diff options
| author | Martin Willi <martin@revosec.ch> | 2012-07-09 17:15:52 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2012-07-16 14:55:06 +0200 |
| commit | 87dd205b61ae8c0125b459959fcc7349fa27bb74 (patch) | |
| tree | a6c138a105bf40ce5a4b1b60047ed3a76cbe22ca /src | |
| parent | e185612dd8011ca4f3de460640f74e6a652cbf32 (diff) | |
| download | strongswan-87dd205b61ae8c0125b459959fcc7349fa27bb74.tar.bz2 strongswan-87dd205b61ae8c0125b459959fcc7349fa27bb74.tar.xz | |
Add a return value to hasher_t.allocate_hash()
Diffstat (limited to 'src')
40 files changed, 270 insertions, 150 deletions
diff --git a/src/libcharon/plugins/eap_md5/eap_md5.c b/src/libcharon/plugins/eap_md5/eap_md5.c index 7f2b5874d..b2640d104 100644 --- a/src/libcharon/plugins/eap_md5/eap_md5.c +++ b/src/libcharon/plugins/eap_md5/eap_md5.c @@ -100,7 +100,11 @@ static status_t hash_challenge(private_eap_md5_t *this, chunk_t *response, DBG1(DBG_IKE, "EAP-MD5 failed, MD5 not supported"); return FAILED; } - hasher->allocate_hash(hasher, concat, response); + if (!hasher->allocate_hash(hasher, concat, response)) + { + hasher->destroy(hasher); + return FAILED; + } hasher->destroy(hasher); return SUCCESS; } diff --git a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c index dd6f56fd9..8ae20783d 100644 --- a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c +++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c @@ -281,7 +281,11 @@ static status_t NtPasswordHash(chunk_t password, chunk_t *password_hash) DBG1(DBG_IKE, "EAP-MS-CHAPv2 failed, no MD4 hasher available"); return FAILED; } - hasher->allocate_hash(hasher, password, password_hash); + if (!hasher->allocate_hash(hasher, password, password_hash)) + { + hasher->destroy(hasher); + return FAILED; + } hasher->destroy(hasher); return SUCCESS; } @@ -302,7 +306,11 @@ static status_t ChallengeHash(chunk_t peer_challenge, chunk_t server_challenge, return FAILED; } concat = chunk_cata("ccc", peer_challenge, server_challenge, username); - hasher->allocate_hash(hasher, concat, challenge_hash); + if (!hasher->allocate_hash(hasher, concat, challenge_hash)) + { + hasher->destroy(hasher); + return FAILED; + } hasher->destroy(hasher); /* we need only the first 8 octets */ challenge_hash->len = 8; @@ -382,10 +390,17 @@ static status_t AuthenticatorResponse(chunk_t password_hash_hash, } concat = chunk_cata("ccc", password_hash_hash, nt_response, magic1); - hasher->allocate_hash(hasher, concat, &digest); + if (!hasher->allocate_hash(hasher, concat, &digest)) + { + hasher->destroy(hasher); + return FAILED; + } concat = chunk_cata("ccc", digest, challenge_hash, magic2); - hasher->allocate_hash(hasher, concat, response); - + if (!hasher->allocate_hash(hasher, concat, response)) + { + hasher->destroy(hasher); + return FAILED; + } hasher->destroy(hasher); chunk_free(&digest); return SUCCESS; @@ -434,7 +449,9 @@ static status_t GenerateMSK(chunk_t password_hash_hash, chunk_t keypad = chunk_from_chars( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00); - chunk_t concat, master_key, master_receive_key, master_send_key; + char master_key[HASH_SIZE_SHA1]; + char master_receive_key[HASH_SIZE_SHA1], master_send_key[HASH_SIZE_SHA1]; + chunk_t concat, master; hasher_t *hasher; hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); @@ -444,24 +461,22 @@ static status_t GenerateMSK(chunk_t password_hash_hash, return FAILED; } + master = chunk_create(master_key, 16); concat = chunk_cata("ccc", password_hash_hash, nt_response, magic1); - hasher->allocate_hash(hasher, concat, &master_key); - master_key.len = 16; - - concat = chunk_cata("cccc", master_key, shapad1, magic2, shapad2); - hasher->allocate_hash(hasher, concat, &master_receive_key); - master_receive_key.len = 16; - - concat = chunk_cata("cccc", master_key, shapad1, magic3, shapad2); - hasher->allocate_hash(hasher, concat, &master_send_key); - master_send_key.len = 16; + concat = chunk_cata("cccc", master, shapad1, magic2, shapad2); + concat = chunk_cata("cccc", master, shapad1, magic3, shapad2); + if (!hasher->get_hash(hasher, concat, master_key) || + !hasher->get_hash(hasher, concat, master_receive_key) || + !hasher->get_hash(hasher, concat, master_send_key)) + { + hasher->destroy(hasher); + return FAILED; + } - *msk = chunk_cat("cccc", master_receive_key, master_send_key, keypad, keypad); + *msk = chunk_cat("cccc", chunk_create(master_receive_key, 16), + chunk_create(master_send_key, 16), keypad, keypad); hasher->destroy(hasher); - chunk_free(&master_key); - chunk_free(&master_receive_key); - chunk_free(&master_send_key); return SUCCESS; } diff --git a/src/libcharon/plugins/stroke/stroke_ca.c b/src/libcharon/plugins/stroke/stroke_ca.c index e76560fa2..763b4cc0f 100644 --- a/src/libcharon/plugins/stroke/stroke_ca.c +++ b/src/libcharon/plugins/stroke/stroke_ca.c @@ -354,10 +354,12 @@ METHOD(stroke_ca_t, check_for_hash_and_url, void, if (cert->get_encoding(cert, CERT_ASN1_DER, &encoded)) { - hasher->allocate_hash(hasher, encoded, &hash); - section->hashes->insert_last(section->hashes, + if (hasher->allocate_hash(hasher, encoded, &hash)) + { + section->hashes->insert_last(section->hashes, identification_create_from_encoding(ID_KEY_ID, hash)); - chunk_free(&hash); + chunk_free(&hash); + } chunk_free(&encoded); } break; diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c index d9375a45f..563e6a66f 100644 --- a/src/libcharon/sa/ike_sa_manager.c +++ b/src/libcharon/sa/ike_sa_manager.c @@ -1164,8 +1164,13 @@ METHOD(ike_sa_manager_t, checkout_by_message, ike_sa_t*, u_int64_t our_spi; chunk_t hash; - this->hasher->allocate_hash(this->hasher, - message->get_packet_data(message), &hash); + if (!this->hasher->allocate_hash(this->hasher, + message->get_packet_data(message), &hash)) + { + DBG1(DBG_MGR, "ignoring message, failed to hash message"); + id->destroy(id); + return NULL; + } /* ensure this is not a retransmit of an already handled init message */ switch (check_and_put_init_hash(this, hash, &our_spi)) diff --git a/src/libcharon/sa/ikev1/keymat_v1.c b/src/libcharon/sa/ikev1/keymat_v1.c index 8f6da3ca4..e2db13a13 100644 --- a/src/libcharon/sa/ikev1/keymat_v1.c +++ b/src/libcharon/sa/ikev1/keymat_v1.c @@ -554,7 +554,11 @@ METHOD(keymat_v1_t, derive_ike_keys, bool, /* initial IV = hash(g^xi | g^xr) */ data = chunk_cata("cc", g_xi, g_xr); - this->hasher->allocate_hash(this->hasher, data, &this->phase1_iv.iv); + if (!this->hasher->allocate_hash(this->hasher, data, &this->phase1_iv.iv)) + { + chunk_free(&dh_me); + return FALSE; + } if (this->phase1_iv.iv.len > this->aead->get_block_size(this->aead)) { this->phase1_iv.iv.len = this->aead->get_block_size(this->aead); @@ -975,10 +979,15 @@ static bool generate_iv(private_keymat_v1_t *this, iv_data_t *iv) else { /* initial phase 2 IV = hash(last_phase1_block | mid) */ - u_int32_t net = htonl(iv->mid); - chunk_t data = chunk_cata("cc", this->phase1_iv.iv, - chunk_from_thing(net)); - this->hasher->allocate_hash(this->hasher, data, &iv->iv); + u_int32_t net;; + chunk_t data; + + net = htonl(iv->mid); + data = chunk_cata("cc", this->phase1_iv.iv, chunk_from_thing(net)); + if (!this->hasher->allocate_hash(this->hasher, data, &iv->iv)) + { + return FALSE; + } if (iv->iv.len > this->aead->get_block_size(this->aead)) { iv->iv.len = this->aead->get_block_size(this->aead); diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_natd.c b/src/libcharon/sa/ikev1/tasks/isakmp_natd.c index cd3bc21b0..50bf1612d 100644 --- a/src/libcharon/sa/ikev1/tasks/isakmp_natd.c +++ b/src/libcharon/sa/ikev1/tasks/isakmp_natd.c @@ -100,7 +100,11 @@ static chunk_t generate_natd_hash(private_isakmp_natd_t *this, natd_chunk = chunk_cata("cccc", chunk_from_thing(spi_i), chunk_from_thing(spi_r), host->get_address(host), chunk_from_thing(port)); - hasher->allocate_hash(hasher, natd_chunk, &natd_hash); + if (!hasher->allocate_hash(hasher, natd_chunk, &natd_hash)) + { + DBG1(DBG_IKE, "creating NAT-D payload hash failed"); + return chunk_empty; + } DBG3(DBG_IKE, "natd_chunk %B", &natd_chunk); DBG3(DBG_IKE, "natd_hash %B", &natd_hash); @@ -154,6 +158,10 @@ static hash_payload_t *build_natd_payload(private_isakmp_natd_t *this, bool src, ike_sa_id_t *ike_sa_id = this->ike_sa->get_id(this->ike_sa); hash = generate_natd_hash(this, ike_sa_id, host); } + if (!hash.len) + { + return NULL; + } payload = hash_payload_create(NAT_D_V1); payload->set_hash(payload, hash); chunk_free(&hash); @@ -171,14 +179,20 @@ static void add_natd_payloads(private_isakmp_natd_t *this, message_t *message) /* destination has to be added first */ host = message->get_destination(message); payload = build_natd_payload(this, FALSE, host); - message->add_payload(message, (payload_t*)payload); + if (payload) + { + message->add_payload(message, (payload_t*)payload); + } /* source is added second, compared with IKEv2 we always know the source, * as these payloads are added in the second Phase 1 exchange or the * response to the first */ host = message->get_source(message); payload = build_natd_payload(this, TRUE, host); - message->add_payload(message, (payload_t*)payload); + if (payload) + { + message->add_payload(message, (payload_t*)payload); + } } /** diff --git a/src/libcharon/sa/ikev2/connect_manager.c b/src/libcharon/sa/ikev2/connect_manager.c index 75bb8f7ea..5fdcea1ab 100644 --- a/src/libcharon/sa/ikev2/connect_manager.c +++ b/src/libcharon/sa/ikev2/connect_manager.c @@ -839,7 +839,10 @@ static chunk_t build_signature(private_connect_manager_t *this, /* signature = SHA1( MID | ME_CONNECTID | ME_ENDPOINT | ME_CONNECTKEY ) */ sig_chunk = chunk_cat("cccc", mid_chunk, check->connect_id, check->endpoint_raw, key_chunk); - this->hasher->allocate_hash(this->hasher, sig_chunk, &sig_hash); + if (!this->hasher->allocate_hash(this->hasher, sig_chunk, &sig_hash)) + { + sig_hash = chunk_empty; + } DBG3(DBG_IKE, "sig_chunk %#B", &sig_chunk); DBG3(DBG_IKE, "sig_hash %#B", &sig_hash); diff --git a/src/libcharon/sa/ikev2/tasks/ike_cert_post.c b/src/libcharon/sa/ikev2/tasks/ike_cert_post.c index 10bb4d19b..a93e5137e 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_cert_post.c +++ b/src/libcharon/sa/ikev2/tasks/ike_cert_post.c @@ -78,7 +78,12 @@ static cert_payload_t *build_cert_payload(private_ike_cert_post_t *this, hasher->destroy(hasher); return NULL; } - hasher->allocate_hash(hasher, encoded, &hash); + if (!hasher->allocate_hash(hasher, encoded, &hash)) + { + hasher->destroy(hasher); + chunk_free(&encoded); + return cert_payload_create_from_cert(CERTIFICATE, cert); + } chunk_free(&encoded); hasher->destroy(hasher); id = identification_create_from_encoding(ID_KEY_ID, hash); diff --git a/src/libcharon/sa/ikev2/tasks/ike_natd.c b/src/libcharon/sa/ikev2/tasks/ike_natd.c index 55c028686..b97b37290 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_natd.c +++ b/src/libcharon/sa/ikev2/tasks/ike_natd.c @@ -104,7 +104,10 @@ static chunk_t generate_natd_hash(private_ike_natd_t *this, /* natd_hash = SHA1( spi_i | spi_r | address | port ) */ natd_chunk = chunk_cat("cccc", spi_i_chunk, spi_r_chunk, addr_chunk, port_chunk); - this->hasher->allocate_hash(this->hasher, natd_chunk, &natd_hash); + if (!this->hasher->allocate_hash(this->hasher, natd_chunk, &natd_hash)) + { + natd_hash = chunk_empty; + } DBG3(DBG_IKE, "natd_chunk %B", &natd_chunk); DBG3(DBG_IKE, "natd_hash %B", &natd_hash); @@ -152,6 +155,10 @@ static notify_payload_t *build_natd_payload(private_ike_natd_t *this, { hash = generate_natd_hash(this, ike_sa_id, host); } + if (!hash.len) + { + return NULL; + } notify = notify_payload_create(NOTIFY); notify->set_notify_type(notify, type); notify->set_notification_data(notify, hash); @@ -298,7 +305,10 @@ METHOD(task_t, build_i, status_t, /* destination is always set */ host = message->get_destination(message); notify = build_natd_payload(this, NAT_DETECTION_DESTINATION_IP, host); - message->add_payload(message, (payload_t*)notify); + if (notify) + { + message->add_payload(message, (payload_t*)notify); + } /* source may be any, we have 3 possibilities to get our source address: * 1. It is defined in the config => use the one of the IKE_SA @@ -309,7 +319,10 @@ METHOD(task_t, build_i, status_t, if (!host->is_anyaddr(host) || ike_cfg->force_encap(ike_cfg)) { /* 1. or if we force UDP encap, as it doesn't matter if it's %any */ notify = build_natd_payload(this, NAT_DETECTION_SOURCE_IP, host); - message->add_payload(message, (payload_t*)notify); + if (notify) + { + message->add_payload(message, (payload_t*)notify); + } } else { @@ -319,7 +332,10 @@ METHOD(task_t, build_i, status_t, { /* 2. */ host->set_port(host, ike_cfg->get_my_port(ike_cfg)); notify = build_natd_payload(this, NAT_DETECTION_SOURCE_IP, host); - message->add_payload(message, (payload_t*)notify); + if (notify) + { + message->add_payload(message, (payload_t*)notify); + } host->destroy(host); } else @@ -333,7 +349,10 @@ METHOD(task_t, build_i, status_t, host->set_port(host, ike_cfg->get_my_port(ike_cfg)); notify = build_natd_payload(this, NAT_DETECTION_SOURCE_IP, host); host->destroy(host); - message->add_payload(message, (payload_t*)notify); + if (notify) + { + message->add_payload(message, (payload_t*)notify); + } } enumerator->destroy(enumerator); } @@ -365,11 +384,16 @@ METHOD(task_t, build_r, status_t, /* initiator seems to support NAT detection, add response */ me = message->get_source(message); notify = build_natd_payload(this, NAT_DETECTION_SOURCE_IP, me); - message->add_payload(message, (payload_t*)notify); - + if (notify) + { + message->add_payload(message, (payload_t*)notify); + } other = message->get_destination(message); notify = build_natd_payload(this, NAT_DETECTION_DESTINATION_IP, other); - message->add_payload(message, (payload_t*)notify); + if (notify) + { + message->add_payload(message, (payload_t*)notify); + } } return SUCCESS; } diff --git a/src/libpts/pts/pts.c b/src/libpts/pts/pts.c index 01ed196d9..16047aa08 100644 --- a/src/libpts/pts/pts.c +++ b/src/libpts/pts/pts.c @@ -287,10 +287,15 @@ METHOD(pts_t, calculate_secret, bool, hash_alg = pts_meas_algo_to_hash(this->dh_hash_algorithm); hasher = lib->crypto->create_hasher(lib->crypto, hash_alg); - hasher->allocate_hash(hasher, chunk_from_chars('1'), NULL); - hasher->allocate_hash(hasher, this->initiator_nonce, NULL); - hasher->allocate_hash(hasher, this->responder_nonce, NULL); - hasher->allocate_hash(hasher, shared_secret, &this->secret); + if (!hasher || + !hasher->get_hash(hasher, chunk_from_chars('1'), NULL) || + !hasher->get_hash(hasher, this->initiator_nonce, NULL) || + !hasher->get_hash(hasher, this->responder_nonce, NULL) || + !hasher->allocate_hash(hasher, shared_secret, &this->secret)) + { + DESTROY_IF(hasher); + return