<html>

    <head>

      <base href="https://bugs.webkit.org/" />

    </head>

    <body>

      <p>

        <div>

            <b><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - [GTK] Use libgcrypt instead of GnuTLS for CryptoDigest and SubtleCrypto HMAC implementation"

   href="https://bugs.webkit.org/show_bug.cgi?id=163125#c11">Comment # 11</a>

              on <a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - [GTK] Use libgcrypt instead of GnuTLS for CryptoDigest and SubtleCrypto HMAC implementation"

   href="https://bugs.webkit.org/show_bug.cgi?id=163125">bug 163125</a>

              from <span class="vcard"><a class="email" href="mailto:cgarcia&#64;igalia.com" title="Carlos Garcia Campos &lt;cgarcia&#64;igalia.com&gt;"> <span class="fn">Carlos Garcia Campos</span></a>

</span></b>

        <pre>Comment on <span class=""><a href="attachment.cgi?id=290961&amp;action=diff" name="attach_290961" title="Patch">attachment 290961</a> <a href="attachment.cgi?id=290961&amp;action=edit" title="Patch">[details]</a></span>

Patch

View in context: <a href="https://bugs.webkit.org/attachment.cgi?id=290961&amp;action=review">https://bugs.webkit.org/attachment.cgi?id=290961&amp;action=review</a>

<span class="quote">&gt; Source/WebCore/crypto/gcrypt/CryptoAlgorithmHMACGCrypt.cpp:40

&gt; +static int getGCryptDigestAlgorithm(CryptoAlgorithmIdentifier hashFunction)</span >

Don't use &quot;get&quot; here. You could use cryptoAlgorithmIdentifierToGCryptDigestAlgorithm or something similar, or gcryptDigestAlgorithmForCryptoAlgorithmIdentifier

<span class="quote">&gt; Source/WebCore/crypto/gcrypt/CryptoAlgorithmHMACGCrypt.cpp:66

&gt; +    gcry_mac_open(&amp;hd, algorithm, 0, 0);</span >

0, nullptr

<span class="quote">&gt; Source/WebCore/crypto/gcrypt/CryptoAlgorithmHMACGCrypt.cpp:69

&gt; +    gcry_mac_read(hd, result.data(), &amp;digestLength);</span >

Don't you need to handle the return value of digestLength? Can it really be different to result.size()? I guess it can't be bigger than value returned by gcry_mac_get_algo_maclen, but can it be smaller? If it should be the same size I would add an assert, otherwise you would need to resize the vector here.

<span class="quote">&gt; Source/WebCore/crypto/gcrypt/CryptoAlgorithmHMACGCrypt.cpp:72

&gt; +    return result;</span >

Most of the gcry functions used above return a gcry_error_t that is not handled at all. We should call the failureCallback in platformSign if any of those fail.</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are the assignee for the bug.</li>

      </ul>

    </body>

</html>