diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2024-10-24 11:23:38 +0100 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2024-10-24 11:23:38 +0100 |
| commit | e51d8fbb7e673e487e98327fc067700b5a3edf30 (patch) | |
| tree | fed50995641692b53c858be30d3f485e49eaead2 /crypto | |
| parent | 55522f72149fbf95ee3b057f1419da0cad46d0dd (diff) | |
| parent | c64df333f92798823c4897ae6d4bd7f49d060225 (diff) | |
| download | focaccia-qemu-e51d8fbb7e673e487e98327fc067700b5a3edf30.tar.gz focaccia-qemu-e51d8fbb7e673e487e98327fc067700b5a3edf30.zip | |
Merge tag 'misc-fixes-pull-request' of https://gitlab.com/berrange/qemu into staging
Misc sockets, crypto and VNC fixes * Fix rare EADDRINUSE failures on OpenBSD platforms seen with migration * Fix & test overwriting of hash output buffer * Close connection instead of returning empty SASL mechlist to VNC clients * Fix handling of SASL SSF on VNC server UNIX sockets * Fix handling of NULL SASL server data in VNC server * Validate trailing NUL padding byte from SASL client * Fix & test AF_ALG crypto backend build * Remove unused code in sockets and crypto subsystems # -----BEGIN PGP SIGNATURE----- # # iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAmcXscUACgkQvobrtBUQ # T9+S+Q//W9fywFY42VnsPqIAi7Q+QPDvXrPVVQ1z817hcyxdMVWC+eAg97i3QsE8 # f/+nwrigV9CIv9jqdBdMUIRLm4XhyuDspksgBAQUJ1XYmmVSmFwh2ej31m/qI8fK # fu0v6N6udkcg+5eoWEOL873hKAA+vjq30tM5Zp74fMHZahnvgjThgaJY6Z6OsCyX # 6Pgxl3Z1gym1IqQFz0nOdTMnzsQrAJbV8z2FWMKgHayg01nVoXlo5FMnNgIdItJC # v+4qX5sfRJIENJcRKMNY4dQUqbO1004+HXECLbge8pR7vsUli06xjLBkSbt/9M6r # x3lfDGKavPrKfsPk1H+eTlge/43IjJk+mXMgZxmyvrvgnyVulxRvz7ABKJ+VBUeq # CDrAuAK4tm5BIxKu6cg4CcmlqsDXwq6Sb+NdsbxTv0Deop73WZR3HCamRNU1JXkA # eXBY4QSuVA96s5TnlfZWZytIY9NmyjN48ov+ly2fOkbv/xxoUNFBY8TApSJZ/Veo # 4EvGlIfgxjv668n/2eyt67E00dGC3idTbaWYeGjgUKVyNPpxicDOnM3NTwMP3/0k # DZbvfoJcwfhPVoFMdV7ZvJKA3i8v11HdaEI0urfjm5nJWbyik6+++skan9F/femL # eRTnH2hr5sUV+eQAl2YhGuBElLmKf/HqTCeNs3lwrUQsnb9bPNc= # =fK8K # -----END PGP SIGNATURE----- # gpg: Signature made Tue 22 Oct 2024 15:08:05 BST # gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF # gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full] # gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [full] # Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF * tag 'misc-fixes-pull-request' of https://gitlab.com/berrange/qemu: gitlab: enable afalg tests in fedora system test ui: validate NUL byte padding in SASL client data more strictly ui: fix handling of NULL SASL server data ui/vnc: don't check for SSF after SASL authentication on UNIX sockets ui/vnc: fix skipping SASL SSF on UNIX sockets ui/vnc: don't raise error formatting socket address for non-inet ui/vnc: don't return an empty SASL mechlist to the client crypto/hash-afalg: Fix broken build include/crypto: clarify @result/@result_len for hash/hmac APIs tests: correctly validate result buffer in hash/hmac tests crypto/hash: avoid overwriting user supplied result pointer util: don't set SO_REUSEADDR on client sockets sockets: Remove deadcode crypto: Remove unused DER string functions Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/der.c | 13 | ||||
| -rw-r--r-- | crypto/der.h | 22 | ||||
| -rw-r--r-- | crypto/hash-afalg.c | 10 | ||||
| -rw-r--r-- | crypto/hash-gcrypt.c | 15 | ||||
