fridtjof/qemu-cr16
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Misc crypto & UI patches

Browse source 
* Fix endian defaults when no VNC pixel format message is set
 * Add more trace events for VNC messages
 * Fix checking of certificate loading
 * Eliminate cert limit on loading CA certificates
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAmh+GhkACgkQvobrtBUQ
 T995OBAAiET1Av3xoF9aAVO5Visy/yvDaSOkP4bDDr1KkpaDrqLpBhAoqIEdxU1O
 c+SUwltp0dYe7RcYIWg9b5dTpJdWyYDo5LvPQBbwxbhOXMPFbGsMJMc0BaO3KPVV
 dlfXHUyHZ1bLVE5mnM/5poZzhN7CE4qHGw35jr08VF7iPHrEEp+5OgxFddzi5vQq
 Rt+PlWA2CT/U5AoQe3Pgc0sRoS4VWV35xhdDWRgNR52CGzdNR76GneXy1ByJ6CWd
 mlbFkXE6Abnp/TN/IT3sefH099Mc23adxPZ3WJ0aDEWG6jLnlcrvxmag0HNNJmm/
 R+PRB5OkClYA1kntYbLqOZyNHkcWTGtCTIq7293N0hXTWzQw96Py+pDVMeoktqqO
 yuhdykCmOETWbudbpdCpcQyEpu4TQdFDPPoHVh4H2XbJmgIkuU+MMoBaaN+OBphk
 40H/mvGPkrY1Gb/jvDpbg74tqzH/gmTfuZJ+b1CMku9T11ElVPdu2bCUgOTgnPfC
 b7wvyH31qtbel3OA1zzJ69Lh0wCEVYiOoMT+O49PMndlDn/d6ssi2T/6SjdDKUSd
 JyVqhjG6xKr3Mogp/HVVpAEVHncztVDBOPYJA69OG/hjfE63NtcTsbWUhwO0kYr3
 R8qtdq/IYYOPAzGjCzNsApJusrymhVRF/ZSQCnbO15RdERBMF5Y=
 =sxKq
 -----END PGP SIGNATURE-----

Merge tag 'misc-next-pull-request' of https://gitlab.com/berrange/qemu into staging

Misc crypto & UI patches

* Fix endian defaults when no VNC pixel format message is set
* Add more trace events for VNC messages
* Fix checking of certificate loading
* Eliminate cert limit on loading CA certificates

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAmh+GhkACgkQvobrtBUQ
# T995OBAAiET1Av3xoF9aAVO5Visy/yvDaSOkP4bDDr1KkpaDrqLpBhAoqIEdxU1O
# c+SUwltp0dYe7RcYIWg9b5dTpJdWyYDo5LvPQBbwxbhOXMPFbGsMJMc0BaO3KPVV
# dlfXHUyHZ1bLVE5mnM/5poZzhN7CE4qHGw35jr08VF7iPHrEEp+5OgxFddzi5vQq
# Rt+PlWA2CT/U5AoQe3Pgc0sRoS4VWV35xhdDWRgNR52CGzdNR76GneXy1ByJ6CWd
# mlbFkXE6Abnp/TN/IT3sefH099Mc23adxPZ3WJ0aDEWG6jLnlcrvxmag0HNNJmm/
# R+PRB5OkClYA1kntYbLqOZyNHkcWTGtCTIq7293N0hXTWzQw96Py+pDVMeoktqqO
# yuhdykCmOETWbudbpdCpcQyEpu4TQdFDPPoHVh4H2XbJmgIkuU+MMoBaaN+OBphk
# 40H/mvGPkrY1Gb/jvDpbg74tqzH/gmTfuZJ+b1CMku9T11ElVPdu2bCUgOTgnPfC
# b7wvyH31qtbel3OA1zzJ69Lh0wCEVYiOoMT+O49PMndlDn/d6ssi2T/6SjdDKUSd
# JyVqhjG6xKr3Mogp/HVVpAEVHncztVDBOPYJA69OG/hjfE63NtcTsbWUhwO0kYr3
# R8qtdq/IYYOPAzGjCzNsApJusrymhVRF/ZSQCnbO15RdERBMF5Y=
# =sxKq
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 21 Jul 2025 06:44:41 EDT
# gpg:                using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg:                 aka "Daniel P. Berrange <berrange@redhat.com>" [full]
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E  8E3F BE86 EBB4 1510 4FDF

