diff options
author | Thomas Haller <thaller@redhat.com> | 2018-11-01 12:52:38 +0100 |
---|---|---|
committer | Thomas Haller <thaller@redhat.com> | 2018-11-13 18:30:03 +0100 |
commit | eb9f950a330212d4780971d269423b0d90c51c5c (patch) | |
tree | f40b0193b16a65207ec5422ea7ba54a7d7a13cfb | |
parent | 3746845204b77a80dacbd7a0d7272e7ca30d1e3c (diff) | |
download | NetworkManager-eb9f950a330212d4780971d269423b0d90c51c5c.tar.gz |
all: cleanup GChecksum handling
- prefer nm_auto_free_checksum over explicit free.
- use nm_utils_checksum_get_digest*().
- prefer defines for digest length.
- assume g_checksum_new() cannot fail.
-rw-r--r-- | libnm-core/nm-crypto.c | 15 | ||||
-rw-r--r-- | libnm-core/nm-utils.c | 14 | ||||
-rw-r--r-- | src/dns/nm-dns-manager.c | 10 | ||||
-rw-r--r-- | src/nm-core-utils.c | 51 | ||||
-rw-r--r-- | src/nm-ip4-config.c | 24 | ||||
-rw-r--r-- | src/nm-ip6-config.c | 24 | ||||
-rw-r--r-- | src/supplicant/nm-supplicant-config.c | 33 |
7 files changed, 55 insertions, 116 deletions
diff --git a/libnm-core/nm-crypto.c b/libnm-core/nm-crypto.c index dc8f1c1538..1af2ea2840 100644 --- a/libnm-core/nm-crypto.c +++ b/libnm-core/nm-crypto.c @@ -879,13 +879,10 @@ nm_crypto_md5_hash (const guint8 *salt, gsize buflen) { nm_auto_free_checksum GChecksum *ctx = NULL; -#define MD5_DIGEST_LEN 16 - nm_auto_clear_static_secret_ptr const NMSecretPtr digest = NM_SECRET_PTR_STATIC (MD5_DIGEST_LEN); + nm_auto_clear_static_secret_ptr const NMSecretPtr digest = NM_SECRET_PTR_STATIC (NM_UTILS_CHECKSUM_LENGTH_MD5); gsize bufidx = 0; int i; - nm_assert (g_checksum_type_get_length (G_CHECKSUM_MD5) == MD5_DIGEST_LEN); - g_return_if_fail (password_len == 0 || password); g_return_if_fail (buffer); g_return_if_fail (buflen > 0); @@ -894,25 +891,21 @@ nm_crypto_md5_hash (const guint8 *salt, ctx = g_checksum_new (G_CHECKSUM_MD5); for (;;) { - gsize digest_len; - if (password_len > 0) g_checksum_update (ctx, (const guchar *) password, password_len); if (salt_len > 0) g_checksum_update (ctx, (const guchar *) salt, salt_len); - digest_len = MD5_DIGEST_LEN; - g_checksum_get_digest (ctx, digest.bin, &digest_len); - nm_assert (digest_len == MD5_DIGEST_LEN); + nm_utils_checksum_get_digest_len (ctx, digest.bin, NM_UTILS_CHECKSUM_LENGTH_MD5); - for (i = 0; i < MD5_DIGEST_LEN; i++) { + for (i = 0; i < NM_UTILS_CHECKSUM_LENGTH_MD5; i++) { if (bufidx >= buflen) return; buffer[bufidx++] = digest.bin[i]; } g_checksum_reset (ctx); - g_checksum_update (ctx, digest.ptr, MD5_DIGEST_LEN); + g_checksum_update (ctx, digest.ptr, NM_UTILS_CHECKSUM_LENGTH_MD5); } } diff --git a/libnm-core/nm-utils.c b/libnm-core/nm-utils.c index 6504158a53..631d7aa00f 100644 --- a/libnm-core/nm-utils.c +++ b/libnm-core/nm-utils.c @@ -2918,18 +2918,18 @@ nm_utils_uuid_generate_from_string_bin (NMUuid *uuid, const char *s, gssize slen sizeof (*uuid)); } else { nm_auto_free_checksum GChecksum *sum = NULL; - guint8 buf[20]; - gsize len; + union { + guint8 sha1[NM_UTILS_CHECKSUM_LENGTH_SHA1]; + NMUuid uuid; + } digest; sum = g_checksum_new (G_CHECKSUM_SHA1); g_checksum_update (sum, (guchar *) &ns_uuid, sizeof (ns_uuid)); g_checksum_update (sum, (guchar *) s, slen); - len = sizeof (buf); - g_checksum_get_digest (sum, buf, &len); - nm_assert (len == sizeof (buf)); + nm_utils_checksum_get_digest (sum, digest.sha1); - G_STATIC_ASSERT_EXPR (sizeof (*uuid) <= sizeof (buf)); - memcpy (uuid, buf, sizeof (*uuid)); + G_STATIC_ASSERT_EXPR (sizeof (digest.sha1) > sizeof (digest.uuid)); + *uuid = digest.uuid; } uuid->uuid[6] = (uuid->uuid[6] & 0x0F) | (uuid_type << 4); diff --git a/src/dns/nm-dns-manager.c b/src/dns/nm-dns-manager.c index 8575237742..9dd8784a50 100644 --- a/src/dns/nm-dns-manager.c +++ b/src/dns/nm-dns-manager.c @@ -55,7 +55,7 @@ #include "nm-dns-systemd-resolved.h" #include "nm-dns-unbound.h" -#define HASH_LEN 20 +#define HASH_LEN NM_UTILS_CHECKSUM_LENGTH_SHA1 #ifndef RESOLVCONF_PATH #define RESOLVCONF_PATH "/sbin/resolvconf" @@ -992,12 +992,11 @@ update_resolv_conf (NMDnsManager *self, static void compute_hash (NMDnsManager *self, const NMGlobalDnsConfig *global, guint8 buffer[HASH_LEN]) { - GChecksum *sum; - gsize len = HASH_LEN; + nm_auto_free_checksum GChecksum *sum = NULL; NMDnsIPConfigData *ip_data; sum = g_checksum_new (G_CHECKSUM_SHA1); - nm_assert (len == g_checksum_type_get_length (G_CHECKSUM_SHA1)); + nm_assert (HASH_LEN == g_checksum_type_get_length (G_CHECKSUM_SHA1)); if (global) nm_global_dns_config_update_checksum (global, sum); @@ -1011,8 +1010,7 @@ compute_hash (NMDnsManager *self, const NMGlobalDnsConfig *global, guint8 buffer nm_ip_config_hash (ip_data->ip_config, sum, TRUE); } - g_checksum_get_digest (sum, buffer, &len); - g_checksum_free (sum); + nm_utils_checksum_get_digest_len (sum, buffer, HASH_LEN); } static gboolean diff --git a/src/nm-core-utils.c b/src/nm-core-utils.c index a844449e29..61d484f3ac 100644 --- a/src/nm-core-utils.c +++ b/src/nm-core-utils.c @@ -2725,9 +2725,8 @@ nm_utils_stable_id_random (void) char * nm_utils_stable_id_generated_complete (const char *stable_id_generated) { - guint8 buf[20]; - GChecksum *sum; - gsize buf_size; + nm_auto_free_checksum GChecksum *sum = NULL; + guint8 buf[NM_UTILS_CHECKSUM_LENGTH_SHA1]; char *base64; /* for NM_UTILS_STABLE_TYPE_GENERATED we genererate a possibly long string @@ -2738,15 +2737,8 @@ nm_utils_stable_id_generated_complete (const char *stable_id_generated) g_return_val_if_fail (stable_id_generated, NULL); sum = g_checksum_new (G_CHECKSUM_SHA1); - nm_assert (sum); - g_checksum_update (sum, (guchar *) stable_id_generated, strlen (stable_id_generated)); - - buf_size = sizeof (buf); - g_checksum_get_digest (sum, buf, &buf_size); - nm_assert (buf_size == sizeof (buf)); - - g_checksum_free (sum); + nm_utils_checksum_get_digest (sum, buf); /* we don't care to use the sha1 sum in common hex representation. * Use instead base64, it's 27 chars (stripping the padding) vs. @@ -2930,22 +2922,14 @@ _set_stable_privacy (NMUtilsStableType stable_type, gsize key_len, GError **error) { - GChecksum *sum; - guint8 digest[32]; + nm_auto_free_checksum GChecksum *sum = NULL; + guint8 digest[NM_UTILS_CHECKSUM_LENGTH_SHA256]; guint32 tmp[2]; - gsize len = sizeof (digest); nm_assert (key_len); nm_assert (network_id); - /* Documentation suggests that this can fail. - * Maybe in case of a missing algorithm in crypto library? */ sum = g_checksum_new (G_CHECKSUM_SHA256); - if (!sum) { - g_set_error_literal (error, NM_UTILS_ERROR, NM_UTILS_ERROR_UNKNOWN, - "Can't create a SHA256 hash"); - return FALSE; - } key_len = MIN (key_len, G_MAXUINT32); @@ -2974,24 +2958,17 @@ _set_stable_privacy (NMUtilsStableType stable_type, tmp[1] = htonl (key_len); g_checksum_update (sum, (const guchar *) tmp, sizeof (tmp)); g_checksum_update (sum, (const guchar *) secret_key, key_len); - - g_checksum_get_digest (sum, digest, &len); - - nm_assert (len == sizeof (digest)); + nm_utils_checksum_get_digest (sum, digest); while (_is_reserved_ipv6_iid (digest)) { g_checksum_reset (sum); tmp[0] = htonl (++dad_counter); - g_checksum_update (sum, digest, len); + g_checksum_update (sum, digest, sizeof (digest)); g_checksum_update (sum, (const guchar *) &tmp[0], sizeof (tmp[0])); - g_checksum_get_digest (sum, digest, &len); - nm_assert (len == sizeof (digest)); + nm_utils_checksum_get_digest (sum, digest); } - g_checksum_free (sum); - memcpy (addr->s6_addr + 8, &digest[0], 8); - return TRUE; } @@ -3117,10 +3094,9 @@ _hw_addr_gen_stable_eth (NMUtilsStableType stable_type, const char *current_mac_address, const char *generate_mac_address_mask) { - GChecksum *sum; + nm_auto_free_checksum GChecksum *sum = NULL; guint32 tmp; - guint8 digest[32]; - gsize len = sizeof (digest); + guint8 digest[NM_UTILS_CHECKSUM_LENGTH_SHA256]; struct ether_addr bin_addr; guint8 stable_type_uint8; @@ -3128,8 +3104,6 @@ _hw_addr_gen_stable_eth (NMUtilsStableType stable_type, nm_assert (secret_key); sum = g_checksum_new (G_CHECKSUM_SHA256); - if (!sum) - return NULL; key_len = MIN (key_len, G_MAXUINT32); @@ -3143,10 +3117,7 @@ _hw_addr_gen_stable_eth (NMUtilsStableType stable_type, g_checksum_update (sum, (const guchar *) (ifname ?: ""), ifname ? (strlen (ifname) + 1) : 1); g_checksum_update (sum, (const guchar *) stable_id, strlen (stable_id) + 1); - g_checksum_get_digest (sum, digest, &len); - g_checksum_free (sum); - - g_return_val_if_fail (len == 32, NULL); + nm_utils_checksum_get_digest (sum, digest); memcpy (&bin_addr, digest, ETH_ALEN); _hw_addr_eth_complete (&bin_addr, current_mac_address, generate_mac_address_mask); diff --git a/src/nm-ip4-config.c b/src/nm-ip4-config.c index 6604711c3d..ce7f7fc4c2 100644 --- a/src/nm-ip4-config.c +++ b/src/nm-ip4-config.c @@ -2996,29 +2996,19 @@ nm_ip4_config_hash (const NMIP4Config *self, GChecksum *sum, gboolean dns_only) gboolean nm_ip4_config_equal (const NMIP4Config *a, const NMIP4Config *b) { - GChecksum *a_checksum = g_checksum_new (G_CHECKSUM_SHA1); - GChecksum *b_checksum = g_checksum_new (G_CHECKSUM_SHA1); - guchar a_data[20], b_data[20]; - gsize a_len = sizeof (a_data); - gsize b_len = sizeof (b_data); - gboolean equal; + nm_auto_free_checksum GChecksum *a_checksum = g_checksum_new (G_CHECKSUM_SHA1); + nm_auto_free_checksum GChecksum *b_checksum = g_checksum_new (G_CHECKSUM_SHA1); + guint8 a_data[NM_UTILS_CHECKSUM_LENGTH_SHA1]; + guint8 b_data[NM_UTILS_CHECKSUM_LENGTH_SHA1]; if (a) nm_ip4_config_hash (a, a_checksum, FALSE); if (b) nm_ip4_config_hash (b, b_checksum, FALSE); - g_checksum_get_digest (a_checksum, a_data, &a_len); - g_checksum_get_digest (b_checksum, b_data, &b_len); - - nm_assert (a_len == sizeof (a_data)); - nm_assert (b_len == sizeof (b_data)); - equal = !memcmp (a_data, b_data, a_len); - - g_checksum_free (a_checksum); - g_checksum_free (b_checksum); - - return equal; + nm_utils_checksum_get_digest (a_checksum, a_data); + nm_utils_checksum_get_digest (b_checksum, b_data); + return !memcmp (a_data, b_data, sizeof (a_data)); } /*****************************************************************************/ diff --git a/src/nm-ip6-config.c b/src/nm-ip6-config.c index a8c4aecdf2..42240e698f 100644 --- a/src/nm-ip6-config.c +++ b/src/nm-ip6-config.c @@ -2426,29 +2426,19 @@ nm_ip6_config_hash (const NMIP6Config *self, GChecksum *sum, gboolean