Add a return value to signer_t.get_signature()
authorMartin Willi <martin@revosec.ch>
Thu, 5 Jul 2012 16:21:58 +0000 (18:21 +0200)
committerMartin Willi <martin@revosec.ch>
Mon, 16 Jul 2012 12:53:33 +0000 (14:53 +0200)
src/libradius/radius_message.c
src/libsimaka/simaka_message.c
src/libstrongswan/crypto/aead.c
src/libstrongswan/crypto/crypto_tester.c
src/libstrongswan/crypto/signers/mac_signer.c
src/libstrongswan/crypto/signers/signer.h
src/libstrongswan/plugins/af_alg/af_alg_signer.c
src/libtls/tls_protection.c

index 6291244..a09729c 100644 (file)
@@ -315,9 +315,12 @@ METHOD(radius_message_t, sign, bool,
                /* build Message-Authenticator attribute, using 16 null bytes */
                memset(buf, 0, sizeof(buf));
                add(this, RAT_MESSAGE_AUTHENTICATOR, chunk_create(buf, sizeof(buf)));
-               signer->get_signature(signer,
+               if (!signer->get_signature(signer,
                                chunk_create((u_char*)this->msg, ntohs(this->msg->length)),
-                               ((u_char*)this->msg) + ntohs(this->msg->length) - HASH_SIZE_MD5);
+                               ((u_char*)this->msg) + ntohs(this->msg->length) - HASH_SIZE_MD5))
+               {
+                       return FALSE;
+               }
        }
 
        if (!rng)
index 745f4d7..50bd8b5 100644 (file)
@@ -822,7 +822,10 @@ METHOD(simaka_message_t, generate, bool,
        if (mac.len)
        {
                data = chunk_cata("cc", out, sigdata);
-               signer->get_signature(signer, data, mac.ptr);
+               if (!signer->get_signature(signer, data, mac.ptr))
+               {
+                       return FALSE;
+               }
        }
 
        call_hook(this, FALSE, FALSE);
index ede2a81..9ef4f34 100644 (file)
@@ -46,8 +46,11 @@ METHOD(aead_t, encrypt, bool,
 {
        chunk_t encr, sig;
 
-       this->signer->get_signature(this->signer, assoc, NULL);
-       this->signer->get_signature(this->signer, iv, NULL);
+       if (!this->signer->get_signature(this->signer, assoc, NULL) ||
+               !this->signer->get_signature(this->signer, iv, NULL))
+       {
+               return FALSE;
+       }
 
        if (encrypted)
        {
@@ -61,7 +64,11 @@ METHOD(aead_t, encrypt, bool,
        else
        {
                this->crypter->encrypt(this->crypter, plain, iv, NULL);
-               this->signer->get_signature(this->signer, plain, plain.ptr + plain.len);
+               if (!this->signer->get_signature(this->signer,
+                                                                                plain, plain.ptr + plain.len))
+               {
+                       return FALSE;
+               }
        }
        return TRUE;
 }
@@ -84,8 +91,11 @@ METHOD(aead_t, decrypt, bool,
        chunk_split(encrypted, "mm", encrypted.len - sig.len,
                                &encrypted, sig.len, &sig);
 
-       this->signer->get_signature(this->signer, assoc, NULL);
-       this->signer->get_signature(this->signer, iv, NULL);
+       if (!this->signer->get_signature(this->signer, assoc, NULL) ||
+               !this->signer->get_signature(this->signer, iv, NULL))
+       {
+               return FALSE;
+       }
        if (!this->signer->verify_signature(this->signer, encrypted, sig))
        {
                DBG1(DBG_LIB, "MAC verification failed");
index 73be384..756aa71 100644 (file)
@@ -497,10 +497,14 @@ static u_int bench_signer(private_crypto_tester_t *this,
                start_timing(&start);
                while (end_timing(&start) < this->bench_time)
                {
-                       signer->get_signature(signer, buf, mac);
-                       runs++;
-                       signer->verify_signature(signer, buf, chunk_from_thing(mac));
-                       runs++;
+                       if (signer->get_signature(signer, buf, mac))
+                       {
+                               runs++;
+                       }
+                       if (signer->verify_signature(signer, buf, chunk_from_thing(mac)))
+                       {
+                               runs++;
+                       }
                }
                free(buf.ptr);
                signer->destroy(signer);
@@ -561,7 +565,10 @@ METHOD(crypto_tester_t, test_signer, bool,
                }
                /* signature to existing buffer */
                memset(mac.ptr, 0, mac.len);
-               signer->get_signature(signer, data, mac.ptr);
+               if (!signer->get_signature(signer, data, mac.ptr))
+               {
+                       failed = TRUE;
+               }
                if (!memeq(vector->mac, mac.ptr, mac.len))
                {
                        failed = TRUE;
@@ -585,7 +592,11 @@ METHOD(crypto_tester_t, test_signer, bool,
                        {
                                failed = TRUE;
                        }
-                       signer->get_signature(signer, chunk_create(data.ptr + 1, 1), NULL);
+                       if (!signer->get_signature(signer,
+                                                                          chunk_create(data.ptr + 1, 1), NULL))
+                       {
+                               failed = TRUE;
+                       }
                        if (!signer->verify_signature(signer, chunk_skip(data, 2),
                                                                                  chunk_create(vector->mac, mac.len)))
                        {
index 05009de..ef85860 100644 (file)
@@ -40,7 +40,7 @@ struct private_signer_t {
        size_t truncation;
 };
 
