From 07982d2ee9a57bf4f04fc18f77f0f56fa9a33c08 Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" Date: Wed, 13 Jan 2016 12:22:33 +0000 Subject: [PATCH 1/3] crypto: fix description of @errp parameter initialization The "Error **errp" parameters must be NULL initialized not uninitialized. Signed-off-by: Daniel P. Berrange --- include/crypto/cipher.h | 8 ++++---- include/crypto/hash.h | 12 ++++++------ include/crypto/tlssession.h | 8 ++++---- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/include/crypto/cipher.h b/include/crypto/cipher.h index a812803df1..f90ac79567 100644 --- a/include/crypto/cipher.h +++ b/include/crypto/cipher.h @@ -138,7 +138,7 @@ size_t qcrypto_cipher_get_iv_len(QCryptoCipherAlgorithm alg, * @mode: the cipher usage mode * @key: the private key bytes * @nkey: the length of @key - * @errp: pointer to an uninitialized error object + * @errp: pointer to a NULL-initialized error object * * Creates a new cipher object for encrypting/decrypting * data with the algorithm @alg in the usage mode @mode. @@ -174,7 +174,7 @@ void qcrypto_cipher_free(QCryptoCipher *cipher); * @in: buffer holding the plain text input data * @out: buffer to fill with the cipher text output data * @len: the length of @in and @out buffers - * @errp: pointer to an uninitialized error object + * @errp: pointer to a NULL-initialized error object * * Encrypts the plain text stored in @in, filling * @out with the resulting ciphered text. Both the @@ -196,7 +196,7 @@ int qcrypto_cipher_encrypt(QCryptoCipher *cipher, * @in: buffer holding the cipher text input data * @out: buffer to fill with the plain text output data * @len: the length of @in and @out buffers - * @errp: pointer to an uninitialized error object + * @errp: pointer to a NULL-initialized error object * * Decrypts the cipher text stored in @in, filling * @out with the resulting plain text. Both the @@ -216,7 +216,7 @@ int qcrypto_cipher_decrypt(QCryptoCipher *cipher, * @cipher: the cipher object * @iv: the initialization vector bytes * @niv: the length of @iv - * @errpr: pointer to an uninitialized error object + * @errpr: pointer to a NULL-initialized error object * * If the @cipher object is setup to use a mode that requires * initialization vectors, this sets the initialization vector diff --git a/include/crypto/hash.h b/include/crypto/hash.h index 41822c0a4e..5e8d9a1372 100644 --- a/include/crypto/hash.h +++ b/include/crypto/hash.h @@ -55,7 +55,7 @@ size_t qcrypto_hash_digest_len(QCryptoHashAlgorithm alg); * @niov: the length of @iov * @result: pointer to hold output hash * @resultlen: pointer to hold length of @result - * @errp: pointer to uninitialized error object + * @errp: pointer to a NULL-initialized error object * * Computes the hash across all the memory regions * present in @iov. The @result pointer will be @@ -80,7 +80,7 @@ int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg, * @len: the length of @buf * @result: pointer to hold output hash * @resultlen: pointer to hold length of @result - * @errp: pointer to uninitialized error object + * @errp: pointer to a NULL-initialized error object * * Computes the hash across all the memory region * @buf of length @len. The @result pointer will be @@ -104,7 +104,7 @@ int qcrypto_hash_bytes(QCryptoHashAlgorithm alg, * @iov: the array of memory regions to hash * @niov: the length of @iov * @digest: pointer to hold output hash - * @errp: pointer to uninitialized error object + * @errp: pointer to a NULL-initialized error object * * Computes the hash across all the memory regions * present in @iov. The @digest pointer will be @@ -127,7 +127,7 @@ int qcrypto_hash_digestv(QCryptoHashAlgorithm alg, * @buf: the memory region to hash * @len: the length of @buf * @digest: pointer to hold output hash - * @errp: pointer to uninitialized error object + * @errp: pointer to a NULL-initialized error object * * Computes