3 files changed, 29 insertions, 31 deletions

diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c
index 63114c93d..1aef7c243 100644
--- a/src/libcharon/encoding/message.c
+++ b/src/libcharon/encoding/message.c
@@ -1455,8 +1455,7 @@ METHOD(message_t, generate, status_t,
 	if (keymat && keymat->get_version(keymat) == IKEV1)
 	{
 		/* get a hash for this message, if any is required */
-		hash = keymat_v1->get_hash_phase2(keymat_v1, &this->public);
-		if (hash.ptr)
+		if (keymat_v1->get_hash_phase2(keymat_v1, &this->public, &hash))
 		{	/* insert a HASH payload as first payload */
 			hash_payload_t *hash_payload;
 
@@ -2003,8 +2002,7 @@ METHOD(message_t, parse_body, status_t,
 		keymat_v1_t *keymat_v1 = (keymat_v1_t*)keymat;
 		chunk_t hash;
 
-		hash = keymat_v1->get_hash_phase2(keymat_v1, &this->public);
-		if (hash.ptr)
+		if (keymat_v1->get_hash_phase2(keymat_v1, &this->public, &hash))
 		{
 			hash_payload_t *hash_payload;
 			chunk_t other_hash;
diff --git a/src/libcharon/sa/ikev1/keymat_v1.c b/src/libcharon/sa/ikev1/keymat_v1.c
index f543a0356..d5e9ee0f1 100644
--- a/src/libcharon/sa/ikev1/keymat_v1.c
+++ b/src/libcharon/sa/ikev1/keymat_v1.c
@@ -827,19 +827,22 @@ static qm_data_t *lookup_quick_mode(private_keymat_v1_t *this, u_int32_t mid)
 	return found;
 }
 
-METHOD(keymat_v1_t, get_hash_phase2, chunk_t,
-	private_keymat_v1_t *this, message_t *message)
+METHOD(keymat_v1_t, get_hash_phase2, bool,
+	private_keymat_v1_t *this, message_t *message, chunk_t *hash)
 {
-	u_int32_t mid = message->get_message_id(message), mid_n = htonl(mid);
-	chunk_t data = chunk_empty, hash = chunk_empty;
+	u_int32_t mid, mid_n;
+	chunk_t data = chunk_empty;
 	bool add_message = TRUE;
 	char *name = "Hash";
 
 	if (!this->prf)
 	{	/* no keys derived yet */
-		return hash;
+		return FALSE;
 	}
 
+	mid = message->get_message_id(message);
+	mid_n = htonl(mid);
+
 	/* Hashes are simple for most exchanges in Phase 2:
 	 *   Hash = prf(SKEYID_a, M-ID | Complete message after HASH payload)
 	 * For Quick Mode there are three hashes:
@@ -858,7 +861,7 @@ METHOD(keymat_v1_t, get_hash_phase2, chunk_t,
 				name = "Hash(1)";
 				if (!get_nonce(message, &qm->n_i))
 				{
-					return hash;
+					return FALSE;
 				}
 				data = chunk_from_thing(mid_n);
 			}
@@ -867,7 +870,7 @@ METHOD(keymat_v1_t, get_hash_phase2, chunk_t,
 				name = "Hash(2)";
 				if (!get_nonce(message, &qm->n_r))
 				{
-					return hash;
+					return FALSE;
 				}
 				data = chunk_cata("cc", chunk_from_thing(mid_n), qm->n_i);
 			}
@@ -889,26 +892,23 @@ METHOD(keymat_v1_t, get_hash_phase2, chunk_t,
 			data = chunk_from_thing(mid_n);
 			break;
 		default:
-			break;
+			return FALSE;
 	}
-	if (data.ptr)
+	this->prf->set_key(this->prf, this->skeyid_a);
+	if (add_message)
 	{
-		this->prf->set_key(this->prf, this->skeyid_a);
-		if (add_message)
-		{
-			generator_t *generator = generator_create_no_dbg();
-			chunk_t msg = get_message_data(message, generator);
-			this->prf->allocate_bytes(this->prf, data, NULL);
-			this->prf->allocate_bytes(this->prf, msg, &hash);
-			generator->destroy(generator);
-		}
-		else
-		{
-			this->prf->allocate_bytes(this->prf, data, &hash);
-		}
-		DBG3(DBG_IKE, "%s %B", name, &hash);
+		generator_t *generator = generator_create_no_dbg();
+		chunk_t msg = get_message_data(message, generator);
+		this->prf->allocate_bytes(this->prf, data, NULL);
+		this->prf->allocate_bytes(this->prf, msg, hash);
+		generator->destroy(generator);
+	}
+	else
+	{
+		this->prf->allocate_bytes(this->prf, data, hash);
 	}
-	return hash;
+	DBG3(DBG_IKE, "%s %B", name, hash);
+	return TRUE;
 }
 
 /**
diff --git a/src/libcharon/sa/ikev1/keymat_v1.h b/src/libcharon/sa/ikev1/keymat_v1.h
index 77aff88ec..8acbf582f 100644
--- a/src/libcharon/sa/ikev1/keymat_v1.h
+++ b/src/libcharon/sa/ikev1/keymat_v1.h
@@ -112,10 +112,10 @@ struct keymat_v1_t {
 	 * Get HASH data for integrity/authentication in Phase 2 exchanges.
 	 *
 	 * @param message		message to generate the HASH data for
-	 * @return				allocated HASH data
+	 * @param hash			chunk receiving allocated hash data
+	 * @return				TRUE if hash allocated successfully
 	 */
-	chunk_t (*get_hash_phase2)(keymat_v1_t *this, message_t *message);
-
+	bool (*get_hash_phase2)(keymat_v1_t *this, message_t *message, chunk_t *hash);
 
 	/**
 	 * Returns the IV for a message with the given message ID.