Add a return value to prf_plus_t.allocate_bytes()

author Martin Willi <martin@revosec.ch>

Fri, 6 Jul 2012 06:24:24 +0000 (08:24 +0200)

committer Martin Willi <martin@revosec.ch>

Mon, 16 Jul 2012 12:53:33 +0000 (14:53 +0200)
author Martin Willi <martin@revosec.ch>
Fri, 6 Jul 2012 06:24:24 +0000 (08:24 +0200)
committer Martin Willi <martin@revosec.ch>
Mon, 16 Jul 2012 12:53:33 +0000 (14:53 +0200)
diff --git a/src/libcharon/sa/ikev1/keymat_v1.c b/src/libcharon/sa/ikev1/keymat_v1.c

index 11f7c93..3cc944c 100644 (file)
--- a/src/libcharon/sa/ikev1/keymat_v1.c
+++ b/src/libcharon/sa/ikev1/keymat_v1.c
@@ -614,16 +614,26 @@ METHOD(keymat_v1_t, derive_child_keys, bool,
         DBG4(DBG_CHD, "initiator SA seed %B", &seed);
  
         prf_plus = prf_plus_create(this->prf, FALSE, seed);
-       prf_plus->allocate_bytes(prf_plus, enc_size, encr_i);
-       prf_plus->allocate_bytes(prf_plus, int_size, integ_i);
+       if (!prf_plus->allocate_bytes(prf_plus, enc_size, encr_i) ||
+               !prf_plus->allocate_bytes(prf_plus, int_size, integ_i))
+       {
+               prf_plus->destroy(prf_plus);
+               chunk_clear(&secret);
+               return FALSE;
+       }
         prf_plus->destroy(prf_plus);
  
         seed = chunk_cata("ccccc", secret, chunk_from_thing(protocol),
                                           chunk_from_thing(spi_i), nonce_i, nonce_r);
         DBG4(DBG_CHD, "responder SA seed %B", &seed);
         prf_plus = prf_plus_create(this->prf, FALSE, seed);
-       prf_plus->allocate_bytes(prf_plus, enc_size, encr_r);
-       prf_plus->allocate_bytes(prf_plus, int_size, integ_r);
+       if (!prf_plus->allocate_bytes(prf_plus, enc_size, encr_r) ||
+               !prf_plus->allocate_bytes(prf_plus, int_size, integ_r))
+       {
+               prf_plus->destroy(prf_plus);
+               chunk_clear(&secret);
+               return FALSE;
+       }
         prf_plus->destroy(prf_plus);
  
         chunk_clear(&secret);
diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c

index be047d7..55af8f1 100644 (file)
--- a/src/libcharon/sa/ikev2/keymat_v2.c
+++ b/src/libcharon/sa/ikev2/keymat_v2.c
@@ -110,7 +110,10 @@ static bool derive_ike_aead(private_keymat_v2_t *this, u_int16_t alg,
         }
         key_size = aead_i->get_key_size(aead_i);
  
-       prf_plus->allocate_bytes(prf_plus, key_size, &key);
+       if (!prf_plus->allocate_bytes(prf_plus, key_size, &key))
+       {
+               return FALSE;
+       }
         DBG4(DBG_IKE, "Sk_ei secret %B", &key);
         if (!aead_i->set_key(aead_i, key))
         {
@@ -119,7 +122,10 @@ static bool derive_ike_aead(private_keymat_v2_t *this, u_int16_t alg,
         }
         chunk_clear(&key);
  
-       prf_plus->allocate_bytes(prf_plus, key_size, &key);
+       if (!prf_plus->allocate_bytes(prf_plus, key_size, &key))
+       {
+               return FALSE;
+       }
         DBG4(DBG_IKE, "Sk_er secret %B", &key);
         if (!aead_r->set_key(aead_r, key))
         {
@@ -164,7 +170,12 @@ static bool derive_ike_traditional(private_keymat_v2_t *this, u_int16_t enc_alg,
         }
         key_size = signer_i->get_key_size(signer_i);
  
-       prf_plus->allocate_bytes(prf_plus, key_size, &key);
+       if (!prf_plus->allocate_bytes(prf_plus, key_size, &key))
+       {
+               signer_i->destroy(signer_i);
+               signer_r->destroy(signer_r);
+               return FALSE;
+       }
         DBG4(DBG_IKE, "Sk_ai secret %B", &key);
         if (!signer_i->set_key(signer_i, key))
         {
@@ -175,7 +186,12 @@ static bool derive_ike_traditional(private_keymat_v2_t *this, u_int16_t enc_alg,
         }
         chunk_clear(&key);
  
-       prf_plus->allocate_bytes(prf_plus, key_size, &key);
+       if (!prf_plus->allocate_bytes(prf_plus, key_size, &key))
+       {
+               signer_i->destroy(signer_i);
+               signer_r->destroy(signer_r);
+               return FALSE;
+       }
         DBG4(DBG_IKE, "Sk_ar secret %B", &key);
         if (!signer_r->set_key(signer_r, key))
         {
@@ -200,12 +216,26 @@ static bool derive_ike_traditional(private_keymat_v2_t *this, u_int16_t enc_alg,
         }
         key_size = crypter_i->get_key_size(crypter_i);
  
-       prf_plus->allocate_bytes(prf_plus, key_size, &key);
+       if (!prf_plus->allocate_bytes(prf_plus, key_size, &key))
+       {
+               crypter_i->destroy(crypter_i);
+               crypter_r->destroy(crypter_r);
+               signer_i->destroy(signer_i);
+               signer_r->destroy(signer_r);
+               return FALSE;
+       }
         DBG4(DBG_IKE, "Sk_ei secret %B", &key);
         crypter_i->set_key(crypter_i, key);
         chunk_clear(&key);
  
