Add a return value to radius_message_t.sign()

diff --git a/src/libcharon/plugins/eap_radius/eap_radius_dae.c b/src/libcharon/plugins/eap_radius/eap_radius_dae.c
index 80da99a0f3e3a90b682c823aa83f782d410c7369..75b7b70a78850111bce09fe3279ba86588744829 100644 (file)
--- a/src/libcharon/plugins/eap_radius/eap_radius_dae.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius_dae.c
@@ -184,11 +184,16 @@ static void send_response(private_eap_radius_dae_t *this,
 
        response = radius_message_create(code);
        response->set_identifier(response, request->get_identifier(request));
-       response->sign(response, request->get_authenticator(request),
-                                  this->secret, this->hasher, this->signer, NULL, FALSE);
-
-       send_message(this, response, client);
-       save_retransmit(this, response, client);
+       if (response->sign(response, request->get_authenticator(request),
+                                          this->secret, this->hasher, this->signer, NULL, FALSE))
+       {
+               send_message(this, response, client);
+               save_retransmit(this, response, client);
+       }
+       else
+       {
+               response->destroy(response);
+       }
 }
 
 /**

diff --git a/src/libcharon/plugins/tnc_pdp/tnc_pdp.c b/src/libcharon/plugins/tnc_pdp/tnc_pdp.c
index 7e2e667f9af28ce222c1f07eae51ce109444c834..691136430645edfeb5f7377df2e94d8e1c8ed0af 100644 (file)
--- a/src/libcharon/plugins/tnc_pdp/tnc_pdp.c
+++ b/src/libcharon/plugins/tnc_pdp/tnc_pdp.c
@@ -293,12 +293,13 @@ static void send_response(private_tnc_pdp_t *this, radius_message_t *request,
                chunk_free(&data);
        }
        response->set_identifier(response, request->get_identifier(request));
-       response->sign(response, request->get_authenticator(request),
-                                  this->secret, this->hasher, this->signer, NULL, TRUE);
-
-       DBG1(DBG_CFG, "sending RADIUS %N to client '%H'", radius_message_code_names,
-                code, client);
-       send_message(this, response, client);
+       if (response->sign(response, request->get_authenticator(request),
+                                          this->secret, this->hasher, this->signer, NULL, TRUE))
+       {
+               DBG1(DBG_CFG, "sending RADIUS %N to client '%H'",
+                        radius_message_code_names, code, client);
+               send_message(this, response, client);
+       }
        response->destroy(response);
 }
 

diff --git a/src/libradius/radius_message.c b/src/libradius/radius_message.c
index 17fa7357b5f2afa0ebecfe208a2e24ab2ee12ebd..6291244d03ba99cf8b7eb364ed571fd8a07de2fb 100644 (file)
--- a/src/libradius/radius_message.c
+++ b/src/libradius/radius_message.c
@@ -286,7 +286,7 @@ METHOD(radius_message_t, add, void,
        this->msg->length = htons(ntohs(this->msg->length) + attribute->length);
 }
 
-METHOD(radius_message_t, sign, void,
+METHOD(radius_message_t, sign, bool,
        private_radius_message_t *this, u_int8_t *req_auth, chunk_t secret,
        hasher_t *hasher, signer_t *signer, rng_t *rng, bool msg_auth)
 {
@@ -329,6 +329,7 @@ METHOD(radius_message_t, sign, void,
                hasher->get_hash(hasher, msg, NULL);
                hasher->get_hash(hasher, secret, this->msg->authenticator);
        }
+       return TRUE;
 }
 
 METHOD(radius_message_t, verify, bool,

diff --git a/src/libradius/radius_message.h b/src/libradius/radius_message.h
index 6d0df53c35c164b2a89e557f55a135c4a407898f..f9c57c5ef8ce05c3fad6ab5d20ee18902a234efd 100644 (file)
--- a/src/libradius/radius_message.h
+++ b/src/libradius/radius_message.h
@@ -257,8 +257,9 @@ struct radius_message_t {
         * @param hasher                MD5 hasher
         * @param rng                   RNG to create Request-Authenticator, NULL to omit
         * @param msg_auth              calculate and add Message-Authenticator
+        * @return                              TRUE if signed successfully
         */
-       void (*sign)(radius_message_t *this, u_int8_t *req_auth, chunk_t secret,
+       bool (*sign)(radius_message_t *this, u_int8_t *req_auth, chunk_t secret,
                                 hasher_t *hasher, signer_t *signer, rng_t *rng, bool msg_auth);
 
        /**

diff --git a/src/libradius/radius_socket.c b/src/libradius/radius_socket.c
index 048c8814e5d06e1092bf73d21fae5911a4077ecf..143f99e00a8ddcc84b372d97e0d0f69df4483687 100644 (file)
--- a/src/libradius/radius_socket.c
+++ b/src/libradius/radius_socket.c
@@ -148,8 +148,11 @@ METHOD(radius_socket_t, request, radius_message_t*,
        /* set Message Identifier */
        request->set_identifier(request, this->identifier++);
        /* sign the request */
-       request->sign(request, NULL, this->secret, this->hasher, this->signer,
-                                                  rng, rng != NULL);
+       if (!request->sign(request, NULL, this->secret, this->hasher, this->signer,
+                                          rng, rng != NULL))
+       {
+               return NULL;
+       }
 
        if (!check_connection(this, fd, port))
        {