diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/libcharon/sa/ikev1/keymat_v1.c | 10 | ||||
-rw-r--r-- | src/libcharon/sa/ikev2/keymat_v2.c | 10 | ||||
-rw-r--r-- | src/libstrongswan/crypto/prf_plus.h | 2 |
3 files changed, 21 insertions, 1 deletions
diff --git a/src/libcharon/sa/ikev1/keymat_v1.c b/src/libcharon/sa/ikev1/keymat_v1.c index 3cc944c1d..77f0a5651 100644 --- a/src/libcharon/sa/ikev1/keymat_v1.c +++ b/src/libcharon/sa/ikev1/keymat_v1.c @@ -614,6 +614,11 @@ METHOD(keymat_v1_t, derive_child_keys, bool, DBG4(DBG_CHD, "initiator SA seed %B", &seed); prf_plus = prf_plus_create(this->prf, FALSE, seed); + if (!prf_plus) + { + chunk_clear(&secret); + return FALSE; + } if (!prf_plus->allocate_bytes(prf_plus, enc_size, encr_i) || !prf_plus->allocate_bytes(prf_plus, int_size, integ_i)) { @@ -627,6 +632,11 @@ METHOD(keymat_v1_t, derive_child_keys, bool, chunk_from_thing(spi_i), nonce_i, nonce_r); DBG4(DBG_CHD, "responder SA seed %B", &seed); prf_plus = prf_plus_create(this->prf, FALSE, seed); + if (!prf_plus) + { + chunk_clear(&secret); + return FALSE; + } if (!prf_plus->allocate_bytes(prf_plus, enc_size, encr_r) || !prf_plus->allocate_bytes(prf_plus, int_size, integ_r)) { diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c index 55af8f1ec..3e36b098f 100644 --- a/src/libcharon/sa/ikev2/keymat_v2.c +++ b/src/libcharon/sa/ikev2/keymat_v2.c @@ -355,6 +355,12 @@ METHOD(keymat_v2_t, derive_ike_keys, bool, chunk_free(&fixed_nonce); chunk_clear(&prf_plus_seed); + if (!prf_plus) + { + DESTROY_IF(rekey_prf); + return FALSE; + } + /* KEYMAT = SK_d | SK_ai | SK_ar | SK_ei | SK_er | SK_pi | SK_pr */ /* SK_d is used for generating CHILD_SA key mat => store for later use */ @@ -528,6 +534,10 @@ METHOD(keymat_v2_t, derive_child_keys, bool, this->prf->set_key(this->prf, this->skd); prf_plus = prf_plus_create(this->prf, TRUE, seed); + if (!prf_plus) + { + return FALSE; + } if (!prf_plus->allocate_bytes(prf_plus, enc_size, encr_i) || !prf_plus->allocate_bytes(prf_plus, int_size, integ_i) || diff --git a/src/libstrongswan/crypto/prf_plus.h b/src/libstrongswan/crypto/prf_plus.h index 1f668edf2..92f5dd76d 100644 --- a/src/libstrongswan/crypto/prf_plus.h +++ b/src/libstrongswan/crypto/prf_plus.h @@ -63,7 +63,7 @@ struct prf_plus_t { * @param prf prf object to use, must be destroyd after prf+. * @param counter use an appending counter byte (for IKEv2 variant) * @param seed input seed for prf - * @return prf_plus_t object + * @return prf_plus_t object, NULL on failure */ prf_plus_t *prf_plus_create(prf_t *prf, bool counter, chunk_t seed); |