* tag 'misc-next-pull-request' of https://gitlab.com/berrange/qemu:
  crypto: load all certificates in X509 CA file
  crypto/x509-utils: Check for error from gnutls_x509_crt_init()
  ui: add trace events for all client messages
  ui: fix setting client_endian field defaults

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This commit is contained in:
Stefan Hajnoczi 2025-07-21 12:21:31 -04:00
commit b4f0b382fe
4 changed files with 83 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

23
crypto/tlscredsx509.c
View file

@ -426,9 +426,8 @@ qcrypto_tls_creds_load_cert(QCryptoTLSCredsX509 *creds,
static int
qcrypto_tls_creds_load_ca_cert_list(QCryptoTLSCredsX509 *creds,
const char *certFile,
gnutls_x509_crt_t *certs,
unsigned int certMax,
size_t *ncerts,
gnutls_x509_crt_t **certs,
unsigned int *ncerts,
Error **errp)
{
gnutls_datum_t data;
@ -449,20 +448,18 @@ qcrypto_tls_creds_load_ca_cert_list(QCryptoTLSCredsX509 *creds,
data.data = (unsigned char *)buf;
data.size = strlen(buf);
if (gnutls_x509_crt_list_import(certs, &certMax, &data,
GNUTLS_X509_FMT_PEM, 0) < 0) {
if (gnutls_x509_crt_list_import2(certs, ncerts, &data,
GNUTLS_X509_FMT_PEM, 0) < 0) {
error_setg(errp,
"Unable to import CA certificate list %s",
certFile);
return -1;
}
*ncerts = certMax;
return 0;
}
#define MAX_CERTS 16
static int
qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX509 *creds,
bool isServer,
@ -471,12 +468,11 @@ qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX509 *creds,
Error **errp)
{
gnutls_x509_crt_t cert = NULL;
gnutls_x509_crt_t cacerts[MAX_CERTS];
size_t ncacerts = 0;
gnutls_x509_crt_t *cacerts = NULL;
unsigned int ncacerts = 0;
size_t i;
int ret = -1;
memset(cacerts, 0, sizeof(cacerts));
if (certFile &&
access(certFile, R_OK) == 0) {
cert = qcrypto_tls_creds_load_cert(creds,
@ -488,8 +484,9 @@ qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX509 *creds,
}
if (access(cacertFile, R_OK) == 0) {
if (qcrypto_tls_creds_load_ca_cert_list(creds,
cacertFile, cacerts,
MAX_CERTS, &ncacerts,
cacertFile,
&cacerts,
&ncacerts,
errp) < 0) {
goto cleanup;
}
@ -526,6 +523,8 @@ qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX509 *creds,
for (i = 0; i < ncacerts; i++) {
gnutls_x509_crt_deinit(cacerts[i]);
}
g_free(cacerts);
return ret;
}

6
crypto/x509-utils.c
View file

@ -46,7 +46,11 @@ int qcrypto_get_x509_cert_fingerprint(uint8_t *cert, size_t size,
return -1;
}
gnutls_x509_crt_init(&crt);
if (gnutls_x509_crt_init(&crt) < 0) {
error_setg(errp, "Unable to initialize certificate: %s",
gnutls_strerror(ret));
return -1;
}
if (gnutls_x509_crt_import(crt, &datum, GNUTLS_X509_FMT_PEM) != 0) {
error_setg(errp, "Failed to import certificate");

