Add a return value to hasher_t.allocate_hash()
authorMartin Willi <martin@revosec.ch>
Mon, 9 Jul 2012 15:15:52 +0000 (17:15 +0200)
committerMartin Willi <martin@revosec.ch>
Mon, 16 Jul 2012 12:55:06 +0000 (14:55 +0200)
40 files changed:
src/libcharon/plugins/eap_md5/eap_md5.c
src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
src/libcharon/plugins/stroke/stroke_ca.c
src/libcharon/sa/ike_sa_manager.c
src/libcharon/sa/ikev1/keymat_v1.c
src/libcharon/sa/ikev1/tasks/isakmp_natd.c
src/libcharon/sa/ikev2/connect_manager.c
src/libcharon/sa/ikev2/tasks/ike_cert_post.c
src/libcharon/sa/ikev2/tasks/ike_natd.c
src/libpts/pts/pts.c
src/libsimaka/simaka_crypto.c
src/libstrongswan/crypto/crypto_tester.c
src/libstrongswan/crypto/hashers/hasher.h
src/libstrongswan/crypto/pkcs7.c
src/libstrongswan/plugins/af_alg/af_alg_hasher.c
src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c
src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c
src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
src/libstrongswan/plugins/md4/md4_hasher.c
src/libstrongswan/plugins/md5/md5_hasher.c
src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
src/libstrongswan/plugins/openssl/openssl_hasher.c
src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
src/libstrongswan/plugins/openssl/openssl_x509.c
src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c
src/libstrongswan/plugins/pgp/pgp_cert.c
src/libstrongswan/plugins/pgp/pgp_encoder.c
src/libstrongswan/plugins/pkcs1/pkcs1_encoder.c
src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c
src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c
src/libstrongswan/plugins/sha1/sha1_hasher.c
src/libstrongswan/plugins/sha2/sha2_hasher.c
src/libstrongswan/plugins/x509/x509_cert.c
src/libstrongswan/plugins/x509/x509_ocsp_request.c
src/libstrongswan/plugins/x509/x509_ocsp_response.c
src/libtls/tls_crypto.c
src/medsrv/controller/user_controller.c

index 7f2b587..b2640d1 100644 (file)
@@ -100,7 +100,11 @@ static status_t hash_challenge(private_eap_md5_t *this, chunk_t *response,
                DBG1(DBG_IKE, "EAP-MD5 failed, MD5 not supported");
                return FAILED;
        }
-       hasher->allocate_hash(hasher, concat, response);
+       if (!hasher->allocate_hash(hasher, concat, response))
+       {
+               hasher->destroy(hasher);
+               return FAILED;
+       }
        hasher->destroy(hasher);
        return SUCCESS;
 }
index dd6f56f..8ae2078 100644 (file)
@@ -281,7 +281,11 @@ static status_t NtPasswordHash(chunk_t password, chunk_t *password_hash)
                DBG1(DBG_IKE, "EAP-MS-CHAPv2 failed, no MD4 hasher available");
                return FAILED;
        }
-       hasher->allocate_hash(hasher, password, password_hash);
+       if (!hasher->allocate_hash(hasher, password, password_hash))
+       {
+               hasher->destroy(hasher);
+               return FAILED;
+       }
        hasher->destroy(hasher);
        return SUCCESS;
 }
@@ -302,7 +306,11 @@ static status_t ChallengeHash(chunk_t peer_challenge, chunk_t server_challenge,
                return FAILED;
        }
        concat = chunk_cata("ccc", peer_challenge, server_challenge, username);
-       hasher->allocate_hash(hasher, concat, challenge_hash);
+       if (!hasher->allocate_hash(hasher, concat, challenge_hash))
+       {
+               hasher->destroy(hasher);
+               return FAILED;
+       }
        hasher->destroy(hasher);
        /* we need only the first 8 octets */
        challenge_hash->len = 8;
@@ -382,10 +390,17 @@ static status_t AuthenticatorResponse(chunk_t password_hash_hash,
        }
 
