aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/crypto
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan/crypto')
-rw-r--r--src/libstrongswan/crypto/aead.c20
-rw-r--r--src/libstrongswan/crypto/crypto_tester.c23
-rw-r--r--src/libstrongswan/crypto/signers/mac_signer.c3
-rw-r--r--src/libstrongswan/crypto/signers/signer.h4
4 files changed, 37 insertions, 13 deletions
diff --git a/src/libstrongswan/crypto/aead.c b/src/libstrongswan/crypto/aead.c
index ede2a8132..9ef4f34f3 100644
--- a/src/libstrongswan/crypto/aead.c
+++ b/src/libstrongswan/crypto/aead.c
@@ -46,8 +46,11 @@ METHOD(aead_t, encrypt, bool,
{
chunk_t encr, sig;
- this->signer->get_signature(this->signer, assoc, NULL);
- this->signer->get_signature(this->signer, iv, NULL);
+ if (!this->signer->get_signature(this->signer, assoc, NULL) ||
+ !this->signer->get_signature(this->signer, iv, NULL))
+ {
+ return FALSE;
+ }
if (encrypted)
{
@@ -61,7 +64,11 @@ METHOD(aead_t, encrypt, bool,
else
{
this->crypter->encrypt(this->crypter, plain, iv, NULL);
- this->signer->get_signature(this->signer, plain, plain.ptr + plain.len);
+ if (!this->signer->get_signature(this->signer,
+ plain, plain.ptr + plain.len))
+ {
+ return FALSE;
+ }
}
return TRUE;
}
@@ -84,8 +91,11 @@ METHOD(aead_t, decrypt, bool,
chunk_split(encrypted, "mm", encrypted.len - sig.len,
&encrypted, sig.len, &sig);
- this->signer->get_signature(this->signer, assoc, NULL);
- this->signer->get_signature(this->signer, iv, NULL);
+ if (!this->signer->get_signature(this->signer, assoc, NULL) ||
+ !this->signer->get_signature(this->signer, iv, NULL))
+ {
+ return FALSE;
+ }
if (!this->signer->verify_signature(this->signer, encrypted, sig))
{
DBG1(DBG_LIB, "MAC verification failed");
diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c
index 73be38484..756aa71f8 100644
--- a/src/libstrongswan/crypto/crypto_tester.c
+++ b/src/libstrongswan/crypto/crypto_tester.c
@@ -497,10 +497,14 @@ static u_int bench_signer(private_crypto_tester_t *this,
start_timing(&start);
while (end_timing(&start) < this->bench_time)
{
- signer->get_signature(signer, buf, mac);
- runs++;
- signer->verify_signature(signer, buf, chunk_from_thing(mac));
- runs++;
+ if (signer->get_signature(signer, buf, mac))
+ {
+ runs++;
+ }
+ if (signer->verify_signature(signer, buf, chunk_from_thing(mac)))
+ {
+ runs++;
+ }
}
free(buf.ptr);
signer->destroy(signer);
@@ -561,7 +565,10 @@ METHOD(crypto_tester_t, test_signer, bool,
}
/* signature to existing buffer */
memset(mac.ptr, 0, mac.len);
- signer->get_signature(signer, data, mac.ptr);
+ if (!signer->get_signature(signer, data, mac.ptr))
+ {
+ failed = TRUE;
+ }
if (!memeq(vector->mac, mac.ptr, mac.len))
{
failed = TRUE;
@@ -585,7 +592,11 @@ METHOD(crypto_tester_t, test_signer, bool,
{
failed = TRUE;
}
- signer->get_signature(signer, chunk_create(data.ptr + 1, 1), NULL);
+ if (!signer->get_signature(signer,
+ chunk_create(data.ptr + 1, 1), NULL))
+ {
+ failed = TRUE;
+ }
if (!signer->verify_signature(signer, chunk_skip(data, 2),
chunk_create(vector->mac, mac.len)))
{
diff --git a/src/libstrongswan/crypto/signers/mac_signer.c b/src/libstrongswan/crypto/signers/mac_signer.c
index 05009debb..ef85860b4 100644
--- a/src/libstrongswan/crypto/signers/mac_signer.c
+++ b/src/libstrongswan/crypto/signers/mac_signer.c
@@ -40,7 +40,7 @@ struct private_signer_t {
size_t truncation;
};
-METHOD(signer_t, get_signature, void,
+METHOD(signer_t, get_signature, bool,
private_signer_t *this, chunk_t data, u_int8_t *buffer)
{
if (buffer == NULL)
@@ -54,6 +54,7 @@ METHOD(signer_t, get_signature, void,
this->mac->get_mac(this->mac, data, mac);
memcpy(buffer, mac, this->truncation);
}
+ return TRUE;
}
METHOD(signer_t, allocate_signature, bool,
diff --git a/src/libstrongswan/crypto/signers/signer.h b/src/libstrongswan/crypto/signers/signer.h
index 14b65ca0d..af1820907 100644
--- a/src/libstrongswan/crypto/signers/signer.h
+++ b/src/libstrongswan/crypto/signers/signer.h
@@ -91,8 +91,10 @@ struct signer_t {
*
* @param data a chunk containing the data to sign
* @param buffer pointer where the signature will be written
+ * @return TRUE if signature created successfully
*/
- void (*get_signature) (signer_t *this, chunk_t data, u_int8_t *buffer);
+ __attribute__((warn_unused_result))
+ bool (*get_signature) (signer_t *this, chunk_t data, u_int8_t *buffer);
/**
* Generate a signature and allocate space for it.
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-29 21:23:40 +0000