{
return FALSE;
}
- this->prf->get_bytes(this->prf, label, seed, 12, out);
+ if (!this->prf->get_bytes(this->prf, label, seed, 12, out))
+ {
+ free(seed.ptr);
+ return FALSE;
+ }
free(seed.ptr);
return TRUE;
}
/**
* Derive master secret from premaster, optionally save session
*/
-static void derive_master(private_tls_crypto_t *this, chunk_t premaster,
+static bool derive_master(private_tls_crypto_t *this, chunk_t premaster,
chunk_t session, identification_t *id,
chunk_t client_random, chunk_t server_random)
{
/* derive master secret */
seed = chunk_cata("cc", client_random, server_random);
this->prf->set_key(this->prf, premaster);
- this->prf->get_bytes(this->prf, "master secret", seed,
- sizeof(master), master);
-
+ if (!this->prf->get_bytes(this->prf, "master secret", seed,
+ sizeof(master), master))
+ {
+ return FALSE;
+ }
this->prf->set_key(this->prf, chunk_from_thing(master));
+
if (this->cache && session.len)
{
this->cache->create(this->cache, session, id, chunk_from_thing(master),
this->suite);
}
memwipe(master, sizeof(master));
+ return TRUE;
}
/**
}
seed = chunk_cata("cc", server_random, client_random);
block = chunk_alloca((mks + eks + ivs) * 2);
- this->prf->get_bytes(this->prf, "key expansion", seed, block.len, block.ptr);
+ if (!this->prf->get_bytes(this->prf, "key expansion", seed,
+ block.len, block.ptr))
+ {
+ return FALSE;
+ }
/* signer keys */
client_write = chunk_create(block.ptr, mks);
{
seed = chunk_cata("cc", client_random, server_random);
this->msk = chunk_alloc(64);
- this->prf->get_bytes(this->prf, this->msk_label, seed,
- this->msk.len, this->msk.ptr);
+ if (!this->prf->get_bytes(this->prf, this->msk_label, seed,
+ this->msk.len, this->msk.ptr))
+ {
+ return FALSE;
+ }
}
return TRUE;
}
private_tls_crypto_t *this, chunk_t premaster, chunk_t session,
identification_t *id, chunk_t client_random, chunk_t server_random)
{
- derive_master(this, premaster, session, id, client_random, server_random);
- return expand_keys(this, client_random, server_random);
+ return derive_master(this, premaster, session, id,
+ client_random, server_random) &&
+ expand_keys(this, client_random, server_random);
}
METHOD(tls_crypto_t, resume_session, tls_cipher_suite_t,
/**
* The P_hash function as in TLS 1.0/1.2
*/
-static void p_hash(prf_t *prf, char *label, chunk_t seed, size_t block_size,
+static bool p_hash(prf_t *prf, char *label, chunk_t seed, size_t block_size,
size_t bytes, char *out)
{
char buf[block_size], abuf[block_size];
out += block_size;
bytes -= block_size;
}
+ return TRUE;
}
-METHOD(tls_prf_t, get_bytes12, void,
+METHOD(tls_prf_t, get_bytes12, bool,
private_tls_prf12_t *this, char *label, chunk_t seed,
size_t bytes, char *out)
{
- p_hash(this->prf, label, seed, this->prf->get_block_size(this->prf),
- bytes, out);
+ return p_hash(this->prf, label, seed, this->prf->get_block_size(this->prf),
+ bytes, out);
}
METHOD(tls_prf_t, destroy12, void,
this->sha1->set_key(this->sha1, chunk_create(key.ptr + key.len - len, len));
}
-METHOD(tls_prf_t, get_bytes10, void,
+METHOD(tls_prf_t, get_bytes10, bool,
private_tls_prf10_t *this, char *label, chunk_t seed,
size_t bytes, char *out)
{
char buf[bytes];
- p_hash(this->md5, label, seed, this->md5->get_block_size(this->md5),
- bytes, out);
- p_hash(this->sha1, label, seed, this->sha1->get_block_size(this->sha1),
- bytes, buf);
+ if (!p_hash(this->md5, label, seed, this->md5->get_block_size(this->md5),
+ bytes, out) ||
+ !p_hash(this->sha1, label, seed, this->sha1->get_block_size(this->sha1),
+ bytes, buf))
+ {
+ return FALSE;
+ }
memxor(out, buf, bytes);
+ return TRUE;
}
METHOD(tls_prf_t, destroy10, void,
projects / thirdparty / strongswan.git / commitdiff
