int string_hashsum(const char *s, size_t len, int md_algorithm, char **out) {
_cleanup_(gcry_md_closep) gcry_md_hd_t md = NULL;
+ gcry_error_t err;
size_t hash_size;
void *hash;
char *enc;
hash_size = gcry_md_get_algo_dlen(md_algorithm);
assert(hash_size > 0);
- gcry_md_open(&md, md_algorithm, 0);
- if (!md)
+ err = gcry_md_open(&md, md_algorithm, 0);
+ if (gcry_err_code(err) != GPG_ERR_NO_ERROR || !md)
return -EIO;
gcry_md_write(md, s, len);
static void det_randomize(void *buf, size_t buflen, const void *seed, size_t seedlen, uint32_t idx) {
gcry_md_hd_t hd, hd2;
size_t olen, cpylen;
+ gcry_error_t err;
uint32_t ctr;
olen = gcry_md_get_algo_dlen(RND_HASH);
- gcry_md_open(&hd, RND_HASH, 0);
+ err = gcry_md_open(&hd, RND_HASH, 0);
+ assert_se(gcry_err_code(err) == GPG_ERR_NO_ERROR); /* This shouldn't happen */
gcry_md_write(hd, seed, seedlen);
gcry_md_putc(hd, (idx >> 24) & 0xff);
gcry_md_putc(hd, (idx >> 16) & 0xff);
gcry_md_putc(hd, (idx >> 0) & 0xff);
for (ctr = 0; buflen; ctr++) {
- gcry_md_copy(&hd2, hd);
+ err = gcry_md_copy(&hd2, hd);
+ assert_se(gcry_err_code(err) == GPG_ERR_NO_ERROR); /* This shouldn't happen */
gcry_md_putc(hd2, (ctr >> 24) & 0xff);
gcry_md_putc(hd2, (ctr >> 16) & 0xff);
gcry_md_putc(hd2, (ctr >> 8) & 0xff);
int journal_file_hmac_start(JournalFile *f) {
uint8_t key[256 / 8]; /* Let's pass 256 bit from FSPRG to HMAC */
+ gcry_error_t err;
+
assert(f);
if (!f->seal)
/* Prepare HMAC for next cycle */
gcry_md_reset(f->hmac);
FSPRG_GetKey(f->fsprg_state, key, sizeof(key), 0);
- gcry_md_setkey(f->hmac, key, sizeof(key));
+ err = gcry_md_setkey(f->hmac, key, sizeof(key));
+ if (gcry_err_code(err) != GPG_ERR_NO_ERROR)
+ return log_debug_errno(SYNTHETIC_ERRNO(EIO),
+ "gcry_md_setkey() failed with error code: %d",
+ gcry_err_code(err));
f->hmac_running = true;
int dnssec_verify_dnskey_by_ds(DnsResourceRecord *dnskey, DnsResourceRecord *ds, bool mask_revoke) {
uint8_t wire_format[DNS_WIRE_FORMAT_HOSTNAME_MAX];
_cleanup_(gcry_md_closep) gcry_md_hd_t md = NULL;
+ gcry_error_t err;
size_t hash_size;
int md_algorithm, r;
void *result;
if (r < 0)
return r;
- gcry_md_open(&md, md_algorithm, 0);
- if (!md)
+ err = gcry_md_open(&md, md_algorithm, 0);
+ if (gcry_err_code(err) != GPG_ERR_NO_ERROR || !md)
return -EIO;
gcry_md_write(md, wire_format, r);
int dnssec_nsec3_hash(DnsResourceRecord *nsec3, const char *name, void *ret) {
uint8_t wire_format[DNS_WIRE_FORMAT_HOSTNAME_MAX];
gcry_md_hd_t md = NULL;
+ gcry_error_t err;
size_t hash_size;
int algorithm;
void *result;
if (r < 0)
return r;
- gcry_md_open(&md, algorithm, 0);
- if (!md)
+ err = gcry_md_open(&md, algorithm, 0);
+ if (gcry_err_code(err) != GPG_ERR_NO_ERROR || !md)
return -EIO;
gcry_md_write(md, wire_format, r);