diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2021-07-15 19:06:08 +0100 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2021-07-15 19:06:08 +0100 |
| commit | d4127349e316b5c78645f95dba5922196ac4cc23 (patch) | |
| tree | 158fb3e1701cce7a7334970dad8fa085d3fd1c30 /ui/vnc.c | |
| parent | 438951e8839c66a0d0f65011a7a4ff6bd50efad6 (diff) | |
| parent | 80d78357495837f1f0e53fbb6bca5fb793631d94 (diff) | |
| download | focaccia-qemu-d4127349e316b5c78645f95dba5922196ac4cc23.tar.gz focaccia-qemu-d4127349e316b5c78645f95dba5922196ac4cc23.zip | |
Merge remote-tracking branch 'remotes/berrange-gitlab/tags/crypto-and-more-pull-request' into staging
Merge crypto updates and misc fixes * Introduce a GNUTLS backend for crypto algorithms * Change crypto library preference gnutls > gcrypt > nettle > built-in * Remove built-in DES impl * Remove XTS mode from built-in AES impl * Fix seccomp rules to allow resource info getters * Fix migration performance test * Use GDateTime in io/ and net/rocker/ code * Improve docs for -smp # gpg: Signature made Wed 14 Jul 2021 15:08:00 BST # gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF # gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full] # gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [full] # Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF * remotes/berrange-gitlab/tags/crypto-and-more-pull-request: (26 commits) qemu-options: rewrite help for -smp options qemu-options: tweak to show that CPU count is optional qemu-options: re-arrange CPU topology options docs: fix typo s/Intel/AMD/ in CPU model notes tests/migration: fix unix socket migration seccomp: don't block getters for resource control syscalls io: use GDateTime for formatting timestamp for websock headers net/rocker: use GDateTime for formatting timestamp in debug messages crypto: prefer gnutls as the crypto backend if new enough crypto: add gnutls pbkdf provider crypto: add gnutls hmac provider crypto: add gnutls hash provider crypto: add gnutls cipher provider crypto: introduce build system for gnutls crypto backend crypto: flip priority of backends to prefer gcrypt crypto: replace 'des-rfb' cipher with 'des' crypto: delete built-in XTS cipher mode support crypto: delete built-in DES implementation crypto: add crypto tests for single block DES-ECB and DES-CBC crypto: drop custom XTS support in gcrypt driver ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'ui/vnc.c')
| -rw-r--r-- | ui/vnc.c | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/ui/vnc.c b/ui/vnc.c index 0e5fcb278f..af02522e84 100644 --- a/ui/vnc.c +++ b/ui/vnc.c @@ -2733,6 +2733,19 @@ static void authentication_failed(VncState *vs) vnc_client_error(vs); } +static void +vnc_munge_des_rfb_key(unsigned char *key, size_t nkey) +{ + size_t i; + for (i = 0; i < nkey; i++) { + uint8_t r = key[i]; + r = (r & 0xf0) >> 4 | (r & 0x0f) << 4; + r = (r & 0xcc) >> 2 | (r & 0x33) << 2; + r = (r & 0xaa) >> 1 | (r & 0x55) << 1; + key[i] = r; + } +} + static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len) { unsigned char response[VNC_AUTH_CHALLENGE_SIZE]; @@ -2757,9 +2770,10 @@ static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len) pwlen = strlen(vs->vd->password); for (i=0; i<sizeof(key); i++) key[i] = i<pwlen ? vs->vd->password[i] : 0; + vnc_munge_des_rfb_key(key, sizeof(key)); cipher = qcrypto_cipher_new( - QCRYPTO_CIPHER_ALG_DES_RFB, + QCRYPTO_CIPHER_ALG_DES, QCRYPTO_CIPHER_MODE_ECB, key, G_N_ELEMENTS(key), &err); @@ -4045,9 +4059,9 @@ void vnc_display_open(const char *id, Error **errp) goto fail; } if (!qcrypto_cipher_supports( - QCRYPTO_CIPHER_ALG_DES_RFB, QCRYPTO_CIPHER_MODE_ECB)) { + QCRYPTO_CIPHER_ALG_DES, QCRYPTO_CIPHER_MODE_ECB)) { error_setg(errp, - "Cipher backend does not support DES RFB algorithm"); + "Cipher backend does not support DES algorithm"); goto fail; } } |