From fe42b8bb2e4a456a5b2297313f3859221013fdfc Mon Sep 17 00:00:00 2001

Message-Id: <fe42b8bb2e4a456a5b2297313f3859221013fdfc@dist-git>

From: Peter Krempa <pkrempa@redhat.com>

Date: Mon, 16 Mar 2020 22:11:46 +0100

Subject: [PATCH] qemuDomainSecretAESSetup: Allocate and return 'secinfo' here

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

Rather than passing in an empty qemuDomainSecretInfoPtr allocate it

in this function and return it. This is done by absorbing the check from

qemuDomainSecretInfoNew and removing the internals of

qemuDomainSecretInfoNew.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>

Reviewed-by: Ján Tomko <jtomko@redhat.com>

(cherry picked from commit bad8637892ae8fc310b252651876738ca4fdee0d)

https://bugzilla.redhat.com/show_bug.cgi?id=1804750

Message-Id: <94071336dbc97ed64a1a5dcbb82da32e5199f117.1584391726.git.pkrempa@redhat.com>

Reviewed-by: Ján Tomko <jtomko@redhat.com>

---

 src/qemu/qemu_domain.c | 53 ++++++++++++++++++------------------------

 1 file changed, 22 insertions(+), 31 deletions(-)

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c

index b26187659e..37e361b1f4 100644

--- a/src/qemu/qemu_domain.c

+++ b/src/qemu/qemu_domain.c

@@ -1529,21 +1529,20 @@ qemuDomainSecretPlainSetup(qemuDomainSecretInfoPtr secinfo,

  * @seclookupdef: Pointer to seclookupdef data

  * @isLuks: True/False for is for luks (alias generation)

  *

- * Taking a secinfo, fill in the AES specific information using the

+ * Encrypts a secret looked up via @seclookupdef for use with qemu.

  *

- * Returns 0 on success, -1 on failure with error message

+ * Returns qemuDomainSecretInfoPtr filled with the necessary information.

  */

-static int

+static qemuDomainSecretInfoPtr

 qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv,

-                         qemuDomainSecretInfoPtr secinfo,

                          const char *srcalias,

                          virSecretUsageType usageType,

                          const char *username,

                          virSecretLookupTypeDefPtr seclookupdef,

                          bool isLuks)

 {

+    g_autoptr(qemuDomainSecretInfo) secinfo = NULL;

     g_autoptr(virConnect) conn = virGetConnectSecret();

-    int ret = -1;

     g_autofree uint8_t *raw_iv = NULL;

     size_t ivlen = QEMU_DOMAIN_AES_IV_LEN;

     uint8_t *secret = NULL;

@@ -1552,19 +1551,27 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv,

     size_t ciphertextlen = 0;

     if (!conn)

-        return -1;

+        return NULL;

+

+    if (!qemuDomainSupportsEncryptedSecret(priv)) {

+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",

+                       _("encrypted secrets are not supported"));

+        return NULL;

+    }

+

+    secinfo = g_new0(qemuDomainSecretInfo, 1);

     secinfo->type = VIR_DOMAIN_SECRET_INFO_TYPE_AES;

     secinfo->s.aes.username = g_strdup(username);

     if (!(secinfo->s.aes.alias = qemuDomainGetSecretAESAlias(srcalias, isLuks)))

-        return -1;

+        return NULL;

     raw_iv = g_new0(uint8_t, ivlen);

     /* Create a random initialization vector */

     if (virRandomBytes(raw_iv, ivlen) < 0)

-        return -1;

+        return NULL;

     /* Encode the IV and save that since qemu will need it */

     secinfo->s.aes.iv = g_base64_encode(raw_iv, ivlen);

@@ -1572,13 +1579,13 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv,

     /* Grab the unencoded secret */

     if (virSecretGetSecretString(conn, seclookupdef, usageType,

                                  &secret, &secretlen) < 0)

-        goto cleanup;

+        goto error;

     if (virCryptoEncryptData(VIR_CRYPTO_CIPHER_AES256CBC,

                              priv->masterKey, QEMU_DOMAIN_MASTER_KEY_LEN,

                              raw_iv, ivlen, secret, secretlen,

                              &ciphertext, &ciphertextlen) < 0)

-        goto cleanup;

+        goto error;

     /* Clear out the secret */

     memset(secret, 0, secretlen);

@@ -1587,11 +1594,11 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv,

     secinfo->s.aes.ciphertext = g_base64_encode(ciphertext,

                                                 ciphertextlen);

-    ret = 0;

+    return g_steal_pointer(&secinfo);

- cleanup:

+ error:

     VIR_DISPOSE_N(secret, secretlen);

-    return ret;

+    return NULL;

 }

@@ -1663,24 +1670,8 @@ qemuDomainSecretInfoNew(qemuDomainObjPrivatePtr priv,

                         virSecretLookupTypeDefPtr lookupDef,

                         bool isLuks)

 {

-    qemuDomainSecretInfoPtr secinfo = NULL;

-

-    if (!qemuDomainSupportsEncryptedSecret(priv)) {

-        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",

-                       _("encrypted secrets are not supported"));

-        return NULL;

-    }

-

-    if (VIR_ALLOC(secinfo) < 0)

-        return NULL;

-

-    if (qemuDomainSecretAESSetup(priv, secinfo, srcAlias, usageType, username,

-                                 lookupDef, isLuks) < 0) {

-        g_clear_pointer(&secinfo, qemuDomainSecretInfoFree);

-        return NULL;

-    }

-

-    return secinfo;

+    return qemuDomainSecretAESSetup(priv, srcAlias, usageType, username,

+                                    lookupDef, isLuks);

 }

-- 

2.25.1