Add a return value to signer_t.set_key()
authorMartin Willi <martin@revosec.ch>
Fri, 6 Jul 2012 07:33:10 +0000 (09:33 +0200)
committerMartin Willi <martin@revosec.ch>
Mon, 16 Jul 2012 12:53:33 +0000 (14:53 +0200)
src/libcharon/plugins/eap_radius/eap_radius_dae.c
src/libcharon/sa/ikev2/keymat_v2.c
src/libradius/radius_socket.c
src/libsimaka/simaka_crypto.c
src/libstrongswan/crypto/aead.c
src/libstrongswan/crypto/crypto_tester.c
src/libstrongswan/crypto/signers/mac_signer.c
src/libstrongswan/crypto/signers/signer.h
src/libstrongswan/plugins/af_alg/af_alg_signer.c
src/libtls/tls_crypto.c

index 75b7b70..2ea2b05 100644 (file)
@@ -526,9 +526,8 @@ eap_radius_dae_t *eap_radius_dae_create(eap_radius_accounting_t *accounting)
                return NULL;
        }
        this->secret.len = strlen(this->secret.ptr);
-       this->signer->set_key(this->signer, this->secret);
-
-       if (!open_socket(this))
+       if (!this->signer->set_key(this->signer, this->secret) ||
+               !open_socket(this))
        {
                destroy(this);
                return NULL;
index 2275aad..be047d7 100644 (file)
@@ -166,12 +166,24 @@ static bool derive_ike_traditional(private_keymat_v2_t *this, u_int16_t enc_alg,
 
        prf_plus->allocate_bytes(prf_plus, key_size, &key);
        DBG4(DBG_IKE, "Sk_ai secret %B", &key);
-       signer_i->set_key(signer_i, key);
+       if (!signer_i->set_key(signer_i, key))
+       {
+               signer_i->destroy(signer_i);
+               signer_r->destroy(signer_r);
+               chunk_clear(&key);
+               return FALSE;
+       }
        chunk_clear(&key);
 
        prf_plus->allocate_bytes(prf_plus, key_size, &key);
        DBG4(DBG_IKE, "Sk_ar secret %B", &key);
-       signer_r->set_key(signer_r, key);
+       if (!signer_r->set_key(signer_r, key))
+       {
+               signer_i->destroy(signer_i);
+               signer_r->destroy(signer_r);
+               chunk_clear(&key);
+               return FALSE;
+       }
        chunk_clear(&key);
 
        /* SK_ei/SK_er used for encryption */
index 143f99e..3113fff 100644 (file)
@@ -361,14 +361,14 @@ radius_socket_t *radius_socket_create(char *address, u_int16_t auth_port,
                .rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK),
        );
 
-       if (!this->hasher || !this->signer || !this->rng)
+       if (!this->hasher || !this->signer || !this->rng ||
+               !this->signer->set_key(this->signer, secret))
        {
                DBG1(DBG_CFG, "RADIUS initialization failed, HMAC/MD5/RNG required");
                destroy(this);
                return NULL;
        }
        this->secret = secret;
-       this->signer->set_key(this->signer, secret);
        /* we use a random identifier, helps if we restart often */
        this->identifier = random();
 
index f6b177d..0a92cb3 100644 (file)
@@ -140,7 +140,11 @@ METHOD(simaka_crypto_t, derive_keys_full, bool,
        k_auth = chunk_create(str.ptr + KENCR_LEN, KAUTH_LEN);
        DBG3(DBG_LIB, "K_encr %B\nK_auth %B\nMSK %B", &k_encr, &k_auth, &msk);
 
-       this->signer->set_key(this->signer, k_auth);
+       if (!this->signer->set_key(this->signer, k_auth))
+       {
+               chunk_clear(mk);
+               return FALSE;
+       }
        this->crypter->set_key(this->crypter, k_encr);
 
        *msk = chunk_create(str.ptr + KENCR_LEN + KAUTH_LEN, MSK_LEN);
@@ -168,7 +172,10 @@ METHOD(simaka_crypto_t, derive_keys_reauth, bool,
        k_auth = chunk_create(str.ptr + KENCR_LEN, KAUTH_LEN);
        DBG3(DBG_LIB, "K_encr %B\nK_auth %B", &k_encr, &k_auth);
 
