psk = shared_key->get_key(shared_key);
adjust_keylen(alg, &psk);
this->prf->set_key(this->prf, psk);
- this->prf->allocate_bytes(this->prf, nonces, &skeyid);
+ if (!this->prf->allocate_bytes(this->prf, nonces, &skeyid))
+ {
+ chunk_clear(&g_xy);
+ return FALSE;
+ }
break;
}
case AUTH_RSA:
case AUTH_HYBRID_RESP_RSA:
{
this->prf->set_key(this->prf, nonces);
- this->prf->allocate_bytes(this->prf, g_xy, &skeyid);
+ if (!this->prf->allocate_bytes(this->prf, g_xy, &skeyid))
+ {
+ chunk_clear(&g_xy);
+ return FALSE;
+ }
break;
}
default:
/* SKEYID_d = prf(SKEYID, g^xy | CKY-I | CKY-R | 0) */
data = chunk_cat("cccc", g_xy, spi_i, spi_r, octet_0);
- this->prf->allocate_bytes(this->prf, data, &this->skeyid_d);
+ if (!this->prf->allocate_bytes(this->prf, data, &this->skeyid_d))
+ {
+ chunk_clear(&g_xy);
+ chunk_clear(&data);
+ }
chunk_clear(&data);
DBG4(DBG_IKE, "SKEYID_d %B", &this->skeyid_d);
/* SKEYID_a = prf(SKEYID, SKEYID_d | g^xy | CKY-I | CKY-R | 1) */
data = chunk_cat("ccccc", this->skeyid_d, g_xy, spi_i, spi_r, octet_1);
- this->prf->allocate_bytes(this->prf, data, &this->skeyid_a);
+ if (!this->prf->allocate_bytes(this->prf, data, &this->skeyid_a))
+ {
+ chunk_clear(&g_xy);
+ chunk_clear(&data);
+ }
chunk_clear(&data);
DBG4(DBG_IKE, "SKEYID_a %B", &this->skeyid_a);
/* SKEYID_e = prf(SKEYID, SKEYID_a | g^xy | CKY-I | CKY-R | 2) */
data = chunk_cat("ccccc", this->skeyid_a, g_xy, spi_i, spi_r, octet_2);
- this->prf->allocate_bytes(this->prf, data, &skeyid_e);
+ if (!this->prf->allocate_bytes(this->prf, data, &skeyid_e))
+ {
+ chunk_clear(&g_xy);
+ chunk_clear(&data);
+ }
chunk_clear(&data);
DBG4(DBG_IKE, "SKEYID_e %B", &skeyid_e);
DBG3(DBG_IKE, "HASH_%c data %B", initiator ? 'I' : 'R', &data);
- this->prf_auth->allocate_bytes(this->prf_auth, data, hash);
+ if (!this->prf_auth->allocate_bytes(this->prf_auth, data, hash))
+ {
+ free(data.ptr);
+ return FALSE;
+ }
DBG3(DBG_IKE, "HASH_%c %B", initiator ? 'I' : 'R', hash);
this->prf->set_key(this->prf, this->skeyid_a);
if (add_message)
{
- generator_t *generator = generator_create_no_dbg();
- chunk_t msg = get_message_data(message, generator);
- this->prf->allocate_bytes(this->prf, data, NULL);
- this->prf->allocate_bytes(this->prf, msg, hash);
+ generator_t *generator;
+ chunk_t msg;
+
+ generator = generator_create_no_dbg();
+ msg = get_message_data(message, generator);
+ if (!this->prf->allocate_bytes(this->prf, data, NULL) ||
+ !this->prf->allocate_bytes(this->prf, msg, hash))
+ {
+ generator->destroy(generator);
+ return FALSE;
+ }
generator->destroy(generator);
}
else
{
- this->prf->allocate_bytes(this->prf, data, hash);
+ if (!this->prf->allocate_bytes(this->prf, data, hash))
+ {
+ return FALSE;
+ }
}
DBG3(DBG_IKE, "%s %B", name, hash);
return TRUE;
{
chunk_t skeyseed, key, secret, full_nonce, fixed_nonce, prf_plus_seed;
chunk_t spi_i, spi_r;
- prf_plus_t *prf_plus;
+ prf_plus_t *prf_plus = NULL;
u_int16_t alg, key_size, int_alg;
prf_t *rekey_prf = NULL;
{
/* SKEYSEED = prf(Ni | Nr, g^ir) */
this->prf->set_key(this->prf, fixed_nonce);
- this->prf->allocate_bytes(this->prf, secret, &skeyseed);
- this->prf->set_key(this->prf, skeyseed);
- prf_plus = prf_plus_create(this->prf, TRUE, prf_plus_seed);
+ if (this->prf->allocate_bytes(this->prf, secret, &skeyseed))
+ {
+ this->prf->set_key(this->prf, skeyseed);
+ prf_plus = prf_plus_create(this->prf, TRUE, prf_plus_seed);
+ }
}
else
{
}
secret = chunk_cat("mc", secret, full_nonce);
rekey_prf->set_key(rekey_prf, rekey_skd);
- rekey_prf->allocate_bytes(rekey_prf, secret, &skeyseed);
- rekey_prf->set_key(rekey_prf, skeyseed);
- prf_plus = prf_plus_create(rekey_prf, TRUE, prf_plus_seed);
+ if (rekey_prf->allocate_bytes(rekey_prf, secret, &skeyseed))
+ {
+ rekey_prf->set_key(rekey_prf, skeyseed);
+ prf_plus = prf_plus_create(rekey_prf, TRUE, prf_plus_seed);
+ }
}
DBG4(DBG_IKE, "SKEYSEED %B", &skeyseed);
DBG3(DBG_IKE, "IDx' %B", &idx);