FALSE; + } hasher->destroy(hasher); /* The DH secret must be destroyed */ @@ -1073,7 +1078,12 @@ METHOD(pts_t, get_quote_info, bool, hasher = lib->crypto->create_hasher(lib->crypto, algo); /* Hash the PCR Composite Structure */ - hasher->allocate_hash(hasher, pcr_comp, out_pcr_comp); + if (!hasher || !hasher->allocate_hash(hasher, pcr_comp, out_pcr_comp)) + { + DESTROY_IF(hasher); + free(pcr_comp.ptr); + return FALSE; + } DBG3(DBG_PTS, "constructed PCR Composite hash: %#B", out_pcr_comp); hasher->destroy(hasher); } @@ -1084,7 +1094,13 @@ METHOD(pts_t, get_quote_info, bool, /* SHA1 hash of PCR Composite to construct TPM_QUOTE_INFO */ hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); - hasher->allocate_hash(hasher, pcr_comp, &hash_pcr_comp); + if (!hasher || !hasher->allocate_hash(hasher, pcr_comp, &hash_pcr_comp)) + { + DESTROY_IF(hasher); + chunk_free(out_pcr_comp); + free(pcr_comp.ptr); + return FALSE; + } hasher->destroy(hasher); /* Construct TPM_QUOTE_INFO/TPM_QUOTE_INFO2 structure */ diff --git a/src/libsimaka/simaka_crypto.c b/src/libsimaka/simaka_crypto.c index de6d1c365..898e66816 100644 --- a/src/libsimaka/simaka_crypto.c +++ b/src/libsimaka/simaka_crypto.c @@ -124,11 +124,11 @@ METHOD(simaka_crypto_t, derive_keys_full, bool, /* For SIM: MK = SHA1(Identity|n*Kc|NONCE_MT|Version List|Selected Version) * For AKA: MK = SHA1(Identity|IK|CK) */ - if (!this->hasher->get_hash(this->hasher, id->get_encoding(id), NULL)) + if (!this->hasher->get_hash(this->hasher, id->get_encoding(id), NULL) || + !this->hasher->allocate_hash(this->hasher, data, mk)) { return FALSE; } - this->hasher->allocate_hash(this->hasher, data, mk); DBG3(DBG_LIB, "MK %B", mk); /* K_encr | K_auth | MSK | EMSK = prf() | prf() | prf() | prf() */ diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c index f422a2c19..046222279 100644 --- a/src/libstrongswan/crypto/crypto_tester.c +++ b/src/libstrongswan/crypto/crypto_tester.c @@ -735,7 +735,10 @@ METHOD(crypto_tester_t, test_hasher, bool, /* allocated hash */ data = chunk_create(vector->data, vector->len); - hasher->allocate_hash(hasher, data, &hash); + if (!hasher->allocate_hash(hasher, data, &hash)) + { + failed = TRUE; + } if (hash.len != hasher->get_hash_size(hasher)) { failed = TRUE; @@ -758,8 +761,8 @@ METHOD(crypto_tester_t, test_hasher, bool, if (data.len > 2) { memset(hash.ptr, 0, hash.len); - hasher->allocate_hash(hasher, chunk_create(data.ptr, 1), NULL); - if (!hasher->get_hash(hasher, chunk_create(data.ptr + 1, 1), NULL) || + if (!hasher->allocate_hash(hasher, chunk_create(data.ptr, 1), NULL) || + !hasher->get_hash(hasher, chunk_create(data.ptr + 1, 1), NULL) || !hasher->get_hash(hasher, chunk_skip(data, 2), hash.ptr) || !memeq(vector->hash, hash.ptr, hash.len)) { diff --git a/src/libstrongswan/crypto/hashers/hasher.h b/src/libstrongswan/crypto/hashers/hasher.h index 0c72bb73b..0480fc642 100644 --- a/src/libstrongswan/crypto/hashers/hasher.h +++ b/src/libstrongswan/crypto/hashers/hasher.h @@ -94,8 +94,10 @@ struct hasher_t { * * @param data chunk with data to hash * @param hash chunk which will hold allocated hash + * @return TRUE if hash allocated successfully */ - void (*allocate_hash) (hasher_t *this, chunk_t data, chunk_t *hash); + __attribute__((warn_unused_result)) + bool (*allocate_hash) (hasher_t *this, chunk_t data, chunk_t *hash); /** * Get the size of the resulting hash. diff --git a/src/libstrongswan/crypto/pkcs7.c b/src/libstrongswan/crypto/pkcs7.c index ded388181..0ec19f2cd 100644 --- a/src/libstrongswan/crypto/pkcs7.c +++ b/src/libstrongswan/crypto/pkcs7.c @@ -421,13 +421,13 @@ end: algorithm = hasher_algorithm_from_oid(digest_alg); hasher = lib->crypto->create_hasher(lib->crypto, algorithm); - if (hasher == NULL) + if (!hasher || !hasher->allocate_hash(hasher, this->data, &hash)) { + DESTROY_IF(hasher); DBG1(DBG_LIB, "hash algorithm %N not supported", hash_algorithm_names, algorithm); return FALSE; } - hasher->allocate_hash(hasher, this->data, &hash); hasher->destroy(hasher); DBG3(DBG_LIB, "hash: %B", &hash); @@ -921,13 +921,14 @@ METHOD(pkcs7_t, build_signedData, bool, time_t now; hasher = lib->crypto->create_hasher(lib->crypto, alg); - if (hasher == NULL) + if (!hasher || + !hasher->allocate_hash(hasher, this->data, &messageDigest)) { + DESTROY_IF(hasher); DBG1(DBG_LIB, " hash algorithm %N not support", hash_algorithm_names, alg); return FALSE; } - hasher->allocate_hash(hasher, this->data, &messageDigest); hasher->destroy(hasher); this->attributes->set_attribute(this->attributes, OID_PKCS9_MESSAGE_DIGEST, diff --git a/src/libstrongswan/plugins/af_alg/af_alg_hasher.c b/src/libstrongswan/plugins/af_alg/af_alg_hasher.c index fd2db0db5..95cdc613c 