[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 07/10] crypto: use consistent error reporting pattern for unsuppor
From: |
Daniel P . Berrangé |
Subject: |
[PULL 07/10] crypto: use consistent error reporting pattern for unsupported cipher modes |
Date: |
Mon, 9 Sep 2024 15:16:32 +0100 |
Not all paths in qcrypto_cipher_ctx_new() were correctly distinguishing
between valid user input for cipher mode (which should report a user
facing error), vs program logic errors (which should assert).
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
crypto/cipher-nettle.c.inc | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/crypto/cipher-nettle.c.inc b/crypto/cipher-nettle.c.inc
index 766de036ba..2654b439c1 100644
--- a/crypto/cipher-nettle.c.inc
+++ b/crypto/cipher-nettle.c.inc
@@ -525,8 +525,10 @@ static QCryptoCipher
*qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg,
case QCRYPTO_CIPHER_MODE_CTR:
drv = &qcrypto_nettle_des_driver_ctr;
break;
- default:
+ case QCRYPTO_CIPHER_MODE_XTS:
goto bad_cipher_mode;
+ default:
+ g_assert_not_reached();
}
ctx = g_new0(QCryptoNettleDES, 1);
@@ -551,8 +553,10 @@ static QCryptoCipher
*qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg,
case QCRYPTO_CIPHER_MODE_CTR:
drv = &qcrypto_nettle_des3_driver_ctr;
break;
- default:
+ case QCRYPTO_CIPHER_MODE_XTS:
goto bad_cipher_mode;
+ default:
+ g_assert_not_reached();
}
ctx = g_new0(QCryptoNettleDES3, 1);
@@ -663,8 +667,10 @@ static QCryptoCipher
*qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg,
case QCRYPTO_CIPHER_MODE_CTR:
drv = &qcrypto_nettle_cast128_driver_ctr;
break;
- default:
+ case QCRYPTO_CIPHER_MODE_XTS:
goto bad_cipher_mode;
+ default:
+ g_assert_not_reached();
}
ctx = g_new0(QCryptoNettleCAST128, 1);
@@ -741,8 +747,12 @@ static QCryptoCipher
*qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg,
case QCRYPTO_CIPHER_MODE_ECB:
drv = &qcrypto_nettle_sm4_driver_ecb;
break;
- default:
+ case QCRYPTO_CIPHER_MODE_CBC:
+ case QCRYPTO_CIPHER_MODE_CTR:
+ case QCRYPTO_CIPHER_MODE_XTS:
goto bad_cipher_mode;
+ default:
+ g_assert_not_reached();
}
ctx = g_new0(QCryptoNettleSm4, 1);
--
2.45.2
- [PULL 00/10] Crypto fixes patches, Daniel P . Berrangé, 2024/09/09
- [PULL 01/10] iotests: fix expected output from gnutls, Daniel P . Berrangé, 2024/09/09
- [PULL 02/10] crypto: run qcrypto_pbkdf2_count_iters in a new thread, Daniel P . Berrangé, 2024/09/09
- [PULL 03/10] crypto: check gnutls & gcrypt support the requested pbkdf hash, Daniel P . Berrangé, 2024/09/09
- [PULL 04/10] tests/unit: always build the pbkdf crypto unit test, Daniel P . Berrangé, 2024/09/09
- [PULL 05/10] tests/unit: build pbkdf test on macOS, Daniel P . Berrangé, 2024/09/09
- [PULL 07/10] crypto: use consistent error reporting pattern for unsupported cipher modes,
Daniel P . Berrangé <=
- [PULL 06/10] crypto: avoid leak of ctx when bad cipher mode is given, Daniel P . Berrangé, 2024/09/09
- [PULL 08/10] crypto: Define macros for hash algorithm digest lengths, Daniel P . Berrangé, 2024/09/09
- [PULL 09/10] crypto: Support SHA384 hash when using glib, Daniel P . Berrangé, 2024/09/09
- [PULL 10/10] crypto: Introduce x509 utils, Daniel P . Berrangé, 2024/09/09
- Re: [PULL 00/10] Crypto fixes patches, Peter Maydell, 2024/09/09
- Re: [PULL 00/10] Crypto fixes patches, Michael Tokarev, 2024/09/11