-       this->signer->set_key(this->signer, k_auth);
+       if (!this->signer->set_key(this->signer, k_auth))
+       {
+               return FALSE;
+       }
        this->crypter->set_key(this->crypter, k_encr);
 
        call_hook(this, k_encr, k_auth);
index 9ef4f34..4afdf21 100644 (file)
@@ -138,7 +138,10 @@ METHOD(aead_t, set_key, bool,
        chunk_split(key, "mm", this->signer->get_key_size(this->signer), &sig,
                                this->crypter->get_key_size(this->crypter), &enc);
 
-       this->signer->set_key(this->signer, sig);
+       if (!this->signer->set_key(this->signer, sig))
+       {
+               return FALSE;
+       }
        this->crypter->set_key(this->crypter, enc);
 
        return TRUE;
index 756aa71..b978553 100644 (file)
@@ -488,7 +488,10 @@ static u_int bench_signer(private_crypto_tester_t *this,
                u_int runs;
 
                memset(key, 0x12, sizeof(key));
-               signer->set_key(signer, chunk_from_thing(key));
+               if (!signer->set_key(signer, chunk_from_thing(key)))
+               {
+                       return 0;
+               }
 
                buf = chunk_alloc(this->bench_size);
                memset(buf.ptr, 0x34, buf.len);
@@ -547,8 +550,10 @@ METHOD(crypto_tester_t, test_signer, bool,
                failed = FALSE;
 
                key = chunk_create(vector->key, signer->get_key_size(signer));
-               signer->set_key(signer, key);
-
+               if (!signer->set_key(signer, key))
+               {
+                       failed = TRUE;
+               }
                /* allocated signature */
                data = chunk_create(vector->data, vector->len);
                if (!signer->allocate_signature(signer, data, &mac))
index ef85860..36415e9 100644 (file)
@@ -101,10 +101,11 @@ METHOD(signer_t, get_block_size, size_t,
        return this->truncation;
 }
 
-METHOD(signer_t, set_key, void,
+METHOD(signer_t, set_key, bool,
        private_signer_t *this, chunk_t key)
 {
        this->mac->set_key(this->mac, key);
+       return TRUE;
 }
 
 METHOD(signer_t, destroy, void,
index af18209..812a674 100644 (file)
@@ -140,8 +140,10 @@ struct signer_t {
         * Set the key for this object.
         *
         * @param key           key to set
+        * @return                      TRUE if key set
         */
-       void (*set_key) (signer_t *this, chunk_t key);
+       __attribute__((warn_unused_result))
+       bool (*set_key) (signer_t *this, chunk_t key);
 
        /**
         * Destroys a signer_t object.
index 83d0e6f..9d32b49 100644 (file)
@@ -153,10 +153,11 @@ METHOD(signer_t, get_block_size, size_t,
        return this->block_size;
 }
 
-METHOD(signer_t, set_key, void,
+METHOD(signer_t, set_key, bool,
        private_af_alg_signer_t *this, chunk_t key)
 {
        this->ops->set_key(this->ops, key);
+       return TRUE;
 }
 
 METHOD(signer_t, destroy, void,
index 61632e7..b8df3de 100644 (file)
@@ -1522,13 +1522,19 @@ static bool expand_keys(private_tls_crypto_t *this,
        block = chunk_skip(block, mks);
        if (this->tls->is_server(this->tls))
        {
-               this->signer_in->set_key(this->signer_in, client_write);
-               this->signer_out->set_key(this->signer_out, server_write);
+               if (!this->signer_in->set_key(this->signer_in, client_write) ||
+                       !this->signer_out->set_key(this->signer_out, server_write))
+               {
+                       return FALSE;
+               }
        }
        else
        {
-               this->signer_out->set_key(this->signer_out, client_write);
-               this->signer_in->set_key(this->signer_in, server_write);
+               if (!this->signer_out->set_key(this->signer_out, client_write) ||
+                       !this->signer_in->set_key(this->signer_in, server_write))
+               {
+                       return FALSE;
+               }
        }
 
        /* crypter keys, and IVs if < TLSv1.2 */