {
		error_propagate(errp, err);
		return NULL;
		}
		return QCRYPTO_TLS_CREDS(creds);
		}

		@@ -87,7 +80,6 @@ static void test_crypto_tls_session_psk(void)
		int channel[2];
		bool clientShake = false;
		bool serverShake = false;
		Error *err = NULL;
		int ret;

		/* We'll use this for our fake client-server connection */
		@@ -104,25 +96,23 @@ static void test_crypto_tls_session_psk(void)

		clientCreds = test_tls_creds_psk_create(
		QCRYPTO_TLS_CREDS_ENDPOINT_CLIENT,
		WORKDIR,
		&err);
		WORKDIR);
		g_assert(clientCreds != NULL);

		serverCreds = test_tls_creds_psk_create(
		QCRYPTO_TLS_CREDS_ENDPOINT_SERVER,
		WORKDIR,
		&err);
		WORKDIR);
		g_assert(serverCreds != NULL);

		/* Now the real part of the test, setup the sessions */
		clientSess = qcrypto_tls_session_new(
		clientCreds, NULL, NULL,
		QCRYPTO_TLS_CREDS_ENDPOINT_CLIENT, &err);
		QCRYPTO_TLS_CREDS_ENDPOINT_CLIENT, &error_abort);
		g_assert(clientSess != NULL);

		serverSess = qcrypto_tls_session_new(
		serverCreds, NULL, NULL,
		QCRYPTO_TLS_CREDS_ENDPOINT_SERVER, &err);

		g_assert(clientSess != NULL);
		QCRYPTO_TLS_CREDS_ENDPOINT_SERVER, &error_abort);
		g_assert(serverSess != NULL);

		/* For handshake to work, we need to set the I/O callbacks
		@@ -145,7 +135,7 @@ static void test_crypto_tls_session_psk(void)
		int rv;
		if (!serverShake) {
		rv = qcrypto_tls_session_handshake(serverSess,
		&err);
		&error_abort);
		g_assert(rv >= 0);
		if (qcrypto_tls_session_get_handshake_status(serverSess) ==
		QCRYPTO_TLS_HANDSHAKE_COMPLETE) {
		@@ -154,19 +144,21 @@ static void test_crypto_tls_session_psk(void)
		}
		if (!clientShake) {
		rv = qcrypto_tls_session_handshake(clientSess,
		&err);
		&error_abort);
		g_assert(rv >= 0);
		if (qcrypto_tls_session_get_handshake_status(clientSess) ==
		QCRYPTO_TLS_HANDSHAKE_COMPLETE) {
		clientShake = true;
		}
		}
		} while (!clientShake && !serverShake);
		} while (!clientShake \|\| !serverShake);


		/* Finally make sure the server & client validation is successful. */
		g_assert(qcrypto_tls_session_check_credentials(serverSess, &err) == 0);
		g_assert(qcrypto_tls_session_check_credentials(clientSess, &err) == 0);
		g_assert(qcrypto_tls_session_check_credentials(serverSess,
		&error_abort) == 0);
		g_assert(qcrypto_tls_session_check_credentials(clientSess,
		&error_abort) == 0);

		object_unparent(OBJECT(serverCreds));
		object_unparent(OBJECT(clientCreds));
		@@ -192,17 +184,15 @@ struct QCryptoTLSSessionTestData {

		static QCryptoTLSCreds *test_tls_creds_x509_create(
		QCryptoTLSCredsEndpoint endpoint,
		const char *certdir,
		Error **errp)
		const char *certdir)
		{
		Error *err = NULL;
		Object *parent = object_get_objects_root();
		Object *creds = object_new_with_props(
		TYPE_QCRYPTO_TLS_CREDS_X509,
		parent,
		(endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER ?
		"testtlscredsserver" : "testtlscredsclient"),
		&err,
		&error_abort,
		"endpoint", (endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER ?
		"server" : "client"),
		"dir", certdir,
		@@ -217,11 +207,6 @@ static QCryptoTLSCreds *test_tls_creds_x509_create(
		"sanity-check", "no",
		NULL
		);

		if (err) {
		error_propagate(errp, err);
		return NULL;
		}
		return QCRYPTO_TLS_CREDS(creds);
		}

		@@ -249,7 +234,6 @@ static void test_crypto_tls_session_x509(const void *opaque)
		int channel[2];
		bool clientShake = false;
		bool serverShake = false;
		Error *err = NULL;
		int ret;

		/* We'll use this for our fake client-server connection */
		@@ -293,14 +277,12 @@ static void test_crypto_tls_session_x509(const void *opaque)

		clientCreds = test_tls_creds_x509_create(
		QCRYPTO_TLS_CREDS_ENDPOINT_CLIENT,
		CLIENT_CERT_DIR,
		&err);
		CLIENT_CERT_DIR);
		g_assert(clientCreds != NULL);

		serverCreds = test_tls_creds_x509_create(
		QCRYPTO_TLS_CREDS_ENDPOINT_SERVER,
		SERVER_CERT_DIR,
		&err);
		SERVER_CERT_DIR);
		g_assert(serverCreds != NULL);

		acl = qemu_acl_init("tlssessionacl");
		@@ -314,13 +296,13 @@ static void test_crypto_tls_session_x509(const void *opaque)
		/* Now the real part of the test, setup the sessions */
		clientSess = qcrypto_tls_session_new(
		clientCreds, data->hostname, NULL,
		QCRYPTO_TLS_CREDS_ENDPOINT_CLIENT, &err);
		QCRYPTO_TLS_CREDS_ENDPOINT_CLIENT, &error_abort);
		g_assert(clientSess != NULL);

		serverSess = qcrypto_tls_session_new(
		serverCreds, NULL,
		data->wildcards ? "tlssessionacl" : NULL,
		QCRYPTO_TLS_CREDS_ENDPOINT_SERVER, &err);

		g_assert(clientSess != NULL);
		QCRYPTO_TLS_CREDS_ENDPOINT_SERVER, &error_abort);
		g_assert(serverSess != NULL);

		/* For handshake to work, we need to set the I/O callbacks
		@@ -343,7 +325,7 @@ static void test_crypto_tls_session_x509(const void *opaque)
		int rv;
		if (!serverShake) {
		rv = qcrypto_tls_session_handshake(serverSess,
		&err);
		&error_abort);
		g_assert(rv >= 0);
		if (qcrypto_tls_session_get_handshake_status(serverSess) ==
		QCRYPTO_TLS_HANDSHAKE_COMPLETE) {
		@@ -352,23 +334,22 @@ static void test_crypto_tls_session_x509(const void *opaque)
		}
		if (!clientShake) {
		rv = qcrypto_tls_session_handshake(clientSess,
		&err);
		&error_abort);
		g_assert(rv >= 0);
		if (qcrypto_tls_session_get_handshake_status(clientSess) ==
		QCRYPTO_TLS_HANDSHAKE_COMPLETE) {
		clientShake = true;
		}
		}
		} while (!clientShake && !serverShake);
		} while (!clientShake \|\| !serverShake);


		/* Finally make sure the server validation does what
		* we were expecting
		*/
		if (qcrypto_tls_session_check_credentials(serverSess, &err) < 0) {
		if (qcrypto_tls_session_check_credentials(
		serverSess, data->expectServerFail ? NULL : &error_abort) < 0) {
		g_assert(data->expectServerFail);
		error_free(err);
		err = NULL;
		} else {
		g_assert(!data->expectServerFail);
		}
		@@ -376,10 +357,9 @@ static void test_crypto_tls_session_x509(const void *opaque)
		/*
		* And the same for the client validation check
		*/
		if (qcrypto_tls_session_check_credentials(clientSess, &err) < 0) {
		if (qcrypto_tls_session_check_credentials(
		clientSess, data->expectClientFail ? NULL : &error_abort) < 0) {
		g_assert(data->expectClientFail);
		error_free(err);
		err = NULL;
		} else {
		g_assert(!data->expectClientFail);
		}