        concat = chunk_cata("ccc", password_hash_hash, nt_response, magic1);
-       hasher->allocate_hash(hasher, concat, &digest);
+       if (!hasher->allocate_hash(hasher, concat, &digest))
+       {
+               hasher->destroy(hasher);
+               return FAILED;
+       }
        concat = chunk_cata("ccc", digest, challenge_hash, magic2);
-       hasher->allocate_hash(hasher, concat, response);
-
+       if (!hasher->allocate_hash(hasher, concat, response))
+       {
+               hasher->destroy(hasher);
+               return FAILED;
+       }
        hasher->destroy(hasher);
        chunk_free(&digest);
        return SUCCESS;
@@ -434,7 +449,9 @@ static status_t GenerateMSK(chunk_t password_hash_hash,
        chunk_t keypad = chunk_from_chars(
                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
                0x00, 0x00, 0x00, 0x00, 0x00, 0x00);
-       chunk_t concat, master_key, master_receive_key, master_send_key;
+       char master_key[HASH_SIZE_SHA1];
+       char master_receive_key[HASH_SIZE_SHA1], master_send_key[HASH_SIZE_SHA1];
+       chunk_t concat, master;
        hasher_t *hasher;
 
        hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
@@ -444,24 +461,22 @@ static status_t GenerateMSK(chunk_t password_hash_hash,
                return FAILED;
        }
 
+       master = chunk_create(master_key, 16);
        concat = chunk_cata("ccc", password_hash_hash, nt_response, magic1);
-       hasher->allocate_hash(hasher, concat, &master_key);
-       master_key.len = 16;
-
-       concat = chunk_cata("cccc", master_key, shapad1, magic2, shapad2);
-       hasher->allocate_hash(hasher, concat, &master_receive_key);
-       master_receive_key.len = 16;
-
-       concat = chunk_cata("cccc", master_key, shapad1, magic3, shapad2);
-       hasher->allocate_hash(hasher, concat, &master_send_key);
-       master_send_key.len = 16;
+       concat = chunk_cata("cccc", master, shapad1, magic2, shapad2);
+       concat = chunk_cata("cccc", master, shapad1, magic3, shapad2);
+       if (!hasher->get_hash(hasher, concat, master_key) ||
+               !hasher->get_hash(hasher, concat, master_receive_key) ||
+               !hasher->get_hash(hasher, concat, master_send_key))
+       {
+               hasher->destroy(hasher);
+               return FAILED;
+       }
 
-       *msk = chunk_cat("cccc", master_receive_key, master_send_key, keypad, keypad);
+       *msk = chunk_cat("cccc", chunk_create(master_receive_key, 16),
+                                        chunk_create(master_send_key, 16), keypad, keypad);
 
        hasher->destroy(hasher);
-       chunk_free(&master_key);
-       chunk_free(&master_receive_key);
-       chunk_free(&master_send_key);
        return SUCCESS;
 }
 
index e76560f..763b4cc 100644 (file)
@@ -354,10 +354,12 @@ METHOD(stroke_ca_t, check_for_hash_and_url, void,
 
                        if (cert->get_encoding(cert, CERT_ASN1_DER, &encoded))
                        {
-                               hasher->allocate_hash(hasher, encoded, &hash);
-                               section->hashes->insert_last(section->hashes,
+                               if (hasher->allocate_hash(hasher, encoded, &hash))
+                               {
+                                       section->hashes->insert_last(section->hashes,
                                                identification_create_from_encoding(ID_KEY_ID, hash));
-                               chunk_free(&hash);
+                                       chunk_free(&hash);
+                               }
                                chunk_free(&encoded);
                        }
                        break;
index d9375a4..563e6a6 100644 (file)
@@ -1164,8 +1164,13 @@ METHOD(ike_sa_manager_t, checkout_by_message, ike_sa_t*,
                u_int64_t our_spi;
                chunk_t hash;
 
-               this->hasher->allocate_hash(this->hasher,
-                                                                       message->get_packet_data(message), &hash);
+               if (!this->hasher->allocate_hash(this->hasher,
+                                                                       message->get_packet_data(message), &hash))
+               {
+                       DBG1(DBG_MGR, "ignoring message, failed to hash message");
+                       id->destroy(id);
+                       return NULL;
+               }
 
                /* ensure this is not a retransmit of an already handled init message */
                switch (check_and_put_init_hash(this, hash, &our_spi))
index 8f6da3c..e2db13a 100644 (file)
@@ -554,7 +554,11 @@ METHOD(keymat_v1_t, derive_ike_keys, bool,
 
