This small patch series is a formal submission of another part of my previous RFC series
https://lists.gnu.org/archive/html/qemu-devel/2015-04/msg02038.html Now we have the basic crypto module defined for hash/cipher APIs, we extend it to also cover TLS credential and TLS session handling APIs. These new TLS related APIs obsolete the vast majority of the TLS handling code in the current VNC server. As a result the VNC server no longer has to worry about conditional compilation for GNUTLS. It also gives us code reuse for future patches which intend to add TLS support to chardevs, migration, nbd, etc. This series deprecates the existing way of configuring TLS for VNC on the command line, but maintains support for back-compat reasons. Since the nice is now totally isolated from the VNC server it is also practical to provide significant unit test coverage of what is security critical code. Aside from the new CLI syntax for configuring TLS with VNC, the only other functional change is to allow diffie-hellman params to be loaded from a file, instead of being generated at startup. Daniel P. Berrange (5): crypto: introduce new module for handling TLS credentials crypto: add sanity checking of TLS credentials crypto: introduce new module for handling TLS sessions ui: fix return type for VNC I/O functions to be ssize_t ui: convert VNC server to use QCryptoTLSSession configure | 53 +- crypto/Makefile.objs | 2 + crypto/init.c | 8 + crypto/tlscreds.c | 1100 +++++++++++++++++++++++++++++++++++++++ crypto/tlssession.c | 545 ++++++++++++++++++++ include/crypto/tlscreds.h | 151 ++++++ include/crypto/tlssession.h | 322 ++++++++++++ qemu-options.hx | 58 ++- tests/.gitignore | 7 + tests/Makefile | 14 +- tests/crypto-tls-helpers.c | 485 ++++++++++++++++++ tests/crypto-tls-helpers.h | 133 +++++ tests/pkix_asn1_tab.c | 1103 ++++++++++++++++++++++++++++++++++++++++ tests/test-crypto-tlscreds.c | 735 ++++++++++++++++++++++++++ tests/test-crypto-tlssession.c | 535 +++++++++++++++++++ ui/Makefile.objs | 2 +- ui/vnc-auth-sasl.c | 36 +- ui/vnc-auth-vencrypt.c | 80 +-- ui/vnc-tls.c | 474 ----------------- ui/vnc-tls.h | 69 --- ui/vnc-ws.c | 82 +-- ui/vnc-ws.h | 2 - ui/vnc.c | 369 +++++++++----- ui/vnc.h | 17 +- 24 files changed, 5569 insertions(+), 813 deletions(-) create mode 100644 crypto/tlscreds.c create mode 100644 crypto/tlssession.c create mode 100644 include/crypto/tlscreds.h create mode 100644 include/crypto/tlssession.h create mode 100644 tests/crypto-tls-helpers.c create mode 100644 tests/crypto-tls-helpers.h create mode 100644 tests/pkix_asn1_tab.c create mode 100644 tests/test-crypto-tlscreds.c create mode 100644 tests/test-crypto-tlssession.c delete mode 100644 ui/vnc-tls.c delete mode 100644 ui/vnc-tls.h -- 2.4.3