| -rw-r--r-- | crypto/hash-glib.c | 11 | ||||
| -rw-r--r-- | crypto/hash-gnutls.c | 16 | ||||
| -rw-r--r-- | crypto/hash-nettle.c | 14 |
7 files changed, 50 insertions, 51 deletions
diff --git a/crypto/der.c b/crypto/der.c index ebbecfc3fe..81367524c3 100644 --- a/crypto/der.c +++ b/crypto/der.c @@ -408,19 +408,6 @@ void qcrypto_der_encode_octet_str(QCryptoEncodeContext *ctx, qcrypto_der_encode_prim(ctx, tag, src, src_len); } -void qcrypto_der_encode_octet_str_begin(QCryptoEncodeContext *ctx) -{ - uint8_t tag = QCRYPTO_DER_TAG(QCRYPTO_DER_TAG_CLASS_UNIV, - QCRYPTO_DER_TAG_ENC_PRIM, - QCRYPTO_DER_TYPE_TAG_OCT_STR); - qcrypto_der_encode_cons_begin(ctx, tag); -} - -void qcrypto_der_encode_octet_str_end(QCryptoEncodeContext *ctx) -{ - qcrypto_der_encode_cons_end(ctx); -} - size_t qcrypto_der_encode_ctx_buffer_len(QCryptoEncodeContext *ctx) { return ctx->root.dlen; diff --git a/crypto/der.h b/crypto/der.h index f4ba6da28a..bcfa4a2495 100644 --- a/crypto/der.h +++ b/crypto/der.h @@ -243,28 +243,6 @@ void qcrypto_der_encode_octet_str(QCryptoEncodeContext *ctx, const uint8_t *src, size_t src_len); /** - * qcrypto_der_encode_octet_str_begin: - * @ctx: the encode context. - * - * Start encoding a octet string, All fields between - * qcrypto_der_encode_octet_str_begin and qcrypto_der_encode_octet_str_end - * are encoded as an octet string. This is useful when we need to encode a - * encoded SEQUENCE as OCTET STRING. - */ -void qcrypto_der_encode_octet_str_begin(QCryptoEncodeContext *ctx); - -/** - * qcrypto_der_encode_octet_str_end: - * @ctx: the encode context. - * - * Finish encoding a octet string, All fields between - * qcrypto_der_encode_octet_str_begin and qcrypto_der_encode_octet_str_end - * are encoded as an octet string. This is useful when we need to encode a - * encoded SEQUENCE as OCTET STRING. - */ -void qcrypto_der_encode_octet_str_end(QCryptoEncodeContext *ctx); - -/** * qcrypto_der_encode_ctx_buffer_len: * @ctx: the encode context. * diff --git a/crypto/hash-afalg.c b/crypto/hash-afalg.c index 06e1e4699c..8c0ce5b520 100644 --- a/crypto/hash-afalg.c +++ b/crypto/hash-afalg.c @@ -142,7 +142,7 @@ QCryptoHash *qcrypto_afalg_hash_new(QCryptoHashAlgo alg, Error **errp) static void qcrypto_afalg_hash_free(QCryptoHash *hash) { - QCryptoAFAlg *ctx = hash->opaque; + QCryptoAFAlgo *ctx = hash->opaque; if (ctx) { qcrypto_afalg_comm_free(ctx); @@ -159,7 +159,7 @@ void qcrypto_afalg_hash_free(QCryptoHash *hash) * be provided to calculate the final hash. */ static -int qcrypto_afalg_send_to_kernel(QCryptoAFAlg *afalg, +int qcrypto_afalg_send_to_kernel(QCryptoAFAlgo *afalg, const struct iovec *iov, size_t niov, bool more_data, @@ -183,7 +183,7 @@ int qcrypto_afalg_send_to_kernel(QCryptoAFAlg *afalg, } static -int qcrypto_afalg_recv_from_kernel(QCryptoAFAlg *afalg, +int qcrypto_afalg_recv_from_kernel(QCryptoAFAlgo *afalg, QCryptoHashAlgo alg, uint8_t **result, size_t *result_len, @@ -222,7 +222,7 @@ int qcrypto_afalg_hash_update(QCryptoHash *hash, size_t niov, Error **errp) { - return qcrypto_afalg_send_to_kernel((QCryptoAFAlg *) hash->opaque, + return qcrypto_afalg_send_to_kernel((QCryptoAFAlgo *) hash->opaque, iov, niov, true, errp); } @@ -232,7 +232,7 @@ int qcrypto_afalg_hash_finalize(QCryptoHash *hash, size_t *result_len, Error **errp) { - return qcrypto_afalg_recv_from_kernel((QCryptoAFAlg *) hash->opaque, + return qcrypto_afalg_recv_from_kernel((QCryptoAFAlgo *) hash->opaque, hash->alg, result, result_len, errp); } diff --git a/crypto/hash-gcrypt.c b/crypto/hash-gcrypt.c index ccc3cce3f8..73533a4949 100644 --- a/crypto/hash-gcrypt.c +++ b/crypto/hash-gcrypt.c @@ -103,16 +103,25 @@ int qcrypto_gcrypt_hash_finalize(QCryptoHash *hash, size_t *result_len, Error **errp) { + int ret; unsigned char *digest; gcry_md_hd_t *ctx = hash->opaque; - *result_len = gcry_md_get_algo_dlen(qcrypto_hash_alg_map[hash->alg]); - if (*result_len == 0) { + ret = gcry_md_get_algo_dlen(qcrypto_hash_alg_map[hash->alg]); + if (ret == 0) { error_setg(errp, "Unable to get hash length"); return -1; } - *result = g_new(uint8_t, *result_len); + if (*result_len == 0) { + *result_len = ret; + *result = g_new(uint8_t, *result_len); + } else if (*result_len != ret) { + error_setg(errp, + "Result buffer size %zu is smaller than hash %d", + *result_len, ret); + return -1; + } /* Digest is freed by gcry_md_close(), copy it */ digest = gcry_md_read(*ctx, 0); diff --git a/crypto/hash-glib.c b/crypto/hash-glib.c index 02a6ec1edf..809cef98ae 100644 --- a/crypto/hash-glib.c +++ b/crypto/hash-glib.c @@ -99,8 +99,15 @@ int qcrypto_glib_hash_finalize(QCryptoHash *hash, return -1; } - *result_len = ret; - *result = g_new(uint8_t, *result_len); + if (*result_len == 0) { + *result_len = ret; + *result = g_new(uint8_t, *result_len); + } else if (*result_len != ret) { + error_setg(errp, + "Result buffer size %zu is smaller than hash %d", + *result_len, ret); + return -1; + } g_checksum_get_digest(ctx, *result, result_len); return 0; diff --git a/crypto/hash-gnutls.c b/crypto/hash-gnutls.c index 34a63994c9..99fbe824ea 100644 --- a/crypto/hash-gnutls.c +++ b/crypto/hash-gnutls.c @@ -115,14 +115,24 @@ int qcrypto_gnutls_hash_finalize(QCryptoHash *hash, Error **errp) { gnutls_hash_hd_t *ctx = hash->opaque; + int ret; - *result_len = gnutls_hash_get_len(qcrypto_hash_alg_map[hash->alg]); - if (*result_len == 0) { + ret = gnutls_hash_get_len(qcrypto_hash_alg_map[hash->alg]); + if (ret == 0) { error_setg(errp, "Unable to get hash length"); return -1; } - *result = g_new(uint8_t, *result_len); + if (*result_len == 0) { + *result_len = ret; + *result = g_new(uint8_t, *result_len); + } else if (*result_len != ret) { + error_setg(errp, + "Result buffer size %zu is smaller than hash %d", + *result_len, ret); + return -1; + } + gnutls_hash_output(*ctx, *result); return 0; } diff --git a/crypto/hash-nettle.c b/crypto/hash-nettle.c index 3b847aa60e..c78624b347 100644 --- a/crypto/hash-nettle.c +++ b/crypto/hash-nettle.c @@ -150,9 +150,17 @@ int qcrypto_nettle_hash_finalize(QCryptoHash *hash, Error **errp) { union qcrypto_hash_ctx *ctx = hash->opaque; - - *result_len = qcrypto_hash_alg_map[hash->alg].len; - *result = g_new(uint8_t, *result_len); + int ret = qcrypto_hash_alg_map[hash->alg].len; + + if (*result_len == 0) { + *result_len = ret; + *result = g_new(uint8_t, *result_len); + } else if (*result_len != ret) { + error_setg(errp, + "Result buffer size %zu is smaller than hash %d", + *result_len, ret); + return -1; + } qcrypto_hash_alg_map[hash->alg].result(ctx, *result_len, *result); |