-METHOD(signer_t, get_signature, void,
+METHOD(signer_t, get_signature, bool,
        private_signer_t *this, chunk_t data, u_int8_t *buffer)
 {
        if (buffer == NULL)
@@ -54,6 +54,7 @@ METHOD(signer_t, get_signature, void,
                this->mac->get_mac(this->mac, data, mac);
                memcpy(buffer, mac, this->truncation);
        }
+       return TRUE;
 }
 
 METHOD(signer_t, allocate_signature, bool,
index 14b65ca..af18209 100644 (file)
@@ -91,8 +91,10 @@ struct signer_t {
         *
         * @param data          a chunk containing the data to sign
         * @param buffer        pointer where the signature will be written
+        * @return                      TRUE if signature created successfully
         */
-       void (*get_signature) (signer_t *this, chunk_t data, u_int8_t *buffer);
+       __attribute__((warn_unused_result))
+       bool (*get_signature) (signer_t *this, chunk_t data, u_int8_t *buffer);
 
        /**
         * Generate a signature and allocate space for it.
index 103baa6..83d0e6f 100644 (file)
@@ -107,10 +107,11 @@ static size_t lookup_alg(integrity_algorithm_t algo, char **name,
        return 0;
 }
 
-METHOD(signer_t, get_signature, void,
+METHOD(signer_t, get_signature, bool,
        private_af_alg_signer_t *this, chunk_t data, u_int8_t *buffer)
 {
        this->ops->hash(this->ops, data, buffer, this->block_size);
+       return TRUE;
 }
 
 METHOD(signer_t, allocate_signature, bool,
@@ -119,13 +120,9 @@ METHOD(signer_t, allocate_signature, bool,
        if (chunk)
        {
                *chunk = chunk_alloc(this->block_size);
-               get_signature(this, data, chunk->ptr);
-       }
-       else
-       {
-               get_signature(this, data, NULL);
+               return get_signature(this, data, chunk->ptr);
        }
-       return TRUE;
+       return get_signature(this, data, NULL);
 }
 
 METHOD(signer_t, verify_signature, bool,
@@ -137,7 +134,10 @@ METHOD(signer_t, verify_signature, bool,
        {
                return FALSE;
        }
-       get_signature(this, data, sig);
+       if (!get_signature(this, data, sig))
+       {
+               return FALSE;
+       }
        return memeq(signature.ptr, sig, signature.len);
 }
 
index c81c0ba..7120ca8 100644 (file)
@@ -93,7 +93,7 @@ struct private_tls_protection_t {
 /**
  * Create the header and feed it into a signer for MAC verification
  */
-static void sigheader(signer_t *signer, u_int32_t seq, u_int8_t type,
+static bool sigheader(signer_t *signer, u_int32_t seq, u_int8_t type,
                                          u_int16_t version, u_int16_t length)
 {
        /* we only support 32 bit sequence numbers, but TLS uses 64 bit */
@@ -110,7 +110,7 @@ static void sigheader(signer_t *signer, u_int32_t seq, u_int8_t type,
        htoun16(&header.version, version);
        htoun16(&header.length, length);
 
-       signer->get_signature(signer, chunk_from_thing(header), NULL);
+       return signer->get_signature(signer, chunk_from_thing(header), NULL);
 }
 
 METHOD(tls_protection_t, process, status_t,
@@ -180,8 +180,9 @@ METHOD(tls_protection_t, process, status_t,
                mac = chunk_skip(data, data.len - bs);
                data.len -= bs;
 
-               sigheader(this->signer_in, this->seq_in, type, this->version, data.len);
-               if (!this->signer_in->verify_signature(this->signer_in, data, mac))
+               if (!sigheader(this->signer_in, this->seq_in, type,
+                                          this->version, data.len) ||
+                       !this->signer_in->verify_signature(this->signer_in, data, mac))
                {
                        DBG1(DBG_TLS, "TLS record MAC verification failed");
                        this->alert->add(this->alert, TLS_FATAL, TLS_BAD_RECORD_MAC);
@@ -218,10 +219,10 @@ METHOD(tls_protection_t, build, status_t,
                {
                        chunk_t mac;
 
-                       sigheader(this->signer_out, this->seq_out, *type,
-                                         this->version, data->len);
-                       if (!this->signer_out->allocate_signature(this->signer_out,
-                                                                                                         *data, &mac))
+                       if (!sigheader(this->signer_out, this->seq_out, *type,
+                                                  this->version, data->len) ||
+                               !this->signer_out->allocate_signature(this->signer_out,
+                                                  *data, &mac))
                        {
                                return FAILED;
                        }