From 248b1e0aa41d97958c6f45132f6cc7e888263eb7 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <bluca@debian.org>
Date: Sat, 27 Mar 2021 19:11:08 +0000
Subject: [PATCH] gcrypt: do not ignore return values

Check the return code from gcrypt's functions. In some
cases just log, as it shoulnd't really happen.

Fixes various Coverity issues:

CID #1444702
CID #1444704
CID #1444706
CID #1444711
CID #1444712
CID #1444713
---
 src/basic/gcrypt-util.c                          |  5 +++--
 src/libsystemd/sd-journal/fsprg.c                |  7 +++++--
 src/libsystemd/sd-journal/journal-authenticate.c |  8 +++++++-
 src/resolve/resolved-dns-dnssec.c                | 10 ++++++----
 4 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/src/basic/gcrypt-util.c b/src/basic/gcrypt-util.c
index bf0d2106f8d..cdc308aca33 100644
--- a/src/basic/gcrypt-util.c
+++ b/src/basic/gcrypt-util.c
@@ -20,6 +20,7 @@ void initialize_libgcrypt(bool secmem) {
 
 int string_hashsum(const char *s, size_t len, int md_algorithm, char **out) {
         _cleanup_(gcry_md_closep) gcry_md_hd_t md = NULL;
+        gcry_error_t err;
         size_t hash_size;
         void *hash;
         char *enc;
@@ -29,8 +30,8 @@ int string_hashsum(const char *s, size_t len, int md_algorithm, char **out) {
         hash_size = gcry_md_get_algo_dlen(md_algorithm);
         assert(hash_size > 0);
 
-        gcry_md_open(&md, md_algorithm, 0);
-        if (!md)
+        err = gcry_md_open(&md, md_algorithm, 0);
+        if (gcry_err_code(err) != GPG_ERR_NO_ERROR || !md)
                 return -EIO;
 
         gcry_md_write(md, s, len);
diff --git a/src/libsystemd/sd-journal/fsprg.c b/src/libsystemd/sd-journal/fsprg.c
index 7ea72495ef2..ab4cef9841c 100644
--- a/src/libsystemd/sd-journal/fsprg.c
+++ b/src/libsystemd/sd-journal/fsprg.c
@@ -99,10 +99,12 @@ _pure_ static uint64_t uint64_import(const void *buf, size_t buflen) {
 static void det_randomize(void *buf, size_t buflen, const void *seed, size_t seedlen, uint32_t idx) {
         gcry_md_hd_t hd, hd2;
         size_t olen, cpylen;
+        gcry_error_t err;
         uint32_t ctr;
 
         olen = gcry_md_get_algo_dlen(RND_HASH);
-        gcry_md_open(&hd, RND_HASH, 0);
+        err = gcry_md_open(&hd, RND_HASH, 0);
+        assert_se(gcry_err_code(err) == GPG_ERR_NO_ERROR); /* This shouldn't happen */
         gcry_md_write(hd, seed, seedlen);
         gcry_md_putc(hd, (idx >> 24) & 0xff);
         gcry_md_putc(hd, (idx >> 16) & 0xff);
@@ -110,7 +112,8 @@ static void det_randomize(void *buf, size_t buflen, const void *seed, size_t see
         gcry_md_putc(hd, (idx >>  0) & 0xff);
 
         for (ctr = 0; buflen; ctr++) {
-                gcry_md_copy(&hd2, hd);
+                err = gcry_md_copy(&hd2, hd);
+                assert_se(gcry_err_code(err) == GPG_ERR_NO_ERROR); /* This shouldn't happen */
                 gcry_md_putc(hd2, (ctr >> 24) & 0xff);
                 gcry_md_putc(hd2, (ctr >> 16) & 0xff);
                 gcry_md_putc(hd2, (ctr >>  8) & 0xff);
diff --git a/src/libsystemd/sd-journal/journal-authenticate.c b/src/libsystemd/sd-journal/journal-authenticate.c
index a5ff987d6ed..0bfe9f7f477 100644
--- a/src/libsystemd/sd-journal/journal-authenticate.c
+++ b/src/libsystemd/sd-journal/journal-authenticate.c
@@ -65,6 +65,8 @@ int journal_file_append_tag(JournalFile *f) {
 
 int journal_file_hmac_start(JournalFile *f) {
         uint8_t key[256 / 8]; /* Let's pass 256 bit from FSPRG to HMAC */
+        gcry_error_t err;
+
         assert(f);
 
         if (!f->seal)
@@ -76,7 +78,11 @@ int journal_file_hmac_start(JournalFile *f) {
         /* Prepare HMAC for next cycle */
         gcry_md_reset(f->hmac);
         FSPRG_GetKey(f->fsprg_state, key, sizeof(key), 0);
-        gcry_md_setkey(f->hmac, key, sizeof(key));
+        err = gcry_md_setkey(f->hmac, key, sizeof(key));
+        if (gcry_err_code(err) != GPG_ERR_NO_ERROR)
+                return log_debug_errno(SYNTHETIC_ERRNO(EIO),
+                                       "gcry_md_setkey() failed with error code: %d",
+                                       gcry_err_code(err));
 
         f->hmac_running = true;
 
diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c
index 4b12e483523..d14e5a90af0 100644
--- a/src/resolve/resolved-dns-dnssec.c
+++ b/src/resolve/resolved-dns-dnssec.c
@@ -1089,6 +1089,7 @@ static int digest_to_gcrypt_md(uint8_t algorithm) {
 int dnssec_verify_dnskey_by_ds(DnsResourceRecord *dnskey, DnsResourceRecord *ds, bool mask_revoke) {
         uint8_t wire_format[DNS_WIRE_FORMAT_HOSTNAME_MAX];
         _cleanup_(gcry_md_closep) gcry_md_hd_t md = NULL;
+        gcry_error_t err;
         size_t hash_size;
         int md_algorithm, r;
         void *result;
@@ -1130,8 +1131,8 @@ int dnssec_verify_dnskey_by_ds(DnsResourceRecord *dnskey, DnsResourceRecord *ds,
         if (r < 0)
                 return r;
 
-        gcry_md_open(&md, md_algorithm, 0);
-        if (!md)
+        err = gcry_md_open(&md, md_algorithm, 0);
+        if (gcry_err_code(err) != GPG_ERR_NO_ERROR || !md)
                 return -EIO;
 
         gcry_md_write(md, wire_format, r);
@@ -1205,6 +1206,7 @@ static int nsec3_hash_to_gcrypt_md(uint8_t algorithm) {
 int dnssec_nsec3_hash(DnsResourceRecord *nsec3, const char *name, void *ret) {
         uint8_t wire_format[DNS_WIRE_FORMAT_HOSTNAME_MAX];
         gcry_md_hd_t md = NULL;
+        gcry_error_t err;
         size_t hash_size;
         int algorithm;
         void *result;
@@ -1239,8 +1241,8 @@ int dnssec_nsec3_hash(DnsResourceRecord *nsec3, const char *name, void *ret) {
         if (r < 0)
                 return r;
 
-        gcry_md_open(&md, algorithm, 0);
-        if (!md)
+        err = gcry_md_open(&md, algorithm, 0);
+        if (gcry_err_code(err) != GPG_ERR_NO_ERROR || !md)
                 return -EIO;
 
         gcry_md_write(md, wire_format, r);
-- 
2.47.3