Add a return value to crypter_t.decrypt()
authorMartin Willi <martin@revosec.ch>
Fri, 6 Jul 2012 14:11:15 +0000 (16:11 +0200)
committerMartin Willi <martin@revosec.ch>
Mon, 16 Jul 2012 12:53:38 +0000 (14:53 +0200)
17 files changed:
scripts/crypt_burn.c
src/libcharon/sa/ikev1/keymat_v1.c
src/libsimaka/simaka_message.c
src/libstrongswan/crypto/aead.c
src/libstrongswan/crypto/crypters/crypter.h
src/libstrongswan/crypto/crypto_tester.c
src/libstrongswan/crypto/pkcs7.c
src/libstrongswan/plugins/aes/aes_crypter.c
src/libstrongswan/plugins/af_alg/af_alg_crypter.c
src/libstrongswan/plugins/blowfish/blowfish_crypter.c
src/libstrongswan/plugins/des/des_crypter.c
src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c
src/libstrongswan/plugins/openssl/openssl_crypter.c
src/libstrongswan/plugins/padlock/padlock_aes_crypter.c
src/libstrongswan/plugins/pem/pem_builder.c
src/libstrongswan/plugins/pkcs8/pkcs8_builder.c
src/libtls/tls_protection.c

index 64eb162..1f1536a 100644 (file)
@@ -110,9 +110,12 @@ int main(int argc, char *argv[])
                        {
                                continue;
                        }
-                       crypter->decrypt(crypter,
-                               chunk_create(buffer, sizeof(buffer) / bs * bs),
-                               chunk_create(iv, crypter->get_iv_size(crypter)), NULL);
+                       if (!crypter->decrypt(crypter,
+                                       chunk_create(buffer, sizeof(buffer) / bs * bs),
+                                       chunk_create(iv, crypter->get_iv_size(crypter)), NULL))
+                       {
+                               continue;
+                       }
                        if (limit && ++i == limit)
                        {
                                break;
index 3c4da17..554bd56 100644 (file)
@@ -174,8 +174,7 @@ METHOD(aead_t, decrypt, bool,
        private_aead_t *this, chunk_t encrypted, chunk_t assoc, chunk_t iv,
        chunk_t *plain)
 {
-       this->crypter->decrypt(this->crypter, encrypted, iv, plain);
-       return TRUE;
+       return this->crypter->decrypt(this->crypter, encrypted, iv, plain);
 }
 
 METHOD(aead_t, get_block_size, size_t,
index 1449ee2..aa36a09 100644 (file)
@@ -499,8 +499,10 @@ static bool decrypt(private_simaka_message_t *this)
                         eap_type_names, this->hdr->type);
                return FALSE;
        }
-
-       crypter->decrypt(crypter, this->encr, this->iv, &plain);
+       if (!crypter->decrypt(crypter, this->encr, this->iv, &plain))
+       {
+               return FALSE;
+       }
 
        this->encrypted = TRUE;
        success = parse_attributes(this, plain);
index 0915cd1..595b75f 100644 (file)
@@ -105,8 +105,7 @@ METHOD(aead_t, decrypt, bool,
                DBG1(DBG_LIB, "MAC verification failed");
                return FALSE;
        }
-       this->crypter->decrypt(this->crypter, encrypted, iv, plain);
-       return TRUE;
+       return this->crypter->decrypt(this->crypter, encrypted, iv, plain);
 }
 
 METHOD(aead_t, get_block_size, size_t,
index e5e942d..a615c0e 100644 (file)
@@ -106,8 +106,10 @@ struct crypter_t {
         * @param data                  data to decrypt
         * @param iv                    initializing vector
         * @param encrypted             chunk to allocate decrypted data, or NULL
+        * @return                              TRUE if decryption successful
         */
-       void (*decrypt) (crypter_t *this, chunk_t data, chunk_t iv,
+       __attribute__((warn_unused_result))
+       bool (*decrypt) (crypter_t *this, chunk_t data, chunk_t iv,
                                         chunk_t *decrypted);
 
