diff options
| author | Martin Willi <martin@revosec.ch> | 2012-07-06 08:24:24 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2012-07-16 14:53:33 +0200 |
| commit | 5d79e6c6b4de830825b9c5cbb35f808b22bf351c (patch) | |
| tree | 3f91301856015bd8e673547e747cdec6b7214902 | |
| parent | 2d56575d5284c3e018104ea16c22be363bad2682 (diff) | |
| download | strongswan-5d79e6c6b4de830825b9c5cbb35f808b22bf351c.tar.bz2 strongswan-5d79e6c6b4de830825b9c5cbb35f808b22bf351c.tar.xz | |
Add a return value to prf_plus_t.allocate_bytes()
| -rw-r--r-- | src/libcharon/sa/ikev1/keymat_v1.c | 18 | ||||
| -rw-r--r-- | src/libcharon/sa/ikev2/keymat_v2.c | 75 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/prf_plus.c | 3 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/prf_plus.h | 4 |
4 files changed, 81 insertions, 19 deletions
diff --git a/src/libcharon/sa/ikev1/keymat_v1.c b/src/libcharon/sa/ikev1/keymat_v1.c index 11f7c938b..3cc944c1d 100644 --- a/src/libcharon/sa/ikev1/keymat_v1.c +++ b/src/libcharon/sa/ikev1/keymat_v1.c @@ -614,16 +614,26 @@ METHOD(keymat_v1_t, derive_child_keys, bool, DBG4(DBG_CHD, "initiator SA seed %B", &seed); prf_plus = prf_plus_create(this->prf, FALSE, seed); - prf_plus->allocate_bytes(prf_plus, enc_size, encr_i); - prf_plus->allocate_bytes(prf_plus, int_size, integ_i); + if (!prf_plus->allocate_bytes(prf_plus, enc_size, encr_i) || + !prf_plus->allocate_bytes(prf_plus, int_size, integ_i)) + { + prf_plus->destroy(prf_plus); + chunk_clear(&secret); + return FALSE; + } prf_plus->destroy(prf_plus); seed = chunk_cata("ccccc", secret, chunk_from_thing(protocol), chunk_from_thing(spi_i), nonce_i, nonce_r); DBG4(DBG_CHD, "responder SA seed %B", &seed); prf_plus = prf_plus_create(this->prf, FALSE, seed); - prf_plus->allocate_bytes(prf_plus, enc_size, encr_r); - prf_plus->allocate_bytes(prf_plus, int_size, integ_r); + if (!prf_plus->allocate_bytes(prf_plus, enc_size, encr_r) || + !prf_plus->allocate_bytes(prf_plus, int_size, integ_r)) + { + prf_plus->destroy(prf_plus); + chunk_clear(&secret); + return FALSE; + } prf_plus->destroy(prf_plus); chunk_clear(&secret); diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c index be047d717..55af8f1ec 100644 --- a/src/libcharon/sa/ikev2/keymat_v2.c +++ b/src/libcharon/sa/ikev2/keymat_v2.c @@ -110,7 +110,10 @@ static bool derive_ike_aead(private_keymat_v2_t *this, u_int16_t alg, } key_size = aead_i->get_key_size(aead_i); - prf_plus->allocate_bytes(prf_plus, key_size, &key); + if (!prf_plus->allocate_bytes(prf_plus, key_size, &key)) + { + return FALSE; + } DBG4(DBG_IKE, "Sk_ei secret %B", &key); if (!aead_i->set_key(aead_i, key)) { @@ -119,7 +122,10 @@ static bool derive_ike_aead(private_keymat_v2_t *this, u_int16_t alg, } chunk_clear(&key); - prf_plus->allocate_bytes(prf_plus, key_size, &key); + if (!prf_plus->allocate_bytes(prf_plus, key_size, &key)) + { + return FALSE; + } DBG4(DBG_IKE, "Sk_er secret %B", &key); if (!aead_r->set_key(aead_r, key)) { @@ -164,7 +170,12 @@ static bool derive_ike_traditional(private_keymat_v2_t *this, u_int16_t enc_alg, } key_size = signer_i->get_key_size(signer_i); - prf_plus->allocate_bytes(prf_plus, key_size, &key); + if (!prf_plus->allocate_bytes(prf_plus, key_size, &key)) + { + signer_i->destroy(signer_i); + signer_r->destroy(signer_r); + return FALSE; + } DBG4(DBG_IKE, "Sk_ai secret %B", &key); if (!signer_i->set_key(signer_i, key)) { @@ -175,7 +186,12 @@ static bool derive_ike_traditional(private_keymat_v2_t *this, u_int16_t enc_alg, } chunk_clear(&key); - prf_plus->allocate_bytes(prf_plus, key_size, &key); + if (!prf_plus->allocate_bytes(prf_plus, key_size, &key)) + { + signer_i->destroy(signer_i); + signer_r->destroy(signer_r); + return FALSE; + } DBG4(DBG_IKE, "Sk_ar secret %B", &key); if (!signer_r->set_key(signer_r, key)) { @@ -200,12 +216,26 @@ static bool derive_ike_traditional(private_keymat_v2_t *this, u_int16_t enc_alg, } key_size = crypter_i->get_key_size(crypter_i); - prf_plus->allocate_bytes(prf_plus, key_size, &key); + if (!prf_plus->allocate_bytes(prf_plus, key_size, &key)) + { + crypter_i->destroy(crypter_i); + crypter_r->destroy(crypter_r); + signer_i->destroy(signer_i); + signer_r->destroy(signer_r); + return FALSE; + } DBG4(DBG_IKE, "Sk_ei secret %B", &key); crypter_i->set_key(crypter_i, key); chunk_clear(&key); - prf_plus->allocate_bytes(prf_plus, key_size, &key); + if (!prf_plus->allocate_bytes(prf_plus, key_size, &key)) + { + crypter_i->destroy(crypter_i); + crypter_r->destroy(crypter_r); + signer_i->destroy(signer_i); + signer_r->destroy(signer_r); + return FALSE; + } DBG4(DBG_IKE, "Sk_er secret %B", &key); crypter_r->set_key(crypter_r, key); chunk_clear(&key); @@ -329,7 +359,12 @@ METHOD(keymat_v2_t, derive_ike_keys, bool, /* SK_d is used for generating CHILD_SA key mat => store for later use */ key_size = this->prf->get_key_size(this->prf); - prf_plus->allocate_bytes(prf_plus, key_size, &this->skd); + if (!prf_plus->allocate_bytes(prf_plus, key_size, &this->skd)) + { + prf_plus->destroy(prf_plus); + DESTROY_IF(rekey_prf); + return FALSE; + } DBG4(DBG_IKE, "Sk_d secret %B", &this->skd); if (!proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &alg, &key_size)) @@ -371,7 +406,12 @@ METHOD(keymat_v2_t, derive_ike_keys, bool, /* SK_pi/SK_pr used for authentication => stored for later */ key_size = this->prf->get_key_size(this->prf); - prf_plus->allocate_bytes(prf_plus, key_size, &key); + if (!prf_plus->allocate_bytes(prf_plus, key_size, &key)) + { + prf_plus->destroy(prf_plus); + DESTROY_IF(rekey_prf); + return FALSE; + } DBG4(DBG_IKE, "Sk_pi secret %B", &key); if (this->initiator) { @@ -381,7 +421,12 @@ METHOD(keymat_v2_t, derive_ike_keys, bool, { this->skp_verify = key; } - prf_plus->allocate_bytes(prf_plus, key_size, &key); + if (!prf_plus->allocate_bytes(prf_plus, key_size, &key)) + { + prf_plus->destroy(prf_plus); + DESTROY_IF(rekey_prf); + return FALSE; + } DBG4(DBG_IKE, "Sk_pr secret %B", &key); if (this->initiator) { @@ -484,10 +529,14 @@ METHOD(keymat_v2_t, derive_child_keys, bool, this->prf->set_key(this->prf, this->skd); prf_plus = prf_plus_create(this->prf, TRUE, seed); - prf_plus->allocate_bytes(prf_plus, enc_size, encr_i); - prf_plus->allocate_bytes(prf_plus, int_size, integ_i); - prf_plus->allocate_bytes(prf_plus, enc_size, encr_r); - prf_plus->allocate_bytes(prf_plus, int_size, integ_r); + if (!prf_plus->allocate_bytes(prf_plus, enc_size, encr_i) || + !prf_plus->allocate_bytes(prf_plus, int_size, integ_i) || + !prf_plus->allocate_bytes(prf_plus, enc_size, encr_r) || + !prf_plus->allocate_bytes(prf_plus, int_size, integ_r)) + { + prf_plus->destroy(prf_plus); + return FALSE; + } prf_plus->destroy(prf_plus); diff --git a/src/libstrongswan/crypto/prf_plus.c b/src/libstrongswan/crypto/prf_plus.c index 0f06ede83..8ddacfe6e 100644 --- a/src/libstrongswan/crypto/prf_plus.c +++ b/src/libstrongswan/crypto/prf_plus.c @@ -89,7 +89,7 @@ METHOD(prf_plus_t, get_bytes, void, } } -METHOD(prf_plus_t, allocate_bytes, void, +METHOD(prf_plus_t, allocate_bytes, bool, private_prf_plus_t *this, size_t length, chunk_t *chunk) { if (length) @@ -101,6 +101,7 @@ METHOD(prf_plus_t, allocate_bytes, void, { *chunk = chunk_empty; } + return TRUE; } METHOD(prf_plus_t, destroy, void, diff --git a/src/libstrongswan/crypto/prf_plus.h b/src/libstrongswan/crypto/prf_plus.h index 668f12c02..72009da89 100644 --- a/src/libstrongswan/crypto/prf_plus.h +++ b/src/libstrongswan/crypto/prf_plus.h @@ -44,8 +44,10 @@ struct prf_plus_t { * * @param length number of bytes to get * @param chunk chunk which will hold generated bytes + * @return TRUE if bytes allocated successfully */ - void (*allocate_bytes) (prf_plus_t *this, size_t length, chunk_t *chunk); + __attribute__((warn_unused_result)) + bool (*allocate_bytes) (prf_plus_t *this, size_t length, chunk_t *chunk); /** * Destroys a prf_plus_t object. |