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_hasher.c +++ b/src/libstrongswan/plugins/af_alg/af_alg_hasher.c @@ -112,18 +112,15 @@ METHOD(hasher_t, get_hash, bool, return TRUE; } -METHOD(hasher_t, allocate_hash, void, +METHOD(hasher_t, allocate_hash, bool, private_af_alg_hasher_t *this, chunk_t chunk, chunk_t *hash) { if (hash) { *hash = chunk_alloc(get_hash_size(this)); - get_hash(this, chunk, hash->ptr); - } - else - { - get_hash(this, chunk, NULL); + return get_hash(this, chunk, hash->ptr); } + return get_hash(this, chunk, NULL); } METHOD(hasher_t, destroy, void, diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c index 24e64800e..5de5b118c 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c @@ -61,18 +61,15 @@ METHOD(hasher_t, get_hash, bool, return TRUE; } -METHOD(hasher_t, allocate_hash, void, +METHOD(hasher_t, allocate_hash, bool, private_gcrypt_hasher_t *this, chunk_t chunk, chunk_t *hash) { if (hash) { *hash = chunk_alloc(get_hash_size(this)); - get_hash(this, chunk, hash->ptr); - } - else - { - get_hash(this, chunk, NULL); + return get_hash(this, chunk, hash->ptr); } + return get_hash(this, chunk, NULL); } METHOD(hasher_t, destroy, void, diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c index eb38eea3b..9fdb2d45b 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c @@ -165,11 +165,11 @@ static bool sign_pkcs1(private_gcrypt_rsa_private_key_t *this, return FALSE; } hasher = lib->crypto->create_hasher(lib->crypto, hash_algorithm); - if (!hasher) + if (!hasher || !hasher->allocate_hash(hasher, data, &hash)) { + DESTROY_IF(hasher); return FALSE; } - hasher->allocate_hash(hasher, data, &hash); hasher->destroy(hasher); err = gcry_sexp_build(&in, NULL, "(data(flags pkcs1)(hash %s %b))", diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c index f8645da97..c54f2c0cf 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c @@ -121,11 +121,11 @@ static bool verify_pkcs1(private_gcrypt_rsa_public_key_t *this, gcry_sexp_t in, sig; hasher = lib->crypto->create_hasher(lib->crypto, algorithm); - if (!hasher) + if (!hasher || !hasher->allocate_hash(hasher, data, &hash)) { + DESTROY_IF(hasher); return FALSE; } - hasher->allocate_hash(hasher, data, &hash); hasher->destroy(hasher); err = gcry_sexp_build(&in, NULL, "(data(flags pkcs1)(hash %s %b))", diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c index acd9ae2b7..590ab6cb4 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c @@ -235,11 +235,11 @@ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this, } hasher = lib->crypto->create_hasher(lib->crypto, hash_algorithm); - if (hasher == NULL) + if (!hasher || !hasher->allocate_hash(hasher, data, &hash)) { + DESTROY_IF(hasher); return FALSE; } - hasher->allocate_hash(hasher, data, &hash); hasher->destroy(hasher); /* build DER-encoded digestInfo */ diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c index db7b8e49a..2d84f0025 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c @@ -252,7 +252,11 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this, } /* build our own hash and compare */ - hasher->allocate_hash(hasher, data, &hash); + if (!hasher->allocate_hash(hasher, data, &hash)) + { + hasher->destroy(hasher); + goto end_parser; + } hasher->destroy(hasher); success = memeq(object.ptr, hash.ptr, hash.len); free(hash.ptr); diff --git a/src/libstrongswan/plugins/md4/md4_hasher.c b/src/libstrongswan/plugins/md4/md4_hasher.c index 0d080061f..bf934141a 100644 --- a/src/libstrongswan/plugins/md4/md4_hasher.c +++ b/src/libstrongswan/plugins/md4/md4_hasher.c @@ -266,8 +266,6 @@ static void MD4Final (private_md4_hasher_t *this, u_int8_t digest[16]) } } - - METHOD(hasher_t, get_hash, bool, private_md4_hasher_t *this, chunk_t chunk, u_int8_t *buffer) { @@ -280,7 +278,7 @@ METHOD(hasher_t, get_hash, bool, return TRUE; } -METHOD(hasher_t, allocate_hash, void, +METHOD(hasher_t, allocate_hash, bool, private_md4_hasher_t *this, chunk_t chunk, chunk_t *hash) { chunk_t allocated_hash; @@ -296,6 +294,7 @@ METHOD(hasher_t, allocate_hash, void, *hash = allocated_hash; } + return TRUE; } METHOD(hasher_t, get_hash_size, size_t, diff --git a/src/libstrongswan/plugins/md5/md5_hasher.c b/src/libstrongswan/plugins/md5/md5_hasher.c index dcd2cdd1a..ea8c45010 100644 --- a/src/libstrongswan/plugins/md5/md5_hasher.c +++ b/src/libstrongswan/plugins/md5/md5_hasher.c @@ -311,7 +311,7 @@ METHOD(hasher_t, get_hash, bool, return TRUE; } -METHOD(hasher_t, allocate_hash, void, +METHOD(hasher_t, allocate_hash, bool, private_md5_hasher_t *this, chunk_t chunk, chunk_t *hash) { chunk_t allocated_hash; @@ -327,6 +327,7 @@ METHOD(hasher_t, allocate_hash, void, *hash = allocated_hash; } + return TRUE; } METHOD(hasher_t, get_hash_size, size_t, diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c index 7461695ad..9cb68a3ab 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c @@ -221,13 +221,13 @@ bool openssl_ec_fingerprint(EC_KEY *ec, cred_encoding_type_t type, chunk_t *fp) return FALSE; } hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); - if (!hasher) + if (!hasher || !hasher->allocate_hash(hasher, key, fp)) { DBG1(DBG_LIB, "SHA1 hash algorithm not supported, fingerprinting failed"); + DESTROY_IF(hasher); free(key.ptr); return FALSE; } - hasher->allocate_hash(hasher, key, fp); hasher->destroy(hasher); free(key.ptr); lib->encoding->cache(lib->encoding, type, ec, *fp); diff --git a/src/libstrongswan/plugins/openssl/openssl_hasher.c b/src/libstrongswan/plugins/openssl/openssl_hasher.c index 5b353647a..67b49c186 100644 --- a/src/libstrongswan/plugins/openssl/openssl_hasher.c +++ b/src/libstrongswan/plugins/openssl/openssl_hasher.c @@ -120,18 +120,15 @@ METHOD(hasher_t, get_hash, bool, return TRUE; } -METHOD(hasher_t, allocate_hash, void, +METHOD(hasher_t, allocate_hash, bool, private_openssl_hasher_t *this, chunk_t chunk, chunk_t *hash) { if (hash) { *hash = chunk_alloc(get_hash_size(this)); - get_hash(this, chunk, hash->ptr); - } - else - { - get_hash(this, chunk, NULL); + return get_hash(this, chunk, hash->ptr); } + return get_hash(this, chunk, NULL); } METHOD(hasher_t, destroy, void, diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c index a24bae5d6..5872a8159 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c @@ -217,13 +217,13 @@ bool openssl_rsa_fingerprint(RSA *rsa, cred_encoding_type_t type, chunk_t *fp) return FALSE; } hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); - if (!hasher) + if (!hasher || !hasher->allocate_hash(hasher, key, fp)) { DBG1(DBG_LIB, "SHA1 hash algorithm not supported, fingerprinting failed"); + DESTROY_IF(hasher); free(key.ptr); return FALSE; } - hasher->allocate_hash(hasher, key, fp); free(key.ptr); hasher->destroy(hasher); lib->encoding->cache(lib->encoding, type, rsa, *fp); diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c index ee19c4179..e85c5cc90 100644 --- a/src/libstrongswan/plugins/openssl/openssl_x509.c +++ b/src/libstrongswan/plugins/openssl/openssl_x509.c @@ -973,11 +973,11 @@ static bool parse_certificate(private_openssl_x509_t *this) parse_extKeyUsage(this); hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); - if (!hasher) + if (!hasher || !hasher->allocate_hash(hasher, this->encoding, &this->hash)) { + DESTROY_IF(hasher); return FALSE; } - hasher->allocate_hash(hasher, this->encoding, &this->hash); hasher->destroy(hasher); if (issued_by(this, &this->public.x509.interface, NULL)) diff --git a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c index fd3d195b4..406daad1e 100644 --- a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c +++ b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c @@ -112,18 +112,15 @@ METHOD(hasher_t, get_hash, bool, return TRUE; } -METHOD(hasher_t, allocate_hash, void, +METHOD(hasher_t, allocate_hash, bool, private_padlock_sha1_hasher_t *this, chunk_t chunk, chunk_t *hash) { if (hash) { *hash = chunk_alloc(HASH_SIZE_SHA1); - get_hash(this, chunk, hash->ptr); - } - else - { - get_hash(this, chunk, NULL); + return get_hash(this, chunk, hash->ptr); } + return get_hash(this, chunk, NULL); } METHOD(hasher_t, get_hash_size, size_t, diff --git a/src/libstrongswan/plugins/pgp/pgp_cert.c b/src/libstrongswan/plugins/pgp/pgp_cert.c index e6d13a243..a99bed2f6 100644 --- a/src/libstrongswan/plugins/pgp/pgp_cert.c +++ b/src/libstrongswan/plugins/pgp/pgp_cert.c @@ -321,8 +321,12 @@ static bool parse_public_key(private_pgp_cert_t *this, chunk_t packet) DBG1(DBG_ASN, "no SHA-1 hasher available"); return FALSE; } - hasher->allocate_hash(hasher, pubkey_packet_header, NULL); - hasher->allocate_hash(hasher, pubkey_packet, &this->fingerprint); + if (!hasher->allocate_hash(hasher, pubkey_packet_header, NULL) || + !hasher->allocate_hash(hasher, pubkey_packet, &this->fingerprint)) + { + hasher->destroy(hasher); + return FALSE; + } hasher->destroy(hasher); DBG2(DBG_ASN, "L2 - v4 fingerprint %#B", &this->fingerprint); } diff --git a/src/libstrongswan/plugins/pgp/pgp_encoder.c b/src/libstrongswan/plugins/pgp/pgp_encoder.c index 9043cdb9f..d16d1d71b 100644 --- a/src/libstrongswan/plugins/pgp/pgp_encoder.c +++ b/src/libstrongswan/plugins/pgp/pgp_encoder.c @@ -44,8 +44,12 @@ static bool build_v3_fingerprint(chunk_t *encoding, va_list args) { e = chunk_skip(e, 1); } - hasher->allocate_hash(hasher, n, NULL); - hasher->allocate_hash(hasher, e, encoding); + if (!hasher->allocate_hash(hasher, n, NULL) || + !hasher->allocate_hash(hasher, e, encoding)) + { + hasher->destroy(hasher); + return FALSE; + } hasher->destroy(hasher); return TRUE; } diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.c b/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.c index 6957b2ad1..9122e8d8e 100644 --- a/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.c +++ b/src/libstrongswan/plugins/pkcs1/pkcs1_encoder.c @@ -94,14 +94,14 @@ static bool hash_pubkey(chunk_t pubkey, chunk_t *hash) hasher_t *hasher; hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); - if (hasher == NULL) + if (!hasher || !hasher->allocate_hash(hasher, pubkey, hash)) { + DESTROY_IF(hasher); chunk_free(&pubkey); DBG1(DBG_LIB, "SHA1 hash algorithm not supported, " "fingerprinting failed"); return FALSE; } - hasher->allocate_hash(hasher, pubkey, hash); hasher->destroy(hasher); chunk_free(&pubkey); return TRUE; diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c b/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c index 56aec3d74..29b7fb7a2 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c @@ -203,18 +203,15 @@ METHOD(hasher_t, get_hash, bool, return TRUE; } -METHOD(hasher_t, allocate_hash, void, +METHOD(hasher_t, allocate_hash, bool, private_pkcs11_hasher_t *this, chunk_t chunk, chunk_t *hash) { if (hash) { *hash = chunk_alloc(this->size); - get_hash(this, chunk, hash->ptr); - } - else - { - get_hash(this, chunk, NULL); + return get_hash(this, chunk, hash->ptr); } + return get_hash(this, chunk, NULL); } METHOD(hasher_t, destroy, void, diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c index b616abc38..f7f7d3f79 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c @@ -266,13 +266,15 @@ METHOD(private_key_t, sign, bool, } if (hash_alg != HASH_UNKNOWN) { - hasher_t *hasher = lib->crypto->create_hasher(lib->crypto, hash_alg); - if (!hasher) + hasher_t *hasher; + + hasher = lib->crypto->create_hasher(lib->crypto, hash_alg); + if (!hasher || !hasher->allocate_hash(hasher, data, &hash)) { + DESTROY_IF(hasher); this->lib->f->C_CloseSession(session); return FALSE; } - hasher->allocate_hash(hasher, data, &hash); hasher->destroy(hasher); data = hash; } diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c index d4ec9235d..f0d7093db 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c @@ -235,13 +235,15 @@ METHOD(public_key_t, verify, bool, } if (hash_alg != HASH_UNKNOWN) { - hasher_t *hasher = lib->crypto->create_hasher(lib->crypto, hash_alg); - if (!hasher) + hasher_t *hasher; + + hasher = lib->crypto->create_hasher(lib->crypto, hash_alg); + if (!hasher || !hasher->allocate_hash(hasher, data, &hash)) { + DESTROY_IF(hasher); this->lib->f->C_CloseSession(session); return FALSE; } - hasher->allocate_hash(hasher, data, &hash); hasher->destroy(hasher); data = hash; } @@ -374,12 +376,12 @@ static bool fingerprint_ecdsa(private_pkcs11_public_key_t *this, return FALSE; } hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); - if (!hasher) + if (!hasher || !hasher->allocate_hash(hasher, asn1, fp)) { + DESTROY_IF(hasher); chunk_clear(&asn1); return FALSE; } - hasher->allocate_hash(hasher, asn1, fp); hasher->destroy(hasher); chunk_clear(&asn1); lib->encoding->cache(lib->encoding, type, this, *fp); diff --git a/src/libstrongswan/plugins/sha1/sha1_hasher.c b/src/libstrongswan/plugins/sha1/sha1_hasher.c index 51d9674f3..ceb8fc0b5 100644 --- a/src/libstrongswan/plugins/sha1/sha1_hasher.c +++ b/src/libstrongswan/plugins/sha1/sha1_hasher.c @@ -199,7 +199,7 @@ METHOD(hasher_t, get_hash, bool, return TRUE; } -METHOD(hasher_t, allocate_hash, void, +METHOD(hasher_t, allocate_hash, bool, private_sha1_hasher_t *this, chunk_t chunk, chunk_t *hash) { SHA1Update(this, chunk.ptr, chunk.len); @@ -211,6 +211,7 @@ METHOD(hasher_t, allocate_hash, void, SHA1Final(this, hash->ptr); reset(this); } + return TRUE; } METHOD(hasher_t, get_hash_size, size_t, diff --git a/src/libstrongswan/plugins/sha2/sha2_hasher.c b/src/libstrongswan/plugins/sha2/sha2_hasher.c index b21eba47c..607e329e0 100644 --- a/src/libstrongswan/plugins/sha2/sha2_hasher.c +++ b/src/libstrongswan/plugins/sha2/sha2_hasher.c @@ -512,7 +512,7 @@ METHOD(hasher_t, get_hash512, bool, return TRUE; } -METHOD(hasher_t, allocate_hash224, void, +METHOD(hasher_t, allocate_hash224, bool, private_sha256_hasher_t *this, chunk_t chunk, chunk_t *hash) { chunk_t allocated_hash; @@ -526,9 +526,10 @@ METHOD(hasher_t, allocate_hash224, void, reset224(this); *hash = allocated_hash; } + return TRUE; } -METHOD(hasher_t, allocate_hash256, void, +METHOD(hasher_t, allocate_hash256, bool, private_sha256_hasher_t *this, chunk_t chunk, chunk_t *hash) { chunk_t allocated_hash; @@ -542,9 +543,10 @@ METHOD(hasher_t, allocate_hash256, void, reset256(this); *hash = allocated_hash; } + return TRUE; } -METHOD(hasher_t, allocate_hash384, void, +METHOD(hasher_t, allocate_hash384, bool, private_sha512_hasher_t *this, chunk_t chunk, chunk_t *hash) { chunk_t allocated_hash; @@ -558,9 +560,10 @@ METHOD(hasher_t, allocate_hash384, void, reset384(this); *hash = allocated_hash; } + return TRUE; } -METHOD(hasher_t, allocate_hash512, void, +METHOD(hasher_t, allocate_hash512, bool, private_sha512_hasher_t *this, chunk_t chunk, chunk_t *hash) { chunk_t allocated_hash; @@ -574,6 +577,7 @@ METHOD(hasher_t, allocate_hash512, void, reset512(this); *hash = allocated_hash; } + return TRUE; } METHOD(hasher_t, get_hash_size224, size_t, diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c index 88101e805..2269eb453 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.c +++ b/src/libstrongswan/plugins/x509/x509_cert.c @@ -1490,12 +1490,13 @@ end: } /* create certificate hash */ hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); - if (hasher == NULL) + if (!hasher || + !hasher->allocate_hash(hasher, this->encoding, &this->encoding_hash)) { + DESTROY_IF(hasher); DBG1(DBG_ASN, " unable to create hash of certificate, SHA1 not supported"); return FALSE; } - hasher->allocate_hash(hasher, this->encoding, &this->encoding_hash); hasher->destroy(hasher); } return success; @@ -2344,11 +2345,12 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, asn1_bitstring("c", cert->signature)); hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); - if (!hasher) + if (!hasher || + !hasher->allocate_hash(hasher, cert->encoding, &cert->encoding_hash)) { + DESTROY_IF(hasher); return FALSE; } - hasher->allocate_hash(hasher, cert->encoding, &cert->encoding_hash); hasher->destroy(hasher); return TRUE; } diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_request.c b/src/libstrongswan/plugins/x509/x509_ocsp_request.c index adeae3043..bbd1c5905 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_request.c +++ b/src/libstrongswan/plugins/x509/x509_ocsp_request.c @@ -159,22 +159,24 @@ static chunk_t build_requestList(private_x509_ocsp_request_t *this) enumerator_t *enumerator; issuer = cert->get_subject(cert); - hasher->allocate_hash(hasher, issuer->get_encoding(issuer), - &issuerNameHash); - hasher->destroy(hasher); - - enumerator = this->candidates->create_enumerator(this->candidates); - while (enumerator->enumerate(enumerator, &x509)) + if (hasher->allocate_hash(hasher, issuer->get_encoding(issuer), + &issuerNameHash)) { - chunk_t request, serialNumber; - - serialNumber = x509->get_serial(x509); - request = build_Request(this, issuerNameHash, issuerKeyHash, - serialNumber); - list = chunk_cat("mm", list, request); + enumerator = this->candidates->create_enumerator( + this->candidates); + while (enumerator->enumerate(enumerator, &x509)) + { + chunk_t request, serialNumber; + + serialNumber = x509->get_serial(x509); + request = build_Request(this, issuerNameHash, + issuerKeyHash, serialNumber); + list = chunk_cat("mm", list, request); + } + enumerator->destroy(enumerator); + chunk_free(&issuerNameHash); } - enumerator->destroy(enumerator); - chunk_free(&issuerNameHash); + hasher->destroy(hasher); } } else diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_response.c b/src/libstrongswan/plugins/x509/x509_ocsp_response.c index dc3fc27ca..27497e0e3 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_response.c +++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.c @@ -201,19 +201,22 @@ METHOD(ocsp_response_t, get_status, cert_validation_t, /* check issuerNameHash, if available */ else if (response->issuerNameHash.ptr) { + id = issuercert->get_subject(issuercert); hasher = lib->crypto->create_hasher(lib->crypto, hasher_algorithm_from_oid(response->hashAlgorithm)); - if (!hasher) + if (!hasher || + !hasher->allocate_hash(hasher, id->get_encoding(id), &hash)) { + DESTROY_IF(hasher); continue; } - id = issuercert->get_subject(issuercert); - hasher->allocate_hash(hasher, id->get_encoding(id), &hash); hasher->destroy(hasher); if (!chunk_equals(hash, response->issuerNameHash)) { + free(hash.ptr); continue; } + free(hash.ptr); } else { diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c index 65a868208..820ae74de 100644 --- a/src/libtls/tls_crypto.c +++ b/src/libtls/tls_crypto.c @@ -1196,12 +1196,12 @@ static bool hash_data(private_tls_crypto_t *this, chunk_t data, chunk_t *hash) return FALSE; } hasher = lib->crypto->create_hasher(lib->crypto, alg->hash); - if (!hasher) + if (!hasher || !hasher->allocate_hash(hasher, data, hash)) { DBG1(DBG_TLS, "%N not supported", hash_algorithm_names, alg->hash); + DESTROY_IF(hasher); return FALSE; } - hasher->allocate_hash(hasher, data, hash); hasher->destroy(hasher); } else diff --git a/src/medsrv/controller/user_controller.c b/src/medsrv/controller/user_controller.c index 12bd938fe..35c9d90c8 100644 --- a/src/medsrv/controller/user_controller.c +++ b/src/medsrv/controller/user_controller.c @@ -64,7 +64,11 @@ static chunk_t hash_password(char *login, char *password) } data = chunk_cata("cc", chunk_create(login, strlen(login)), chunk_create(password, strlen(password))); - hasher->allocate_hash(hasher, data, &hash); + if (!hasher->allocate_hash(hasher, data, &hash)) + { + hasher->destroy(hasher); + return chunk_empty; + } hasher->destroy(hasher); return hash; } |