14
ui/trace-events
View file

@ -48,13 +48,27 @@ vnc_msg_server_ext_desktop_resize(void *state, void *ioc, int width, int height,
vnc_msg_client_audio_enable(void *state, void *ioc) "VNC client msg audio enable state=%p ioc=%p"
vnc_msg_client_audio_disable(void *state, void *ioc) "VNC client msg audio disable state=%p ioc=%p"
vnc_msg_client_audio_format(void *state, void *ioc, int fmt, int channels, int freq) "VNC client msg audio format state=%p ioc=%p fmt=%d channels=%d freq=%d"
vnc_msg_client_cut_text(void *state, void *ioc, int len) "VNC client msg cut text state=%p ioc=%p len=%u"
vnc_msg_client_cut_text_ext(void *state, void *ioc, int len, int flags) "VNC client msg cut text state=%p ioc=%p len=%u flags=%u"
vnc_msg_client_ext_key_event(void *state, void *ioc, int down, int sym, int keycode) "VNC client msg ext key event state=%p ioc=%p down=%u sym=%u keycode=%u"
vnc_msg_client_framebuffer_update_request(void *state, void *ioc, int incremental, int x, int y, int w, int h) "VNC client msg framebuffer update request state=%p ioc=%p incremental=%u x=%u y=%u w=%u h=%u"
vnc_msg_client_key_event(void *state, void *ioc, int down, int sym) "VNC client msg key event state=%p ioc=%p down=%u sym=%u"
vnc_msg_client_pointer_event(void *state, void *ioc, int button_mask, int x, int y) "VNC client msg pointer event state=%p ioc=%p button_mask=%u x=%u y=%u"
vnc_msg_client_set_desktop_size(void *state, void *ioc, int width, int height, int screens) "VNC client msg set desktop size state=%p ioc=%p size=%dx%d screens=%d"
vnc_msg_client_set_encodings(void *state, void *ioc, int limit) "VNC client msg set encodings state=%p ioc=%p limit=%u"
vnc_msg_client_set_pixel_format(void *state, void *ioc, int bpp, int big_endian, int true_color) "VNC client msg set pixel format state=%p ioc=%p bpp=%u big_endian=%u true_color=%u"
vnc_msg_client_set_pixel_format_rgb(void *state, void *ioc, int red_max, int green_max, int blue_max, int red_shift, int green_shift, int blue_shift) "VNC client msg set pixel format RGB state=%p ioc=%p red_max=%u green_max=%u blue_max=%u red_shift=%u green_shift=%u blue_shift=%u"
vnc_msg_client_xvp(void *state, void *ioc, int version, int action) "VNC client msg XVP state=%p ioc=%p version=%u action=%u"
vnc_client_eof(void *state, void *ioc) "VNC client EOF state=%p ioc=%p"
vnc_client_io_error(void *state, void *ioc, const char *msg) "VNC client I/O error state=%p ioc=%p errmsg=%s"
vnc_client_connect(void *state, void *ioc) "VNC client connect state=%p ioc=%p"
vnc_client_disconnect_start(void *state, void *ioc) "VNC client disconnect start state=%p ioc=%p"
vnc_client_disconnect_finish(void *state, void *ioc) "VNC client disconnect finish state=%p ioc=%p"
vnc_client_io_wrap(void *state, void *ioc, const char *type) "VNC client I/O wrap state=%p ioc=%p type=%s"
vnc_client_pixel_format(void *state, void *ioc, int bpp, int depth, int endian) "VNC client pixel format state=%p ioc=%p bpp=%u depth=%u endian=%u"
vnc_client_pixel_format_red(void *state, void *ioc, int max, int bits, int shift, int mask) "VNC client pixel format red state=%p ioc=%p max=%u bits=%u shift=%u mask=%u"
vnc_client_pixel_format_green(void *state, void *ioc, int max, int bits, int shift, int mask) "VNC client pixel format green state=%p ioc=%p max=%u bits=%u shift=%u mask=%u"
vnc_client_pixel_format_blue(void *state, void *ioc, int max, int bits, int shift, int mask) "VNC client pixel format blue state=%p ioc=%p max=%u bits=%u shift=%u mask=%u"
vnc_client_throttle_threshold(void *state, void *ioc, size_t oldoffset, size_t offset, int client_width, int client_height, int bytes_per_pixel, void *audio_cap) "VNC client throttle threshold state=%p ioc=%p oldoffset=%zu newoffset=%zu width=%d height=%d bpp=%d audio=%p"
vnc_client_throttle_incremental(void *state, void *ioc, int job_update, size_t offset) "VNC client throttle incremental state=%p ioc=%p job-update=%d offset=%zu"
vnc_client_throttle_forced(void *state, void *ioc, int job_update, size_t offset) "VNC client throttle forced state=%p ioc=%p job-update=%d offset=%zu"

