crypto: push error reporting into TLS session I/O APIs

The current TLS session I/O APIs just return a synthetic errno value on error, which has been translated from a gnutls error value. This looses a large amount of valuable information that distinguishes different scenarios. Pushing population of the "Error *errp" object into the TLS session I/O APIs gives more detailed error information. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2025-08-04 08:13:54 -06:00 · 2024-03-15 14:07:58 +00:00 · 2024-03-15 14:07:58 +00:00 · 57941c9c86
commit 57941c9c86
parent 305233349b
3 changed files with 68 additions and 63 deletions
--- a/include/crypto/tlssession.h
+++ b/include/crypto/tlssession.h
@ -107,6 +107,7 @@

 typedef struct QCryptoTLSSession QCryptoTLSSession;

+#define QCRYPTO_TLS_SESSION_ERR_BLOCK -2

 /**
 * qcrypto_tls_session_new:
@ -212,6 +213,7 @@ void qcrypto_tls_session_set_callbacks(QCryptoTLSSession *sess,
 * @sess: the TLS session object
 * @buf: the plain text to send
 * @len: the length of @buf
+ * @errp: pointer to hold returned error object
 *
 * Encrypt @len bytes of the data in @buf and send
 * it to the remote peer using the callback previously
@ -221,32 +223,45 @@ void qcrypto_tls_session_set_callbacks(QCryptoTLSSession *sess,
 * qcrypto_tls_session_get_handshake_status() returns
 * QCRYPTO_TLS_HANDSHAKE_COMPLETE
 *
- * Returns: the number of bytes sent, or -1 on error
+ * Returns: the number of bytes sent,
+ * or QCRYPTO_TLS_SESSION_ERR_BLOCK if the write would block,
+ * or -1 on error.
 */
 ssize_t qcrypto_tls_session_write(QCryptoTLSSession *sess,
                                  const char *buf,
-                                  size_t len);
+                                  size_t len,
+                                  Error **errp);

 /**
 * qcrypto_tls_session_read:
 * @sess: the TLS session object
 * @buf: to fill with plain text received
 * @len: the length of @buf
+ * @gracefulTermination: treat premature termination as graceful EOF
+ * @errp: pointer to hold returned error object
 *
 * Receive up to @len bytes of data from the remote peer
 * using the callback previously registered with
 * qcrypto_tls_session_set_callbacks(), decrypt it and
 * store it in @buf.
 *
+ * If @gracefulTermination is true, then a premature termination
+ * of the TLS session will be treated as indicating EOF, as
+ * opposed to an error.
+ *
 * It is an error to call this before
 * qcrypto_tls_session_get_handshake_status() returns
 * QCRYPTO_TLS_HANDSHAKE_COMPLETE
 *
- * Returns: the number of bytes received, or -1 on error
+ * Returns: the number of bytes received,
+ * or QCRYPTO_TLS_SESSION_ERR_BLOCK if the receive would block,
+ * or -1 on error.
 */
 ssize_t qcrypto_tls_session_read(QCryptoTLSSession *sess,
                                 char *buf,
-                                 size_t len);
+                                 size_t len,
+                                 bool gracefulTermination,
+                                 Error **errp);

 /**
 * qcrypto_tls_session_check_pending: