diff options
| -rw-r--r-- | crypto/hash.c | 4 | ||||
| -rw-r--r-- | crypto/tlscredsx509.c | 17 | ||||
| -rw-r--r-- | include/crypto/aes.h | 5 | ||||
| -rw-r--r-- | tests/test-crypto-secret.c | 6 |
4 files changed, 18 insertions, 14 deletions
diff --git a/crypto/hash.c b/crypto/hash.c index b90af3495a..2907bffd2e 100644 --- a/crypto/hash.c +++ b/crypto/hash.c @@ -36,9 +36,7 @@ static size_t qcrypto_hash_alg_size[QCRYPTO_HASH_ALG__MAX] = { size_t qcrypto_hash_digest_len(QCryptoHashAlgorithm alg) { - if (alg >= G_N_ELEMENTS(qcrypto_hash_alg_size)) { - return 0; - } + assert(alg < G_N_ELEMENTS(qcrypto_hash_alg_size)); return qcrypto_hash_alg_size[alg]; } diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c index 6a0179c2e1..520d34d77e 100644 --- a/crypto/tlscredsx509.c +++ b/crypto/tlscredsx509.c @@ -392,11 +392,14 @@ qcrypto_tls_creds_load_cert(QCryptoTLSCredsX509 *creds, gsize buflen; GError *gerr; int ret = -1; + int err; trace_qcrypto_tls_creds_x509_load_cert(creds, isServer, certFile); - if (gnutls_x509_crt_init(&cert) < 0) { - error_setg(errp, "Unable to initialize certificate"); + err = gnutls_x509_crt_init(&cert); + if (err < 0) { + error_setg(errp, "Unable to initialize certificate: %s", + gnutls_strerror(err)); goto cleanup; } @@ -410,11 +413,13 @@ qcrypto_tls_creds_load_cert(QCryptoTLSCredsX509 *creds, data.data = (unsigned char *)buf; data.size = strlen(buf); - if (gnutls_x509_crt_import(cert, &data, GNUTLS_X509_FMT_PEM) < 0) { + err = gnutls_x509_crt_import(cert, &data, GNUTLS_X509_FMT_PEM); + if (err < 0) { error_setg(errp, isServer ? - "Unable to import server certificate %s" : - "Unable to import client certificate %s", - certFile); + "Unable to import server certificate %s: %s" : + "Unable to import client certificate %s: %s", + certFile, + gnutls_strerror(err)); goto cleanup; } diff --git a/include/crypto/aes.h b/include/crypto/aes.h index a006da2224..12fb321b89 100644 --- a/include/crypto/aes.h +++ b/include/crypto/aes.h @@ -10,14 +10,13 @@ struct aes_key_st { }; typedef struct aes_key_st AES_KEY; -/* FreeBSD has its own AES_set_decrypt_key in -lcrypto, avoid conflicts */ -#ifdef __FreeBSD__ +/* FreeBSD/OpenSSL have their own AES functions with the same names in -lcrypto + * (which might be pulled in via curl), so redefine to avoid conflicts. */ #define AES_set_encrypt_key QEMU_AES_set_encrypt_key #define AES_set_decrypt_key QEMU_AES_set_decrypt_key #define AES_encrypt QEMU_AES_encrypt #define AES_decrypt QEMU_AES_decrypt #define AES_cbc_encrypt QEMU_AES_cbc_encrypt -#endif int AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key); diff --git a/tests/test-crypto-secret.c b/tests/test-crypto-secret.c index 0b1fe8dd37..13fc6c4c75 100644 --- a/tests/test-crypto-secret.c +++ b/tests/test-crypto-secret.c @@ -49,7 +49,7 @@ static void test_secret_indirect_good(void) { Object *sec; char *fname = NULL; - int fd = g_file_open_tmp("secretXXXXXX", + int fd = g_file_open_tmp("qemu-test-crypto-secret-XXXXXX", &fname, NULL); @@ -74,6 +74,7 @@ static void test_secret_indirect_good(void) object_unparent(sec); g_free(pw); close(fd); + unlink(fname); g_free(fname); } @@ -96,7 +97,7 @@ static void test_secret_indirect_emptyfile(void) { Object *sec; char *fname = NULL; - int fd = g_file_open_tmp("secretXXXXXX", + int fd = g_file_open_tmp("qemu-test-crypto-secretXXXXXX", &fname, NULL); @@ -119,6 +120,7 @@ static void test_secret_indirect_emptyfile(void) object_unparent(sec); g_free(pw); close(fd); + unlink(fname); g_free(fname); } |