8 files changed, 39 insertions, 12 deletions

diff --git a/src/libcharon/encoding/payloads/ke_payload.c b/src/libcharon/encoding/payloads/ke_payload.c
index 7f3c4e400..c2599a682 100644
--- a/src/libcharon/encoding/payloads/ke_payload.c
+++ b/src/libcharon/encoding/payloads/ke_payload.c
@@ -320,9 +320,15 @@ ke_payload_t *ke_payload_create(payload_type_t type)
 ke_payload_t *ke_payload_create_from_diffie_hellman(payload_type_t type,
 													diffie_hellman_t *dh)
 {
-	private_ke_payload_t *this = (private_ke_payload_t*)ke_payload_create(type);
+	private_ke_payload_t *this;
+	chunk_t value;
 
-	dh->get_my_public_value(dh, &this->key_exchange_data);
+	if (!dh->get_my_public_value(dh, &value))
+	{
+		return NULL;
+	}
+	this = (private_ke_payload_t*)ke_payload_create(type);
+	this->key_exchange_data = value;
 	this->dh_group_number = dh->get_dh_group(dh);
 	this->payload_length += this->key_exchange_data.len;
 
diff --git a/src/libcharon/plugins/ha/ha_dispatcher.c b/src/libcharon/plugins/ha/ha_dispatcher.c
index abd08e2fe..31eeb934e 100644
--- a/src/libcharon/plugins/ha/ha_dispatcher.c
+++ b/src/libcharon/plugins/ha/ha_dispatcher.c
@@ -88,10 +88,11 @@ METHOD(diffie_hellman_t, dh_get_shared_secret, bool,
 	return TRUE;
 }
 
-METHOD(diffie_hellman_t, dh_get_my_public_value, void,
+METHOD(diffie_hellman_t, dh_get_my_public_value, bool,
 	ha_diffie_hellman_t *this, chunk_t *value)
 {
 	*value = chunk_clone(this->pub);
+	return TRUE;
 }
 
 METHOD(diffie_hellman_t, dh_destroy, void,
diff --git a/src/libcharon/plugins/ha/ha_ike.c b/src/libcharon/plugins/ha/ha_ike.c
index 815cb5389..6b4b53c9c 100644
--- a/src/libcharon/plugins/ha/ha_ike.c
+++ b/src/libcharon/plugins/ha/ha_ike.c
@@ -127,9 +127,11 @@ METHOD(listener_t, ike_keys, bool,
 	chunk_clear(&secret);
 	if (ike_sa->get_version(ike_sa) == IKEV1)
 	{
-		dh->get_my_public_value(dh, &secret);
-		m->add_attribute(m, HA_LOCAL_DH, secret);
-		chunk_free(&secret);
+		if (dh->get_my_public_value(dh, &secret))
+		{
+			m->add_attribute(m, HA_LOCAL_DH, secret);
+			chunk_free(&secret);
+		}
 		m->add_attribute(m, HA_REMOTE_DH, dh_other);
 		if (shared)
 		{
diff --git a/src/libcharon/plugins/load_tester/load_tester_diffie_hellman.c b/src/libcharon/plugins/load_tester/load_tester_diffie_hellman.c
index b248e78c5..faa586d17 100644
--- a/src/libcharon/plugins/load_tester/load_tester_diffie_hellman.c
+++ b/src/libcharon/plugins/load_tester/load_tester_diffie_hellman.c
@@ -15,10 +15,11 @@
 
 #include "load_tester_diffie_hellman.h"
 
-METHOD(diffie_hellman_t, get_my_public_value, void,
+METHOD(diffie_hellman_t, get_my_public_value, bool,
 	load_tester_diffie_hellman_t *this, chunk_t *value)
 {
 	*value = chunk_empty;
+	return TRUE;
 }
 
 METHOD(diffie_hellman_t, set_other_public_value, void,
diff --git a/src/libcharon/sa/ikev1/authenticators/psk_v1_authenticator.c b/src/libcharon/sa/ikev1/authenticators/psk_v1_authenticator.c
index aa966cd5f..bb187f07c 100644
--- a/src/libcharon/sa/ikev1/authenticators/psk_v1_authenticator.c
+++ b/src/libcharon/sa/ikev1/authenticators/psk_v1_authenticator.c
@@ -74,7 +74,10 @@ METHOD(authenticator_t, build, status_t,
 	keymat_v1_t *keymat;
 	chunk_t hash, dh;
 
