crypto: misc gcrypt hash/hmac fixes

[PATCH 1/2] crypto: fix error check on gcry_md_open

Posted by Daniel P. Berrangé 3 weeks, 3 days ago

Gcrypt does not return negative values on error, it returns non-zero
values. This caused QEMU not to detect failure to open an unsupported
hash, resulting in a later crash trying to use a NULL context.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 crypto/hash-gcrypt.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/hash-gcrypt.c b/crypto/hash-gcrypt.c
index 73533a4949..22ddf394ec 100644
--- a/crypto/hash-gcrypt.c
+++ b/crypto/hash-gcrypt.c
@@ -49,7 +49,7 @@ static
 QCryptoHash *qcrypto_gcrypt_hash_new(QCryptoHashAlgo alg, Error **errp)
 {
     QCryptoHash *hash;
-    int ret;
+    gcry_error_t ret;
 
     hash = g_new(QCryptoHash, 1);
     hash->alg = alg;
@@ -57,7 +57,7 @@ QCryptoHash *qcrypto_gcrypt_hash_new(QCryptoHashAlgo alg, Error **errp)
 
     ret = gcry_md_open((gcry_md_hd_t *) hash->opaque,
                        qcrypto_hash_alg_map[alg], 0);
-    if (ret < 0) {
+    if (ret != 0) {
         error_setg(errp,
                    "Unable to initialize hash algorithm: %s",
                    gcry_strerror(ret));
-- 
2.46.0

Re: [PATCH 1/2] crypto: fix error check on gcry_md_open

Posted by Philippe Mathieu-Daudé 3 weeks, 2 days ago

On 30/10/24 07:11, Daniel P. Berrangé wrote:
> Gcrypt does not return negative values on error, it returns non-zero
> values. This caused QEMU not to detect failure to open an unsupported
> hash, resulting in a later crash trying to use a NULL context.
> 
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
>   crypto/hash-gcrypt.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

[PATCH 1/2] crypto: fix error check on gcry_md_open
[PATCH 2/2] crypto: perform runtime check for hash/hmac support in gcrypt