        /**
index 287c12c..812e949 100644 (file)
@@ -164,8 +164,10 @@ static u_int bench_crypter(private_crypto_tester_t *this,
                        {
                                runs++;
                        }
-                       crypter->decrypt(crypter, buf, chunk_from_thing(iv), NULL);
-                       runs++;
+                       if (crypter->decrypt(crypter, buf, chunk_from_thing(iv), NULL))
+                       {
+                               runs++;
+                       }
                }
                free(buf.ptr);
                crypter->destroy(crypter);
@@ -226,7 +228,10 @@ METHOD(crypto_tester_t, test_crypter, bool,
                        failed = TRUE;
                }
                /* inline decryption */
-               crypter->decrypt(crypter, cipher, iv, NULL);
+               if (!crypter->decrypt(crypter, cipher, iv, NULL))
+               {
+                       failed = TRUE;
+               }
                if (!memeq(vector->plain, cipher.ptr, cipher.len))
                {
                        failed = TRUE;
@@ -234,7 +239,10 @@ METHOD(crypto_tester_t, test_crypter, bool,
                free(cipher.ptr);
                /* allocated decryption */
                cipher = chunk_create(vector->cipher, vector->len);
-               crypter->decrypt(crypter, cipher, iv, &plain);
+               if (!crypter->decrypt(crypter, cipher, iv, &plain))
+               {
+                       failed = TRUE;
+               }
                if (!memeq(vector->plain, plain.ptr, plain.len))
                {
                        failed = TRUE;
index be4076f..e422dae 100644 (file)
@@ -639,7 +639,11 @@ end:
 
        /* decrypt the content */
        crypter->set_key(crypter, symmetric_key);
-       crypter->decrypt(crypter, encrypted_content, iv, &this->data);
+       if (!crypter->decrypt(crypter, encrypted_content, iv, &this->data))
+       {
+               success = FALSE;
+               goto failed;
+       }
        DBG4(DBG_LIB, "decrypted content with padding: %B", &this->data);
 
        /* remove the padding */
index a6757e2..03d3cde 100644 (file)
@@ -1331,7 +1331,7 @@ static void decrypt_block(const private_aes_crypter_t *this, const unsigned char
     state_out(out_blk, b0);
 }
 
-METHOD(crypter_t, decrypt, void,
+METHOD(crypter_t, decrypt, bool,
        private_aes_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted)
 {
        int pos;
@@ -1371,6 +1371,7 @@ METHOD(crypter_t, decrypt, void,
                out-=16;
                pos-=16;
        }
+       return TRUE;
 }
 
 METHOD(crypter_t, encrypt, bool,
index fb6a851..7fc0e59 100644 (file)
@@ -131,7 +131,7 @@ static size_t lookup_alg(encryption_algorithm_t algo, char **name,
        return 0;
 }
 
-METHOD(crypter_t, decrypt, void,
+METHOD(crypter_t, decrypt, bool,
        private_af_alg_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst)
 {
        if (dst)
@@ -143,6 +143,7 @@ METHOD(crypter_t, decrypt, void,
        {
                this->ops->crypt(this->ops, ALG_OP_DECRYPT, iv, data, data.ptr);
        }
+       return TRUE;
 }
 
 METHOD(crypter_t, encrypt, bool,
index 0ae3022..18c8f48 100644 (file)
@@ -87,7 +87,7 @@ struct private_blowfish_crypter_t {
        u_int32_t key_size;
 };
 
-METHOD(crypter_t, decrypt, void,
+METHOD(crypter_t, decrypt, bool,
        private_blowfish_crypter_t *this, chunk_t data, chunk_t iv,
        chunk_t *decrypted)
 {
@@ -108,6 +108,8 @@ METHOD(crypter_t, decrypt, void,
        BF_cbc_encrypt(in, out, data.len, &this->schedule, iv.ptr, 0);
 
        free(iv.ptr);
+
+       return TRUE;
 }
 
 METHOD(crypter_t, encrypt, bool,
index 3c621e1..ca9ae8f 100644 (file)
@@ -1416,7 +1416,7 @@ static void des_ede3_cbc_encrypt(des_cblock *input, des_cblock *output, long len
        tin[0]=tin[1]=0;
 }
 
-METHOD(crypter_t, decrypt, void,
+METHOD(crypter_t, decrypt, bool,
        private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted)
 {
        des_cblock ivb;
@@ -1431,6 +1431,7 @@ METHOD(crypter_t, decrypt, void,
        memcpy(&ivb, iv.ptr, sizeof(des_cblock));
        des_cbc_encrypt((des_cblock*)(data.ptr), (des_cblock*)out,
                                         data.len, this->ks, &ivb, DES_DECRYPT);
+       return TRUE;
 }
 
 
@@ -1452,7 +1453,7 @@ METHOD(crypter_t, encrypt, bool,
        return TRUE;
 }
 
-METHOD(crypter_t, decrypt_ecb, void,
+METHOD(crypter_t, decrypt_ecb, bool,
        private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted)
 {
        u_int8_t *out;
@@ -1465,6 +1466,7 @@ METHOD(crypter_t, decrypt_ecb, void,
        }
        des_ecb_encrypt((des_cblock*)(data.ptr), (des_cblock*)out,
                                         data.len, this->ks, DES_DECRYPT);
+       return TRUE;
 }
 
