5 files changed, 26 insertions, 15 deletions

diff --git a/src/libcharon/plugins/eap_radius/eap_radius_dae.c b/src/libcharon/plugins/eap_radius/eap_radius_dae.c
index 80da99a0f..75b7b70a7 100644
--- a/src/libcharon/plugins/eap_radius/eap_radius_dae.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius_dae.c
@@ -184,11 +184,16 @@ static void send_response(private_eap_radius_dae_t *this,
 
 	response = radius_message_create(code);
 	response->set_identifier(response, request->get_identifier(request));
-	response->sign(response, request->get_authenticator(request),
-				   this->secret, this->hasher, this->signer, NULL, FALSE);
-
-	send_message(this, response, client);
-	save_retransmit(this, response, client);
+	if (response->sign(response, request->get_authenticator(request),
+					   this->secret, this->hasher, this->signer, NULL, FALSE))
+	{
+		send_message(this, response, client);
+		save_retransmit(this, response, client);
+	}
+	else
+	{
+		response->destroy(response);
+	}
 }
 
 /**
diff --git a/src/libcharon/plugins/tnc_pdp/tnc_pdp.c b/src/libcharon/plugins/tnc_pdp/tnc_pdp.c
index 7e2e667f9..691136430 100644
--- a/src/libcharon/plugins/tnc_pdp/tnc_pdp.c
+++ b/src/libcharon/plugins/tnc_pdp/tnc_pdp.c
@@ -293,12 +293,13 @@ static void send_response(private_tnc_pdp_t *this, radius_message_t *request,
 		chunk_free(&data);
 	}
 	response->set_identifier(response, request->get_identifier(request));
-	response->sign(response, request->get_authenticator(request),
-				   this->secret, this->hasher, this->signer, NULL, TRUE);
-
-	DBG1(DBG_CFG, "sending RADIUS %N to client '%H'", radius_message_code_names,
-		 code, client);
-	send_message(this, response, client);
+	if (response->sign(response, request->get_authenticator(request),
+					   this->secret, this->hasher, this->signer, NULL, TRUE))
+	{
+		DBG1(DBG_CFG, "sending RADIUS %N to client '%H'",
+			 radius_message_code_names, code, client);
+		send_message(this, response, client);
+	}
 	response->destroy(response);
 }
 
diff --git a/src/libradius/radius_message.c b/src/libradius/radius_message.c
index 17fa7357b..6291244d0 100644
--- a/src/libradius/radius_message.c
+++ b/src/libradius/radius_message.c
@@ -286,7 +286,7 @@ METHOD(radius_message_t, add, void,
 	this->msg->length = htons(ntohs(this->msg->length) + attribute->length);
 }
 
-METHOD(radius_message_t, sign, void,
+METHOD(radius_message_t, sign, bool,
 	private_radius_message_t *this, u_int8_t *req_auth, chunk_t secret,
 	hasher_t *hasher, signer_t *signer, rng_t *rng, bool msg_auth)
 {
@@ -329,6 +329,7 @@ METHOD(radius_message_t, sign, void,
 		hasher->get_hash(hasher, msg, NULL);
 		hasher->get_hash(hasher, secret, this->msg->authenticator);
 	}
+	return TRUE;
 }
 
 METHOD(radius_message_t, verify, bool,
diff --git a/src/libradius/radius_message.h b/src/libradius/radius_message.h
index 6d0df53c3..f9c57c5ef 100644
--- a/src/libradius/radius_message.h
+++ b/src/libradius/radius_message.h
@@ -257,8 +257,9 @@ struct radius_message_t {
 	 * @param hasher		MD5 hasher
 	 * @param rng			RNG to create Request-Authenticator, NULL to omit
 	 * @param msg_auth		calculate and add Message-Authenticator
+	 * @return				TRUE if signed successfully
 	 */
-	void (*sign)(radius_message_t *this, u_int8_t *req_auth, chunk_t secret,
+	bool (*sign)(radius_message_t *this, u_int8_t *req_auth, chunk_t secret,
 				 hasher_t *hasher, signer_t *signer, rng_t *rng, bool msg_auth);
 
 	/**
diff --git a/src/libradius/radius_socket.c b/src/libradius/radius_socket.c
index 048c8814e..143f99e00 100644
--- a/src/libradius/radius_socket.c
+++ b/src/libradius/radius_socket.c
@@ -148,8 +148,11 @@ METHOD(radius_socket_t, request, radius_message_t*,
 	/* set Message Identifier */
 	request->set_identifier(request, this->identifier++);
 	/* sign the request */
-	request->sign(request, NULL, this->secret, this->hasher, this->signer,
-						   rng, rng != NULL);
+	if (!request->sign(request, NULL, this->secret, this->hasher, this->signer,
+					   rng, rng != NULL))
+	{
+		return NULL;
+	}
 
 	if (!check_connection(this, fd, port))
 	{