diff options
author | Longpeng(Mike) <longpeng2@huawei.com> | 2017-07-14 14:04:01 -0400 |
---|---|---|
committer | Daniel P. Berrange <berrange@redhat.com> | 2017-07-19 10:11:04 +0100 |
commit | 822d15ded8887742ea7ea4ddbfcfebb443813dd3 (patch) | |
tree | b3633582d7593799793335639a4bb89982d65480 | |
parent | 9767b75d92a2e455c80c72f3670dabb3faf85792 (diff) |
crypto: hmac: introduce qcrypto_hmac_ctx_new for gcrypt-backend
1) Fix a handle-leak problem in qcrypto_hmac_new(), didn't free
ctx->handle if gcry_mac_setkey fails.
2) Extracts qcrypto_hmac_ctx_new() from qcrypto_hmac_new() for
gcrypt-backend impls.
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
-rw-r--r-- | crypto/hmac-gcrypt.c | 35 |
1 files changed, 25 insertions, 10 deletions
diff --git a/crypto/hmac-gcrypt.c b/crypto/hmac-gcrypt.c index 21189e694f..372ad7fc20 100644 --- a/crypto/hmac-gcrypt.c +++ b/crypto/hmac-gcrypt.c @@ -42,11 +42,11 @@ bool qcrypto_hmac_supports(QCryptoHashAlgorithm alg) return false; } -QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg, - const uint8_t *key, size_t nkey, - Error **errp) +static QCryptoHmacGcrypt * +qcrypto_hmac_ctx_new(QCryptoHashAlgorithm alg, + const uint8_t *key, size_t nkey, + Error **errp) { - QCryptoHmac *hmac; QCryptoHmacGcrypt *ctx; gcry_error_t err; @@ -56,9 +56,6 @@ QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg, return NULL; } - hmac = g_new0(QCryptoHmac, 1); - hmac->alg = alg; - ctx = g_new0(QCryptoHmacGcrypt, 1); err = gcry_mac_open(&ctx->handle, qcrypto_hmac_alg_map[alg], @@ -73,15 +70,14 @@ QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg, if (err != 0) { error_setg(errp, "Cannot set key: %s", gcry_strerror(err)); + gcry_mac_close(ctx->handle); goto error; } - hmac->opaque = ctx; - return hmac; + return ctx; error: g_free(ctx); - g_free(hmac); return NULL; } @@ -150,3 +146,22 @@ int qcrypto_hmac_bytesv(QCryptoHmac *hmac, return 0; } + +QCryptoHmac *qcrypto_hmac_new(QCryptoHashAlgorithm alg, + const uint8_t *key, size_t nkey, + Error **errp) +{ + QCryptoHmac *hmac; + QCryptoHmacGcrypt *ctx; + + ctx = qcrypto_hmac_ctx_new(alg, key, nkey, errp); + if (!ctx) { + return NULL; + } + + hmac = g_new0(QCryptoHmac, 1); + hmac->alg = alg; + hmac->opaque = ctx; + + return hmac; +} |