From 22ece1a6ebf5d9e0b0a3e376dcfbfe9d96d209b9 Mon Sep 17 00:00:00 2001 From: Jan Kiszka Date: Mon, 1 Sep 2025 07:56:26 +0200 Subject: [PATCH] crypto/hmac: Allow to build hmac over multiple qcrypto_gnutls_hmac_bytes[v] calls MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit If the buffers that should be considered for building the hmac are not available at the same time, the current API is unsuitable. Extend it so that passing a NULL pointer as result_len is used as indicator that further buffers will be passed in succeeding calls to qcrypto_gnutls_hmac_bytes[v]. Signed-off-by: Jan Kiszka Reviewed-by: Philippe Mathieu-Daudé Message-ID: <2d3539c247a6c323491a3821f0e5b6fc382a4686.1756706188.git.jan.kiszka@siemens.com> Signed-off-by: Philippe Mathieu-Daudé --- crypto/hmac-gcrypt.c | 4 +++- crypto/hmac-glib.c | 4 +++- crypto/hmac-gnutls.c | 4 +++- crypto/hmac-nettle.c | 4 +++- include/crypto/hmac.h | 12 ++++++++++++ 5 files changed, 24 insertions(+), 4 deletions(-) diff --git a/crypto/hmac-gcrypt.c b/crypto/hmac-gcrypt.c index 5273086eb9a..e428d174798 100644 --- a/crypto/hmac-gcrypt.c +++ b/crypto/hmac-gcrypt.c @@ -121,7 +121,9 @@ qcrypto_gcrypt_hmac_bytesv(QCryptoHmac *hmac, return -1; } - if (*resultlen == 0) { + if (resultlen == NULL) { + return 0; + } else if (*resultlen == 0) { *resultlen = ret; *result = g_new0(uint8_t, *resultlen); } else if (*resultlen != ret) { diff --git a/crypto/hmac-glib.c b/crypto/hmac-glib.c index ea80c8d1b23..b845133a058 100644 --- a/crypto/hmac-glib.c +++ b/crypto/hmac-glib.c @@ -104,7 +104,9 @@ qcrypto_glib_hmac_bytesv(QCryptoHmac *hmac, return -1; } - if (*resultlen == 0) { + if (resultlen == NULL) { + return 0; + } else if (*resultlen == 0) { *resultlen = ret; *result = g_new0(uint8_t, *resultlen); } else if (*resultlen != ret) { diff --git a/crypto/hmac-gnutls.c b/crypto/hmac-gnutls.c index 822995505cd..3c5bcbe80be 100644 --- a/crypto/hmac-gnutls.c +++ b/crypto/hmac-gnutls.c @@ -119,7 +119,9 @@ qcrypto_gnutls_hmac_bytesv(QCryptoHmac *hmac, return -1; } - if (*resultlen == 0) { + if (resultlen == NULL) { + return 0; + } else if (*resultlen == 0) { *resultlen = ret; *result = g_new0(uint8_t, *resultlen); } else if (*resultlen != ret) { diff --git a/crypto/hmac-nettle.c b/crypto/hmac-nettle.c index dd5b2ab7a19..2cff7931e12 100644 --- a/crypto/hmac-nettle.c +++ b/crypto/hmac-nettle.c @@ -164,7 +164,9 @@ qcrypto_nettle_hmac_bytesv(QCryptoHmac *hmac, } } - if (*resultlen == 0) { + if (resultlen == NULL) { + return 0; + } else if (*resultlen == 0) { *resultlen = qcrypto_hmac_alg_map[hmac->alg].len; *result = g_new0(uint8_t, *resultlen); } else if (*resultlen != qcrypto_hmac_alg_map[hmac->alg].len) { diff --git a/include/crypto/hmac.h b/include/crypto/hmac.h index da8a1e3ceb9..af3d5f8feb2 100644 --- a/include/crypto/hmac.h +++ b/include/crypto/hmac.h @@ -90,6 +90,12 @@ G_DEFINE_AUTOPTR_CLEANUP_FUNC(QCryptoHmac, qcrypto_hmac_free) * The memory referenced in @result must be released with a call * to g_free() when no longer required by the caller. * + * If @result_len is set to a NULL pointer, no result will be returned, and + * the hmac object can be used for further invocations of qcrypto_hmac_bytes() + * or qcrypto_hmac_bytesv() until a non-NULL pointer is provided. This allows + * to build the hmac across memory regions that are not available at the same + * time. + * * Returns: * 0 on success, -1 on error */ @@ -123,6 +129,12 @@ int qcrypto_hmac_bytesv(QCryptoHmac *hmac, * The memory referenced in @result must be released with a call * to g_free() when no longer required by the caller. * + * If @result_len is set to a NULL pointer, no result will be returned, and + * the hmac object can be used for further invocations of qcrypto_hmac_bytes() + * or qcrypto_hmac_bytesv() until a non-NULL pointer is provided. This allows + * to build the hmac across memory regions that are not available at the same + * time. + * * Returns: * 0 on success, -1 on error */ -- 2.47.3