53
ui/vnc.c
View file

@ -2309,6 +2309,25 @@ static void set_pixel_format(VncState *vs, int bits_per_pixel,
vs->client_pf.bytes_per_pixel = bits_per_pixel / 8;
vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
vs->client_endian = big_endian_flag ? G_BIG_ENDIAN : G_LITTLE_ENDIAN;
trace_vnc_client_pixel_format(vs, vs->ioc,
vs->client_pf.bits_per_pixel,
vs->client_pf.depth,
vs->client_endian);
trace_vnc_client_pixel_format_red(vs, vs->ioc,
vs->client_pf.rmax,
vs->client_pf.rbits,
vs->client_pf.rshift,
vs->client_pf.rmask);
trace_vnc_client_pixel_format_green(vs, vs->ioc,
vs->client_pf.gmax,
vs->client_pf.gbits,
vs->client_pf.gshift,
vs->client_pf.gmask);
trace_vnc_client_pixel_format_blue(vs, vs->ioc,
vs->client_pf.bmax,
vs->client_pf.bbits,
vs->client_pf.bshift,
vs->client_pf.bmask);
if (!true_color_flag) {
send_color_map(vs);
@ -2324,6 +2343,7 @@ static void pixel_format_message (VncState *vs) {
char pad[3] = { 0, 0, 0 };
vs->client_pf = qemu_default_pixelformat(32);
vs->client_endian = G_BYTE_ORDER;
vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */
vnc_write_u8(vs, vs->client_pf.depth); /* depth */
@ -2382,6 +2402,17 @@ static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
if (len == 1)
return 20;
trace_vnc_msg_client_set_pixel_format(vs, vs->ioc,
read_u8(data, 4),
read_u8(data, 6),
read_u8(data, 7));
trace_vnc_msg_client_set_pixel_format_rgb(vs, vs->ioc,
read_u16(data, 8),
read_u16(data, 10),
read_u16(data, 12),
read_u8(data, 14),
read_u8(data, 15),
read_u8(data, 16));
set_pixel_format(vs, read_u8(data, 4),
read_u8(data, 6), read_u8(data, 7),
read_u16(data, 8), read_u16(data, 10),
@ -2404,12 +2435,19 @@ static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
memcpy(data + 4 + (i * 4), &val, sizeof(val));
}
trace_vnc_msg_client_set_encodings(vs, vs->ioc, limit);
set_encodings(vs, (int32_t *)(data + 4), limit);
break;
case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
if (len == 1)
return 10;
trace_vnc_msg_client_framebuffer_update_request(vs, vs->ioc,
read_u8(data, 1),
read_u16(data, 2),
read_u16(data, 4),
read_u16(data, 6),
read_u16(data, 8));
framebuffer_update_request(vs,
read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
read_u16(data, 6), read_u16(data, 8));
@ -2418,12 +2456,19 @@ static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
if (len == 1)
return 8;
trace_vnc_msg_client_key_event(vs, vs->ioc,
read_u8(data, 1),
read_u32(data, 4));
key_event(vs, read_u8(data, 1), read_u32(data, 4));
break;
case VNC_MSG_CLIENT_POINTER_EVENT:
if (len == 1)
return 6;
trace_vnc_msg_client_pointer_event(vs, vs->ioc,
read_u8(data, 1),
read_u16(data, 2),
read_u16(data, 4));
pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
break;
case VNC_MSG_CLIENT_CUT_TEXT:
@ -2455,9 +2500,12 @@ static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
vnc_client_error(vs);
break;
}
trace_vnc_msg_client_cut_text_ext(vs, vs->ioc,
dlen, read_u32(data, 8));
vnc_client_cut_text_ext(vs, dlen, read_u32(data, 8), data + 12);
break;
}
trace_vnc_msg_client_cut_text(vs, vs->ioc, read_u32(data, 4));
vnc_client_cut_text(vs, read_u32(data, 4), data + 8);
break;
case VNC_MSG_CLIENT_XVP:
@ -2472,6 +2520,7 @@ static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
if (len == 4) {
uint8_t version = read_u8(data, 2);
uint8_t action = read_u8(data, 3);
trace_vnc_msg_client_xvp(vs, vs->ioc, version, action);
if (version != 1) {
error_report("vnc: xvp client message version %d != 1",
@ -2505,6 +2554,10 @@ static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
if (len == 2)
return 12;
trace_vnc_msg_client_ext_key_event(vs, vs->ioc,
read_u16(data, 2),
read_u32(data, 4),
read_u32(data, 8));
ext_key_event(vs, read_u16(data, 2),
read_u32(data, 4), read_u32(data, 8));
break;