rpms / libvirt

Clone
Source Code
GIT

Blame SOURCES/libvirt-qemuDomainSecretAESSetup-Allocate-and-return-secinfo-here.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-rhel c8-sig-altarch-stream-rhel c8-stream-rhel c8s-sig-hyperscale c8s-stream-rhel c9 c9-beta c9s-sig-hyperscale
  1.   a41c76bf11425b6b84221cc1e59a95c6c25a9331
  2.   SOURCES
  3.   libvirt-qemuDomainSecretAESSetup-Allocate-and-return-secinfo-here.patch
Blob History Raw
a41c76 
From fe42b8bb2e4a456a5b2297313f3859221013fdfc Mon Sep 17 00:00:00 2001
a41c76 
Message-Id: <fe42b8bb2e4a456a5b2297313f3859221013fdfc@dist-git>
a41c76 
From: Peter Krempa <pkrempa@redhat.com>
a41c76 
Date: Mon, 16 Mar 2020 22:11:46 +0100
a41c76 
Subject: [PATCH] qemuDomainSecretAESSetup: Allocate and return 'secinfo' here
a41c76 
MIME-Version: 1.0
a41c76 
Content-Type: text/plain; charset=UTF-8
a41c76 
Content-Transfer-Encoding: 8bit
a41c76
a41c76 
Rather than passing in an empty qemuDomainSecretInfoPtr allocate it
a41c76 
in this function and return it. This is done by absorbing the check from
a41c76 
qemuDomainSecretInfoNew and removing the internals of
a41c76 
qemuDomainSecretInfoNew.
a41c76
a41c76 
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
a41c76 
Reviewed-by: Ján Tomko <jtomko@redhat.com>
a41c76 
(cherry picked from commit bad8637892ae8fc310b252651876738ca4fdee0d)
a41c76 
https://bugzilla.redhat.com/show_bug.cgi?id=1804750
a41c76 
Message-Id: <94071336dbc97ed64a1a5dcbb82da32e5199f117.1584391726.git.pkrempa@redhat.com>
a41c76 
Reviewed-by: Ján Tomko <jtomko@redhat.com>
a41c76 
---
a41c76 
 src/qemu/qemu_domain.c | 53 ++++++++++++++++++------------------------
a41c76 
 1 file changed, 22 insertions(+), 31 deletions(-)
a41c76
a41c76 
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
a41c76 
index b26187659e..37e361b1f4 100644
a41c76 
--- a/src/qemu/qemu_domain.c
a41c76 
+++ b/src/qemu/qemu_domain.c
a41c76 
@@ -1529,21 +1529,20 @@ qemuDomainSecretPlainSetup(qemuDomainSecretInfoPtr secinfo,
a41c76 
  * @seclookupdef: Pointer to seclookupdef data
a41c76 
  * @isLuks: True/False for is for luks (alias generation)
a41c76 
  *
a41c76 
- * Taking a secinfo, fill in the AES specific information using the
a41c76 
+ * Encrypts a secret looked up via @seclookupdef for use with qemu.
a41c76 
  *
a41c76 
- * Returns 0 on success, -1 on failure with error message
a41c76 
+ * Returns qemuDomainSecretInfoPtr filled with the necessary information.
a41c76 
  */
a41c76 
-static int
a41c76 
+static qemuDomainSecretInfoPtr
a41c76 
 qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv,
a41c76 
-                         qemuDomainSecretInfoPtr secinfo,
a41c76 
                          const char *srcalias,
a41c76 
                          virSecretUsageType usageType,
a41c76 
                          const char *username,
a41c76 
                          virSecretLookupTypeDefPtr seclookupdef,
a41c76 
                          bool isLuks)
a41c76 
 {
a41c76 
+    g_autoptr(qemuDomainSecretInfo) secinfo = NULL;
a41c76 
     g_autoptr(virConnect) conn = virGetConnectSecret();
a41c76 
-    int ret = -1;
a41c76 
     g_autofree uint8_t *raw_iv = NULL;
a41c76 
     size_t ivlen = QEMU_DOMAIN_AES_IV_LEN;
a41c76 
     uint8_t *secret = NULL;
a41c76 
@@ -1552,19 +1551,27 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv,
a41c76 
     size_t ciphertextlen = 0;
a41c76
a41c76 
     if (!conn)
a41c76 
-        return -1;
a41c76 
