virCryptoGenerateRandom: Don't allocate return buffer

author Michal Privoznik <mprivozn@redhat.com>

Tue, 29 May 2018 05:46:32 +0000 (07:46 +0200)

committer Michal Privoznik <mprivozn@redhat.com>

Tue, 5 Jun 2018 08:31:19 +0000 (10:31 +0200)
author Michal Privoznik <mprivozn@redhat.com>
Tue, 29 May 2018 05:46:32 +0000 (07:46 +0200)
committer Michal Privoznik <mprivozn@redhat.com>
Tue, 5 Jun 2018 08:31:19 +0000 (10:31 +0200)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c

index 34be4c112b55d0a02e1d11837883200286aa8e9f..c4c25e95d01dab03cb6337c4d37cf68d14d70dbd 100644 (file)
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -930,12 +930,15 @@ qemuDomainMasterKeyCreate(virDomainObjPtr vm)
      if (!virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_SECRET))
          return 0;
  
-    if (!(priv->masterKey =
-          virCryptoGenerateRandom(QEMU_DOMAIN_MASTER_KEY_LEN)))
+    if (VIR_ALLOC_N(priv->masterKey, QEMU_DOMAIN_MASTER_KEY_LEN) < 0)
          return -1;
-
      priv->masterKeyLen = QEMU_DOMAIN_MASTER_KEY_LEN;
  
+    if (virCryptoGenerateRandom(priv->masterKey, priv->masterKeyLen) < 0) {
+        VIR_DISPOSE_N(priv->masterKey, priv->masterKeyLen);
+        return -1;
+    }
+
      return 0;
  }
  
@@ -1281,8 +1284,11 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv,
      if (!(secinfo->s.aes.alias = qemuDomainGetSecretAESAlias(srcalias, isLuks)))
          goto cleanup;
  
+    if (VIR_ALLOC_N(raw_iv, ivlen) < 0)
+        goto cleanup;
+
      /* Create a random initialization vector */
-    if (!(raw_iv = virCryptoGenerateRandom(ivlen)))
+    if (virCryptoGenerateRandom(raw_iv, ivlen) < 0)
          goto cleanup;
  
      /* Encode the IV and save that since qemu will need it */
diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c

index 9879c31555e018317a0dabd2189c57d9379ef77d..673e1648e87a9f19956df18a1e93080e3527fe7f 100644 (file)
--- a/src/util/vircrypto.c
+++ b/src/util/vircrypto.c
@@ -316,44 +316,39 @@ virCryptoEncryptData(virCryptoCipher algorithm,
  #endif
  
  /* virCryptoGenerateRandom:
- * @nbytes: Size in bytes of random byte stream to generate
+ * @buf: Pointer to location to store bytes
+ * @buflen: Number of bytes to store
   *
- * Generate a random stream of nbytes length and return it.
+ * Generate a random stream of @buflen length and store it into @buf.
   *
   * Since the gnutls_rnd could be missing, provide an alternate less
   * secure mechanism to at least have something.
   *
- * Returns pointer memory containing byte stream on success,
- * NULL on failure (with error reported)
+ * Returns 0 on success or -1 on failure (with error reported)
   */
-uint8_t *
-virCryptoGenerateRandom(size_t nbytes)
+int
+virCryptoGenerateRandom(unsigned char *buf,
+                        size_t buflen)
  {
-    uint8_t *buf;
      int rv;
  
-    if (VIR_ALLOC_N(buf, nbytes) < 0)
-        return NULL;
-
  #if WITH_GNUTLS
      /* Generate the byte stream using gnutls_rnd() if possible */
-    if ((rv = gnutls_rnd(GNUTLS_RND_RANDOM, buf, nbytes)) < 0) {
+    if ((rv = gnutls_rnd(GNUTLS_RND_RANDOM, buf, buflen)) < 0) {
          virReportError(VIR_ERR_INTERNAL_ERROR,
                         _("failed to generate byte stream: %s"),
                         gnutls_strerror(rv));
-        VIR_FREE(buf);
-        return NULL;
+        return -1;
      }
  #else
      /* If we don't have gnutls_rnd(), we will generate a less cryptographically
       * strong master buf from /dev/urandom.
       */
-    if ((rv = virRandomBytes(buf, nbytes)) < 0) {
+    if ((rv = virRandomBytes(buf, buflen)) < 0) {
          virReportSystemError(-rv, "%s", _("failed to generate byte stream"));
-        VIR_FREE(buf);
-        return NULL;
+        return -1;
      }
  #endif
  
-    return buf;
+    return 0;
  }
diff --git a/src/util/vircrypto.h b/src/util/vircrypto.h

index 9b5dada53d6fcff014d5fc3c8a14b74e9f446e09..649ceff1a156a802dc11c0d55ffb752e7d688a79 100644 (file)
--- a/src/util/vircrypto.h
+++ b/src/util/vircrypto.h
@@ -65,6 +65,7 @@ int virCryptoEncryptData(virCryptoCipher algorithm,
      ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(6)
      ATTRIBUTE_NONNULL(8) ATTRIBUTE_NONNULL(9) ATTRIBUTE_RETURN_CHECK;
  
-uint8_t *virCryptoGenerateRandom(size_t nbytes) ATTRIBUTE_NOINLINE;
+int virCryptoGenerateRandom(unsigned char *buf,
+                            size_t buflen) ATTRIBUTE_NOINLINE;
  
  #endif /* __VIR_CRYPTO_H__ */
diff --git a/tests/qemuxml2argvmock.c b/tests/qemuxml2argvmock.c

index 6d78063f009c3459a1823305f2120a3aae950f6b..cc3bf2095cb1c86c3ec82417801e9a0115e32d12 100644 (file)
--- a/tests/qemuxml2argvmock.c
+++ b/tests/qemuxml2argvmock.c
@@ -190,17 +190,11 @@ virCommandPassFD(virCommandPtr cmd ATTRIBUTE_UNUSED,
      /* nada */
  }
  
-uint8_t *
-virCryptoGenerateRandom(size_t nbytes)
+int
+virCryptoGenerateRandom(unsigned char *buf,
+                        size_t buflen)
  {
-    uint8_t *buf;
-
-    if (VIR_ALLOC_N(buf, nbytes) < 0)
-        return NULL;
-
-    ignore_value(virRandomBytes(buf, nbytes));
-
-    return buf;
+    return virRandomBytes(buf, buflen);
  }
  
  int
author	Michal Privoznik <mprivozn@redhat.com>
	Tue, 29 May 2018 05:46:32 +0000 (07:46 +0200)
committer	Michal Privoznik <mprivozn@redhat.com>
	Tue, 5 Jun 2018 08:31:19 +0000 (10:31 +0200)
src/qemu/qemu_domain.c		patch \| blob \| blame \| history
src/util/vircrypto.c		patch \| blob \| blame \| history
src/util/vircrypto.h		patch \| blob \| blame \| history
tests/qemuxml2argvmock.c		patch \| blob \| blame \| history