On Wed, Aug 07, 2024 at 07:51:11PM +0000, Alejandro Zeise wrote:
> Implements the new hashing API in the gnutls hash driver.
> Supports creating/destroying a context, updating the context
> with input data and obtaining an output hash.
>
> Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
> ---
> crypto/hash-gnutls.c | 73 ++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 73 insertions(+)
>
> diff --git a/crypto/hash-gnutls.c b/crypto/hash-gnutls.c
> index 17911ac5d1..15fc630a11 100644
> --- a/crypto/hash-gnutls.c
> +++ b/crypto/hash-gnutls.c
> @@ -1,6 +1,7 @@
> /*
> * QEMU Crypto hash algorithms
> *
> + * Copyright (c) 2024 Seagate Technology LLC and/or its Affiliates
> * Copyright (c) 2021 Red Hat, Inc.
> *
> * This library is free software; you can redistribute it and/or
> @@ -98,7 +99,79 @@ qcrypto_gnutls_hash_bytesv(QCryptoHashAlgorithm alg,
> return 0;
> }
>
> +static
> +QCryptoHash *qcrypto_gnutls_hash_new(QCryptoHashAlgorithm alg, Error **errp)
> +{
> + QCryptoHash *hash = NULL;
> +
> + if (!qcrypto_hash_supports(alg)) {
> + error_setg(errp,
> + "Unknown hash algorithm %d",
> + alg);
> + } else {
> + hash = g_new(QCryptoHash, 1);
> + hash->alg = alg;
> + hash->opaque = g_new(gnutls_hash_hd_t, 1);
> +
> + gnutls_hash_init(hash->opaque, qcrypto_hash_alg_map[alg]);
int ret = gnutls_hash_init(...)
if (ret < 0) {
error_setg(errp, ....)
g_free(hash->opaque);
g_free(hash);
return NULL;
}
> + }
> +
> + return hash;
> +}
> +
> +static
> +void qcrypto_gnutls_hash_free(QCryptoHash *hash)
> +{
> + gnutls_hash_hd_t *ctx = hash->opaque;
> +
> + g_free(ctx);
> + g_free(hash);
> +}
> +
> +
> +static
> +int qcrypto_gnutls_hash_update(QCryptoHash *hash,
> + const struct iovec *iov,
> + size_t niov,
> + Error **errp)
> +{
> + int fail = 0;
> + gnutls_hash_hd_t *ctx = hash->opaque;
> +
> + for (int i = 0; i < niov; i++) {
> + fail = gnutls_hash(*ctx, iov[i].iov_base, iov[i].iov_len) || fail;
Needs to report in 'errp' when failure happens & return immediately. eg
int ret = gnutls_hash(*ctx, iov[i].iov_base, iov[i].iov_len);
if (ret != 0) {
error_setg(errp, ....)
return -1;
}
> + }
> +
> + return fail;
Just 'return 0'
> +}
> +
> +static
> +int qcrypto_gnutls_hash_finalize(QCryptoHash *hash,
> + uint8_t **result,
> + size_t *result_len,
> + Error **errp)
> +{
> + int ret = 0;
> + gnutls_hash_hd_t *ctx = hash->opaque;
> +
> + *result_len = gnutls_hash_get_len(qcrypto_hash_alg_map[hash->alg]);
> + if (*result_len == 0) {
> + error_setg(errp, "%s",
> + "Unable to get hash length");
> + ret = -1;
> + } else {
> + *result = g_new(uint8_t, *result_len);
> +
> + gnutls_hash_deinit(*ctx, *result);
We should use gnutls_hash_output() here instead, and call
gnutls_hash_deinit() in the qcrypto_gnutls_hash_free()
method. That ensures all memory is freed if the user
never calls qcrypto_hash_finalize()
> + }
> +
> + return ret;
> +}
>
> QCryptoHashDriver qcrypto_hash_lib_driver = {
> .hash_bytesv = qcrypto_gnutls_hash_bytesv,
> + .hash_new = qcrypto_gnutls_hash_new,
> + .hash_update = qcrypto_gnutls_hash_update,
> + .hash_finalize = qcrypto_gnutls_hash_finalize,
> + .hash_free = qcrypto_gnutls_hash_free,
> };
> --
> 2.34.1
>
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|