diff mbox

[v2,3/3] crypto: add mode check in qcrypto_cipher_new() for cipher-builtin

Message ID 1474683000-346560-4-git-send-email-arei.gonglei@huawei.com (mailing list archive)
State New, archived
Headers show

Commit Message

Gonglei (Arei) Sept. 24, 2016, 2:10 a.m. UTC 
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
---
 crypto/cipher-builtin.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

Comments

Daniel P. Berrangé Sept. 26, 2016, 8:13 a.m. UTC | #1 
On Sat, Sep 24, 2016 at 10:10:00AM +0800, Gonglei wrote:
> Signed-off-by: Gonglei <arei.gonglei@huawei.com>
> ---
>  crypto/cipher-builtin.c | 10 ++++++++++
>  1 file changed, 10 insertions(+)
> 
> diff --git a/crypto/cipher-builtin.c b/crypto/cipher-builtin.c
> index fd59a9e..d710608 100644
> --- a/crypto/cipher-builtin.c
> +++ b/crypto/cipher-builtin.c
> @@ -433,6 +433,16 @@ QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
>  {
>      QCryptoCipher *cipher;
>  
> +    switch (mode) {
> +    case QCRYPTO_CIPHER_MODE_ECB:
> +    case QCRYPTO_CIPHER_MODE_CBC:
> +    case QCRYPTO_CIPHER_MODE_XTS:

Presumably you intended to have 'break' here, otherwise this
code rejects everything

> +    default:
> +        error_setg(errp, "Unsupported cipher mode %s",
> +                   QCryptoCipherMode_lookup[mode]);
> +        return NULL;
> +    }
> +
>      cipher = g_new0(QCryptoCipher, 1);
>      cipher->alg = alg;
>      cipher->mode = mode;

Regards,
Daniel
Gonglei (Arei) Sept. 26, 2016, 8:50 a.m. UTC | #2 
> -----Original Message-----

> From: Daniel P. Berrange [mailto:berrange@redhat.com]

> Sent: Monday, September 26, 2016 4:14 PM

> To: Gonglei (Arei)

> Cc: qemu-devel@nongnu.org; Wubin (H)

> Subject: Re: [PATCH v2 3/3] crypto: add mode check in qcrypto_cipher_new() for

> cipher-builtin

> 

> On Sat, Sep 24, 2016 at 10:10:00AM +0800, Gonglei wrote:

> > Signed-off-by: Gonglei <arei.gonglei@huawei.com>

> > ---

> >  crypto/cipher-builtin.c | 10 ++++++++++

> >  1 file changed, 10 insertions(+)

> >

> > diff --git a/crypto/cipher-builtin.c b/crypto/cipher-builtin.c

> > index fd59a9e..d710608 100644

> > --- a/crypto/cipher-builtin.c

> > +++ b/crypto/cipher-builtin.c

> > @@ -433,6 +433,16 @@ QCryptoCipher

> *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,

> >  {

> >      QCryptoCipher *cipher;

> >

> > +    switch (mode) {

> > +    case QCRYPTO_CIPHER_MODE_ECB:

> > +    case QCRYPTO_CIPHER_MODE_CBC:

> > +    case QCRYPTO_CIPHER_MODE_XTS:

> 

> Presumably you intended to have 'break' here, otherwise this

> code rejects everything

> 

Oops, my fault  :(


Regards,
-Gonglei

> > +    default:

> > +        error_setg(errp, "Unsupported cipher mode %s",

> > +                   QCryptoCipherMode_lookup[mode]);

> > +        return NULL;

> > +    }

> > +

> >      cipher = g_new0(QCryptoCipher, 1);

> >      cipher->alg = alg;

> >      cipher->mode = mode;

> 

> Regards,

> Daniel

> --

> |: http://berrange.com      -o-

> http://www.flickr.com/photos/dberrange/ :|

> |: http://libvirt.org              -o-

> http://virt-manager.org :|

> |: http://autobuild.org       -o-

> http://search.cpan.org/~danberr/ :|

> |: http://entangle-photo.org       -o-

> http://live.gnome.org/gtk-vnc :|
diff mbox

Patch

diff --git a/crypto/cipher-builtin.c b/crypto/cipher-builtin.c
index fd59a9e..d710608 100644
--- a/crypto/cipher-builtin.c
+++ b/crypto/cipher-builtin.c
@@ -433,6 +433,16 @@  QCryptoCipher *qcrypto_cipher_new(QCryptoCipherAlgorithm alg,
 {
     QCryptoCipher *cipher;
 
+    switch (mode) {
+    case QCRYPTO_CIPHER_MODE_ECB:
+    case QCRYPTO_CIPHER_MODE_CBC:
+    case QCRYPTO_CIPHER_MODE_XTS:
+    default:
+        error_setg(errp, "Unsupported cipher mode %s",
+                   QCryptoCipherMode_lookup[mode]);
+        return NULL;
+    }
+
     cipher = g_new0(QCryptoCipher, 1);
     cipher->alg = alg;
     cipher->mode = mode;