diff options
23 files changed, 174 insertions, 89 deletions
diff --git a/src/libcharon/network/receiver.c b/src/libcharon/network/receiver.c index 140d682b4..dff76e245 100644 --- a/src/libcharon/network/receiver.c +++ b/src/libcharon/network/receiver.c @@ -171,8 +171,8 @@ static void send_notify(message_t *request, int major, exchange_type_t exchange, /** * build a cookie */ -static chunk_t cookie_build(private_receiver_t *this, message_t *message, - u_int32_t t, chunk_t secret) +static bool cookie_build(private_receiver_t *this, message_t *message, + u_int32_t t, chunk_t secret, chunk_t *cookie) { u_int64_t spi = message->get_initiator_spi(message); host_t *ip = message->get_source(message); @@ -182,8 +182,12 @@ static chunk_t cookie_build(private_receiver_t *this, message_t *message, input = chunk_cata("cccc", ip->get_address(ip), chunk_from_thing(spi), chunk_from_thing(t), secret); hash = chunk_alloca(this->hasher->get_hash_size(this->hasher)); - this->hasher->get_hash(this->hasher, input, hash.ptr); - return chunk_cat("cc", chunk_from_thing(t), hash); + if (!this->hasher->get_hash(this->hasher, input, hash.ptr)) + { + return FALSE; + } + *cookie = chunk_cat("cc", chunk_from_thing(t), hash); + return TRUE; } /** @@ -218,7 +222,10 @@ static bool cookie_verify(private_receiver_t *this, message_t *message, } /* compare own calculation against received */ - reference = cookie_build(this, message, t, secret); + if (!cookie_build(this, message, t, secret, &reference)) + { + return FALSE; + } if (chunk_equals(reference, cookie)) { chunk_free(&reference); @@ -311,11 +318,14 @@ static bool drop_ike_sa_init(private_receiver_t *this, message_t *message) { chunk_t cookie; - cookie = cookie_build(this, message, now - this->secret_offset, - chunk_from_thing(this->secret)); DBG2(DBG_NET, "received packet from: %#H to %#H", message->get_source(message), message->get_destination(message)); + if (!cookie_build(this, message, now - this->secret_offset, + chunk_from_thing(this->secret), &cookie)) + { + return TRUE; + } DBG2(DBG_NET, "sending COOKIE notify to %H", message->get_source(message)); send_notify(message, IKEV2_MAJOR_VERSION, IKE_SA_INIT, COOKIE, cookie); diff --git a/src/libcharon/plugins/coupling/coupling_validator.c b/src/libcharon/plugins/coupling/coupling_validator.c index 0289c55f5..58355d976 100644 --- a/src/libcharon/plugins/coupling/coupling_validator.c +++ b/src/libcharon/plugins/coupling/coupling_validator.c @@ -70,7 +70,11 @@ static bool get_cert_hash(private_coupling_validator_t *this, { return FALSE; } - this->hasher->get_hash(this->hasher, encoding, buf); + if (!this->hasher->get_hash(this->hasher, encoding, buf)) + { + free(encoding.ptr); + return FALSE; + } free(encoding.ptr); chunk_to_hex(chunk_create(buf, this->hasher->get_hash_size(this->hasher)), hex, FALSE); diff --git a/src/libcharon/plugins/tnc_pdp/tnc_pdp.c b/src/libcharon/plugins/tnc_pdp/tnc_pdp.c index 691136430..709145877 100644 --- a/src/libcharon/plugins/tnc_pdp/tnc_pdp.c +++ b/src/libcharon/plugins/tnc_pdp/tnc_pdp.c @@ -231,8 +231,12 @@ static chunk_t encrypt_mppe_key(private_tnc_pdp_t *this, u_int8_t type, while (c < data.ptr + data.len) { /* b(i) = MD5(S + c(i-1)) */ - this->hasher->get_hash(this->hasher, this->secret, NULL); - this->hasher->get_hash(this->hasher, seed, b); + if (!this->hasher->get_hash(this->hasher, this->secret, NULL) || + !this->hasher->get_hash(this->hasher, seed, b)) + { + free(data.ptr); + return chunk_empty; + } /* c(i) = b(i) xor p(1) */ memxor(c, b, HASH_SIZE_MD5); diff --git a/src/libradius/radius_message.c b/src/libradius/radius_message.c index 23f549c87..77f9b0398 100644 --- a/src/libradius/radius_message.c +++ b/src/libradius/radius_message.c @@ -332,8 +332,11 @@ METHOD(radius_message_t, sign, bool, /* build Response-Authenticator */ msg = chunk_create((u_char*)this->msg, ntohs(this->msg->length)); - hasher->get_hash(hasher, msg, NULL); - hasher->get_hash(hasher, secret, this->msg->authenticator); + if (!hasher->get_hash(hasher, msg, NULL) || + !hasher->get_hash(hasher, secret, this->msg->authenticator)) + { + return FALSE; + } } return TRUE; } @@ -364,9 +367,9 @@ METHOD(radius_message_t, verify, bool, } /* verify Response-Authenticator */ - hasher->get_hash(hasher, msg, NULL); - hasher->get_hash(hasher, secret, buf); - if (!memeq(buf, res_auth, HASH_SIZE_MD5)) + if (!hasher->get_hash(hasher, msg, NULL) || + !hasher->get_hash(hasher, secret, buf) || + !memeq(buf, res_auth, HASH_SIZE_MD5)) { DBG1(DBG_CFG, "RADIUS Response-Authenticator verification failed"); return FALSE; diff --git a/src/libradius/radius_socket.c b/src/libradius/radius_socket.c index 3113ffff8..ba7cb14b0 100644 --- a/src/libradius/radius_socket.c +++ b/src/libradius/radius_socket.c @@ -260,8 +260,11 @@ static chunk_t decrypt_mppe_key(private_radius_socket_t *this, u_int16_t salt, while (c < C.ptr + C.len) { /* b(i) = MD5(S + c(i-1)) */ - this->hasher->get_hash(this->hasher, this->secret, NULL); - this->hasher->get_hash(this->hasher, seed, p); + if (!this->hasher->get_hash(this->hasher, this->secret, NULL) || + !this->hasher->get_hash(this->hasher, seed, p)) + { + return chunk_empty; + } /* p(i) = b(i) xor c(1) */ memxor(p, c, HASH_SIZE_MD5); diff --git a/src/libsimaka/simaka_crypto.c b/src/libsimaka/simaka_crypto.c index 91aad95ca..de6d1c365 100644 --- a/src/libsimaka/simaka_crypto.c +++ b/src/libsimaka/simaka_crypto.c @@ -124,7 +124,10 @@ METHOD(simaka_crypto_t, derive_keys_full, bool, /* For SIM: MK = SHA1(Identity|n*Kc|NONCE_MT|Version List|Selected Version) * For AKA: MK = SHA1(Identity|IK|CK) */ - this->hasher->get_hash(this->hasher, id->get_encoding(id), NULL); + if (!this->hasher->get_hash(this->hasher, id->get_encoding(id), NULL)) + { + return FALSE; + } this->hasher->allocate_hash(this->hasher, data, mk); DBG3(DBG_LIB, "MK %B", mk); @@ -207,10 +210,13 @@ METHOD(simaka_crypto_t, derive_keys_reauth_msk, bool, chunk_t str; int i; - this->hasher->get_hash(this->hasher, id->get_encoding(id), NULL); - this->hasher->get_hash(this->hasher, counter, NULL); - this->hasher->get_hash(this->hasher, nonce_s, NULL); - this->hasher->get_hash(this->hasher, mk, xkey); + if (!this->hasher->get_hash(this->hasher, id->get_encoding(id), NULL) || + !this->hasher->get_hash(this->hasher, counter, NULL) || + !this->hasher->get_hash(this->hasher, nonce_s, NULL) || + !this->hasher->get_hash(this->hasher, mk, xkey)) + { + return FALSE; + } /* MSK | EMSK = prf() | prf() | prf() | prf() */ if (!this->prf->set_key(this->prf, chunk_create(xkey, sizeof(xkey)))) diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c index 4e5e840b5..f422a2c19 100644 --- a/src/libstrongswan/crypto/crypto_tester.c +++ b/src/libstrongswan/crypto/crypto_tester.c @@ -688,8 +688,10 @@ static u_int bench_hasher(private_crypto_tester_t *this, start_timing(&start); while (end_timing(&start) < this->bench_time) { - hasher->get_hash(hasher, buf, hash); - runs++; + if (hasher->get_hash(hasher, buf, hash)) + { + runs++; + } } free(buf.ptr); hasher->destroy(hasher); @@ -744,7 +746,10 @@ METHOD(crypto_tester_t, test_hasher, bool, } /* hash to existing buffer */ memset(hash.ptr, 0, hash.len); - hasher->get_hash(hasher, data, hash.ptr); + if (!hasher->get_hash(hasher, data, hash.ptr)) + { + failed = TRUE; + } if (!memeq(vector->hash, hash.ptr, hash.len)) { failed = TRUE; @@ -754,9 +759,9 @@ METHOD(crypto_tester_t, test_hasher, bool, { memset(hash.ptr, 0, hash.len); hasher->allocate_hash(hasher, chunk_create(data.ptr, 1), NULL); - hasher->get_hash(hasher, chunk_create(data.ptr + 1, 1), NULL); - hasher->get_hash(hasher, chunk_skip(data, 2), hash.ptr); - if (!memeq(vector->hash, hash.ptr, hash.len)) + if (!hasher->get_hash(hasher, chunk_create(data.ptr + 1, 1), NULL) || + !hasher->get_hash(hasher, chunk_skip(data, 2), hash.ptr) || + !memeq(vector->hash, hash.ptr, hash.len)) { failed = TRUE; } diff --git a/src/libstrongswan/crypto/hashers/hasher.h b/src/libstrongswan/crypto/hashers/hasher.h index c5be29edb..0c72bb73b 100644 --- a/src/libstrongswan/crypto/hashers/hasher.h +++ b/src/libstrongswan/crypto/hashers/hasher.h @@ -67,6 +67,7 @@ extern enum_name_t *hash_algorithm_names; * Generic interface for all hash functions. */ struct hasher_t { + /** * Hash data and write it in the buffer. * @@ -79,8 +80,10 @@ struct hasher_t { * * @param data data to hash * @param hash pointer where the hash will be written + * @return TRUE if hash created successfully */ - void (*get_hash) (hasher_t *this, chunk_t data, u_int8_t *hash); + __attribute__((warn_unused_result)) + bool (*get_hash) (hasher_t *this, chunk_t data, u_int8_t *hash); /** * Hash data and allocate space for the hash. diff --git a/src/libstrongswan/plugins/af_alg/af_alg_hasher.c b/src/libstrongswan/plugins/af_alg/af_alg_hasher.c index ef2350497..fd2db0db5 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_hasher.c +++ b/src/libstrongswan/plugins/af_alg/af_alg_hasher.c @@ -105,10 +105,11 @@ METHOD(hasher_t, reset, void, this->ops->reset(this->ops); } -METHOD(hasher_t, get_hash, void, +METHOD(hasher_t, get_hash, bool, private_af_alg_hasher_t *this, chunk_t chunk, u_int8_t *hash) { this->ops->hash(this->ops, chunk, hash, this->size); + return TRUE; } METHOD(hasher_t, allocate_hash, void, diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c index 96c87614f..24e64800e 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c @@ -49,7 +49,7 @@ METHOD(hasher_t, reset, void, gcry_md_reset(this->hd); } -METHOD(hasher_t, get_hash, void, +METHOD(hasher_t, get_hash, bool, private_gcrypt_hasher_t *this, chunk_t chunk, u_int8_t *hash) { gcry_md_write(this->hd, chunk.ptr, chunk.len); @@ -58,6 +58,7 @@ METHOD(hasher_t, get_hash, void, memcpy(hash, gcry_md_read(this->hd, 0), get_hash_size(this)); gcry_md_reset(this->hd); } + return TRUE; } METHOD(hasher_t, allocate_hash, void, diff --git a/src/libstrongswan/plugins/hmac/hmac.c b/src/libstrongswan/plugins/hmac/hmac.c index 4f1226505..c8cb0b828 100644 --- a/src/libstrongswan/plugins/hmac/hmac.c +++ b/src/libstrongswan/plugins/hmac/hmac.c @@ -72,25 +72,18 @@ METHOD(mac_t, get_mac, bool, if (out == NULL) { /* append data to inner */ - this->h->get_hash(this->h, data, NULL); + return this->h->get_hash(this->h, data, NULL); } - else - { - /* append and do outer hash */ - inner.ptr = buffer; - inner.len = this->h->get_hash_size(this->h); - - /* complete inner */ - this->h->get_hash(this->h, data, buffer); - /* do outer */ - this->h->get_hash(this->h, this->opaded_key, NULL); - this->h->get_hash(this->h, inner, out); + /* append and do outer hash */ + inner.ptr = buffer; + inner.len = this->h->get_hash_size(this->h); - /* reinit for next call */ - this->h->get_hash(this->h, this->ipaded_key, NULL); - } - return TRUE; + /* complete inner, do outer and reinit for next call */ + return this->h->get_hash(this->h, data, buffer) && + this->h->get_hash(this->h, this->opaded_key, NULL) && + this->h->get_hash(this->h, inner, out) && + this->h->get_hash(this->h, this->ipaded_key, NULL); } METHOD(mac_t, get_mac_size, size_t, @@ -110,7 +103,10 @@ METHOD(mac_t, set_key, bool, if (key.len > this->b) { /* if key is too long, it will be hashed */ - this->h->get_hash(this->h, key, buffer); + if (!this->h->get_hash(this->h, key, buffer)) + { + return FALSE; + } } else { @@ -127,9 +123,7 @@ METHOD(mac_t, set_key, bool, /* begin hashing of inner pad */ this->h->reset(this->h); - this->h->get_hash(this->h, this->ipaded_key, NULL); - - return TRUE; + return this->h->get_hash(this->h, this->ipaded_key, NULL); } METHOD(mac_t, destroy, void, diff --git a/src/libstrongswan/plugins/md4/md4_hasher.c b/src/libstrongswan/plugins/md4/md4_hasher.c index 6a31017c2..0d080061f 100644 --- a/src/libstrongswan/plugins/md4/md4_hasher.c +++ b/src/libstrongswan/plugins/md4/md4_hasher.c @@ -268,7 +268,7 @@ static void MD4Final (private_md4_hasher_t *this, u_int8_t digest[16]) -METHOD(hasher_t, get_hash, void, +METHOD(hasher_t, get_hash, bool, private_md4_hasher_t *this, chunk_t chunk, u_int8_t *buffer) { MD4Update(this, chunk.ptr, chunk.len); @@ -277,6 +277,7 @@ METHOD(hasher_t, get_hash, void, MD4Final(this, buffer); this->public.hasher_interface.reset(&(this->public.hasher_interface)); } + return TRUE; } METHOD(hasher_t, allocate_hash, void, diff --git a/src/libstrongswan/plugins/md5/md5_hasher.c b/src/libstrongswan/plugins/md5/md5_hasher.c index 45c2391ef..dcd2cdd1a 100644 --- a/src/libstrongswan/plugins/md5/md5_hasher.c +++ b/src/libstrongswan/plugins/md5/md5_hasher.c @@ -299,7 +299,7 @@ static void MD5Final (private_md5_hasher_t *this, u_int8_t digest[16]) } } -METHOD(hasher_t, get_hash, void, +METHOD(hasher_t, get_hash, bool, private_md5_hasher_t *this, chunk_t chunk, u_int8_t *buffer) { MD5Update(this, chunk.ptr, chunk.len); @@ -308,6 +308,7 @@ METHOD(hasher_t, get_hash, void, MD5Final(this, buffer); this->public.hasher_interface.reset(&(this->public.hasher_interface)); } + return TRUE; } METHOD(hasher_t, allocate_hash, void, diff --git a/src/libstrongswan/plugins/openssl/openssl_hasher.c b/src/libstrongswan/plugins/openssl/openssl_hasher.c index d81f4b21e..5b353647a 100644 --- a/src/libstrongswan/plugins/openssl/openssl_hasher.c +++ b/src/libstrongswan/plugins/openssl/openssl_hasher.c @@ -102,15 +102,22 @@ METHOD(hasher_t, reset, void, EVP_DigestInit_ex(this->ctx, this->hasher, NULL); } -METHOD(hasher_t, get_hash, void, +METHOD(hasher_t, get_hash, bool, private_openssl_hasher_t *this, chunk_t chunk, u_int8_t *hash) { - EVP_DigestUpdate(this->ctx, chunk.ptr, chunk.len); + if (EVP_DigestUpdate(this->ctx, chunk.ptr, chunk.len) != 1) + { + return FALSE; + } if (hash) { - EVP_DigestFinal_ex(this->ctx, hash, NULL); + if (EVP_DigestFinal_ex(this->ctx, hash, NULL) != 1) + { + return FALSE; + } reset(this); } + return TRUE; } METHOD(hasher_t, allocate_hash, void, diff --git a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c index 66a077353..fd3d195b4 100644 --- a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c +++ b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c @@ -89,7 +89,7 @@ METHOD(hasher_t, reset, void, chunk_free(&this->data); } -METHOD(hasher_t, get_hash, void, +METHOD(hasher_t, get_hash, bool, private_padlock_sha1_hasher_t *this, chunk_t chunk, u_int8_t *hash) { if (hash) @@ -109,6 +109,7 @@ METHOD(hasher_t, get_hash, void, { append_data(this, chunk); } + return TRUE; } METHOD(hasher_t, allocate_hash, void, diff --git a/src/libstrongswan/plugins/pem/pem_builder.c b/src/libstrongswan/plugins/pem/pem_builder.c index 655491e53..efbf47de5 100644 --- a/src/libstrongswan/plugins/pem/pem_builder.c +++ b/src/libstrongswan/plugins/pem/pem_builder.c @@ -104,15 +104,21 @@ static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, } hash.len = hasher->get_hash_size(hasher); hash.ptr = alloca(hash.len); - hasher->get_hash(hasher, passphrase, NULL); - hasher->get_hash(hasher, salt, hash.ptr); + if (!hasher->get_hash(hasher, passphrase, NULL) || + !hasher->get_hash(hasher, salt, hash.ptr)) + { + return FAILED; + } memcpy(key.ptr, hash.ptr, hash.len); if (key.len > hash.len) { - hasher->get_hash(hasher, hash, NULL); - hasher->get_hash(hasher, passphrase, NULL); - hasher->get_hash(hasher, salt, hash.ptr); + if (!hasher->get_hash(hasher, hash, NULL) || + !hasher->get_hash(hasher, passphrase, NULL) || + !hasher->get_hash(hasher, salt, hash.ptr)) + { + return FAILED; + } memcpy(key.ptr + hash.len, hash.ptr, key.len - hash.len); } hasher->destroy(hasher); diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c b/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c index 069fa98b6..56aec3d74 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c @@ -84,7 +84,7 @@ METHOD(hasher_t, get_hash_size, size_t, /** * Save the Operation state to host memory */ -static void save_state(private_pkcs11_hasher_t *this) +static bool save_state(private_pkcs11_hasher_t *this) { CK_RV rv; @@ -110,20 +110,20 @@ static void save_state(private_pkcs11_hasher_t *this) continue; case CKR_OK: this->have_state = TRUE; - return; + return TRUE; default: break; } break; } DBG1(DBG_CFG, "C_GetOperationState() failed: %N", ck_rv_names, rv); - abort(); + return FALSE; } /** * Load the Operation state from host memory */ -static void load_state(private_pkcs11_hasher_t *this) +static bool load_state(private_pkcs11_hasher_t *this) { CK_RV rv; @@ -132,9 +132,10 @@ static void load_state(private_pkcs11_hasher_t *this) if (rv != CKR_OK) { DBG1(DBG_CFG, "C_SetOperationState() failed: %N", ck_rv_names, rv); - abort(); + return FALSE; } this->have_state = FALSE; + return TRUE; } METHOD(hasher_t, reset, void, @@ -143,7 +144,7 @@ METHOD(hasher_t, reset, void, this->have_state = FALSE; } -METHOD(hasher_t, get_hash, void, +METHOD(hasher_t, get_hash, bool, private_pkcs11_hasher_t *this, chunk_t