Re: [PATCH v4 04/15] crypto/hash-gnutls: Implement new hash API

["Daniel P. Berrangé" <berrange@redhat.com>]

On Wed, Aug 07, 2024 at 07:51:11PM +0000, Alejandro Zeise wrote:
> Implements the new hashing API in the gnutls hash driver.
> Supports creating/destroying a context, updating the context
> with input data and obtaining an output hash.
> 
> Signed-off-by: Alejandro Zeise <alejandro.zeise@seagate.com>
> ---
>  crypto/hash-gnutls.c | 73 ++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 73 insertions(+)
> 
> diff --git a/crypto/hash-gnutls.c b/crypto/hash-gnutls.c
> index 17911ac5d1..15fc630a11 100644
> --- a/crypto/hash-gnutls.c
> +++ b/crypto/hash-gnutls.c
> @@ -1,6 +1,7 @@
>  /*
>   * QEMU Crypto hash algorithms
>   *
> + * Copyright (c) 2024 Seagate Technology LLC and/or its Affiliates
>   * Copyright (c) 2021 Red Hat, Inc.
>   *
>   * This library is free software; you can redistribute it and/or
> @@ -98,7 +99,79 @@ qcrypto_gnutls_hash_bytesv(QCryptoHashAlgorithm alg,
>      return 0;
>  }
>  
> +static
> +QCryptoHash *qcrypto_gnutls_hash_new(QCryptoHashAlgorithm alg, Error **errp)
> +{
> +    QCryptoHash *hash = NULL;
> +
> +    if (!qcrypto_hash_supports(alg)) {
> +        error_setg(errp,
> +                   "Unknown hash algorithm %d",
> +                   alg);
> +    } else {
> +        hash = g_new(QCryptoHash, 1);
> +        hash->alg = alg;
> +        hash->opaque = g_new(gnutls_hash_hd_t, 1);
> +
> +        gnutls_hash_init(hash->opaque, qcrypto_hash_alg_map[alg]);

  int ret = gnutls_hash_init(...)
  if (ret < 0) {
      error_setg(errp, ....)
      g_free(hash->opaque);
      g_free(hash);
      return NULL;
  }

> +    }
> +
> +    return hash;
> +}
> +
> +static
> +void qcrypto_gnutls_hash_free(QCryptoHash *hash)
> +{
> +    gnutls_hash_hd_t *ctx = hash->opaque;
> +
> +    g_free(ctx);
> +    g_free(hash);
> +}
> +
> +
> +static
> +int qcrypto_gnutls_hash_update(QCryptoHash *hash,
> +                               const struct iovec *iov,
> +                               size_t niov,
> +                               Error **errp)
> +{
> +    int fail = 0;
> +    gnutls_hash_hd_t *ctx = hash->opaque;
> +
> +    for (int i = 0; i < niov; i++) {
> +        fail = gnutls_hash(*ctx, iov[i].iov_base, iov[i].iov_len) || fail;

Needs to report in 'errp'  when failure happens & return immediately. eg

   int ret = gnutls_hash(*ctx, iov[i].iov_base, iov[i].iov_len);
   if (ret != 0) {
       error_setg(errp, ....)
       return -1;
   }

> +    }
> +
> +    return fail;

Just 'return 0'

> +}
> +
> +static
> +int qcrypto_gnutls_hash_finalize(QCryptoHash *hash,
> +                                 uint8_t **result,
> +                                 size_t *result_len,
> +                                 Error **errp)
> +{
> +    int ret = 0;
> +    gnutls_hash_hd_t *ctx = hash->opaque;
> +
> +    *result_len = gnutls_hash_get_len(qcrypto_hash_alg_map[hash->alg]);
> +    if (*result_len == 0) {
> +        error_setg(errp, "%s",
> +                   "Unable to get hash length");
> +        ret = -1;
> +    } else {
> +        *result = g_new(uint8_t, *result_len);
> +
> +        gnutls_hash_deinit(*ctx, *result);

We should use  gnutls_hash_output() here instead, and call
gnutls_hash_deinit() in the qcrypto_gnutls_hash_free()
method.  That ensures all memory is freed if the user
never calls qcrypto_hash_finalize()

> +    }
> +
> +    return ret;
> +}
>  
>  QCryptoHashDriver qcrypto_hash_lib_driver = {
>      .hash_bytesv = qcrypto_gnutls_hash_bytesv,
> +    .hash_new      = qcrypto_gnutls_hash_new,
> +    .hash_update   = qcrypto_gnutls_hash_update,
> +    .hash_finalize = qcrypto_gnutls_hash_finalize,
> +    .hash_free     = qcrypto_gnutls_hash_free,
>  };
> -- 
> 2.34.1
> 

With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|