From nobody Sun Feb  8 19:56:44 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 207.211.31.81 as permitted sender) client-ip=207.211.31.81;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-1.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1584353614; cv=none;
	d=zohomail.com; s=zohoarc;
	b=bHiPTXxQ8gCKEHaBAhgS8vhC6f5zSSbVbP04+gLeD6BI0ZAXdVqnHYiy9+ToBLMepTL7sSj/pxzVPjjJ7wKPfWM6Ja9wAWaXiWPtKkp2fUVc21HZSu/9o4Rpr7/YyArg4NMemIo543QyM67IfaG1KAVw/9SgbY+8ON6fmy8dUAw=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1584353614;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=+Pny82AB1obWw4jLPzLw/Ys109WYSyPSOPAQbg7Ob/E=;
	b=HooywF7mQ3fBq31SXo+CYZp9f4ia0cVBs0Z/d2Ecy7AzMwQW/D3W9230om7oSfpBcQgcV3hRToAPW2yWm6dXvd7IANQUt9268d072c+xGeeGfAhP8wpAJCLdavrupAVU0oXLTXWeFbLzpmwENGGaW5uy4II+Snm+Ay17SR/yJcs=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<pkrempa@redhat.com> (p=none dis=none)
 header.from=<pkrempa@redhat.com>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-1.mimecast.com (us-smtp-2.mimecast.com
 [207.211.31.81]) by mx.zohomail.com
	with SMTPS id 1584353614311575.5361560192484;
 Mon, 16 Mar 2020 03:13:34 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-63-BCDB_JhoNwaLTo_Ny50BUQ-1; Mon, 16 Mar 2020 06:13:31 -0400
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
 [10.5.11.23])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 64835100EB90;
	Mon, 16 Mar 2020 10:13:25 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 1D88A29356;
	Mon, 16 Mar 2020 10:13:25 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 6BB9186FED;
	Mon, 16 Mar 2020 10:13:24 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
	[10.5.11.15])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 02GADMco030232 for <libvir-list@listman.util.phx.redhat.com>;
	Mon, 16 Mar 2020 06:13:22 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 824121BC6D; Mon, 16 Mar 2020 10:13:22 +0000 (UTC)
Received: from angien.redhat.com (unknown [10.43.2.48])
	by smtp.corp.redhat.com (Postfix) with ESMTP id BBA9993517;
	Mon, 16 Mar 2020 10:13:19 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1584353613;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=+Pny82AB1obWw4jLPzLw/Ys109WYSyPSOPAQbg7Ob/E=;
	b=gNrkdO9ksRkeEfS65nnR2XdKzJNkcsmFREFs6/PQUUaE0frwpSulzKaMd0+PclsgMUyJN0
	9I3dEriH2iar+snOLesGvCcLBua/KdZdjPQGRJXNCShoAdAX+zo9jpeKFs3I9n18gLWkHQ
	ovjH2vYN9aXBKsbGP+EvMM94ncadcfM=
X-MC-Unique: BCDB_JhoNwaLTo_Ny50BUQ-1
From: Peter Krempa <pkrempa@redhat.com>
To: libvir-list@redhat.com
Subject: [PATCH v2 3/5] qemuDomainSecretAESSetup: Allocate and return
	'secinfo' here
Date: Mon, 16 Mar 2020 11:13:05 +0100
Message-Id: 
 <b7da8ef19d44941f4fd1e6128a7f541a99ea4cf4.1584353498.git.pkrempa@redhat.com>
In-Reply-To: <cover.1584353498.git.pkrempa@redhat.com>
References: <cover.1584353498.git.pkrempa@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-loop: libvir-list@redhat.com
Cc: Peter Krempa <pkrempa@redhat.com>
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
Content-Type: text/plain; charset="utf-8"

Rather than passing in an empty qemuDomainSecretInfoPtr allocate it
in this function and return it. This is done by absorbing the check from
qemuDomainSecretInfoNew and removing the internals of
qemuDomainSecretInfoNew.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
---
 src/qemu/qemu_domain.c | 53 ++++++++++++++++++------------------------
 1 file changed, 22 insertions(+), 31 deletions(-)