DBG3(DBG_IKE, "SK_p %B", &skp);
this->prf->set_key(this->prf, skp);
- this->prf->allocate_bytes(this->prf, idx, &chunk);
-
+ if (!this->prf->allocate_bytes(this->prf, idx, &chunk))
+ {
+ return FALSE;
+ }
*octets = chunk_cat("ccm", ike_sa_init, nonce, chunk);
DBG3(DBG_IKE, "octets = message + nonce + prf(Sk_px, IDx') %B", octets);
return TRUE;
/* AUTH = prf(prf(Shared Secret,"Key Pad for IKEv2"), <msg octets>) */
key_pad = chunk_create(IKEV2_KEY_PAD, IKEV2_KEY_PAD_LENGTH);
this->prf->set_key(this->prf, secret);
- this->prf->allocate_bytes(this->prf, key_pad, &key);
+ if (!this->prf->allocate_bytes(this->prf, key_pad, &key))
+ {
+ chunk_free(&octets);
+ return FALSE;
+ }
this->prf->set_key(this->prf, key);
- this->prf->allocate_bytes(this->prf, octets, sig);
+ if (!this->prf->allocate_bytes(this->prf, octets, sig))
+ {
+ chunk_free(&key);
+ chunk_free(&octets);
+ return FALSE;
+ }
DBG4(DBG_IKE, "secret %B", &secret);
DBG4(DBG_IKE, "prf(secret, keypad) %B", &key);
DBG3(DBG_IKE, "AUTH = prf(prf(secret, keypad), octets) %B", sig);
/* allocated bytes */
seed = chunk_create(vector->seed, vector->len);
- prf->allocate_bytes(prf, seed, &out);
+ if (!prf->allocate_bytes(prf, seed, &out))
+ {
+ failed = TRUE;
+ }
if (out.len != prf->get_block_size(prf))
{
failed = TRUE;
{
prf->set_key(prf, key);
}
- prf->allocate_bytes(prf, chunk_create(seed.ptr, 1), NULL);
- if (!prf->get_bytes(prf, chunk_create(seed.ptr + 1, 1), NULL) ||
+ if (!prf->allocate_bytes(prf, chunk_create(seed.ptr, 1), NULL) ||
+ !prf->get_bytes(prf, chunk_create(seed.ptr + 1, 1), NULL) ||
!prf->get_bytes(prf, chunk_skip(seed, 2), out.ptr))
{
failed = TRUE;
return TRUE;
}
-METHOD(prf_t, allocate_bytes, void,
+METHOD(prf_t, allocate_bytes, bool,
private_prf_t *this, chunk_t seed, chunk_t *chunk)
{
if (!chunk)
*chunk = chunk_alloc(this->mac->get_mac_size(this->mac));
this->mac->get_mac(this->mac, seed, chunk->ptr);
}
+ return TRUE;
}
METHOD(prf_t, get_block_size, size_t,
*
* @param seed a chunk containing the seed for the next bytes
* @param chunk chunk which will hold generated bytes
+ * @return TRUE if bytes allocated and generated successfully
*/
- void (*allocate_bytes) (prf_t *this, chunk_t seed, chunk_t *chunk);
+ __attribute__((warn_unused_result))
+ bool (*allocate_bytes) (prf_t *this, chunk_t seed, chunk_t *chunk);
/**
* Get the block size of this prf_t object.
return TRUE;
}
-METHOD(prf_t, allocate_bytes, void,
+METHOD(prf_t, allocate_bytes, bool,
private_af_alg_prf_t *this, chunk_t seed, chunk_t *chunk)
{
if (chunk)
{
*chunk = chunk_alloc(this->block_size);
- get_bytes(this, seed, chunk->ptr);
- }
- else
- {
- get_bytes(this, seed, NULL);
+ return get_bytes(this, seed, chunk->ptr);
}
+ return get_bytes(this, seed, NULL);
}
METHOD(prf_t, get_block_size, size_t,
{
return 2 * this->b;
}
-METHOD(prf_t, allocate_bytes, void,
+METHOD(prf_t, allocate_bytes, bool,
private_fips_prf_t *this, chunk_t seed, chunk_t *chunk)
{
*chunk = chunk_alloc(get_block_size(this));
- get_bytes(this, seed, chunk->ptr);
+ return get_bytes(this, seed, chunk->ptr);
}
METHOD(prf_t, get_key_size, size_t,
return HASH_SIZE_SHA1;
}
-METHOD(prf_t, allocate_bytes, void,
+METHOD(prf_t, allocate_bytes, bool,
private_openssl_sha1_prf_t *this, chunk_t seed, chunk_t *chunk)
{
if (chunk)
{
*chunk = chunk_alloc(HASH_SIZE_SHA1);
- get_bytes(this, seed, chunk->ptr);
- }
- else
- {
- get_bytes(this, seed, NULL);
+ return get_bytes(this, seed, chunk->ptr);
}
+ return get_bytes(this, seed, NULL);
}
METHOD(prf_t, get_key_size, size_t,
return HASH_SIZE_SHA1;
}
-METHOD(prf_t, allocate_bytes, void,
+METHOD(prf_t, allocate_bytes, bool,
private_sha1_prf_t *this, chunk_t seed, chunk_t *chunk)
{
*chunk = chunk_alloc(HASH_SIZE_SHA1);
- get_bytes(this, seed, chunk->ptr);
+ return get_bytes(this, seed, chunk->ptr);
}
METHOD(prf_t, get_key_size, size_t,
projects / thirdparty / strongswan.git / commitdiff
