Merge qcrypto-next 2016/06/13 v1

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABCAAGBQJXXpxaAAoJEL6G67QVEE/feLgQAK7h4n4oESjzg+jg0lZ1KBkU VsxmJrV5gDR1u7sVl5zY3xEuGa+eBr2Atal0bGYqBnPJNynyxJSeICuFW2xklaVG Eo2mPB29btwnE8mTP0CtJW7bnmOCYjm2QMqm6z/sQ81HtmwsaoNec1smPg0iFec5 khoRy9w+vfqKneQ3o3PJMxFDP2wzjSP7aA1bqZJcLkTC9MX/KY8Fq37OViZKQ4KQ +rY/j5c8i1yRd7THnHzNxfxerF0bEZl5UR9uHyhvbuItKqa8/q4eqFJxV3i71v6Q D+Wi0Fexle3CVdQX6lrWcFYGDJa4XfqoWmZr3798EaXlj4hWlS9OpCcSS9eFWESF qkCRhQJwyX7EMInIVcb44ZsgSMbBgyhHAeZRQT2LEhkW53s4P6VT7YLEWjf1NAVp wW8c42f+3bOmqFa1l/oQaIY7H8hjbo2aJzdMYlDL6ddMcWWC29S1qEAMldl/43ic soP0szz9YkFa2/FZ13pBvok7V0cwjM8hCZAbBJeGvL046k9J46XGqYx1i279x+QL 4iDv7x/uIwhrYTMEHmXRqjA9u44+pzj6e4BgEeJu5nTHVxcuG+7DpJM6e8EIyXDQ 57bNFD//aLdn/dEaW+KjAkTqoMyT9qbqot4KWinFxE23cT9Aft7ftDAboxLKmGVC Soyb4RwOTanm4aeqErQG =ptLb -----END PGP SIGNATURE----- Merge remote-tracking branch 'remotes/berrange/tags/qcrypto-next-2016-06-13-v1' into staging Merge qcrypto-next 2016/06/13 v1 # gpg: Signature made Mon 13 Jun 2016 12:43:22 BST # gpg: using RSA key 0xBE86EBB415104FDF # gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" # gpg: aka "Daniel P. Berrange <berrange@redhat.com>" # Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF * remotes/berrange/tags/qcrypto-next-2016-06-13-v1: crypto: aes: always rename internal symbols crypto: assert that qcrypto_hash_digest_len is in range crypto: remove temp files on completion of secrets test TLS: provide slightly more information when TLS certificate loading fails Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-06-13 13:05:02 +01:00 · 2016-06-13 13:05:02 +01:00 · 55e5c3a2d2
parent 8fdf038722 c8d70e5973
commit 55e5c3a2d2
4 changed files with 18 additions and 14 deletions
--- a/crypto/hash.c
+++ b/crypto/hash.c
@ -36,9 +36,7 @@ static size_t qcrypto_hash_alg_size[QCRYPTO_HASH_ALG__MAX] = {

 size_t qcrypto_hash_digest_len(QCryptoHashAlgorithm alg)
 {
-    if (alg >= G_N_ELEMENTS(qcrypto_hash_alg_size)) {
-        return 0;
-    }
+    assert(alg < G_N_ELEMENTS(qcrypto_hash_alg_size));
    return qcrypto_hash_alg_size[alg];
 }

--- a/crypto/tlscredsx509.c
+++ b/crypto/tlscredsx509.c
@ -392,11 +392,14 @@ qcrypto_tls_creds_load_cert(QCryptoTLSCredsX509 *creds,
    gsize buflen;
    GError *gerr;
    int ret = -1;
+    int err;

    trace_qcrypto_tls_creds_x509_load_cert(creds, isServer, certFile);

-    if (gnutls_x509_crt_init(&cert) < 0) {
-        error_setg(errp, "Unable to initialize certificate");
+    err = gnutls_x509_crt_init(&cert);
+    if (err < 0) {
+        error_setg(errp, "Unable to initialize certificate: %s",
+                   gnutls_strerror(err));
        goto cleanup;
    }

@ -410,11 +413,13 @@ qcrypto_tls_creds_load_cert(QCryptoTLSCredsX509 *creds,
    data.data = (unsigned char *)buf;
    data.size = strlen(buf);

-    if (gnutls_x509_crt_import(cert, &data, GNUTLS_X509_FMT_PEM) < 0) {
+    err = gnutls_x509_crt_import(cert, &data, GNUTLS_X509_FMT_PEM);
+    if (err < 0) {
        error_setg(errp, isServer ?
-                   "Unable to import server certificate %s" :
-                   "Unable to import client certificate %s",
-                   certFile);
+                   "Unable to import server certificate %s: %s" :
+                   "Unable to import client certificate %s: %s",
+                   certFile,
+                   gnutls_strerror(err));
        goto cleanup;
    }

--- a/include/crypto/aes.h
+++ b/include/crypto/aes.h
@ -10,14 +10,13 @@ struct aes_key_st {
 };
 typedef struct aes_key_st AES_KEY;

-/* FreeBSD has its own AES_set_decrypt_key in -lcrypto, avoid conflicts */
-#ifdef __FreeBSD__
+/* FreeBSD/OpenSSL have their own AES functions with the same names in -lcrypto
+ * (which might be pulled in via curl), so redefine to avoid conflicts. */
 #define AES_set_encrypt_key QEMU_AES_set_encrypt_key
 #define AES_set_decrypt_key QEMU_AES_set_decrypt_key
 #define AES_encrypt QEMU_AES_encrypt
 #define AES_decrypt QEMU_AES_decrypt
 #define AES_cbc_encrypt QEMU_AES_cbc_encrypt
-#endif

 int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 	AES_KEY *key);
--- a/tests/test-crypto-secret.c
+++ b/tests/test-crypto-secret.c
@ -49,7 +49,7 @@ static void test_secret_indirect_good(void)
 {
    Object *sec;
    char *fname = NULL;
-    int fd = g_file_open_tmp("secretXXXXXX",
+    int fd = g_file_open_tmp("qemu-test-crypto-secret-XXXXXX",
                             &fname,
                             NULL);

@ -74,6 +74,7 @@ static void test_secret_indirect_good(void)
    object_unparent(sec);
    g_free(pw);
    close(fd);
+    unlink(fname);
    g_free(fname);
 }

@ -96,7 +97,7 @@ static void test_secret_indirect_emptyfile(void)
 {
    Object *sec;
    char *fname = NULL;
-    int fd = g_file_open_tmp("secretXXXXXX",
+    int fd = g_file_open_tmp("qemu-test-crypto-secretXXXXXX",
                             &fname,
                             NULL);

@ -119,6 +120,7 @@ static void test_secret_indirect_emptyfile(void)
    object_unparent(sec);
    g_free(pw);
    close(fd);
+    unlink(fname);
    g_free(fname);
 }