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index e33d3099d6..e83301d84e 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -1521,21 +1521,20 @@ qemuDomainSecretPlainSetup(qemuDomainSecretInfoPtr =
secinfo,
  * @seclookupdef: Pointer to seclookupdef data
  * @isLuks: True/False for is for luks (alias generation)
  *
- * Taking a secinfo, fill in the AES specific information using the
+ * Encrypts a secret looked up via @seclookupdef for use with qemu.
  *
- * Returns 0 on success, -1 on failure with error message
+ * Returns qemuDomainSecretInfoPtr filled with the necessary information.
  */
-static int
+static qemuDomainSecretInfoPtr
 qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv,
-                         qemuDomainSecretInfoPtr secinfo,
                          const char *srcalias,
                          virSecretUsageType usageType,
                          const char *username,
                          virSecretLookupTypeDefPtr seclookupdef,
                          bool isLuks)
 {
+    g_autoptr(qemuDomainSecretInfo) secinfo =3D NULL;
     g_autoptr(virConnect) conn =3D virGetConnectSecret();
-    int ret =3D -1;
     g_autofree uint8_t *raw_iv =3D NULL;
     size_t ivlen =3D QEMU_DOMAIN_AES_IV_LEN;
     uint8_t *secret =3D NULL;
@@ -1544,19 +1543,27 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr pr=
iv,
     size_t ciphertextlen =3D 0;

     if (!conn)
-        return -1;
+        return NULL;
+
+    if (!qemuDomainSupportsEncryptedSecret(priv)) {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                       _("encrypted secrets are not supported"));
+        return NULL;
+    }
+
+    secinfo =3D g_new0(qemuDomainSecretInfo, 1);

     secinfo->type =3D VIR_DOMAIN_SECRET_INFO_TYPE_AES;
     secinfo->s.aes.username =3D g_strdup(username);

     if (!(secinfo->s.aes.alias =3D qemuDomainGetSecretAESAlias(srcalias, i=
sLuks)))
-        return -1;
+        return NULL;

     raw_iv =3D g_new0(uint8_t, ivlen);

     /* Create a random initialization vector */
     if (virRandomBytes(raw_iv, ivlen) < 0)
-        return -1;
+        return NULL;

     /* Encode the IV and save that since qemu will need it */
     secinfo->s.aes.iv =3D g_base64_encode(raw_iv, ivlen);
@@ -1564,13 +1571,13 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr pr=
iv,
     /* Grab the unencoded secret */
     if (virSecretGetSecretString(conn, seclookupdef, usageType,
                                  &secret, &secretlen) < 0)
-        goto cleanup;
+        goto error;

     if (virCryptoEncryptData(VIR_CRYPTO_CIPHER_AES256CBC,
                              priv->masterKey, QEMU_DOMAIN_MASTER_KEY_LEN,
                              raw_iv, ivlen, secret, secretlen,
                              &ciphertext, &ciphertextlen) < 0)
-        goto cleanup;
+        goto error;

     /* Clear out the secret */
     memset(secret, 0, secretlen);
@@ -1579,11 +1586,11 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr pr=
iv,
     secinfo->s.aes.ciphertext =3D g_base64_encode(ciphertext,
                                                 ciphertextlen);

-    ret =3D 0;
+    return g_steal_pointer(&secinfo);

- cleanup:
+ error:
     VIR_DISPOSE_N(secret, secretlen);
-    return ret;
+    return NULL;
 }


@@ -1655,24 +1662,8 @@ qemuDomainSecretInfoNew(qemuDomainObjPrivatePtr priv,
                         virSecretLookupTypeDefPtr lookupDef,
                         bool isLuks)
 {
-    qemuDomainSecretInfoPtr secinfo =3D NULL;
-
-    if (!qemuDomainSupportsEncryptedSecret(priv)) {
-        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
-                       _("encrypted secrets are not supported"));
-        return NULL;
-    }
-
-    if (VIR_ALLOC(secinfo) < 0)
-        return NULL;
-
-    if (qemuDomainSecretAESSetup(priv, secinfo, srcAlias, usageType, usern=
ame,
-                                 lookupDef, isLuks) < 0) {
-        g_clear_pointer(&secinfo, qemuDomainSecretInfoFree);
-        return NULL;
-    }
-
-    return secinfo;
+    return qemuDomainSecretAESSetup(priv, srcAlias, usageType, username,
+                                    lookupDef, isLuks);
 }


--=20
2.24.1