the hash across all the memory region * @buf of length @len. The @digest pointer will be @@ -150,7 +150,7 @@ int qcrypto_hash_digest(QCryptoHashAlgorithm alg, * @iov: the array of memory regions to hash * @niov: the length of @iov * @base64: pointer to hold output hash - * @errp: pointer to uninitialized error object + * @errp: pointer to a NULL-initialized error object * * Computes the hash across all the memory regions * present in @iov. The @base64 pointer will be @@ -173,7 +173,7 @@ int qcrypto_hash_base64v(QCryptoHashAlgorithm alg, * @buf: the memory region to hash * @len: the length of @buf * @base64: pointer to hold output hash - * @errp: pointer to uninitialized error object + * @errp: pointer to a NULL-initialized error object * * Computes the hash across all the memory region * @buf of length @len. The @base64 pointer will be diff --git a/include/crypto/tlssession.h b/include/crypto/tlssession.h index d356a8dc17..c1bad9e4f0 100644 --- a/include/crypto/tlssession.h +++ b/include/crypto/tlssession.h @@ -114,7 +114,7 @@ typedef struct QCryptoTLSSession QCryptoTLSSession; * @hostname: optional hostname to validate * @aclname: optional ACL to validate peer credentials against * @endpoint: role of the TLS session, client or server - * @errp: pointer to an uninitialized error object + * @errp: pointer to a NULL-initialized error object * * Create a new TLS session object that will be used to * negotiate a TLS session over an arbitrary data channel. @@ -163,7 +163,7 @@ void qcrypto_tls_session_free(QCryptoTLSSession *sess); /** * qcrypto_tls_session_check_credentials: * @sess: the TLS session object - * @errp: pointer to an uninitialized error object + * @errp: pointer to a NULL-initialized error object * * Validate the peer's credentials after a successful * TLS handshake. It is an error to call this before @@ -249,7 +249,7 @@ ssize_t qcrypto_tls_session_read(QCryptoTLSSession *sess, /** * qcrypto_tls_session_handshake: * @sess: the TLS session object - * @errp: pointer to an uninitialized error object + * @errp: pointer to a NULL-initialized error object * * Start, or continue, a TLS handshake sequence. If * the underlying data channel is non-blocking, then @@ -292,7 +292,7 @@ qcrypto_tls_session_get_handshake_status(QCryptoTLSSession *sess); /** * qcrypto_tls_session_get_key_size: * @sess: the TLS session object - * @errp: pointer to an uninitialized error object + * @errp: pointer to a NULL-initialized error object * * Check the size of the data channel encryption key * From 9884abee8f3f52002f33616cd86bc4a5d8d7b6d1 Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" Date: Mon, 24 Aug 2015 18:46:57 +0100 Subject: [PATCH 2/3] crypto: register properties against the class instead of object This converts the tlscredsx509, tlscredsanon and secret objects to register their properties against the class rather than object. Signed-off-by: Daniel P. Berrange --- crypto/secret.c | 60 +++++++++++++++++++------------------------ crypto/tlscreds.c | 36 +++++++++++++++----------- crypto/tlscredsanon.c | 16 ++++-------- crypto/tlscredsx509.c | 26 +++++++++---------- 4 files changed, 66 insertions(+), 72 deletions(-) diff --git a/crypto/secret.c b/crypto/secret.c index 90592c0a3e..be736f2cd5 100644 --- a/crypto/secret.c +++ b/crypto/secret.c @@ -352,38 +352,6 @@ qcrypto_secret_complete(UserCreatable *uc, Error **errp) } -static void -qcrypto_secret_init(Object *obj) -{ - object_property_add_bool(obj, "loaded", - qcrypto_secret_prop_get_loaded, - qcrypto_secret_prop_set_loaded, - NULL); - object_property_add_enum(obj, "format", - "QCryptoSecretFormat", - QCryptoSecretFormat_lookup, - qcrypto_secret_prop_get_format, - qcrypto_secret_prop_set_format, - NULL); - object_property_add_str(obj, "data", - qcrypto_secret_prop_get_data, - qcrypto_secret_prop_set_data, - NULL); - object_property_add_str(obj, "file", - qcrypto_secret_prop_get_file, - qcrypto_secret_prop_set_file, - NULL); - object_property_add_str(obj, "keyid", - qcrypto_secret_prop_get_keyid, - qcrypto_secret_prop_set_keyid, - NULL); - object_property_add_str(obj, "iv", - qcrypto_secret_prop_get_iv, - qcrypto_secret_prop_set_iv, - NULL); -} - - static