/openbmc/qemu/crypto/ |
H A D | tlscredsx509.c | 8cb846db9e026dac849698208fbebb2991d9754d Wed Dec 04 03:36:08 CST 2019 Markus Armbruster <armbru@redhat.com> crypto: Fix certificate file error handling crash bug
qcrypto_tls_creds_load_cert() passes uninitialized GError *gerr by reference to g_file_get_contents(). When g_file_get_contents() fails, it'll try to set a GError. Unless @gerr is null by dumb luck, this logs a ERROR_OVERWRITTEN_WARNING warning message and leaves @gerr unchanged. qcrypto_tls_creds_load_cert() then dereferences the uninitialized @gerr.
Fix by initializing @gerr properly.
Fixes: 9a2fd4347c40321f5cbb4ab4220e759fcbf87d03 Cc: "Daniel P. Berrangé" <berrange@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20191204093625.14836-2-armbru@redhat.com> Acked-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> 9a2fd4347c40321f5cbb4ab4220e759fcbf87d03 Mon Apr 13 08:01:39 CDT 2015 Daniel P. Berrange <berrange@redhat.com> crypto: add sanity checking of TLS x509 credentials
If the administrator incorrectly sets up their x509 certificates, the errors seen at runtime during connection attempts are very obscure and difficult to diagnose. This has been a particular problem for people using openssl to generate their certificates instead of the gnutls certtool, because the openssl tools don't turn on the various x509 extensions that gnutls expects to be present by default.
This change thus adds support in the TLS credentials object to sanity check the certificates when QEMU first loads them. This gives the administrator immediate feedback for the majority of common configuration mistakes, reducing the pain involved in setting up TLS. The code is derived from equivalent code that has been part of libvirt's TLS support and has been seen to be valuable in assisting admins.
It is possible to disable the sanity checking, however, via the new 'sanity-check' property on the tls-creds object type, with a value of 'no'.
Unit tests are included in this change to verify the correctness of the sanity checking code in all the key scenarios it is intended to cope with. As part of the test suite, the pkix_asn1_tab.c from gnutls is imported. This file is intentionally copied from the (long since obsolete) gnutls 1.6.3 source tree, since that version was still under GPLv2+, rather than the GPLv3+ of gnutls >= 2.0.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
|
/openbmc/qemu/include/crypto/ |
H A D | tlscredsx509.h | 9a2fd4347c40321f5cbb4ab4220e759fcbf87d03 Mon Apr 13 08:01:39 CDT 2015 Daniel P. Berrange <berrange@redhat.com> crypto: add sanity checking of TLS x509 credentials
If the administrator incorrectly sets up their x509 certificates, the errors seen at runtime during connection attempts are very obscure and difficult to diagnose. This has been a particular problem for people using openssl to generate their certificates instead of the gnutls certtool, because the openssl tools don't turn on the various x509 extensions that gnutls expects to be present by default.
This change thus adds support in the TLS credentials object to sanity check the certificates when QEMU first loads them. This gives the administrator immediate feedback for the majority of common configuration mistakes, reducing the pain involved in setting up TLS. The code is derived from equivalent code that has been part of libvirt's TLS support and has been seen to be valuable in assisting admins.
It is possible to disable the sanity checking, however, via the new 'sanity-check' property on the tls-creds object type, with a value of 'no'.
Unit tests are included in this change to verify the correctness of the sanity checking code in all the key scenarios it is intended to cope with. As part of the test suite, the pkix_asn1_tab.c from gnutls is imported. This file is intentionally copied from the (long since obsolete) gnutls 1.6.3 source tree, since that version was still under GPLv2+, rather than the GPLv3+ of gnutls >= 2.0.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
|
/openbmc/qemu/ |
H A D | trace-events | 9a2fd4347c40321f5cbb4ab4220e759fcbf87d03 Mon Apr 13 08:01:39 CDT 2015 Daniel P. Berrange <berrange@redhat.com> crypto: add sanity checking of TLS x509 credentials
If the administrator incorrectly sets up their x509 certificates, the errors seen at runtime during connection attempts are very obscure and difficult to diagnose. This has been a particular problem for people using openssl to generate their certificates instead of the gnutls certtool, because the openssl tools don't turn on the various x509 extensions that gnutls expects to be present by default.
This change thus adds support in the TLS credentials object to sanity check the certificates when QEMU first loads them. This gives the administrator immediate feedback for the majority of common configuration mistakes, reducing the pain involved in setting up TLS. The code is derived from equivalent code that has been part of libvirt's TLS support and has been seen to be valuable in assisting admins.
It is possible to disable the sanity checking, however, via the new 'sanity-check' property on the tls-creds object type, with a value of 'no'.
Unit tests are included in this change to verify the correctness of the sanity checking code in all the key scenarios it is intended to cope with. As part of the test suite, the pkix_asn1_tab.c from gnutls is imported. This file is intentionally copied from the (long since obsolete) gnutls 1.6.3 source tree, since that version was still under GPLv2+, rather than the GPLv3+ of gnutls >= 2.0.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
|
H A D | configure | 90246037760a2a1d64da67782200b690de24cc49 Mon Sep 21 11:25:34 CDT 2015 Daniel P. Berrange <berrange@redhat.com> configure: avoid polluting global CFLAGS with tasn1 flags
The previous commit
commit 9a2fd4347c40321f5cbb4ab4220e759fcbf87d03 Author: Daniel P. Berrange <berrange@redhat.com> Date: Mon Apr 13 14:01:39 2015 +0100
crypto: add sanity checking of TLS x509 credentials
defined new variables $TEST_LIBS and $TEST_CFLAGS and used them in tests/Makefile to augment $LIBS and $CFLAGS.
Unfortunately this overlooks the fact that tests/Makefile is not executed via recursive-make, it is just pulled into the top level Makefile via an include statement. So rather than just augmenting the compiler/linker flags for tests it polluted the global flags.
This is thought to be behind a reported failure when building the pixman module as a sub-module, since global $CFLAGS are passed down to configure in pixman.
This change removes the $TEST_LIBS and $TEST_CFLAGS replacing them with $TASN1_LIBS and $TASN1_CFLAGS, setting only against specific objects/executables that need them.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com> 9a2fd4347c40321f5cbb4ab4220e759fcbf87d03 Mon Apr 13 08:01:39 CDT 2015 Daniel P. Berrange <berrange@redhat.com> crypto: add sanity checking of TLS x509 credentials
If the administrator incorrectly sets up their x509 certificates, the errors seen at runtime during connection attempts are very obscure and difficult to diagnose. This has been a particular problem for people using openssl to generate their certificates instead of the gnutls certtool, because the openssl tools don't turn on the various x509 extensions that gnutls expects to be present by default.
This change thus adds support in the TLS credentials object to sanity check the certificates when QEMU first loads them. This gives the administrator immediate feedback for the majority of common configuration mistakes, reducing the pain involved in setting up TLS. The code is derived from equivalent code that has been part of libvirt's TLS support and has been seen to be valuable in assisting admins.
It is possible to disable the sanity checking, however, via the new 'sanity-check' property on the tls-creds object type, with a value of 'no'.
Unit tests are included in this change to verify the correctness of the sanity checking code in all the key scenarios it is intended to cope with. As part of the test suite, the pkix_asn1_tab.c from gnutls is imported. This file is intentionally copied from the (long since obsolete) gnutls 1.6.3 source tree, since that version was still under GPLv2+, rather than the GPLv3+ of gnutls >= 2.0.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
|