-	this->dh->get_my_public_value(this->dh, &dh);
+	if (!this->dh->get_my_public_value(this->dh, &dh))
+	{
+		return FAILED;
+	}
 	keymat = (keymat_v1_t*)this->ike_sa->get_keymat(this->ike_sa);
 	if (!keymat->get_hash(keymat, this->initiator, dh, this->dh_value,
 					this->ike_sa->get_id(this->ike_sa), this->sa_payload,
@@ -108,7 +111,10 @@ METHOD(authenticator_t, process, status_t,
 		return FAILED;
 	}
 
-	this->dh->get_my_public_value(this->dh, &dh);
+	if (!this->dh->get_my_public_value(this->dh, &dh))
+	{
+		return FAILED;
+	}
 	keymat = (keymat_v1_t*)this->ike_sa->get_keymat(this->ike_sa);
 	if (!keymat->get_hash(keymat, !this->initiator, this->dh_value, dh,
 					this->ike_sa->get_id(this->ike_sa), this->sa_payload,
diff --git a/src/libcharon/sa/ikev1/authenticators/pubkey_v1_authenticator.c b/src/libcharon/sa/ikev1/authenticators/pubkey_v1_authenticator.c
index bfe5ff449..52228ef2e 100644
--- a/src/libcharon/sa/ikev1/authenticators/pubkey_v1_authenticator.c
+++ b/src/libcharon/sa/ikev1/authenticators/pubkey_v1_authenticator.c
@@ -94,7 +94,11 @@ METHOD(authenticator_t, build, status_t,
 		return NOT_FOUND;
 	}
 
-	this->dh->get_my_public_value(this->dh, &dh);
+	if (!this->dh->get_my_public_value(this->dh, &dh))
+	{
+		private->destroy(private);
+		return FAILED;
+	}
 	keymat = (keymat_v1_t*)this->ike_sa->get_keymat(this->ike_sa);
 	if (!keymat->get_hash(keymat, this->initiator, dh, this->dh_value,
 					this->ike_sa->get_id(this->ike_sa), this->sa_payload,
@@ -152,7 +156,10 @@ METHOD(authenticator_t, process, status_t,
 	}
 
 	id = this->ike_sa->get_other_id(this->ike_sa);
-	this->dh->get_my_public_value(this->dh, &dh);
+	if (!this->dh->get_my_public_value(this->dh, &dh))
+	{
+		return FAILED;
+	}
 	keymat = (keymat_v1_t*)this->ike_sa->get_keymat(this->ike_sa);
 	if (!keymat->get_hash(keymat, !this->initiator, this->dh_value, dh,
 					this->ike_sa->get_id(this->ike_sa), this->sa_payload,
diff --git a/src/libcharon/sa/ikev1/keymat_v1.c b/src/libcharon/sa/ikev1/keymat_v1.c
index b171adc1e..f5a91dbeb 100644
--- a/src/libcharon/sa/ikev1/keymat_v1.c
+++ b/src/libcharon/sa/ikev1/keymat_v1.c
@@ -560,7 +560,10 @@ METHOD(keymat_v1_t, derive_ike_keys, bool,
 		return FALSE;
 	}
 
-	dh->get_my_public_value(dh, &dh_me);
+	if (!dh->get_my_public_value(dh, &dh_me))
+	{
+		return FALSE;
+	}
 	g_xi = this->initiator ? dh_me : dh_other;
 	g_xr = this->initiator ? dh_other : dh_me;
 
diff --git a/src/libcharon/sa/ikev2/tasks/ike_init.c b/src/libcharon/sa/ikev2/tasks/ike_init.c
index 1f59296d9..09860c93a 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_init.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_init.c
@@ -584,6 +584,7 @@ METHOD(task_t, build_r, status_t,
 	}
 	if (!build_payloads(this, message))
 	{
+		message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty);
 		return FAILED;
 	}
 	return SUCCESS;