summaryrefslogtreecommitdiffstats
path: root/crypto/hash.c
Commit message (Collapse)AuthorAgeFilesLines
* crypto: Fix LGPL information in the file headersThomas Huth2019-07-191-1/+1
| | | | | | | | | It's either "GNU *Library* General Public License version 2" or "GNU Lesser General Public License version *2.1*", but there was no "version 2.0" of the "Lesser" license. So assume that version 2.1 is meant here. Signed-off-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
* Include qapi/error.h exactly where neededMarkus Armbruster2018-02-091-1/+0Star
| | | | | | | | | | | | | | This cleanup makes the number of objects depending on qapi/error.h drop from 1910 (out of 4743) to 1612 in my "build everything" tree. While there, separate #include from file comment with a blank line, and drop a useless comment on why qemu/osdep.h is included first. Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20180201111846.21846-5-armbru@redhat.com> [Semantic conflict with commit 34e304e975 resolved, OSX breakage fixed]
* crypto: afalg: fix a NULL pointer dereferenceLongpeng2017-11-081-8/+5Star
| | | | | | | | | | | | | | | | | | | | | | | | Test-crypto-hash calls qcrypto_hash_bytesv/digest/base64 with errp=NULL, this will cause a NULL pointer dereference if afalg_driver doesn't support requested algos: ret = qcrypto_hash_afalg_driver.hash_bytesv(alg, iov, niov, result, resultlen, errp); if (ret == 0) { return ret; } error_free(*errp); // <--- here Because the error message is thrown away immediately, we should just pass NULL to hash_bytesv(). There is also the same problem in afalg-backend cipher & hmac, let's fix them together. Reviewed-by: Eric Blake <eblake@redhat.com> Reported-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Longpeng <longpeng2@huawei.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
* crypto: hash: add afalg-backend hash supportLongpeng(Mike)2017-07-191-0/+17
| | | | | | | | Adds afalg-backend hash support: introduces some private APIs firstly, and then intergrates them into qcrypto_hash_afalg_driver. Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
* crypto: hash: add hash driver frameworkLongpeng(Mike)2017-07-191-0/+13
| | | | | | | | | | | | 1) makes the public APIs in hash-nettle/gcrypt/glib static, and rename them with "nettle/gcrypt/glib" prefix. 2) introduces hash framework, including QCryptoHashDriver and new public APIs. Reviewed-by: Gonglei <arei.gonglei@huawei.com> Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
* crypto: implement sha224, sha384, sha512 and ripemd160 hashesDaniel P. Berrange2016-07-041-0/+4
| | | | | | | Wire up the nettle and gcrypt hash backends so that they can support the sha224, sha384, sha512 and ripemd160 hash algorithms. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
* crypto: switch hash code to use nettle/gcrypt directlyDaniel P. Berrange2016-07-041-105/+0Star
| | | | | | | | | | | | | | | | | Currently the internal hash code is using the gnutls hash APIs. GNUTLS in turn is wrapping either nettle or gcrypt. Not only were the GNUTLS hash APIs not added until GNUTLS 2.9.10, but they don't expose support for all the algorithms QEMU needs to use with LUKS. Address this by directly wrapping nettle/gcrypt in QEMU and avoiding GNUTLS's extra layer of indirection. This gives us support for hash functions on a much wider range of platforms and opens up ability to support more hash functions. It also avoids a GNUTLS bug which would not correctly handle hashing of large data blocks if int != size_t. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
* crypto: assert that qcrypto_hash_digest_len is in rangePaolo Bonzini2016-06-131-3/+1Star
| | | | | | | | | | | Otherwise unintended results could happen. For example, Coverity reports a division by zero in qcrypto_afsplit_hash. While this cannot really happen, it shows that the contract of qcrypto_hash_digest_len can be improved. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
* include/qemu/osdep.h: Don't include qapi/error.hMarkus Armbruster2016-03-221-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 57cb38b included qapi/error.h into qemu/osdep.h to get the Error typedef. Since then, we've moved to include qemu/osdep.h everywhere. Its file comment explains: "To avoid getting into possible circular include dependencies, this file should not include any other QEMU headers, with the exceptions of config-host.h, compiler.h, os-posix.h and os-win32.h, all of which are doing a similar job to this file and are under similar constraints." qapi/error.h doesn't do a similar job, and it doesn't adhere to similar constraints: it includes qapi-types.h. That's in excess of 100KiB of crap most .c files don't actually need. Add the typedef to qemu/typedefs.h, and include that instead of qapi/error.h. Include qapi/error.h in .c files that need it and don't get it now. Include qapi-types.h in qom/object.h for uint16List. Update scripts/clean-includes accordingly. Update it further to match reality: replace config.h by config-target.h, add sysemu/os-posix.h, sysemu/os-win32.h. Update the list of includes in the qemu/osdep.h comment quoted above similarly. This reduces the number of objects depending on qapi/error.h from "all of them" to less than a third. Unfortunately, the number depending on qapi-types.h shrinks only a little. More work is needed for that one. Signed-off-by: Markus Armbruster <armbru@redhat.com> [Fix compilation without the spice devel packages. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* crypto: ensure qcrypto_hash_digest_len is always definedDaniel P. Berrange2016-02-021-13/+17
| | | | | | | | | The qcrypto_hash_digest_len method was accidentally inside a CONFIG_GNUTLS_HASH block, even though it doesn't depend on gnutls. Re-arrange it to be unconditionally defined. Reviewed-by: Fam Zheng <famz@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
* crypto: Clean up includesPeter Maydell2016-01-291-0/+1
| | | | | | | | | | Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 1453832250-766-3-git-send-email-peter.maydell@linaro.org
* crypto: move QCryptoHashAlgorithm enum definition into QAPIDaniel P. Berrange2015-12-231-2/+2
| | | | | | | | | The QCryptoHashAlgorithm enum is defined in the crypto/hash.h header. In the future some QAPI types will want to reference the hash enums, so move the enum definition into QAPI too. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
* crypto: add ability to query hash digest lenDaniel P. Berrange2015-12-231-0/+15
| | | | | | | | Add a qcrypto_hash_digest_len() method which allows querying of the raw digest size for a given hash algorithm. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
* crypto: introduce new module for computing hash digestsDaniel P. Berrange2015-07-071-0/+200
Introduce a new crypto/ directory that will (eventually) contain all the cryptographic related code. This initially defines a wrapper for initializing gnutls and for computing hashes with gnutls. The former ensures that gnutls is guaranteed to be initialized exactly once in QEMU regardless of CLI args. The block quorum code currently fails to initialize gnutls so it only works by luck, if VNC server TLS is not requested. The hash APIs avoids the need to litter the rest of the code with preprocessor checks and simplifies callers by allocating the correct amount of memory for the requested hash. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Message-Id: <1435770638-25715-2-git-send-email-berrange@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>