 METHOD(crypter_t, encrypt_ecb, bool,
@@ -1483,7 +1485,7 @@ METHOD(crypter_t, encrypt_ecb, bool,
        return TRUE;
 }
 
-METHOD(crypter_t, decrypt3, void,
+METHOD(crypter_t, decrypt3, bool,
        private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted)
 {
        des_cblock ivb;
@@ -1499,6 +1501,7 @@ METHOD(crypter_t, decrypt3, void,
        des_ede3_cbc_encrypt((des_cblock*)(data.ptr), (des_cblock*)out,
                                                 data.len, this->ks3[0], this->ks3[1], this->ks3[2],
                                                 &ivb, DES_DECRYPT);
+       return TRUE;
 }
 
 METHOD(crypter_t, encrypt3, bool,
index c1f2b65..3627c50 100644 (file)
@@ -70,20 +70,20 @@ static bool set_iv(private_gcrypt_crypter_t *this, chunk_t iv)
        return gcry_cipher_setiv(this->h, iv.ptr, iv.len) == 0;
 }
 
-METHOD(crypter_t, decrypt, void,
+METHOD(crypter_t, decrypt, bool,
        private_gcrypt_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst)
 {
-       set_iv(this, iv);
-
-       if (dst)
+       if (!set_iv(this, iv))
        {
-               *dst = chunk_alloc(data.len);
-               gcry_cipher_decrypt(this->h, dst->ptr, dst->len, data.ptr, data.len);
+               return FALSE;
        }
-       else
+       if (dst)
        {
-               gcry_cipher_decrypt(this->h, data.ptr, data.len, NULL, 0);
+               *dst = chunk_alloc(data.len);
+               return gcry_cipher_decrypt(this->h, dst->ptr, dst->len,
+                                                                  data.ptr, data.len) == 0;
        }
+       return gcry_cipher_decrypt(this->h, data.ptr, data.len, NULL, 0) == 0;
 }
 
 METHOD(crypter_t, encrypt, bool,
index 66e9640..07799b1 100644 (file)
@@ -114,10 +114,10 @@ static bool crypt(private_openssl_crypter_t *this, chunk_t data, chunk_t iv,
                   EVP_CIPHER_CTX_cleanup(&ctx);
 }
 
-METHOD(crypter_t, decrypt, void,
+METHOD(crypter_t, decrypt, bool,
        private_openssl_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst)
 {
-       crypt(this, data, iv, dst, 0);
+       return crypt(this, data, iv, dst, 0);
 }
 
 METHOD(crypter_t, encrypt, bool,
index 5f63401..b9d4eac 100644 (file)
@@ -109,10 +109,11 @@ static void crypt(private_padlock_aes_crypter_t *this, char *iv,
        memwipe(key_aligned, sizeof(key_aligned));
 }
 
-METHOD(crypter_t, decrypt, void,
+METHOD(crypter_t, decrypt, bool,
        private_padlock_aes_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst)
 {
        crypt(this, iv.ptr, data, dst, TRUE);
+       return TRUE;
 }
 
 METHOD(crypter_t, encrypt, bool,
index c5d96be..c1ce5c8 100644 (file)
@@ -134,7 +134,11 @@ static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg,
                DBG1(DBG_ASN, "  data size is not multiple of block size");
                return PARSE_ERROR;
        }
-       crypter->decrypt(crypter, *blob, iv, &decrypted);
+       if (!crypter->decrypt(crypter, *blob, iv, &decrypted))
+       {
+               crypter->destroy(crypter);
+               return FAILED;
+       }
        crypter->destroy(crypter);
        memcpy(blob->ptr, decrypted.ptr, blob->len);
        chunk_free(&decrypted);
index 3e0601c..f9bef77 100644 (file)
@@ -170,7 +170,10 @@ static private_key_t *decrypt_private_key(chunk_t blob,
                }
 
                crypter->set_key(crypter, key);
-               crypter->decrypt(crypter, blob, iv, &decrypted);
+               if (!crypter->decrypt(crypter, blob, iv, &decrypted))
+               {
+                       continue;
+               }
                if (verify_padding(&decrypted))
                {
                        private_key = parse_private_key(decrypted);
index abcc420..8263728 100644 (file)
@@ -150,7 +150,12 @@ METHOD(tls_protection_t, process, status_t,
                                return NEED_MORE;
                        }
                }
-               this->crypter_in->decrypt(this->crypter_in, data, iv, NULL);
+               if (!this->crypter_in->decrypt(this->crypter_in, data, iv, NULL))
+               {
+                       free(next_iv.ptr);
+                       this->alert->add(this->alert, TLS_FATAL, TLS_BAD_RECORD_MAC);
+                       return NEED_MORE;
+               }
 
                if (next_iv.len)
                {       /* next record IV is last ciphertext block of this record */