void qcrypto_secret_finalize(Object *obj) { @@ -402,6 +370,33 @@ qcrypto_secret_class_init(ObjectClass *oc, void *data) UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc); ucc->complete = qcrypto_secret_complete; + + object_class_property_add_bool(oc, "loaded", + qcrypto_secret_prop_get_loaded, + qcrypto_secret_prop_set_loaded, + NULL); + object_class_property_add_enum(oc, "format", + "QCryptoSecretFormat", + QCryptoSecretFormat_lookup, + qcrypto_secret_prop_get_format, + qcrypto_secret_prop_set_format, + NULL); + object_class_property_add_str(oc, "data", + qcrypto_secret_prop_get_data, + qcrypto_secret_prop_set_data, + NULL); + object_class_property_add_str(oc, "file", + qcrypto_secret_prop_get_file, + qcrypto_secret_prop_set_file, + NULL); + object_class_property_add_str(oc, "keyid", + qcrypto_secret_prop_get_keyid, + qcrypto_secret_prop_set_keyid, + NULL); + object_class_property_add_str(oc, "iv", + qcrypto_secret_prop_get_iv, + qcrypto_secret_prop_set_iv, + NULL); } @@ -493,7 +488,6 @@ static const TypeInfo qcrypto_secret_info = { .parent = TYPE_OBJECT, .name = TYPE_QCRYPTO_SECRET, .instance_size = sizeof(QCryptoSecret), - .instance_init = qcrypto_secret_init, .instance_finalize = qcrypto_secret_finalize, .class_size = sizeof(QCryptoSecretClass), .class_init = qcrypto_secret_class_init, diff --git a/crypto/tlscreds.c b/crypto/tlscreds.c index 38bb671198..fc99589c22 100644 --- a/crypto/tlscreds.c +++ b/crypto/tlscreds.c @@ -198,27 +198,32 @@ qcrypto_tls_creds_prop_get_endpoint(Object *obj, } +static void +qcrypto_tls_creds_class_init(ObjectClass *oc, void *data) +{ + object_class_property_add_bool(oc, "verify-peer", + qcrypto_tls_creds_prop_get_verify, + qcrypto_tls_creds_prop_set_verify, + NULL); + object_class_property_add_str(oc, "dir", + qcrypto_tls_creds_prop_get_dir, + qcrypto_tls_creds_prop_set_dir, + NULL); + object_class_property_add_enum(oc, "endpoint", + "QCryptoTLSCredsEndpoint", + QCryptoTLSCredsEndpoint_lookup, + qcrypto_tls_creds_prop_get_endpoint, + qcrypto_tls_creds_prop_set_endpoint, + NULL); +} + + static void qcrypto_tls_creds_init(Object *obj) { QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(obj); creds->verifyPeer = true; - - object_property_add_bool(obj, "verify-peer", - qcrypto_tls_creds_prop_get_verify, - qcrypto_tls_creds_prop_set_verify, - NULL); - object_property_add_str(obj, "dir", - qcrypto_tls_creds_prop_get_dir, - qcrypto_tls_creds_prop_set_dir, - NULL); - object_property_add_enum(obj, "endpoint", - "QCryptoTLSCredsEndpoint", - QCryptoTLSCredsEndpoint_lookup, - qcrypto_tls_creds_prop_get_endpoint, - qcrypto_tls_creds_prop_set_endpoint, - NULL); } @@ -237,6 +242,7 @@ static const TypeInfo qcrypto_tls_creds_info = { .instance_size = sizeof(QCryptoTLSCreds), .instance_init = qcrypto_tls_creds_init, .instance_finalize = qcrypto_tls_creds_finalize, + .class_init = qcrypto_tls_creds_class_init, .class_size = sizeof(QCryptoTLSCredsClass), .abstract = true, }; diff --git a/crypto/tlscredsanon.c b/crypto/tlscredsanon.c index 55e2047b76..f36a793d16 100644 --- a/crypto/tlscredsanon.c +++ b/crypto/tlscredsanon.c @@ -171,16 +171,6 @@ qcrypto_tls_creds_anon_complete(UserCreatable *uc, Error **errp) } -static void -qcrypto_tls_creds_anon_init(Object *obj) -{ - object_property_add_bool(obj, "loaded", - qcrypto_tls_creds_anon_prop_get_loaded, - qcrypto_tls_creds_anon_prop_set_loaded, - NULL); -} - - static void qcrypto_tls_creds_anon_finalize(Object *obj) { @@ -196,6 +186,11 @@ qcrypto_tls_creds_anon_class_init(ObjectClass *oc, void *data) UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc); ucc->complete = qcrypto_tls_creds_anon_complete; + + object_class_property_add_bool(oc, "loaded", + qcrypto_tls_creds_anon_prop_get_loaded, + qcrypto_tls_creds_anon_prop_set_loaded, + NULL); } @@ -203,7 +198,6 @@ static const TypeInfo qcrypto_tls_creds_anon_info = { .parent = TYPE_QCRYPTO_TLS_CREDS, .name = TYPE_QCRYPTO_TLS_CREDS_ANON, .instance_size = sizeof(QCryptoTLSCredsAnon), - .instance_init = qcrypto_tls_creds_anon_init, .instance_finalize = qcrypto_tls_creds_anon_finalize, .class_size = sizeof(QCryptoTLSCredsAnonClass), .class_init = qcrypto_tls_creds_anon_class_init, diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c index 8664b825bf..99130433fd 100644 --- a/crypto/tlscredsx509.c +++ b/crypto/tlscredsx509.c @@ -804,19 +804,6 @@ qcrypto_tls_creds_x509_init(Object *obj) QCryptoTLSCredsX509 *creds = QCRYPTO_TLS_CREDS_X509(obj); creds->sanityCheck = true; - - object_property_add_bool(obj, "loaded", - qcrypto_tls_creds_x509_prop_get_loaded, - qcrypto_tls_creds_x509_prop_set_loaded, - NULL); - object_property_add_bool(obj, "sanity-check", - qcrypto_tls_creds_x509_prop_get_sanity, - qcrypto_tls_creds_x509_prop_set_sanity, - NULL); - object_property_add_str(obj, "passwordid", - qcrypto_tls_creds_x509_prop_get_passwordid, - qcrypto_tls_creds_x509_prop_set_passwordid, - NULL); } @@ -836,6 +823,19 @@ qcrypto_tls_creds_x509_class_init(ObjectClass *oc, void *data) UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc); ucc->complete = qcrypto_tls_creds_x509_complete; + + object_class_property_add_bool(oc, "loaded", + qcrypto_tls_creds_x509_prop_get_loaded, + qcrypto_tls_creds_x509_prop_set_loaded, + NULL); + object_class_property_add_bool(oc, "sanity-check", + qcrypto_tls_creds_x509_prop_get_sanity, + qcrypto_tls_creds_x509_prop_set_sanity, + NULL); + object_class_property_add_str(oc, "passwordid", + qcrypto_tls_creds_x509_prop_get_passwordid, + qcrypto_tls_creds_x509_prop_set_passwordid, + NULL); } From c0377a7cc6cb46aba295b744d237aeed94087ac0 Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" Date: Fri, 15 Jan 2016 11:23:45 +0000 Subject: [PATCH 3/3] crypto: ensure qcrypto_hash_digest_len is always defined The qcrypto_hash_digest_len method was accidentally inside a CONFIG_GNUTLS_HASH block, even though it doesn't depend on gnutls. Re-arrange it to be unconditionally defined. Reviewed-by: Fam Zheng Signed-off-by: Daniel P. Berrange --- crypto/hash.c | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/crypto/hash.c b/crypto/hash.c index 33324b6d06..4a8c0caea1 100644 --- a/crypto/hash.c +++ b/crypto/hash.c @@ -24,12 +24,8 @@ #ifdef CONFIG_GNUTLS_HASH #include #include +#endif -static int qcrypto_hash_alg_map[QCRYPTO_HASH_ALG__MAX] = { - [QCRYPTO_HASH_ALG_MD5] = GNUTLS_DIG_MD5, - [QCRYPTO_HASH_ALG_SHA1] = GNUTLS_DIG_SHA1, - [QCRYPTO_HASH_ALG_SHA256] = GNUTLS_DIG_SHA256, -}; static size_t qcrypto_hash_alg_size[QCRYPTO_HASH_ALG__MAX] = { [QCRYPTO_HASH_ALG_MD5] = 16, @@ -37,6 +33,22 @@ static size_t qcrypto_hash_alg_size[QCRYPTO_HASH_ALG__MAX] = { [QCRYPTO_HASH_ALG_SHA256] = 32, }; +size_t qcrypto_hash_digest_len(QCryptoHashAlgorithm alg) +{ + if (alg >= G_N_ELEMENTS(qcrypto_hash_alg_size)) { + return 0; + } + return qcrypto_hash_alg_size[alg]; +} + + +#ifdef CONFIG_GNUTLS_HASH +static int qcrypto_hash_alg_map[QCRYPTO_HASH_ALG__MAX] = { + [QCRYPTO_HASH_ALG_MD5] = GNUTLS_DIG_MD5, + [QCRYPTO_HASH_ALG_SHA1] = GNUTLS_DIG_SHA1, + [QCRYPTO_HASH_ALG_SHA256] = GNUTLS_DIG_SHA256, +}; + gboolean qcrypto_hash_supports(QCryptoHashAlgorithm alg) { if (alg < G_N_ELEMENTS(qcrypto_hash_alg_map)) { @@ -45,14 +57,6 @@ gboolean qcrypto_hash_supports(QCryptoHashAlgorithm alg) return false; } -size_t qcrypto_hash_digest_len(QCryptoHashAlgorithm alg) -{ - if (alg >= G_N_ELEMENTS(qcrypto_hash_alg_size)) { - return 0; - } - return qcrypto_hash_alg_size[alg]; -} - int qcrypto_hash_bytesv(QCryptoHashAlgorithm alg, const struct iovec *iov,