gcrypt: do not ignore return values

Check the return code from gcrypt's functions. In some cases just log, as it shoulnd't really happen. Fixes various Coverity issues: CID #1444702 CID #1444704 CID #1444706 CID #1444711 CID #1444712 CID #1444713
2025-01-10 05:18:17 +03:00 · 2021-03-27 19:11:08 +00:00 · 2021-03-27 19:11:08 +00:00 · 248b1e0aa4
commit 248b1e0aa4
parent a59eb7d78f
4 changed files with 21 additions and 9 deletions
--- a/src/basic/gcrypt-util.c
+++ b/src/basic/gcrypt-util.c
@ -20,6 +20,7 @@ void initialize_libgcrypt(bool secmem) {

 int string_hashsum(const char *s, size_t len, int md_algorithm, char **out) {
        _cleanup_(gcry_md_closep) gcry_md_hd_t md = NULL;
+        gcry_error_t err;
        size_t hash_size;
        void *hash;
        char *enc;
@ -29,8 +30,8 @@ int string_hashsum(const char *s, size_t len, int md_algorithm, char **out) {
        hash_size = gcry_md_get_algo_dlen(md_algorithm);
        assert(hash_size > 0);

-        gcry_md_open(&md, md_algorithm, 0);
-        if (!md)
+        err = gcry_md_open(&md, md_algorithm, 0);
+        if (gcry_err_code(err) != GPG_ERR_NO_ERROR || !md)
                return -EIO;

        gcry_md_write(md, s, len);
--- a/src/libsystemd/sd-journal/fsprg.c
+++ b/src/libsystemd/sd-journal/fsprg.c
@ -99,10 +99,12 @@ _pure_ static uint64_t uint64_import(const void *buf, size_t buflen) {
 static void det_randomize(void *buf, size_t buflen, const void *seed, size_t seedlen, uint32_t idx) {
        gcry_md_hd_t hd, hd2;
        size_t olen, cpylen;
+        gcry_error_t err;
        uint32_t ctr;

        olen = gcry_md_get_algo_dlen(RND_HASH);
-        gcry_md_open(&hd, RND_HASH, 0);
+        err = gcry_md_open(&hd, RND_HASH, 0);
+        assert_se(gcry_err_code(err) == GPG_ERR_NO_ERROR); /* This shouldn't happen */
        gcry_md_write(hd, seed, seedlen);
        gcry_md_putc(hd, (idx >> 24) & 0xff);
        gcry_md_putc(hd, (idx >> 16) & 0xff);
@ -110,7 +112,8 @@ static void det_randomize(void *buf, size_t buflen, const void *seed, size_t see
        gcry_md_putc(hd, (idx >>  0) & 0xff);

        for (ctr = 0; buflen; ctr++) {
-                gcry_md_copy(&hd2, hd);
+                err = gcry_md_copy(&hd2, hd);
+                assert_se(gcry_err_code(err) == GPG_ERR_NO_ERROR); /* This shouldn't happen */
                gcry_md_putc(hd2, (ctr >> 24) & 0xff);
                gcry_md_putc(hd2, (ctr >> 16) & 0xff);
                gcry_md_putc(hd2, (ctr >>  8) & 0xff);
--- a/src/libsystemd/sd-journal/journal-authenticate.c
+++ b/src/libsystemd/sd-journal/journal-authenticate.c
@ -65,6 +65,8 @@ int journal_file_append_tag(JournalFile *f) {

 int journal_file_hmac_start(JournalFile *f) {
        uint8_t key[256 / 8]; /* Let's pass 256 bit from FSPRG to HMAC */
+        gcry_error_t err;
+
        assert(f);

        if (!f->seal)
@ -76,7 +78,11 @@ int journal_file_hmac_start(JournalFile *f) {
        /* Prepare HMAC for next cycle */
        gcry_md_reset(f->hmac);
        FSPRG_GetKey(f->fsprg_state, key, sizeof(key), 0);
-        gcry_md_setkey(f->hmac, key, sizeof(key));
+        err = gcry_md_setkey(f->hmac, key, sizeof(key));
+        if (gcry_err_code(err) != GPG_ERR_NO_ERROR)
+                return log_debug_errno(SYNTHETIC_ERRNO(EIO),
+                                       "gcry_md_setkey() failed with error code: %d",
+                                       gcry_err_code(err));

        f->hmac_running = true;

--- a/src/resolve/resolved-dns-dnssec.c
+++ b/src/resolve/resolved-dns-dnssec.c
@ -1089,6 +1089,7 @@ static int digest_to_gcrypt_md(uint8_t algorithm) {
 int dnssec_verify_dnskey_by_ds(DnsResourceRecord *dnskey, DnsResourceRecord *ds, bool mask_revoke) {
        uint8_t wire_format[DNS_WIRE_FORMAT_HOSTNAME_MAX];
        _cleanup_(gcry_md_closep) gcry_md_hd_t md = NULL;
+        gcry_error_t err;
        size_t hash_size;
        int md_algorithm, r;
        void *result;
@ -1130,8 +1131,8 @@ int dnssec_verify_dnskey_by_ds(DnsResourceRecord *dnskey, DnsResourceRecord *ds,
        if (r < 0)
                return r;

-        gcry_md_open(&md, md_algorithm, 0);
-        if (!md)
+        err = gcry_md_open(&md, md_algorithm, 0);
+        if (gcry_err_code(err) != GPG_ERR_NO_ERROR || !md)
                return -EIO;

        gcry_md_write(md, wire_format, r);
@ -1205,6 +1206,7 @@ static int nsec3_hash_to_gcrypt_md(uint8_t algorithm) {
 int dnssec_nsec3_hash(DnsResourceRecord *nsec3, const char *name, void *ret) {
        uint8_t wire_format[DNS_WIRE_FORMAT_HOSTNAME_MAX];
        gcry_md_hd_t md = NULL;
+        gcry_error_t err;
        size_t hash_size;
        int algorithm;
        void *result;
@ -1239,8 +1241,8 @@ int dnssec_nsec3_hash(DnsResourceRecord *nsec3, const char *name, void *ret) {
        if (r < 0)
                return r;

-        gcry_md_open(&md, algorithm, 0);
-        if (!md)
+        err = gcry_md_open(&md, algorithm, 0);
+        if (gcry_err_code(err) != GPG_ERR_NO_ERROR || !md)
                return -EIO;

        gcry_md_write(md, wire_format, r);