Add a return value to keymat_v1_t.get_hash()

4 files changed, 35 insertions, 17 deletions

diff --git a/src/libcharon/sa/ikev1/authenticators/psk_v1_authenticator.c b/src/libcharon/sa/ikev1/authenticators/psk_v1_authenticator.c
index 769c0dad3..ee15408c7 100644
--- a/src/libcharon/sa/ikev1/authenticators/psk_v1_authenticator.c
+++ b/src/libcharon/sa/ikev1/authenticators/psk_v1_authenticator.c
@@ -76,9 +76,13 @@ METHOD(authenticator_t, build, status_t,
 
 	this->dh->get_my_public_value(this->dh, &dh);
 	keymat = (keymat_v1_t*)this->ike_sa->get_keymat(this->ike_sa);
-	hash = keymat->get_hash(keymat, this->initiator, dh, this->dh_value,
+	if (!keymat->get_hash(keymat, this->initiator, dh, this->dh_value,
 					this->ike_sa->get_id(this->ike_sa), this->sa_payload,
-					this->id_payload);
+					this->id_payload, &hash))
+	{
+		free(dh.ptr);
+		return FAILED;
+	}
 	free(dh.ptr);
 
 	hash_payload = hash_payload_create(HASH_V1);
@@ -106,9 +110,13 @@ METHOD(authenticator_t, process, status_t,
 
 	this->dh->get_my_public_value(this->dh, &dh);
 	keymat = (keymat_v1_t*)this->ike_sa->get_keymat(this->ike_sa);
-	hash = keymat->get_hash(keymat, !this->initiator, this->dh_value, dh,
+	if (!keymat->get_hash(keymat, !this->initiator, this->dh_value, dh,
 					this->ike_sa->get_id(this->ike_sa), this->sa_payload,
-					this->id_payload);
+					this->id_payload, &hash))
+	{
+		free(dh.ptr);
+		return FAILED;
+	}
 	free(dh.ptr);
 	if (chunk_equals(hash, hash_payload->get_hash(hash_payload)))
 	{
diff --git a/src/libcharon/sa/ikev1/authenticators/pubkey_v1_authenticator.c b/src/libcharon/sa/ikev1/authenticators/pubkey_v1_authenticator.c
index 8d3f21c49..d81c77f0d 100644
--- a/src/libcharon/sa/ikev1/authenticators/pubkey_v1_authenticator.c
+++ b/src/libcharon/sa/ikev1/authenticators/pubkey_v1_authenticator.c
@@ -96,9 +96,14 @@ METHOD(authenticator_t, build, status_t,
 
 	this->dh->get_my_public_value(this->dh, &dh);
 	keymat = (keymat_v1_t*)this->ike_sa->get_keymat(this->ike_sa);
-	hash = keymat->get_hash(keymat, this->initiator, dh, this->dh_value,
+	if (!keymat->get_hash(keymat, this->initiator, dh, this->dh_value,
 					this->ike_sa->get_id(this->ike_sa), this->sa_payload,
-					this->id_payload);
+					this->id_payload, &hash))
+	{
+		private->destroy(private);
+		free(dh.ptr);
+		return FAILED;
+	}
 	free(dh.ptr);
 
 	if (private->sign(private, scheme, hash, &sig))
@@ -149,9 +154,13 @@ METHOD(authenticator_t, process, status_t,
 	id = this->ike_sa->get_other_id(this->ike_sa);
 	this->dh->get_my_public_value(this->dh, &dh);
 	keymat = (keymat_v1_t*)this->ike_sa->get_keymat(this->ike_sa);
-	hash = keymat->get_hash(keymat, !this->initiator, this->dh_value, dh,
+	if (!keymat->get_hash(keymat, !this->initiator, this->dh_value, dh,
 					this->ike_sa->get_id(this->ike_sa), this->sa_payload,
-					this->id_payload);
+					this->id_payload, &hash))
+	{
+		free(dh.ptr);
+		return FAILED;
+	}
 	free(dh.ptr);
 
 	sig = sig_payload->get_hash(sig_payload);
diff --git a/src/libcharon/sa/ikev1/keymat_v1.c b/src/libcharon/sa/ikev1/keymat_v1.c
index 2b22b14f8..f543a0356 100644
--- a/src/libcharon/sa/ikev1/keymat_v1.c
+++ b/src/libcharon/sa/ikev1/keymat_v1.c
@@ -698,11 +698,11 @@ METHOD(keymat_v1_t, get_hasher, hasher_t*,
 	return this->hasher;
 }
 
-METHOD(keymat_v1_t, get_hash, chunk_t,
+METHOD(keymat_v1_t, get_hash, bool,
 	private_keymat_v1_t *this, bool initiator, chunk_t dh, chunk_t dh_other,
-	ike_sa_id_t *ike_sa_id, chunk_t sa_i, chunk_t id)
+	ike_sa_id_t *ike_sa_id, chunk_t sa_i, chunk_t id, chunk_t *hash)
 {
-	chunk_t hash, data;
+	chunk_t data;
 	u_int64_t spi, spi_other;
 
 	/* HASH_I = prf(SKEYID, g^xi | g^xr | CKY-I | CKY-R | SAi_b | IDii_b )
@@ -724,12 +724,12 @@ METHOD(keymat_v1_t, get_hash, chunk_t,
 
 	DBG3(DBG_IKE, "HASH_%c data %B", initiator ? 'I' : 'R', &data);
 
-	this->prf_auth->allocate_bytes(this->prf_auth, data, &hash);
+	this->prf_auth->allocate_bytes(this->prf_auth, data, hash);
 
-	DBG3(DBG_IKE, "HASH_%c %B", initiator ? 'I' : 'R', &hash);
+	DBG3(DBG_IKE, "HASH_%c %B", initiator ? 'I' : 'R', hash);
 
 	free(data.ptr);
-	return hash;
+	return TRUE;
 }
 
 /**
diff --git a/src/libcharon/sa/ikev1/keymat_v1.h b/src/libcharon/sa/ikev1/keymat_v1.h
index e003ed708..77aff88ec 100644
--- a/src/libcharon/sa/ikev1/keymat_v1.h
+++ b/src/libcharon/sa/ikev1/keymat_v1.h
@@ -101,11 +101,12 @@ struct keymat_v1_t {
 	 * @param ike_sa_id		IKE_SA identifier
 	 * @param sa_i			encoded SA payload of initiator
 	 * @param id			encoded IDii payload for HASH_I (IDir for HASH_R)
-	 * @return				allocated HASH data
+	 * @param hash			chunk receiving allocated HASH data
+	 * @return				TRUE if hash allocated successfully
 	 */
-	chunk_t (*get_hash)(keymat_v1_t *this, bool initiator,
+	bool (*get_hash)(keymat_v1_t *this, bool initiator,
 						chunk_t dh, chunk_t dh_other, ike_sa_id_t *ike_sa_id,
-						chunk_t sa_i, chunk_t id);
+						chunk_t sa_i, chunk_t id, chunk_t *hash);
 
 	/**
 	 * Get HASH data for integrity/authentication in Phase 2 exchanges.