Add a return value to signer_t.set_key()

10 files changed, 56 insertions, 20 deletions

diff --git a/src/libcharon/plugins/eap_radius/eap_radius_dae.c b/src/libcharon/plugins/eap_radius/eap_radius_dae.c
index 75b7b70a7..2ea2b059c 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius_dae.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius_dae.c
@@ -526,9 +526,8 @@ eap_radius_dae_t *eap_radius_dae_create(eap_radius_accounting_t *accounting)
 		return NULL;
 	}
 	this->secret.len = strlen(this->secret.ptr);
-	this->signer->set_key(this->signer, this->secret);
-
-	if (!open_socket(this))
+	if (!this->signer->set_key(this->signer, this->secret) ||
+		!open_socket(this))
 	{
 		destroy(this);
 		return NULL;
diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c
index 2275aad6f..be047d717 100644
--- a/src/libcharon/sa/ikev2/keymat_v2.c
+++ b/src/libcharon/sa/ikev2/keymat_v2.c
@@ -166,12 +166,24 @@ static bool derive_ike_traditional(private_keymat_v2_t *this, u_int16_t enc_alg,
 
 	prf_plus->allocate_bytes(prf_plus, key_size, &key);
 	DBG4(DBG_IKE, "Sk_ai secret %B", &key);
-	signer_i->set_key(signer_i, key);
+	if (!signer_i->set_key(signer_i, key))
+	{
+		signer_i->destroy(signer_i);
+		signer_r->destroy(signer_r);
+		chunk_clear(&key);
+		return FALSE;
+	}
 	chunk_clear(&key);
 
 	prf_plus->allocate_bytes(prf_plus, key_size, &key);
 	DBG4(DBG_IKE, "Sk_ar secret %B", &key);
-	signer_r->set_key(signer_r, key);
+	if (!signer_r->set_key(signer_r, key))
+	{
+		signer_i->destroy(signer_i);
+		signer_r->destroy(signer_r);
+		chunk_clear(&key);
+		return FALSE;
+	}
 	chunk_clear(&key);
 
 	/* SK_ei/SK_er used for encryption */
diff --git a/src/libradius/radius_socket.c b/src/libradius/radius_socket.c
index 143f99e00..3113ffff8 100644
--- a/src/libradius/radius_socket.c
+++ b/src/libradius/radius_socket.c
@@ -361,14 +361,14 @@ radius_socket_t *radius_socket_create(char *address, u_int16_t auth_port,
 		.rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK),
 	);
 
-	if (!this->hasher || !this->signer || !this->rng)
+	if (!this->hasher || !this->signer || !this->rng ||
+		!this->signer->set_key(this->signer, secret))
 	{
 		DBG1(DBG_CFG, "RADIUS initialization failed, HMAC/MD5/RNG required");
 		destroy(this);
 		return NULL;
 	}
 	this->secret = secret;
-	this->signer->set_key(this->signer, secret);
 	/* we use a random identifier, helps if we restart often */
 	this->identifier = random();
 
diff --git a/src/libsimaka/simaka_crypto.c b/src/libsimaka/simaka_crypto.c
index f6b177d51..0a92cb342 100644
--- a/src/libsimaka/simaka_crypto.c
+++ b/src/libsimaka/simaka_crypto.c
@@ -140,7 +140,11 @@ METHOD(simaka_crypto_t, derive_keys_full, bool,
 	k_auth = chunk_create(str.ptr + KENCR_LEN, KAUTH_LEN);
 	DBG3(DBG_LIB, "K_encr %B\nK_auth %B\nMSK %B", &k_encr, &k_auth, &msk);
 
-	this->signer->set_key(this->signer, k_auth);
+	if (!this->signer->set_key(this->signer, k_auth))
+	{
+		chunk_clear(mk);
+		return FALSE;
+	}
 	this->crypter->set_key(this->crypter, k_encr);
 
 	*msk = chunk_create(str.ptr + KENCR_LEN + KAUTH_LEN, MSK_LEN);
@@ -168,7 +172,10 @@ METHOD(simaka_crypto_t, derive_keys_reauth, bool,
 	k_auth = chunk_create(str.ptr + KENCR_LEN, KAUTH_LEN);
 	DBG3(DBG_LIB, "K_encr %B\nK_auth %B", &k_encr, &k_auth);
 
-	this->signer->set_key(this->signer, k_auth);
+	if (!this->signer->set_key(this->signer, k_auth))
+	{
+		return FALSE;
+	}
 	this->crypter->set_key(this->crypter, k_encr);
 
 	call_hook(this, k_encr, k_auth);
diff --git a/src/libstrongswan/crypto/aead.c b/src/libstrongswan/crypto/aead.c
index 9ef4f34f3..4afdf21d1 100644
--- a/src/libstrongswan/crypto/aead.c
+++ b/src/libstrongswan/crypto/aead.c
@@ -138,7 +138,10 @@ METHOD(aead_t, set_key, bool,
 	chunk_split(key, "mm", this->signer->get_key_size(this->signer), &sig,
 				this->crypter->get_key_size(this->crypter), &enc);
 
