From patchwork Fri Jul 10 17:18:01 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?UmFkaW0gS3LEjW3DocWZ?= X-Patchwork-Id: 493847 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 36D1C1402B2 for ; Sat, 11 Jul 2015 03:21:36 +1000 (AEST) Received: from localhost ([::1]:45554 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZDbzS-0000HM-3n for incoming@patchwork.ozlabs.org; Fri, 10 Jul 2015 13:21:34 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38278) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZDbxV-00063H-5n for qemu-devel@nongnu.org; Fri, 10 Jul 2015 13:19:34 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZDbxT-0003oJ-MB for qemu-devel@nongnu.org; Fri, 10 Jul 2015 13:19:33 -0400 Received: from mx1.redhat.com ([209.132.183.28]:47541) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZDbxT-0003o8-E6 for qemu-devel@nongnu.org; Fri, 10 Jul 2015 13:19:31 -0400 Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (Postfix) with ESMTPS id 10CED388B53; Fri, 10 Jul 2015 17:19:31 +0000 (UTC) Received: from potion (dhcp-1-222.brq.redhat.com [10.34.1.222]) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with SMTP id t6AHJSZV022817; Fri, 10 Jul 2015 13:19:29 -0400 Received: by potion (sSMTP sendmail emulation); Fri, 10 Jul 2015 19:19:28 +0200 From: =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= To: qemu-devel@nongnu.org Date: Fri, 10 Jul 2015 19:18:01 +0200 Message-Id: <1436548682-9315-3-git-send-email-rkrcmar@redhat.com> In-Reply-To: <1436548682-9315-1-git-send-email-rkrcmar@redhat.com> References: <1436548682-9315-1-git-send-email-rkrcmar@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 209.132.183.28 Cc: Peter Maydell Subject: [Qemu-devel] [PATCH v2 2/3] crypto: avoid undefined behavior in nettle calls X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Calling a function pointer that was cast from an incompatible function results in undefined behavior. 'void *' isn't compatible with 'struct XXX *', so we can't cast to nettle_cipher_func, but have to provide a wrapper. (Conversion from 'void *' to 'struct XXX *' might require computation, which won't be done if we drop argument's true type, and pointers can have different sizes so passing arguments on stack would bug.) Having two different prototypes based on nettle version doesn't make this solution any nicer. Reported-by: Peter Maydell Signed-off-by: Radim Krčmář --- crypto/cipher-nettle.c | 43 +++++++++++++++++++++++++++++++++++++++---- 1 file changed, 39 insertions(+), 4 deletions(-) diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c index e61aaa29f049..61f1cd3417d3 100644 --- a/crypto/cipher-nettle.c +++ b/crypto/cipher-nettle.c @@ -25,8 +25,43 @@ #if CONFIG_NETTLE_VERSION_MAJOR < 3 typedef nettle_crypt_func nettle_cipher_func; + +typedef void * cipher_ctx_t; +typedef unsigned cipher_length_t; +#else +typedef const void * cipher_ctx_t; +typedef size_t cipher_length_t; #endif +nettle_cipher_func aes_encrypt_wrapper; +nettle_cipher_func aes_decrypt_wrapper; +nettle_cipher_func des_encrypt_wrapper; +nettle_cipher_func des_decrypt_wrapper; + +void aes_encrypt_wrapper(cipher_ctx_t ctx, cipher_length_t length, + uint8_t *dst, const uint8_t *src) +{ + aes_encrypt(ctx, length, dst, src); +} + +void aes_decrypt_wrapper(cipher_ctx_t ctx, cipher_length_t length, + uint8_t *dst, const uint8_t *src) +{ + aes_encrypt(ctx, length, dst, src); +} + +void des_encrypt_wrapper(cipher_ctx_t ctx, cipher_length_t length, + uint8_t *dst, const uint8_t *src) +{ + des_encrypt(ctx, length, dst, src); +} + +void des_decrypt_wrapper(cipher_ctx_t ctx, cipher_length_t length, + uint8_t *dst, const uint8_t *src) +{ + des_decrypt(ctx, length, dst, src); +} + typedef struct QCryptoCipherNettle QCryptoCipherNettle; struct QCryptoCipherNettle { void *ctx_encrypt; @@ -87,8 +122,8 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg, des_set_key(ctx->ctx_encrypt, rfbkey); g_free(rfbkey); - ctx->alg_encrypt = (nettle_cipher_func *)des_encrypt; - ctx->alg_decrypt = (nettle_cipher_func *)des_decrypt; + ctx->alg_encrypt = des_encrypt_wrapper; + ctx->alg_decrypt = des_decrypt_wrapper; ctx->niv = DES_BLOCK_SIZE; break; @@ -102,8 +137,8 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg, aes_set_encrypt_key(ctx->ctx_encrypt, nkey, key); aes_set_decrypt_key(ctx->ctx_decrypt, nkey, key); - ctx->alg_encrypt = (nettle_cipher_func *)aes_encrypt; - ctx->alg_decrypt = (nettle_cipher_func *)aes_decrypt; + ctx->alg_encrypt = aes_encrypt_wrapper; + ctx->alg_decrypt = aes_decrypt_wrapper; ctx->niv = AES_BLOCK_SIZE; break;