-       prf_plus->allocate_bytes(prf_plus, key_size, &key);
+       if (!prf_plus->allocate_bytes(prf_plus, key_size, &key))
+       {
+               crypter_i->destroy(crypter_i);
+               crypter_r->destroy(crypter_r);
+               signer_i->destroy(signer_i);
+               signer_r->destroy(signer_r);
+               return FALSE;
+       }
         DBG4(DBG_IKE, "Sk_er secret %B", &key);
         crypter_r->set_key(crypter_r, key);
         chunk_clear(&key);
@@ -329,7 +359,12 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
  
         /* SK_d is used for generating CHILD_SA key mat => store for later use */
         key_size = this->prf->get_key_size(this->prf);
-       prf_plus->allocate_bytes(prf_plus, key_size, &this->skd);
+       if (!prf_plus->allocate_bytes(prf_plus, key_size, &this->skd))
+       {
+               prf_plus->destroy(prf_plus);
+               DESTROY_IF(rekey_prf);
+               return FALSE;
+       }
         DBG4(DBG_IKE, "Sk_d secret %B", &this->skd);
  
         if (!proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &alg, &key_size))
@@ -371,7 +406,12 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
  
         /* SK_pi/SK_pr used for authentication => stored for later */
         key_size = this->prf->get_key_size(this->prf);
-       prf_plus->allocate_bytes(prf_plus, key_size, &key);
+       if (!prf_plus->allocate_bytes(prf_plus, key_size, &key))
+       {
+               prf_plus->destroy(prf_plus);
+               DESTROY_IF(rekey_prf);
+               return FALSE;
+       }
         DBG4(DBG_IKE, "Sk_pi secret %B", &key);
         if (this->initiator)
         {
@@ -381,7 +421,12 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
         {
                 this->skp_verify = key;
         }
-       prf_plus->allocate_bytes(prf_plus, key_size, &key);
+       if (!prf_plus->allocate_bytes(prf_plus, key_size, &key))
+       {
+               prf_plus->destroy(prf_plus);
+               DESTROY_IF(rekey_prf);
+               return FALSE;
+       }
         DBG4(DBG_IKE, "Sk_pr secret %B", &key);
         if (this->initiator)
         {
@@ -484,10 +529,14 @@ METHOD(keymat_v2_t, derive_child_keys, bool,
         this->prf->set_key(this->prf, this->skd);
         prf_plus = prf_plus_create(this->prf, TRUE, seed);
  
-       prf_plus->allocate_bytes(prf_plus, enc_size, encr_i);
-       prf_plus->allocate_bytes(prf_plus, int_size, integ_i);
-       prf_plus->allocate_bytes(prf_plus, enc_size, encr_r);
-       prf_plus->allocate_bytes(prf_plus, int_size, integ_r);
+       if (!prf_plus->allocate_bytes(prf_plus, enc_size, encr_i) ||
+               !prf_plus->allocate_bytes(prf_plus, int_size, integ_i) ||
+               !prf_plus->allocate_bytes(prf_plus, enc_size, encr_r) ||
+               !prf_plus->allocate_bytes(prf_plus, int_size, integ_r))
+       {
+               prf_plus->destroy(prf_plus);
+               return FALSE;
+       }
  
         prf_plus->destroy(prf_plus);
  
diff --git a/src/libstrongswan/crypto/prf_plus.c b/src/libstrongswan/crypto/prf_plus.c

index 0f06ede..8ddacfe 100644 (file)
--- a/src/libstrongswan/crypto/prf_plus.c
+++ b/src/libstrongswan/crypto/prf_plus.c
@@ -89,7 +89,7 @@ METHOD(prf_plus_t, get_bytes, void,
         }
  }
  
-METHOD(prf_plus_t, allocate_bytes, void,
+METHOD(prf_plus_t, allocate_bytes, bool,
         private_prf_plus_t *this, size_t length, chunk_t *chunk)
  {
         if (length)
@@ -101,6 +101,7 @@ METHOD(prf_plus_t, allocate_bytes, void,
         {
                 *chunk = chunk_empty;
         }
+       return TRUE;
  }
  
  METHOD(prf_plus_t, destroy, void,
diff --git a/src/libstrongswan/crypto/prf_plus.h b/src/libstrongswan/crypto/prf_plus.h

index 668f12c..72009da 100644 (file)
--- a/src/libstrongswan/crypto/prf_plus.h
+++ b/src/libstrongswan/crypto/prf_plus.h
@@ -44,8 +44,10 @@ struct prf_plus_t {
          *
          * @param length        number of bytes to get
          * @param chunk         chunk which will hold generated bytes
+        * @return                      TRUE if bytes allocated successfully
          */
-       void (*allocate_bytes) (prf_plus_t *this, size_t length, chunk_t *chunk);
+       __attribute__((warn_unused_result))
+       bool (*allocate_bytes) (prf_plus_t *this, size_t length, chunk_t *chunk);
  
         /**
          * Destroys a prf_plus_t object.
author	Martin Willi <martin@revosec.ch>
	Fri, 6 Jul 2012 06:24:24 +0000 (08:24 +0200)
committer	Martin Willi <martin@revosec.ch>
	Mon, 16 Jul 2012 12:53:33 +0000 (14:53 +0200)
src/libcharon/sa/ikev1/keymat_v1.c		patch \| blob \| history
src/libcharon/sa/ikev2/keymat_v2.c		patch \| blob \| history
src/libstrongswan/crypto/prf_plus.c		patch \| blob \| history
src/libstrongswan/crypto/prf_plus.h		patch \| blob \| history