crypto: misc gcrypt hash/hmac fixes

[PATCH 2/2] crypto: perform runtime check for hash/hmac support in gcrypt

Posted by Daniel P. Berrangé 3 weeks, 3 days ago

gcrypto has the ability to dynamically disable hash/hmac algorithms
at runtime, so QEMU must perform a runtime check.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 crypto/hash-gcrypt.c | 2 +-
 crypto/hmac-gcrypt.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/hash-gcrypt.c b/crypto/hash-gcrypt.c
index 22ddf394ec..2c8325869a 100644
--- a/crypto/hash-gcrypt.c
+++ b/crypto/hash-gcrypt.c
@@ -40,7 +40,7 @@ gboolean qcrypto_hash_supports(QCryptoHashAlgo alg)
 {
     if (alg < G_N_ELEMENTS(qcrypto_hash_alg_map) &&
         qcrypto_hash_alg_map[alg] != GCRY_MD_NONE) {
-        return true;
+        return gcry_md_test_algo(qcrypto_hash_alg_map[alg]) == 0;
     }
     return false;
 }
diff --git a/crypto/hmac-gcrypt.c b/crypto/hmac-gcrypt.c
index 19990cb6ed..181b376572 100644
--- a/crypto/hmac-gcrypt.c
+++ b/crypto/hmac-gcrypt.c
@@ -37,7 +37,7 @@ bool qcrypto_hmac_supports(QCryptoHashAlgo alg)
 {
     if (alg < G_N_ELEMENTS(qcrypto_hmac_alg_map) &&
         qcrypto_hmac_alg_map[alg] != GCRY_MAC_NONE) {
-        return true;
+        return gcry_mac_test_algo(qcrypto_hmac_alg_map[alg]) == 0;
     }
 
     return false;
-- 
2.46.0

Re: [PATCH 2/2] crypto: perform runtime check for hash/hmac support in gcrypt

Posted by Philippe Mathieu-Daudé 3 weeks, 2 days ago

On 30/10/24 07:11, Daniel P. Berrangé wrote:
> gcrypto has the ability to dynamically disable hash/hmac algorithms
> at runtime, so QEMU must perform a runtime check.
> 
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
>   crypto/hash-gcrypt.c | 2 +-
>   crypto/hmac-gcrypt.c | 2 +-
>   2 files changed, 2 insertions(+), 2 deletions(-)

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

[PATCH 1/2] crypto: fix error check on gcry_md_open
[PATCH 2/2] crypto: perform runtime check for hash/hmac support in gcrypt