From: Martin Willi Date: Fri, 6 Jul 2012 09:28:27 +0000 (+0200) Subject: Add a return value to prf_t.allocate_bytes() X-Git-Tag: 5.0.1~357 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ecc080b393dda6469a9e21f559a2c2d98e51316f;p=thirdparty%2Fstrongswan.git Add a return value to prf_t.allocate_bytes() --- diff --git a/src/libcharon/sa/ikev1/keymat_v1.c b/src/libcharon/sa/ikev1/keymat_v1.c index d5e9ee0f10..f4b4a356b4 100644 --- a/src/libcharon/sa/ikev1/keymat_v1.c +++ b/src/libcharon/sa/ikev1/keymat_v1.c @@ -435,7 +435,11 @@ METHOD(keymat_v1_t, derive_ike_keys, bool, psk = shared_key->get_key(shared_key); adjust_keylen(alg, &psk); this->prf->set_key(this->prf, psk); - this->prf->allocate_bytes(this->prf, nonces, &skeyid); + if (!this->prf->allocate_bytes(this->prf, nonces, &skeyid)) + { + chunk_clear(&g_xy); + return FALSE; + } break; } case AUTH_RSA: @@ -448,7 +452,11 @@ METHOD(keymat_v1_t, derive_ike_keys, bool, case AUTH_HYBRID_RESP_RSA: { this->prf->set_key(this->prf, nonces); - this->prf->allocate_bytes(this->prf, g_xy, &skeyid); + if (!this->prf->allocate_bytes(this->prf, g_xy, &skeyid)) + { + chunk_clear(&g_xy); + return FALSE; + } break; } default: @@ -463,19 +471,31 @@ METHOD(keymat_v1_t, derive_ike_keys, bool, /* SKEYID_d = prf(SKEYID, g^xy | CKY-I | CKY-R | 0) */ data = chunk_cat("cccc", g_xy, spi_i, spi_r, octet_0); - this->prf->allocate_bytes(this->prf, data, &this->skeyid_d); + if (!this->prf->allocate_bytes(this->prf, data, &this->skeyid_d)) + { + chunk_clear(&g_xy); + chunk_clear(&data); + } chunk_clear(&data); DBG4(DBG_IKE, "SKEYID_d %B", &this->skeyid_d); /* SKEYID_a = prf(SKEYID, SKEYID_d | g^xy | CKY-I | CKY-R | 1) */ data = chunk_cat("ccccc", this->skeyid_d, g_xy, spi_i, spi_r, octet_1); - this->prf->allocate_bytes(this->prf, data, &this->skeyid_a); + if (!this->prf->allocate_bytes(this->prf, data, &this->skeyid_a)) + { + chunk_clear(&g_xy); + chunk_clear(&data); + } chunk_clear(&data); DBG4(DBG_IKE, "SKEYID_a %B", &this->skeyid_a); /* SKEYID_e = prf(SKEYID, SKEYID_a | g^xy | CKY-I | CKY-R | 2) */ data = chunk_cat("ccccc", this->skeyid_a, g_xy, spi_i, spi_r, octet_2); - this->prf->allocate_bytes(this->prf, data, &skeyid_e); + if (!this->prf->allocate_bytes(this->prf, data, &skeyid_e)) + { + chunk_clear(&g_xy); + chunk_clear(&data); + } chunk_clear(&data); DBG4(DBG_IKE, "SKEYID_e %B", &skeyid_e); @@ -724,7 +744,11 @@ METHOD(keymat_v1_t, get_hash, bool, DBG3(DBG_IKE, "HASH_%c data %B", initiator ? 'I' : 'R', &data); - this->prf_auth->allocate_bytes(this->prf_auth, data, hash); + if (!this->prf_auth->allocate_bytes(this->prf_auth, data, hash)) + { + free(data.ptr); + return FALSE; + } DBG3(DBG_IKE, "HASH_%c %B", initiator ? 'I' : 'R', hash); @@ -897,15 +921,25 @@ METHOD(keymat_v1_t, get_hash_phase2, bool, this->prf->set_key(this->prf, this->skeyid_a); if (add_message) { - generator_t *generator = generator_create_no_dbg(); - chunk_t msg = get_message_data(message, generator); - this->prf->allocate_bytes(this->prf, data, NULL); - this->prf->allocate_bytes(this->prf, msg, hash); + generator_t *generator; + chunk_t msg; + + generator = generator_create_no_dbg(); + msg = get_message_data(message, generator); + if (!this->prf->allocate_bytes(this->prf, data, NULL) || + !this->prf->allocate_bytes(this->prf, msg, hash)) + { + generator->destroy(generator); + return FALSE; + } generator->destroy(generator); } else { - this->prf->allocate_bytes(this->prf, data, hash); + if (!this->prf->allocate_bytes(this->prf, data, hash)) + { + return FALSE; + } } DBG3(DBG_IKE, "%s %B", name, hash); return TRUE; diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c index 4db02be7fb..1704f55e20 100644 --- a/src/libcharon/sa/ikev2/keymat_v2.c +++ b/src/libcharon/sa/ikev2/keymat_v2.c @@ -260,7 +260,7 @@ METHOD(keymat_v2_t, derive_ike_keys, bool, { chunk_t skeyseed, key, secret, full_nonce, fixed_nonce, prf_plus_seed; chunk_t spi_i, spi_r; - prf_plus_t *prf_plus; + prf_plus_t *prf_plus = NULL; u_int16_t alg, key_size, int_alg; prf_t *rekey_prf = NULL; @@ -323,9 +323,11 @@ METHOD(keymat_v2_t, derive_ike_keys, bool, { /* SKEYSEED = prf(Ni | Nr, g^ir) */ this->prf->set_key(this->prf, fixed_nonce); - this->prf->allocate_bytes(this->prf, secret, &skeyseed); - this->prf->set_key(this->prf, skeyseed); - prf_plus = prf_plus_create(this->prf, TRUE, prf_plus_seed); + if (this->prf->allocate_bytes(this->prf, secret, &skeyseed)) + { + this->prf->set_key(this->prf, skeyseed); + prf_plus = prf_plus_create(this->prf, TRUE, prf_plus_seed); + } } else { @@ -343,9 +345,11 @@ METHOD(keymat_v2_t, derive_ike_keys, bool, } secret = chunk_cat("mc", secret, full_nonce); rekey_prf->set_key(rekey_prf, rekey_skd); - rekey_prf->allocate_bytes(rekey_prf, secret, &skeyseed); - rekey_prf->set_key(rekey_prf, skeyseed); - prf_plus = prf_plus_create(rekey_prf, TRUE, prf_plus_seed); + if (rekey_prf->allocate_bytes(rekey_prf, secret, &skeyseed)) + { + rekey_prf->set_key(rekey_prf, skeyseed); + prf_plus = prf_plus_create(rekey_prf, TRUE, prf_plus_seed); + } } DBG4(DBG_IKE, "SKEYSEED %B", &skeyseed); @@ -593,8 +597,10 @@ METHOD(keymat_v2_t, get_auth_octets, bool, DBG3(DBG_IKE, "IDx' %B", &idx); DBG3(DBG_IKE, "SK_p %B", &skp); this->prf->set_key(this->prf, skp); - this->prf->allocate_bytes(this->prf, idx, &chunk); - + if (!this->prf->allocate_bytes(this->prf, idx, &chunk)) + { + return FALSE; + } *octets = chunk_cat("ccm", ike_sa_init, nonce, chunk); DBG3(DBG_IKE, "octets = message + nonce + prf(Sk_px, IDx') %B", octets); return TRUE; @@ -623,9 +629,18 @@ METHOD(keymat_v2_t, get_psk_sig, bool, /* AUTH = prf(prf(Shared Secret,"Key Pad for IKEv2"), ) */ key_pad = chunk_create(IKEV2_KEY_PAD, IKEV2_KEY_PAD_LENGTH); this->prf->set_key(this->prf, secret); - this->prf->allocate_bytes(this->prf, key_pad, &key); + if (!this->prf->allocate_bytes(this->prf, key_pad, &key)) + { + chunk_free(&octets); + return FALSE; + } this->prf->set_key(this->prf, key); - this->prf->allocate_bytes(this->prf, octets, sig); + if (!this->prf->allocate_bytes(this->prf, octets, sig)) + { + chunk_free(&key); + chunk_free(&octets); + return FALSE; + } DBG4(DBG_IKE, "secret %B", &secret); DBG4(DBG_IKE, "prf(secret, keypad) %B", &key); DBG3(DBG_IKE, "AUTH = prf(prf(secret, keypad), octets) %B", sig); diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c index 4690593719..8398bc80b4 100644 --- a/src/libstrongswan/crypto/crypto_tester.c +++ b/src/libstrongswan/crypto/crypto_tester.c @@ -847,7 +847,10 @@ METHOD(crypto_tester_t, test_prf, bool, /* allocated bytes */ seed = chunk_create(vector->seed, vector->len); - prf->allocate_bytes(prf, seed, &out); + if (!prf->allocate_bytes(prf, seed, &out)) + { + failed = TRUE; + } if (out.len != prf->get_block_size(prf)) { failed = TRUE; @@ -878,8 +881,8 @@ METHOD(crypto_tester_t, test_prf, bool, { prf->set_key(prf, key); } - prf->allocate_bytes(prf, chunk_create(seed.ptr, 1), NULL); - if (!prf->get_bytes(prf, chunk_create(seed.ptr + 1, 1), NULL) || + if (!prf->allocate_bytes(prf, chunk_create(seed.ptr, 1), NULL) || + !prf->get_bytes(prf, chunk_create(seed.ptr + 1, 1), NULL) || !prf->get_bytes(prf, chunk_skip(seed, 2), out.ptr)) { failed = TRUE; diff --git a/src/libstrongswan/crypto/prfs/mac_prf.c b/src/libstrongswan/crypto/prfs/mac_prf.c index 489797fb79..cd39586af3 100644 --- a/src/libstrongswan/crypto/prfs/mac_prf.c +++ b/src/libstrongswan/crypto/prfs/mac_prf.c @@ -42,7 +42,7 @@ METHOD(prf_t, get_bytes, bool, return TRUE; } -METHOD(prf_t, allocate_bytes, void, +METHOD(prf_t, allocate_bytes, bool, private_prf_t *this, chunk_t seed, chunk_t *chunk) { if (!chunk) @@ -54,6 +54,7 @@ METHOD(prf_t, allocate_bytes, void, *chunk = chunk_alloc(this->mac->get_mac_size(this->mac)); this->mac->get_mac(this->mac, seed, chunk->ptr); } + return TRUE; } METHOD(prf_t, get_block_size, size_t, diff --git a/src/libstrongswan/crypto/prfs/prf.h b/src/libstrongswan/crypto/prfs/prf.h index 8b98b41aa0..05380b5f23 100644 --- a/src/libstrongswan/crypto/prfs/prf.h +++ b/src/libstrongswan/crypto/prfs/prf.h @@ -87,8 +87,10 @@ struct prf_t { * * @param seed a chunk containing the seed for the next bytes * @param chunk chunk which will hold generated bytes + * @return TRUE if bytes allocated and generated successfully */ - void (*allocate_bytes) (prf_t *this, chunk_t seed, chunk_t *chunk); + __attribute__((warn_unused_result)) + bool (*allocate_bytes) (prf_t *this, chunk_t seed, chunk_t *chunk); /** * Get the block size of this prf_t object. diff --git a/src/libstrongswan/plugins/af_alg/af_alg_prf.c b/src/libstrongswan/plugins/af_alg/af_alg_prf.c index 5b12adfc2a..14df573073 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_prf.c +++ b/src/libstrongswan/plugins/af_alg/af_alg_prf.c @@ -112,18 +112,15 @@ METHOD(prf_t, get_bytes, bool, return TRUE; } -METHOD(prf_t, allocate_bytes, void, +METHOD(prf_t, allocate_bytes, bool, private_af_alg_prf_t *this, chunk_t seed, chunk_t *chunk) { if (chunk) { *chunk = chunk_alloc(this->block_size); - get_bytes(this, seed, chunk->ptr); - } - else - { - get_bytes(this, seed, NULL); + return get_bytes(this, seed, chunk->ptr); } + return get_bytes(this, seed, NULL); } METHOD(prf_t, get_block_size, size_t, diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf.c b/src/libstrongswan/plugins/fips_prf/fips_prf.c index ae5ed98f23..8c4dc9e14b 100644 --- a/src/libstrongswan/plugins/fips_prf/fips_prf.c +++ b/src/libstrongswan/plugins/fips_prf/fips_prf.c @@ -147,11 +147,11 @@ METHOD(prf_t, get_block_size, size_t, { return 2 * this->b; } -METHOD(prf_t, allocate_bytes, void, +METHOD(prf_t, allocate_bytes, bool, private_fips_prf_t *this, chunk_t seed, chunk_t *chunk) { *chunk = chunk_alloc(get_block_size(this)); - get_bytes(this, seed, chunk->ptr); + return get_bytes(this, seed, chunk->ptr); } METHOD(prf_t, get_key_size, size_t, diff --git a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c index 03b7fa08b4..1c6dbd8211 100644 --- a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c +++ b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c @@ -60,18 +60,15 @@ METHOD(prf_t, get_block_size, size_t, return HASH_SIZE_SHA1; } -METHOD(prf_t, allocate_bytes, void, +METHOD(prf_t, allocate_bytes, bool, private_openssl_sha1_prf_t *this, chunk_t seed, chunk_t *chunk) { if (chunk) { *chunk = chunk_alloc(HASH_SIZE_SHA1); - get_bytes(this, seed, chunk->ptr); - } - else - { - get_bytes(this, seed, NULL); + return get_bytes(this, seed, chunk->ptr); } + return get_bytes(this, seed, NULL); } METHOD(prf_t, get_key_size, size_t, diff --git a/src/libstrongswan/plugins/sha1/sha1_prf.c b/src/libstrongswan/plugins/sha1/sha1_prf.c index f3e44ed653..1ce3750870 100644 --- a/src/libstrongswan/plugins/sha1/sha1_prf.c +++ b/src/libstrongswan/plugins/sha1/sha1_prf.c @@ -81,11 +81,11 @@ METHOD(prf_t, get_block_size, size_t, return HASH_SIZE_SHA1; } -METHOD(prf_t, allocate_bytes, void, +METHOD(prf_t, allocate_bytes, bool, private_sha1_prf_t *this, chunk_t seed, chunk_t *chunk) { *chunk = chunk_alloc(HASH_SIZE_SHA1); - get_bytes(this, seed, chunk->ptr); + return get_bytes(this, seed, chunk->ptr); } METHOD(prf_t, get_key_size, size_t,