+        return NULL;
a41c76 
+
a41c76 
+    if (!qemuDomainSupportsEncryptedSecret(priv)) {
a41c76 
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
a41c76 
+                       _("encrypted secrets are not supported"));
a41c76 
+        return NULL;
a41c76 
+    }
a41c76 
+
a41c76 
+    secinfo = g_new0(qemuDomainSecretInfo, 1);
a41c76
a41c76 
     secinfo->type = VIR_DOMAIN_SECRET_INFO_TYPE_AES;
a41c76 
     secinfo->s.aes.username = g_strdup(username);
a41c76
a41c76 
     if (!(secinfo->s.aes.alias = qemuDomainGetSecretAESAlias(srcalias, isLuks)))
a41c76 
-        return -1;
a41c76 
+        return NULL;
a41c76
a41c76 
     raw_iv = g_new0(uint8_t, ivlen);
a41c76
a41c76 
     /* Create a random initialization vector */
a41c76 
     if (virRandomBytes(raw_iv, ivlen) < 0)
a41c76 
-        return -1;
a41c76 
+        return NULL;
a41c76
a41c76 
     /* Encode the IV and save that since qemu will need it */
a41c76 
     secinfo->s.aes.iv = g_base64_encode(raw_iv, ivlen);
a41c76 
@@ -1572,13 +1579,13 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv,
a41c76 
     /* Grab the unencoded secret */
a41c76 
     if (virSecretGetSecretString(conn, seclookupdef, usageType,
a41c76 
                                  &secret, &secretlen) < 0)
a41c76 
-        goto cleanup;
a41c76 
+        goto error;
a41c76
a41c76 
     if (virCryptoEncryptData(VIR_CRYPTO_CIPHER_AES256CBC,
a41c76 
                              priv->masterKey, QEMU_DOMAIN_MASTER_KEY_LEN,
a41c76 
                              raw_iv, ivlen, secret, secretlen,
a41c76 
                              &ciphertext, &ciphertextlen) < 0)
a41c76 
-        goto cleanup;
a41c76 
+        goto error;
a41c76
a41c76 
     /* Clear out the secret */
a41c76 
     memset(secret, 0, secretlen);
a41c76 
@@ -1587,11 +1594,11 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv,
a41c76 
     secinfo->s.aes.ciphertext = g_base64_encode(ciphertext,
a41c76 
                                                 ciphertextlen);
a41c76
a41c76 
-    ret = 0;
a41c76 
+    return g_steal_pointer(&secinfo);
a41c76
a41c76 
- cleanup:
a41c76 
+ error:
a41c76 
     VIR_DISPOSE_N(secret, secretlen);
a41c76 
-    return ret;
a41c76 
+    return NULL;
a41c76 
 }
a41c76
a41c76
a41c76 
@@ -1663,24 +1670,8 @@ qemuDomainSecretInfoNew(qemuDomainObjPrivatePtr priv,
a41c76 
                         virSecretLookupTypeDefPtr lookupDef,
a41c76 
                         bool isLuks)
a41c76 
 {
a41c76 
-    qemuDomainSecretInfoPtr secinfo = NULL;
a41c76 
-
a41c76 
-    if (!qemuDomainSupportsEncryptedSecret(priv)) {
a41c76 
-        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
a41c76 
-                       _("encrypted secrets are not supported"));
a41c76 
-        return NULL;
a41c76 
-    }
a41c76 
-
a41c76 
-    if (VIR_ALLOC(secinfo) < 0)
a41c76 
-        return NULL;
a41c76 
-
a41c76 
-    if (qemuDomainSecretAESSetup(priv, secinfo, srcAlias, usageType, username,
a41c76 
-                                 lookupDef, isLuks) < 0) {
a41c76 
-        g_clear_pointer(&secinfo, qemuDomainSecretInfoFree);
a41c76 
-        return NULL;
a41c76 
-    }
a41c76 
-
a41c76 
-    return secinfo;
a41c76 
+    return qemuDomainSecretAESSetup(priv, srcAlias, usageType, username,
a41c76 
+                                    lookupDef, isLuks);
a41c76 
 }
a41c76
a41c76
a41c76 
--
a41c76 
2.25.1
a41c76

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation