From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Radim Krčmář" <rkrcmar@redhat.com>
Subject: [Qemu-devel] [PULL 8/8] crypto: avoid undefined behavior in nettle calls
Date: Thu, 16 Jul 2015 20:02:58 +0200 [thread overview]
Message-ID: <1437069778-8954-9-git-send-email-pbonzini@redhat.com> (raw)
In-Reply-To: <1437069778-8954-1-git-send-email-pbonzini@redhat.com>
From: Radim Krčmář <rkrcmar@redhat.com>
Calling a function pointer that was cast from an incompatible function
results in undefined behavior. 'void *' isn't compatible with 'struct
XXX *', so we can't cast to nettle_cipher_func, but have to provide a
wrapper. (Conversion from 'void *' to 'struct XXX *' might require
computation, which won't be done if we drop argument's true type, and
pointers can have different sizes so passing arguments on stack would
bug.)
Having two different prototypes based on nettle version doesn't make
this solution any nicer.
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Message-Id: <1437062641-12684-3-git-send-email-rkrcmar@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
crypto/cipher-nettle.c | 43 +++++++++++++++++++++++++++++++++++++++----
1 file changed, 39 insertions(+), 4 deletions(-)
diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c
index e61aaa2..a55a8e8 100644
--- a/crypto/cipher-nettle.c
+++ b/crypto/cipher-nettle.c
@@ -25,8 +25,43 @@
#if CONFIG_NETTLE_VERSION_MAJOR < 3
typedef nettle_crypt_func nettle_cipher_func;
+
+typedef void * cipher_ctx_t;
+typedef unsigned cipher_length_t;
+#else
+typedef const void * cipher_ctx_t;
+typedef size_t cipher_length_t;
#endif
+static nettle_cipher_func aes_encrypt_wrapper;
+static nettle_cipher_func aes_decrypt_wrapper;
+static nettle_cipher_func des_encrypt_wrapper;
+static nettle_cipher_func des_decrypt_wrapper;
+
+static void aes_encrypt_wrapper(cipher_ctx_t ctx, cipher_length_t length,
+ uint8_t *dst, const uint8_t *src)
+{
+ aes_encrypt(ctx, length, dst, src);
+}
+
+static void aes_decrypt_wrapper(cipher_ctx_t ctx, cipher_length_t length,
+ uint8_t *dst, const uint8_t *src)
+{
+ aes_encrypt(ctx, length, dst, src);
+}
+
+static void des_encrypt_wrapper(cipher_ctx_t ctx, cipher_length_t length,
+ uint8_t *dst, const uint8_t *src)
+{
+ des_encrypt(ctx, length, dst, src);
+}
+
+static void des_decrypt_wrapper(cipher_ctx_t ctx, cipher_length_t length,
+ uint8_t *dst, const uint8_t *src)
+{
+ des_decrypt(ctx, length, dst, src);
+}
+
typedef struct QCryptoCipherNettle QCryptoCipherNettle;
struct QCryptoCipherNettle {
void *ctx_encrypt;
@@ -87,8 +122,8 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
des_set_key(ctx->ctx_encrypt, rfbkey);
g_free(rfbkey);
- ctx->alg_encrypt = (nettle_cipher_func *)des_encrypt;
- ctx->alg_decrypt = (nettle_cipher_func *)des_decrypt;
+ ctx->alg_encrypt = des_encrypt_wrapper;
+ ctx->alg_decrypt = des_decrypt_wrapper;
ctx->niv = DES_BLOCK_SIZE;
break;
@@ -102,8 +137,8 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
aes_set_encrypt_key(ctx->ctx_encrypt, nkey, key);
aes_set_decrypt_key(ctx->ctx_decrypt, nkey, key);
- ctx->alg_encrypt = (nettle_cipher_func *)aes_encrypt;
- ctx->alg_decrypt = (nettle_cipher_func *)aes_decrypt;
+ ctx->alg_encrypt = aes_encrypt_wrapper;
+ ctx->alg_decrypt = aes_decrypt_wrapper;
ctx->niv = AES_BLOCK_SIZE;
break;
--
2.4.3
next prev parent reply other threads:[~2015-07-16 18:03 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-16 18:02 [Qemu-devel] [PULL v2 0/8] KVM, memory API, crypto, Coverity fixes for 2.4.0-rc1 Paolo Bonzini
2015-07-16 18:02 ` [Qemu-devel] [PULL 1/8] mips/kvm: Fix Big endian 32-bit register access Paolo Bonzini
2015-07-16 18:02 ` [Qemu-devel] [PULL 2/8] mips/kvm: Sign extend registers written to KVM Paolo Bonzini
2015-07-16 18:02 ` [Qemu-devel] [PULL 3/8] ppc/spapr_drc: fix memory leak Paolo Bonzini
2015-07-16 18:02 ` [Qemu-devel] [PULL 4/8] arm/xlnx-zynqmp: " Paolo Bonzini
2015-07-16 18:02 ` [Qemu-devel] [PULL 5/8] RDMA: Fix error exits Paolo Bonzini
2015-07-16 18:02 ` [Qemu-devel] [PULL 6/8] memory: fix refcount leak in memory_region_present Paolo Bonzini
2015-07-16 18:02 ` [Qemu-devel] [PULL 7/8] crypto: fix build with nettle >= 3.0.0 Paolo Bonzini
2015-07-16 18:02 ` Paolo Bonzini [this message]
2015-07-16 19:30 ` [Qemu-devel] [PULL v2 0/8] KVM, memory API, crypto, Coverity fixes for 2.4.0-rc1 Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1437069778-8954-9-git-send-email-pbonzini@redhat.com \
--to=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=rkrcmar@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).