From: Richard Henderson <richard.henderson@linaro.org>
To: qemu-devel@nongnu.org
Cc: peter.maydell@linaro.org
Subject: [Qemu-devel] [PULL 09/25] ui/vnc: Use gcrypto_random_bytes for start_auth_vnc
Date: Wed, 22 May 2019 14:42:10 -0400 [thread overview]
Message-ID: <20190522184226.17871-10-richard.henderson@linaro.org> (raw)
In-Reply-To: <20190522184226.17871-1-richard.henderson@linaro.org>
Use a better interface for random numbers than rand().
Fail gracefully if for some reason we cannot use the crypto system.
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
ui/vnc.c | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/ui/vnc.c b/ui/vnc.c
index 785edf3af1..d83f4a6ff9 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -43,6 +43,7 @@
#include "crypto/hash.h"
#include "crypto/tlscredsanon.h"
#include "crypto/tlscredsx509.h"
+#include "crypto/random.h"
#include "qom/object_interfaces.h"
#include "qemu/cutils.h"
#include "io/dns-resolver.h"
@@ -2547,16 +2548,6 @@ static void authentication_failed(VncState *vs)
vnc_client_error(vs);
}
-static void make_challenge(VncState *vs)
-{
- int i;
-
- srand(time(NULL)+getpid()+getpid()*987654+rand());
-
- for (i = 0 ; i < sizeof(vs->challenge) ; i++)
- vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
-}
-
static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
{
unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
@@ -2628,7 +2619,16 @@ reject:
void start_auth_vnc(VncState *vs)
{
- make_challenge(vs);
+ Error *err = NULL;
+
+ if (qcrypto_random_bytes(vs->challenge, sizeof(vs->challenge), &err)) {
+ trace_vnc_auth_fail(vs, vs->auth, "cannot get random bytes",
+ error_get_pretty(err));
+ error_free(err);
+ authentication_failed(vs);
+ return;
+ }
+
/* Send client a 'random' challenge */
vnc_write(vs, vs->challenge, sizeof(vs->challenge));
vnc_flush(vs);
--
2.17.1
next prev parent reply other threads:[~2019-05-22 19:07 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-22 18:42 [Qemu-devel] [PULL 00/25] Add qemu_getrandom and ARMv8.5-RNG etc Richard Henderson
2019-05-22 18:42 ` [Qemu-devel] [PULL 01/25] configure: Link test before auto-enabling crypto libraries Richard Henderson
2019-05-22 18:42 ` [Qemu-devel] [PULL 02/25] build: Link user-only with crypto random number objects Richard Henderson
2019-05-22 18:42 ` [Qemu-devel] [PULL 03/25] crypto: Reverse code blocks in random-platform.c Richard Henderson
2019-05-22 18:42 ` [Qemu-devel] [PULL 04/25] crypto: Do not fail for EINTR during qcrypto_random_bytes Richard Henderson
2019-05-22 18:42 ` [Qemu-devel] [PULL 05/25] crypto: Use O_CLOEXEC in qcrypto_random_init Richard Henderson
2019-05-22 18:42 ` [Qemu-devel] [PULL 06/25] crypto: Use getrandom for qcrypto_random_bytes Richard Henderson
2019-05-22 18:42 ` [Qemu-devel] [PULL 07/25] crypto: Change the qcrypto_random_bytes buffer type to void* Richard Henderson
2019-05-22 18:42 ` [Qemu-devel] [PULL 08/25] ui/vnc: Split out authentication_failed Richard Henderson
2019-05-22 18:42 ` Richard Henderson [this message]
2019-05-22 18:42 ` [Qemu-devel] [PULL 10/25] util: Add qemu_guest_getrandom and associated routines Richard Henderson
2019-05-30 11:29 ` Peter Maydell
2019-05-30 13:41 ` Richard Henderson
2019-05-30 13:45 ` Peter Maydell
2019-05-22 18:42 ` [Qemu-devel] [PULL 11/25] cpus: Initialize pseudo-random seeds for all guest cpus Richard Henderson
2019-05-22 18:42 ` [Qemu-devel] [PULL 12/25] linux-user: " Richard Henderson
2019-05-22 18:42 ` [Qemu-devel] [PULL 13/25] linux-user: Call qcrypto_init if not using -seed Richard Henderson
2019-05-22 18:42 ` [Qemu-devel] [PULL 14/25] linux-user: Use qemu_guest_getrandom_nofail for AT_RANDOM Richard Henderson
2019-05-22 18:42 ` [Qemu-devel] [PULL 15/25] linux-user/aarch64: Use qemu_guest_getrandom for PAUTH keys Richard Henderson
2019-05-22 18:42 ` [Qemu-devel] [PULL 16/25] linux-user: Remove srand call Richard Henderson
2019-05-22 18:42 ` [Qemu-devel] [PULL 17/25] aspeed/scu: Use qemu_guest_getrandom_nofail Richard Henderson
2019-05-22 18:42 ` [Qemu-devel] [PULL 18/25] hw/misc/nrf51_rng: " Richard Henderson
2019-05-22 18:42 ` [Qemu-devel] [PULL 19/25] hw/misc/bcm2835_rng: " Richard Henderson
2019-05-22 18:42 ` [Qemu-devel] [PULL 20/25] hw/misc/exynos4210_rng: Use qemu_guest_getrandom Richard Henderson
2019-05-22 18:42 ` [Qemu-devel] [PULL 21/25] target/arm: Put all PAC keys into a structure Richard Henderson
2019-05-22 18:42 ` [Qemu-devel] [PULL 22/25] target/arm: Implement ARMv8.5-RNG Richard Henderson
2019-05-22 18:42 ` [Qemu-devel] [PULL 23/25] target/ppc: Use gen_io_start/end around DARN Richard Henderson
2019-05-22 18:42 ` [Qemu-devel] [PULL 24/25] target/ppc: Use qemu_guest_getrandom for DARN Richard Henderson
2019-05-22 18:42 ` [Qemu-devel] [PULL 25/25] target/i386: Implement CPUID_EXT_RDRAND Richard Henderson
2019-05-23 13:14 ` [Qemu-devel] [PULL 00/25] Add qemu_getrandom and ARMv8.5-RNG etc Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190522184226.17871-10-richard.henderson@linaro.org \
--to=richard.henderson@linaro.org \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).