diff options
| author | Martin Willi <martin@revosec.ch> | 2012-07-05 18:21:58 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2012-07-16 14:53:33 +0200 |
| commit | 2e96de60a8e943a9c0d08e14428aa881789dc7c4 (patch) | |
| tree | 00425899227976029e554783ad10b37e2d9ea887 /src | |
| parent | 5fb719e0de156f6940b7475f444b2d36ebbf7c8d (diff) | |
| download | strongswan-2e96de60a8e943a9c0d08e14428aa881789dc7c4.tar.bz2 strongswan-2e96de60a8e943a9c0d08e14428aa881789dc7c4.tar.xz | |
Add a return value to signer_t.get_signature()
Diffstat (limited to 'src')
| -rw-r--r-- | src/libradius/radius_message.c | 7 | ||||
| -rw-r--r-- | src/libsimaka/simaka_message.c | 5 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/aead.c | 20 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/crypto_tester.c | 23 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/signers/mac_signer.c | 3 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/signers/signer.h | 4 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/af_alg/af_alg_signer.c | 16 | ||||
| -rw-r--r-- | src/libtls/tls_protection.c | 17 |
8 files changed, 63 insertions, 32 deletions
diff --git a/src/libradius/radius_message.c b/src/libradius/radius_message.c index 6291244d0..a09729c9b 100644 --- a/src/libradius/radius_message.c +++ b/src/libradius/radius_message.c @@ -315,9 +315,12 @@ METHOD(radius_message_t, sign, bool, /* build Message-Authenticator attribute, using 16 null bytes */ memset(buf, 0, sizeof(buf)); add(this, RAT_MESSAGE_AUTHENTICATOR, chunk_create(buf, sizeof(buf))); - signer->get_signature(signer, + if (!signer->get_signature(signer, chunk_create((u_char*)this->msg, ntohs(this->msg->length)), - ((u_char*)this->msg) + ntohs(this->msg->length) - HASH_SIZE_MD5); + ((u_char*)this->msg) + ntohs(this->msg->length) - HASH_SIZE_MD5)) + { + return FALSE; + } } if (!rng) diff --git a/src/libsimaka/simaka_message.c b/src/libsimaka/simaka_message.c index 745f4d76c..50bd8b565 100644 --- a/src/libsimaka/simaka_message.c +++ b/src/libsimaka/simaka_message.c @@ -822,7 +822,10 @@ METHOD(simaka_message_t, generate, bool, if (mac.len) { data = chunk_cata("cc", out, sigdata); - signer->get_signature(signer, data, mac.ptr); + if (!signer->get_signature(signer, data, mac.ptr)) + { + return FALSE; + } } call_hook(this, FALSE, FALSE); diff --git a/src/libstrongswan/crypto/aead.c b/src/libstrongswan/crypto/aead.c index ede2a8132..9ef4f34f3 100644 --- a/src/libstrongswan/crypto/aead.c +++ b/src/libstrongswan/crypto/aead.c @@ -46,8 +46,11 @@ METHOD(aead_t, encrypt, bool, { chunk_t encr, sig; - this->signer->get_signature(this->signer, assoc, NULL); - this->signer->get_signature(this->signer, iv, NULL); + if (!this->signer->get_signature(this->signer, assoc, NULL) || + !this->signer->get_signature(this->signer, iv, NULL)) + { + return FALSE; + } if (encrypted) { @@ -61,7 +64,11 @@ METHOD(aead_t, encrypt, bool, else { this->crypter->encrypt(this->crypter, plain, iv, NULL); - this->signer->get_signature(this->signer, plain, plain.ptr + plain.len); + if (!this->signer->get_signature(this->signer, + plain, plain.ptr + plain.len)) + { + return FALSE; + } } return TRUE; } @@ -84,8 +91,11 @@ METHOD(aead_t, decrypt, bool, chunk_split(encrypted, "mm", encrypted.len - sig.len, &encrypted, sig.len, &sig); - this->signer->get_signature(this->signer, assoc, NULL); - this->signer->get_signature(this->signer, iv, NULL); + if (!this->signer->get_signature(this->signer, assoc, NULL) || + !this->signer->get_signature(this->signer, iv, NULL)) + { + return FALSE; + } if (!this->signer->verify_signature(this->signer, encrypted, sig)) { DBG1(DBG_LIB, "MAC verification failed"); diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c index 73be38484..756aa71f8 100644 --- a/src/libstrongswan/crypto/crypto_tester.c +++ b/src/libstrongswan/crypto/crypto_tester.c @@ -497,10 +497,14 @@ static u_int bench_signer(private_crypto_tester_t *this, start_timing(&start); while (end_timing(&start) < this->bench_time) { - signer->get_signature(signer, buf, mac); - runs++; - signer->verify_signature(signer, buf, chunk_from_thing(mac)); - runs++; + if (signer->get_signature(signer, buf, mac)) + { + runs++; + } + if (signer->verify_signature(signer, buf, chunk_from_thing(mac))) + { + runs++; + } } free(buf.ptr); signer->destroy(signer); @@ -561,7 +565,10 @@ METHOD(crypto_tester_t, test_signer, bool, } /* signature to existing buffer */ memset(mac.ptr, 0, mac.len); - signer->get_signature(signer, data, mac.ptr); + if (!signer->get_signature(signer, data, mac.ptr)) + { + failed = TRUE; + } if (!memeq(vector->mac, mac.ptr, mac.len)) { failed = TRUE; @@ -585,7 +592,11 @@ METHOD(crypto_tester_t, test_signer, bool, { failed = TRUE; } - signer->get_signature(signer, chunk_create(data.ptr + 1, 1), NULL); + if (!signer->get_signature(signer, + chunk_create(data.ptr + 1, 1), NULL)) + { + failed = TRUE; + } if (!signer->verify_signature(signer, chunk_skip(data, 2), chunk_create(vector->mac, mac.len))) { diff --git a/src/libstrongswan/crypto/signers/mac_signer.c b/src/libstrongswan/crypto/signers/mac_signer.c index 05009debb..ef85860b4 100644 --- a/src/libstrongswan/crypto/signers/mac_signer.c +++ b/src/libstrongswan/crypto/signers/mac_signer.c @@ -40,7 +40,7 @@ struct private_signer_t { size_t truncation; }; -METHOD(signer_t, get_signature, void, +METHOD(signer_t, get_signature, bool, private_signer_t *this, chunk_t data, u_int8_t *buffer) { if (buffer == NULL) @@ -54,6 +54,7 @@ METHOD(signer_t, get_signature, void, this->mac->get_mac(this->mac, data, mac); memcpy(buffer, mac, this->truncation); } + return TRUE; } METHOD(signer_t, allocate_signature, bool, diff --git a/src/libstrongswan/crypto/signers/signer.h b/src/libstrongswan/crypto/signers/signer.h index 14b65ca0d..af1820907 100644 --- a/src/libstrongswan/crypto/signers/signer.h +++ b/src/libstrongswan/crypto/signers/signer.h @@ -91,8 +91,10 @@ struct signer_t { * * @param data a chunk containing the data to sign * @param buffer pointer where the signature will be written + * @return TRUE if signature created successfully */ - void (*get_signature) (signer_t *this, chunk_t data, u_int8_t *buffer); + __attribute__((warn_unused_result)) + bool (*get_signature) (signer_t *this, chunk_t data, u_int8_t *buffer); /** * Generate a signature and allocate space for it. diff --git a/src/libstrongswan/plugins/af_alg/af_alg_signer.c b/src/libstrongswan/plugins/af_alg/af_alg_signer.c index 103baa677..83d0e6f84 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_signer.c +++ b/src/libstrongswan/plugins/af_alg/af_alg_signer.c @@ -107,10 +107,11 @@ static size_t lookup_alg(integrity_algorithm_t algo, char **name, return 0; } -METHOD(signer_t, get_signature, void, +METHOD(signer_t, get_signature, bool, private_af_alg_signer_t *this, chunk_t data, u_int8_t *buffer) { this->ops->hash(this->ops, data, buffer, this->block_size); + return TRUE; } METHOD(signer_t, allocate_signature, bool, @@ -119,13 +120,9 @@ METHOD(signer_t, allocate_signature, bool, if (chunk) { *chunk = chunk_alloc(this->block_size); - get_signature(this, data, chunk->ptr); - } - else - { - get_signature(this, data, NULL); + return get_signature(this, data, chunk->ptr); } - return TRUE; + return get_signature(this, data, NULL); } METHOD(signer_t, verify_signature, bool, @@ -137,7 +134,10 @@ METHOD(signer_t, verify_signature, bool, { return FALSE; } - get_signature(this, data, sig); + if (!get_signature(this, data, sig)) + { + return FALSE; + } return memeq(signature.ptr, sig, signature.len); } diff --git a/src/libtls/tls_protection.c b/src/libtls/tls_protection.c index c81c0ba84..7120ca83e 100644 --- a/src/libtls/tls_protection.c +++ b/src/libtls/tls_protection.c @@ -93,7 +93,7 @@ struct private_tls_protection_t { /** * Create the header and feed it into a signer for MAC verification */ -static void sigheader(signer_t *signer, u_int32_t seq, u_int8_t type, +static bool sigheader(signer_t *signer, u_int32_t seq, u_int8_t type, u_int16_t version, u_int16_t length) { /* we only support 32 bit sequence numbers, but TLS uses 64 bit */ @@ -110,7 +110,7 @@ static void sigheader(signer_t *signer, u_int32_t seq, u_int8_t type, htoun16(&header.version, version); htoun16(&header.length, length); - signer->get_signature(signer, chunk_from_thing(header), NULL); + return signer->get_signature(signer, chunk_from_thing(header), NULL); } METHOD(tls_protection_t, process, status_t, @@ -180,8 +180,9 @@ METHOD(tls_protection_t, process, status_t, mac = chunk_skip(data, data.len - bs); data.len -= bs; - sigheader(this->signer_in, this->seq_in, type, this->version, data.len); - if (!this->signer_in->verify_signature(this->signer_in, data, mac)) + if (!sigheader(this->signer_in, this->seq_in, type, + this->version, data.len) || + !this->signer_in->verify_signature(this->signer_in, data, mac)) { DBG1(DBG_TLS, "TLS record MAC verification failed"); this->alert->add(this->alert, TLS_FATAL, TLS_BAD_RECORD_MAC); @@ -218,10 +219,10 @@ METHOD(tls_protection_t, build, status_t, { chunk_t mac; - sigheader(this->signer_out, this->seq_out, *type, - this->version, data->len); - if (!this->signer_out->allocate_signature(this->signer_out, - *data, &mac)) + if (!sigheader(this->signer_out, this->seq_out, *type, + this->version, data->len) || + !this->signer_out->allocate_signature(this->signer_out, + *data, &mac)) { return FAILED; } |