* [PATCH 0/2] crypto: two minor fixes
@ 2024-06-10 9:40 Daniel P. Berrangé
2024-06-10 9:40 ` [PATCH 1/2] crypto: avoid leak of ctx when bad cipher mode is given Daniel P. Berrangé
2024-06-10 9:40 ` [PATCH 2/2] crypto: use consistent error reporting pattern for unsupported cipher modes Daniel P. Berrangé
0 siblings, 2 replies; 6+ messages in thread
From: Daniel P. Berrangé @ 2024-06-10 9:40 UTC (permalink / raw)
To: qemu-devel; +Cc: Daniel P. Berrangé
Daniel P. Berrangé (2):
crypto: avoid leak of ctx when bad cipher mode is given
crypto: use consistent error reporting pattern for unsupported cipher
modes
crypto/cipher-nettle.c.inc | 25 +++++++++++++++++++------
1 file changed, 19 insertions(+), 6 deletions(-)
--
2.45.1
^ permalink raw reply [flat|nested] 6+ messages in thread* [PATCH 1/2] crypto: avoid leak of ctx when bad cipher mode is given 2024-06-10 9:40 [PATCH 0/2] crypto: two minor fixes Daniel P. Berrangé @ 2024-06-10 9:40 ` Daniel P. Berrangé 2024-06-10 9:44 ` Peter Maydell ` (2 more replies) 2024-06-10 9:40 ` [PATCH 2/2] crypto: use consistent error reporting pattern for unsupported cipher modes Daniel P. Berrangé 1 sibling, 3 replies; 6+ messages in thread From: Daniel P. Berrangé @ 2024-06-10 9:40 UTC (permalink / raw) To: qemu-devel; +Cc: Daniel P. Berrangé This fixes Coverity CID-1546884 Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- crypto/cipher-nettle.c.inc | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/crypto/cipher-nettle.c.inc b/crypto/cipher-nettle.c.inc index 42b39e18a2..766de036ba 100644 --- a/crypto/cipher-nettle.c.inc +++ b/crypto/cipher-nettle.c.inc @@ -734,16 +734,19 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, #ifdef CONFIG_CRYPTO_SM4 case QCRYPTO_CIPHER_ALG_SM4: { - QCryptoNettleSm4 *ctx = g_new0(QCryptoNettleSm4, 1); + QCryptoNettleSm4 *ctx; + const QCryptoCipherDriver *drv; switch (mode) { case QCRYPTO_CIPHER_MODE_ECB: - ctx->base.driver = &qcrypto_nettle_sm4_driver_ecb; + drv = &qcrypto_nettle_sm4_driver_ecb; break; default: goto bad_cipher_mode; } + ctx = g_new0(QCryptoNettleSm4, 1); + ctx->base.driver = drv; sm4_set_encrypt_key(&ctx->key[0], key); sm4_set_decrypt_key(&ctx->key[1], key); -- 2.45.1 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 1/2] crypto: avoid leak of ctx when bad cipher mode is given 2024-06-10 9:40 ` [PATCH 1/2] crypto: avoid leak of ctx when bad cipher mode is given Daniel P. Berrangé @ 2024-06-10 9:44 ` Peter Maydell 2024-06-10 11:50 ` Philippe Mathieu-Daudé 2024-06-10 13:43 ` Markus Armbruster 2 siblings, 0 replies; 6+ messages in thread From: Peter Maydell @ 2024-06-10 9:44 UTC (permalink / raw) To: Daniel P. Berrangé; +Cc: qemu-devel On Mon, 10 Jun 2024 at 10:42, Daniel P. Berrangé <berrange@redhat.com> wrote: > > This fixes Coverity CID-1546884 > > Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> thanks -- PMM ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 1/2] crypto: avoid leak of ctx when bad cipher mode is given 2024-06-10 9:40 ` [PATCH 1/2] crypto: avoid leak of ctx when bad cipher mode is given Daniel P. Berrangé 2024-06-10 9:44 ` Peter Maydell @ 2024-06-10 11:50 ` Philippe Mathieu-Daudé 2024-06-10 13:43 ` Markus Armbruster 2 siblings, 0 replies; 6+ messages in thread From: Philippe Mathieu-Daudé @ 2024-06-10 11:50 UTC (permalink / raw) To: Daniel P. Berrangé, qemu-devel On 10/6/24 11:40, Daniel P. Berrangé wrote: > This fixes Coverity CID-1546884 > > Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> > --- > crypto/cipher-nettle.c.inc | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 1/2] crypto: avoid leak of ctx when bad cipher mode is given 2024-06-10 9:40 ` [PATCH 1/2] crypto: avoid leak of ctx when bad cipher mode is given Daniel P. Berrangé 2024-06-10 9:44 ` Peter Maydell 2024-06-10 11:50 ` Philippe Mathieu-Daudé @ 2024-06-10 13:43 ` Markus Armbruster 2 siblings, 0 replies; 6+ messages in thread From: Markus Armbruster @ 2024-06-10 13:43 UTC (permalink / raw) To: Daniel P. Berrangé; +Cc: qemu-devel Daniel P. Berrangé <berrange@redhat.com> writes: > This fixes Coverity CID-1546884 We usually say Fixes: Coverity CID 1546884 > Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> ^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 2/2] crypto: use consistent error reporting pattern for unsupported cipher modes 2024-06-10 9:40 [PATCH 0/2] crypto: two minor fixes Daniel P. Berrangé 2024-06-10 9:40 ` [PATCH 1/2] crypto: avoid leak of ctx when bad cipher mode is given Daniel P. Berrangé @ 2024-06-10 9:40 ` Daniel P. Berrangé 1 sibling, 0 replies; 6+ messages in thread From: Daniel P. Berrangé @ 2024-06-10 9:40 UTC (permalink / raw) To: qemu-devel; +Cc: Daniel P. Berrangé, Peter Maydell Not all paths in qcrypto_cipher_ctx_new() were correctly distinguishing between valid user input for cipher mode (which should report a user facing error), vs program logic errors (which should assert). Reported-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- crypto/cipher-nettle.c.inc | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/crypto/cipher-nettle.c.inc b/crypto/cipher-nettle.c.inc index 766de036ba..2654b439c1 100644 --- a/crypto/cipher-nettle.c.inc +++ b/crypto/cipher-nettle.c.inc @@ -525,8 +525,10 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, case QCRYPTO_CIPHER_MODE_CTR: drv = &qcrypto_nettle_des_driver_ctr; break; - default: + case QCRYPTO_CIPHER_MODE_XTS: goto bad_cipher_mode; + default: + g_assert_not_reached(); } ctx = g_new0(QCryptoNettleDES, 1); @@ -551,8 +553,10 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, case QCRYPTO_CIPHER_MODE_CTR: drv = &qcrypto_nettle_des3_driver_ctr; break; - default: + case QCRYPTO_CIPHER_MODE_XTS: goto bad_cipher_mode; + default: + g_assert_not_reached(); } ctx = g_new0(QCryptoNettleDES3, 1); @@ -663,8 +667,10 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, case QCRYPTO_CIPHER_MODE_CTR: drv = &qcrypto_nettle_cast128_driver_ctr; break; - default: + case QCRYPTO_CIPHER_MODE_XTS: goto bad_cipher_mode; + default: + g_assert_not_reached(); } ctx = g_new0(QCryptoNettleCAST128, 1); @@ -741,8 +747,12 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, case QCRYPTO_CIPHER_MODE_ECB: drv = &qcrypto_nettle_sm4_driver_ecb; break; - default: + case QCRYPTO_CIPHER_MODE_CBC: + case QCRYPTO_CIPHER_MODE_CTR: + case QCRYPTO_CIPHER_MODE_XTS: goto bad_cipher_mode; + default: + g_assert_not_reached(); } ctx = g_new0(QCryptoNettleSm4, 1); -- 2.45.1 ^ permalink raw reply related [flat|nested] 6+ messages in thread
end of thread, other threads:[~2024-06-10 13:44 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2024-06-10 9:40 [PATCH 0/2] crypto: two minor fixes Daniel P. Berrangé 2024-06-10 9:40 ` [PATCH 1/2] crypto: avoid leak of ctx when bad cipher mode is given Daniel P. Berrangé 2024-06-10 9:44 ` Peter Maydell 2024-06-10 11:50 ` Philippe Mathieu-Daudé 2024-06-10 13:43 ` Markus Armbruster 2024-06-10 9:40 ` [PATCH 2/2] crypto: use consistent error reporting pattern for unsupported cipher modes Daniel P. Berrangé
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.