/* build Message-Authenticator attribute, using 16 null bytes */
memset(buf, 0, sizeof(buf));
add(this, RAT_MESSAGE_AUTHENTICATOR, chunk_create(buf, sizeof(buf)));
- signer->get_signature(signer,
+ if (!signer->get_signature(signer,
chunk_create((u_char*)this->msg, ntohs(this->msg->length)),
- ((u_char*)this->msg) + ntohs(this->msg->length) - HASH_SIZE_MD5);
+ ((u_char*)this->msg) + ntohs(this->msg->length) - HASH_SIZE_MD5))
+ {
+ return FALSE;
+ }
}
if (!rng)
if (mac.len)
{
data = chunk_cata("cc", out, sigdata);
- signer->get_signature(signer, data, mac.ptr);
+ if (!signer->get_signature(signer, data, mac.ptr))
+ {
+ return FALSE;
+ }
}
call_hook(this, FALSE, FALSE);
{
chunk_t encr, sig;
- this->signer->get_signature(this->signer, assoc, NULL);
- this->signer->get_signature(this->signer, iv, NULL);
+ if (!this->signer->get_signature(this->signer, assoc, NULL) ||
+ !this->signer->get_signature(this->signer, iv, NULL))
+ {
+ return FALSE;
+ }
if (encrypted)
{
else
{
this->crypter->encrypt(this->crypter, plain, iv, NULL);
- this->signer->get_signature(this->signer, plain, plain.ptr + plain.len);
+ if (!this->signer->get_signature(this->signer,
+ plain, plain.ptr + plain.len))
+ {
+ return FALSE;
+ }
}
return TRUE;
}
chunk_split(encrypted, "mm", encrypted.len - sig.len,
&encrypted, sig.len, &sig);
- this->signer->get_signature(this->signer, assoc, NULL);
- this->signer->get_signature(this->signer, iv, NULL);
+ if (!this->signer->get_signature(this->signer, assoc, NULL) ||
+ !this->signer->get_signature(this->signer, iv, NULL))
+ {
+ return FALSE;
+ }
if (!this->signer->verify_signature(this->signer, encrypted, sig))
{
DBG1(DBG_LIB, "MAC verification failed");
start_timing(&start);
while (end_timing(&start) < this->bench_time)
{
- signer->get_signature(signer, buf, mac);
- runs++;
- signer->verify_signature(signer, buf, chunk_from_thing(mac));
- runs++;
+ if (signer->get_signature(signer, buf, mac))
+ {
+ runs++;
+ }
+ if (signer->verify_signature(signer, buf, chunk_from_thing(mac)))
+ {
+ runs++;
+ }
}
free(buf.ptr);
signer->destroy(signer);
}
/* signature to existing buffer */
memset(mac.ptr, 0, mac.len);
- signer->get_signature(signer, data, mac.ptr);
+ if (!signer->get_signature(signer, data, mac.ptr))
+ {
+ failed = TRUE;
+ }
if (!memeq(vector->mac, mac.ptr, mac.len))
{
failed = TRUE;
{
failed = TRUE;
}
- signer->get_signature(signer, chunk_create(data.ptr + 1, 1), NULL);
+ if (!signer->get_signature(signer,
+ chunk_create(data.ptr + 1, 1), NULL))
+ {
+ failed = TRUE;
+ }
if (!signer->verify_signature(signer, chunk_skip(data, 2),
chunk_create(vector->mac, mac.len)))
{
size_t truncation;
};
-METHOD(signer_t, get_signature, void,
+METHOD(signer_t, get_signature, bool,
private_signer_t *this, chunk_t data, u_int8_t *buffer)
{
if (buffer == NULL)
this->mac->get_mac(this->mac, data, mac);
memcpy(buffer, mac, this->truncation);
}
+ return TRUE;
}
METHOD(signer_t, allocate_signature, bool,
*
* @param data a chunk containing the data to sign
* @param buffer pointer where the signature will be written
+ * @return TRUE if signature created successfully
*/
- void (*get_signature) (signer_t *this, chunk_t data, u_int8_t *buffer);
+ __attribute__((warn_unused_result))
+ bool (*get_signature) (signer_t *this, chunk_t data, u_int8_t *buffer);
/**
* Generate a signature and allocate space for it.
return 0;
}
-METHOD(signer_t, get_signature, void,
+METHOD(signer_t, get_signature, bool,
private_af_alg_signer_t *this, chunk_t data, u_int8_t *buffer)
{
this->ops->hash(this->ops, data, buffer, this->block_size);
+ return TRUE;
}
METHOD(signer_t, allocate_signature, bool,
if (chunk)
{
*chunk = chunk_alloc(this->block_size);
- get_signature(this, data, chunk->ptr);
- }
- else
- {
- get_signature(this, data, NULL);
+ return get_signature(this, data, chunk->ptr);
}
- return TRUE;
+ return get_signature(this, data, NULL);
}
METHOD(signer_t, verify_signature, bool,
{
return FALSE;
}
- get_signature(this, data, sig);
+ if (!get_signature(this, data, sig))
+ {
+ return FALSE;
+ }
return memeq(signature.ptr, sig, signature.len);
}
/**
* Create the header and feed it into a signer for MAC verification
*/
-static void sigheader(signer_t *signer, u_int32_t seq, u_int8_t type,
+static bool sigheader(signer_t *signer, u_int32_t seq, u_int8_t type,
u_int16_t version, u_int16_t length)
{
/* we only support 32 bit sequence numbers, but TLS uses 64 bit */
htoun16(&header.version, version);
htoun16(&header.length, length);
- signer->get_signature(signer, chunk_from_thing(header), NULL);
+ return signer->get_signature(signer, chunk_from_thing(header), NULL);
}
METHOD(tls_protection_t, process, status_t,
mac = chunk_skip(data, data.len - bs);
data.len -= bs;
- sigheader(this->signer_in, this->seq_in, type, this->version, data.len);
- if (!this->signer_in->verify_signature(this->signer_in, data, mac))
+ if (!sigheader(this->signer_in, this->seq_in, type,
+ this->version, data.len) ||
+ !this->signer_in->verify_signature(this->signer_in, data, mac))
{
DBG1(DBG_TLS, "TLS record MAC verification failed");
this->alert->add(this->alert, TLS_FATAL, TLS_BAD_RECORD_MAC);
{
chunk_t mac;
- sigheader(this->signer_out, this->seq_out, *type,
- this->version, data->len);
- if (!this->signer_out->allocate_signature(this->signer_out,
- *data, &mac))
+ if (!sigheader(this->signer_out, this->seq_out, *type,
+ this->version, data->len) ||
+ !this->signer_out->allocate_signature(this->signer_out,
+ *data, &mac))
{
return FAILED;
}
projects / thirdparty / strongswan.git / commitdiff
