Re: [PATCH v6 07/28] hash: integrate hash on mbedtls

Tue, 03 Sep 2024 08:49:46 -0700 

Hi Ilias,

On Wed, 28 Aug 2024 at 05:54, Ilias Apalodimas <ilias.apalodi...@linaro.org>
wrote:

> Hi Raymond
>
> On Sat, 17 Aug 2024 at 00:47, Raymond Mao <raymond....@linaro.org> wrote:
> >
> > Integrate common/hash.c on the hash shim layer so that hash APIs
> > from mbedtls can be leveraged by boot/image and efi_loader.
> >
> > Signed-off-by: Raymond Mao <raymond....@linaro.org>
> > ---
> > Changes in v2
> > - Use the original head files instead of creating new ones.
> > Changes in v3
> > - Add handle checkers for malloc.
> > Changes in v4
> > - None.
> > Changes in v5
> > - Add __maybe_unused to solve linker errors in some platforms.
> > - replace malloc with calloc.
> > Changes in v6
> > - None.
> >
> >  common/hash.c | 146 ++++++++++++++++++++++++++++++++++++++++++++++++++
> >  1 file changed, 146 insertions(+)
> >
> > diff --git a/common/hash.c b/common/hash.c
> > index ac63803fed9..d25fc4854c7 100644
> > --- a/common/hash.c
> > +++ b/common/hash.c
> > @@ -35,6 +35,144 @@
> >  #include <u-boot/sha512.h>
> >  #include <u-boot/md5.h>
> >
> > +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_CRYPTO)
> > +
> > +static int __maybe_unused hash_init_sha1(struct hash_algo *algo, void
> **ctxp)
> > +{
> > +       int ret;
> > +       mbedtls_sha1_context *ctx = calloc(1, sizeof(*ctx));
> > +
> > +       if (!ctx)
> > +               return -ENOMEM;
> > +
> > +       mbedtls_sha1_init(ctx);
> > +       ret = mbedtls_sha1_starts(ctx);
> > +       if (!ret) {
> > +               *ctxp = ctx;
> > +       } else {
> > +               mbedtls_sha1_free(ctx);
> > +               free(ctx);
> > +       }
> > +
> > +       return ret;
> > +}
> > +
> > +static int __maybe_unused hash_update_sha1(struct hash_algo *algo, void
> *ctx,
> > +                                          const void *buf, unsigned int
> size,
> > +                                          int is_last)
> > +{
> > +       return mbedtls_sha1_update((mbedtls_sha1_context *)ctx, buf,
> size);
> > +}
> > +
> > +static int __maybe_unused
> > +hash_finish_sha1(struct hash_algo *algo, void *ctx, void *dest_buf, int
> size)
> > +{
> > +       int ret;
> > +
> > +       if (size < algo->digest_size)
> > +               return -1;
> > +
> > +       ret = mbedtls_sha1_finish((mbedtls_sha1_context *)ctx, dest_buf);
> > +       if (!ret) {
>
> patch # calls finish & free regardless of the return result of
> mbedtls_xxxx_finish().
> I think this should happen here as well
>
> Unlike the other one who returns void, this API returns int.
Why don't we check the result here and return the error code when it exists?

[snip]

Regards,
Raymond

Reply via email to