chunk, u_int8_t *hash) { CK_RV rv; @@ -152,7 +153,11 @@ METHOD(hasher_t, get_hash, void, this->mutex->lock(this->mutex); if (this->have_state) { - load_state(this); + if (!load_state(this)) + { + this->mutex->unlock(this->mutex); + return FALSE; + } } else { @@ -160,7 +165,8 @@ METHOD(hasher_t, get_hash, void, if (rv != CKR_OK) { DBG1(DBG_CFG, "C_DigestInit() failed: %N", ck_rv_names, rv); - abort(); + this->mutex->unlock(this->mutex); + return FALSE; } } if (chunk.len) @@ -169,7 +175,8 @@ METHOD(hasher_t, get_hash, void, if (rv != CKR_OK) { DBG1(DBG_CFG, "C_DigestUpdate() failed: %N", ck_rv_names, rv); - abort(); + this->mutex->unlock(this->mutex); + return FALSE; } } if (hash) @@ -180,14 +187,20 @@ METHOD(hasher_t, get_hash, void, if (rv != CKR_OK) { DBG1(DBG_CFG, "C_DigestFinal() failed: %N", ck_rv_names, rv); - abort(); + this->mutex->unlock(this->mutex); + return FALSE; } } else { - save_state(this); + if (!save_state(this)) + { + this->mutex->unlock(this->mutex); + return FALSE; + } } this->mutex->unlock(this->mutex); + return TRUE; } METHOD(hasher_t, allocate_hash, void, diff --git a/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c b/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c index 9afd0d44d..a501423b1 100644 --- a/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c +++ b/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c @@ -293,12 +293,18 @@ static bool pbkdf1(hasher_t *hasher, chunk_t password, chunk_t salt, u_int64_t i; hash = chunk_alloca(hasher->get_hash_size(hasher)); - hasher->get_hash(hasher, password, NULL); - hasher->get_hash(hasher, salt, hash.ptr); + if (!hasher->get_hash(hasher, password, NULL) || + !hasher->get_hash(hasher, salt, hash.ptr)) + { + return FALSE; + } for (i = 1; i < iterations; i++) { - hasher->get_hash(hasher, hash, hash.ptr); + if (!hasher->get_hash(hasher, hash, hash.ptr)) + { + return FALSE; + } } memcpy(key.ptr, hash.ptr, key.len); diff --git a/src/libstrongswan/plugins/sha1/sha1_hasher.c b/src/libstrongswan/plugins/sha1/sha1_hasher.c index 4d69ad5a4..51d9674f3 100644 --- a/src/libstrongswan/plugins/sha1/sha1_hasher.c +++ b/src/libstrongswan/plugins/sha1/sha1_hasher.c @@ -187,7 +187,7 @@ METHOD(hasher_t, reset, void, this->count[1] = 0; } -METHOD(hasher_t, get_hash, void, +METHOD(hasher_t, get_hash, bool, private_sha1_hasher_t *this, chunk_t chunk, u_int8_t *buffer) { SHA1Update(this, chunk.ptr, chunk.len); @@ -196,6 +196,7 @@ METHOD(hasher_t, get_hash, void, SHA1Final(this, buffer); reset(this); } + return TRUE; } METHOD(hasher_t, allocate_hash, void, diff --git a/src/libstrongswan/plugins/sha2/sha2_hasher.c b/src/libstrongswan/plugins/sha2/sha2_hasher.c index 60fe4bd20..b21eba47c 100644 --- a/src/libstrongswan/plugins/sha2/sha2_hasher.c +++ b/src/libstrongswan/plugins/sha2/sha2_hasher.c @@ -460,7 +460,7 @@ METHOD(hasher_t, reset512, void, this->sha_bufCnt = 0; } -METHOD(hasher_t, get_hash224, void, +METHOD(hasher_t, get_hash224, bool, private_sha256_hasher_t *this, chunk_t chunk, u_int8_t *buffer) { sha256_write(this, chunk.ptr, chunk.len); @@ -470,9 +470,10 @@ METHOD(hasher_t, get_hash224, void, memcpy(buffer, this->sha_out, HASH_SIZE_SHA224); reset224(this); } + return TRUE; } -METHOD(hasher_t, get_hash256, void, +METHOD(hasher_t, get_hash256, bool, private_sha256_hasher_t *this, chunk_t chunk, u_int8_t *buffer) { sha256_write(this, chunk.ptr, chunk.len); @@ -482,9 +483,10 @@ METHOD(hasher_t, get_hash256, void, memcpy(buffer, this->sha_out, HASH_SIZE_SHA256); reset256(this); } + return TRUE; } -METHOD(hasher_t, get_hash384, void, +METHOD(hasher_t, get_hash384, bool, private_sha512_hasher_t *this, chunk_t chunk, u_int8_t *buffer) { sha512_write(this, chunk.ptr, chunk.len); @@ -494,9 +496,10 @@ METHOD(hasher_t, get_hash384, void, memcpy(buffer, this->sha_out, HASH_SIZE_SHA384); reset384(this); } + return TRUE; } -METHOD(hasher_t, get_hash512, void, +METHOD(hasher_t, get_hash512, bool, private_sha512_hasher_t *this, chunk_t chunk, u_int8_t *buffer) { sha512_write(this, chunk.ptr, chunk.len); @@ -506,6 +509,7 @@ METHOD(hasher_t, get_hash512, void, memcpy(buffer, this->sha_out, HASH_SIZE_SHA512); reset512(this); } + return TRUE; } METHOD(hasher_t, allocate_hash224, void, diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c index 074479478..65a868208 100644 --- a/src/libtls/tls_crypto.c +++ b/src/libtls/tls_crypto.c @@ -1210,20 +1210,20 @@ static bool hash_data(private_tls_crypto_t *this, chunk_t data, chunk_t *hash) char buf[HASH_SIZE_MD5 + HASH_SIZE_SHA1]; md5 = lib->crypto->create_hasher(lib->crypto, HASH_MD5); - if (!md5) + if (!md5 || !md5->get_hash(md5, data, buf)) { DBG1(DBG_TLS, "%N not supported", hash_algorithm_names, HASH_MD5); + DESTROY_IF(md5); return FALSE; } - md5->get_hash(md5, data, buf); md5->destroy(md5); sha1 = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); - if (!sha1) + if (!sha1 || !sha1->get_hash(sha1, data, buf + HASH_SIZE_MD5)) { DBG1(DBG_TLS, "%N not supported", hash_algorithm_names, HASH_SHA1); + DESTROY_IF(sha1); return FALSE; } - sha1->get_hash(sha1, data, buf + HASH_SIZE_MD5); sha1->destroy(sha1); *hash = chunk_clone(chunk_from_thing(buf)); diff --git a/src/manager/storage.c b/src/manager/storage.c index 5461a4288..6a8e76e5e 100644 --- a/src/manager/storage.c +++ b/src/manager/storage.c @@ -58,7 +58,11 @@ METHOD(storage_t, login, int, data = chunk_alloca(username_len + password_len); memcpy(data.ptr, username, username_len); memcpy(data.ptr + username_len, password, password_len); - hasher->get_hash(hasher, data, hash.ptr); + if (!hasher->get_hash(hasher, data, hash.ptr)) + { + hasher->destroy(hasher); + return 0; + } hasher->destroy(hasher); hex_str = chunk_to_hex(hash, NULL, FALSE); diff --git a/src/scepclient/scep.c b/src/scepclient/scep.c index d6cf5f2cc..8b2fd179a 100644 --- a/src/scepclient/scep.c +++ b/src/scepclient/scep.c @@ -131,7 +131,11 @@ chunk_t scep_generate_pkcs10_fingerprint(chunk_t pkcs10) hasher_t *hasher; hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5); - hasher->get_hash(hasher, pkcs10, digest.ptr); + if (!hasher || !hasher->get_hash(hasher, pkcs10, digest.ptr)) + { + DESTROY_IF(hasher); + return chunk_empty; + } hasher->destroy(hasher); return chunk_to_hex(digest, NULL, FALSE); @@ -157,8 +161,11 @@ void scep_generate_transaction_id(public_key_t *key, chunk_t *transID, asn1_bitstring("m", keyEncoding)); hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5); - hasher->get_hash(hasher, keyInfo, digest.ptr); - hasher->destroy(hasher); + if (!hasher || !hasher->get_hash(hasher, keyInfo, digest.ptr)) + { + memset(digest.ptr, 0, digest.len); + } + DESTROY_IF(hasher); free(keyInfo.ptr); /* is the most significant bit of the digest set? */ |