dns_only) gboolean nm_ip6_config_equal (const NMIP6Config *a, const NMIP6Config *b) { - GChecksum *a_checksum = g_checksum_new (G_CHECKSUM_SHA1); - GChecksum *b_checksum = g_checksum_new (G_CHECKSUM_SHA1); - guchar a_data[20], b_data[20]; - gsize a_len = sizeof (a_data); - gsize b_len = sizeof (b_data); - gboolean equal; + nm_auto_free_checksum GChecksum *a_checksum = g_checksum_new (G_CHECKSUM_SHA1); + nm_auto_free_checksum GChecksum *b_checksum = g_checksum_new (G_CHECKSUM_SHA1); + guint8 a_data[NM_UTILS_CHECKSUM_LENGTH_SHA1]; + guint8 b_data[NM_UTILS_CHECKSUM_LENGTH_SHA1]; if (a) nm_ip6_config_hash (a, a_checksum, FALSE); if (b) nm_ip6_config_hash (b, b_checksum, FALSE); - g_checksum_get_digest (a_checksum, a_data, &a_len); - g_checksum_get_digest (b_checksum, b_data, &b_len); - - nm_assert (a_len == sizeof (a_data)); - nm_assert (b_len == sizeof (b_data)); - equal = !memcmp (a_data, b_data, a_len); - - g_checksum_free (a_checksum); - g_checksum_free (b_checksum); - - return equal; + nm_utils_checksum_get_digest (a_checksum, a_data); + nm_utils_checksum_get_digest (b_checksum, b_data); + return !memcmp (a_data, b_data, sizeof (a_data)); } /*****************************************************************************/ diff --git a/src/supplicant/nm-supplicant-config.c b/src/supplicant/nm-supplicant-config.c index 2402809e2a..55936ed048 100644 --- a/src/supplicant/nm-supplicant-config.c +++ b/src/supplicant/nm-supplicant-config.c @@ -656,31 +656,28 @@ add_string_val (NMSupplicantConfig *self, static void wep128_passphrase_hash (const char *input, - size_t input_len, - guint8 *out_digest, - size_t *out_digest_len) + gsize input_len, + guint8 *digest /* 13 bytes */) { - GChecksum *sum; + nm_auto_free_checksum GChecksum *sum = NULL; + guint8 md5[NM_UTILS_CHECKSUM_LENGTH_MD5]; guint8 data[64]; int i; - g_return_if_fail (out_digest != NULL); - g_return_if_fail (out_digest_len != NULL); - g_return_if_fail (*out_digest_len >= 16); + nm_assert (input); + nm_assert (input_len); + nm_assert (digest); /* Get at least 64 bytes by repeating the passphrase into the buffer */ for (i = 0; i < sizeof (data); i++) data[i] = input[i % input_len]; sum = g_checksum_new (G_CHECKSUM_MD5); - g_assert (sum); g_checksum_update (sum, data, sizeof (data)); - g_checksum_get_digest (sum, out_digest, out_digest_len); - g_checksum_free (sum); + nm_utils_checksum_get_digest (sum, md5); - g_assert (*out_digest_len == 16); /* WEP104 keys are 13 bytes in length (26 hex characters) */ - *out_digest_len = 13; + memcpy (digest, md5, 13); } static gboolean @@ -690,9 +687,10 @@ add_wep_key (NMSupplicantConfig *self, NMWepKeyType wep_type, GError **error) { - size_t key_len = key ? strlen (key) : 0; + gsize key_len; - if (!key || !key_len) + if ( !key + || (key_len = strlen (key)) == 0) return TRUE; if (wep_type == NM_WEP_KEY_TYPE_UNKNOWN) { @@ -737,11 +735,10 @@ add_wep_key (NMSupplicantConfig *self, return FALSE; } } else if (wep_type == NM_WEP_KEY_TYPE_PASSPHRASE) { - guint8 digest[16]; - size_t digest_len = sizeof (digest); + guint8 digest[13]; - wep128_passphrase_hash (key, key_len, digest, &digest_len); - if (!nm_supplicant_config_add_option (self, name, (const char *) digest, digest_len, "<hidden>", error)) + wep128_passphrase_hash (key, key_len, digest); + if (!nm_supplicant_config_add_option (self, name, (const char *) digest, sizeof (digest), "<hidden>", error)) return FALSE; } |