-	this->signer->set_key(this->signer, sig);
+	if (!this->signer->set_key(this->signer, sig))
+	{
+		return FALSE;
+	}
 	this->crypter->set_key(this->crypter, enc);
 
 	return TRUE;
diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c
index 756aa71f8..b97855325 100644
--- a/src/libstrongswan/crypto/crypto_tester.c
+++ b/src/libstrongswan/crypto/crypto_tester.c
@@ -488,7 +488,10 @@ static u_int bench_signer(private_crypto_tester_t *this,
 		u_int runs;
 
 		memset(key, 0x12, sizeof(key));
-		signer->set_key(signer, chunk_from_thing(key));
+		if (!signer->set_key(signer, chunk_from_thing(key)))
+		{
+			return 0;
+		}
 
 		buf = chunk_alloc(this->bench_size);
 		memset(buf.ptr, 0x34, buf.len);
@@ -547,8 +550,10 @@ METHOD(crypto_tester_t, test_signer, bool,
 		failed = FALSE;
 
 		key = chunk_create(vector->key, signer->get_key_size(signer));
-		signer->set_key(signer, key);
-
+		if (!signer->set_key(signer, key))
+		{
+			failed = TRUE;
+		}
 		/* allocated signature */
 		data = chunk_create(vector->data, vector->len);
 		if (!signer->allocate_signature(signer, data, &mac))
diff --git a/src/libstrongswan/crypto/signers/mac_signer.c b/src/libstrongswan/crypto/signers/mac_signer.c
index ef85860b4..36415e9d5 100644
--- a/src/libstrongswan/crypto/signers/mac_signer.c
+++ b/src/libstrongswan/crypto/signers/mac_signer.c
@@ -101,10 +101,11 @@ METHOD(signer_t, get_block_size, size_t,
 	return this->truncation;
 }
 
-METHOD(signer_t, set_key, void,
+METHOD(signer_t, set_key, bool,
 	private_signer_t *this, chunk_t key)
 {
 	this->mac->set_key(this->mac, key);
+	return TRUE;
 }
 
 METHOD(signer_t, destroy, void,
diff --git a/src/libstrongswan/crypto/signers/signer.h b/src/libstrongswan/crypto/signers/signer.h
index af1820907..812a674ee 100644
--- a/src/libstrongswan/crypto/signers/signer.h
+++ b/src/libstrongswan/crypto/signers/signer.h
@@ -140,8 +140,10 @@ struct signer_t {
 	 * Set the key for this object.
 	 *
 	 * @param key		key to set
+	 * @return			TRUE if key set
 	 */
-	void (*set_key) (signer_t *this, chunk_t key);
+	__attribute__((warn_unused_result))
+	bool (*set_key) (signer_t *this, chunk_t key);
 
 	/**
 	 * Destroys a signer_t object.
diff --git a/src/libstrongswan/plugins/af_alg/af_alg_signer.c b/src/libstrongswan/plugins/af_alg/af_alg_signer.c
index 83d0e6f84..9d32b496a 100644
--- a/src/libstrongswan/plugins/af_alg/af_alg_signer.c
+++ b/src/libstrongswan/plugins/af_alg/af_alg_signer.c
@@ -153,10 +153,11 @@ METHOD(signer_t, get_block_size, size_t,
 	return this->block_size;
 }
 
-METHOD(signer_t, set_key, void,
+METHOD(signer_t, set_key, bool,
 	private_af_alg_signer_t *this, chunk_t key)
 {
 	this->ops->set_key(this->ops, key);
+	return TRUE;
 }
 
 METHOD(signer_t, destroy, void,
diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c
index 61632e78f..b8df3deb7 100644
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@@ -1522,13 +1522,19 @@ static bool expand_keys(private_tls_crypto_t *this,
 	block = chunk_skip(block, mks);
 	if (this->tls->is_server(this->tls))
 	{
-		this->signer_in->set_key(this->signer_in, client_write);
-		this->signer_out->set_key(this->signer_out, server_write);
+		if (!this->signer_in->set_key(this->signer_in, client_write) ||
+			!this->signer_out->set_key(this->signer_out, server_write))
+		{
+			return FALSE;
+		}
 	}
 	else
 	{
-		this->signer_out->set_key(this->signer_out, client_write);
-		this->signer_in->set_key(this->signer_in, server_write);
+		if (!this->signer_out->set_key(this->signer_out, client_write) ||
+			!this->signer_in->set_key(this->signer_in, server_write))
+		{
+			return FALSE;
+		}
 	}
 
 	/* crypter keys, and IVs if < TLSv1.2 */