        /* initial IV = hash(g^xi | g^xr) */
        data = chunk_cata("cc", g_xi, g_xr);
-       this->hasher->allocate_hash(this->hasher, data, &this->phase1_iv.iv);
+       if (!this->hasher->allocate_hash(this->hasher, data, &this->phase1_iv.iv))
+       {
+               chunk_free(&dh_me);
+               return FALSE;
+       }
        if (this->phase1_iv.iv.len > this->aead->get_block_size(this->aead))
        {
                this->phase1_iv.iv.len = this->aead->get_block_size(this->aead);
@@ -975,10 +979,15 @@ static bool generate_iv(private_keymat_v1_t *this, iv_data_t *iv)
        else
        {
                /* initial phase 2 IV = hash(last_phase1_block | mid) */
-               u_int32_t net = htonl(iv->mid);
-               chunk_t data = chunk_cata("cc", this->phase1_iv.iv,
-                                                                 chunk_from_thing(net));
-               this->hasher->allocate_hash(this->hasher, data, &iv->iv);
+               u_int32_t net;;
+               chunk_t data;
+
+               net = htonl(iv->mid);
+               data = chunk_cata("cc", this->phase1_iv.iv, chunk_from_thing(net));
+               if (!this->hasher->allocate_hash(this->hasher, data, &iv->iv))
+               {
+                       return FALSE;
+               }
                if (iv->iv.len > this->aead->get_block_size(this->aead))
                {
                        iv->iv.len = this->aead->get_block_size(this->aead);
index cd3bc21..50bf161 100644 (file)
@@ -100,7 +100,11 @@ static chunk_t generate_natd_hash(private_isakmp_natd_t *this,
        natd_chunk = chunk_cata("cccc", chunk_from_thing(spi_i),
                                                    chunk_from_thing(spi_r), host->get_address(host),
                                                    chunk_from_thing(port));
-       hasher->allocate_hash(hasher, natd_chunk, &natd_hash);
+       if (!hasher->allocate_hash(hasher, natd_chunk, &natd_hash))
+       {
+               DBG1(DBG_IKE, "creating NAT-D payload hash failed");
+               return chunk_empty;
+       }
        DBG3(DBG_IKE, "natd_chunk %B", &natd_chunk);
        DBG3(DBG_IKE, "natd_hash %B", &natd_hash);
 
@@ -154,6 +158,10 @@ static hash_payload_t *build_natd_payload(private_isakmp_natd_t *this, bool src,
                ike_sa_id_t *ike_sa_id = this->ike_sa->get_id(this->ike_sa);
                hash = generate_natd_hash(this, ike_sa_id, host);
        }
+       if (!hash.len)
+       {
+               return NULL;
+       }
        payload = hash_payload_create(NAT_D_V1);
        payload->set_hash(payload, hash);
        chunk_free(&hash);
@@ -171,14 +179,20 @@ static void add_natd_payloads(private_isakmp_natd_t *this, message_t *message)
        /* destination has to be added first */
        host = message->get_destination(message);
        payload = build_natd_payload(this, FALSE, host);
-       message->add_payload(message, (payload_t*)payload);
+       if (payload)
+       {
+               message->add_payload(message, (payload_t*)payload);
+       }
 
        /* source is added second, compared with IKEv2 we always know the source,
         * as these payloads are added in the second Phase 1 exchange or the
         * response to the first */
        host = message->get_source(message);
        payload = build_natd_payload(this, TRUE, host);
-       message->add_payload(message, (payload_t*)payload);
+       if (payload)
+       {
+               message->add_payload(message, (payload_t*)payload);
+       }
 }
 
 /**
index 75bb8f7..5fdcea1 100644 (file)
@@ -839,7 +839,10 @@ static chunk_t build_signature(private_connect_manager_t *this,
        /* signature = SHA1( MID | ME_CONNECTID | ME_ENDPOINT | ME_CONNECTKEY ) */
        sig_chunk = chunk_cat("cccc", mid_chunk, check->connect_id,
                                                  check->endpoint_raw, key_chunk);
-       this->hasher->allocate_hash(this->hasher, sig_chunk, &sig_hash);
+       if (!this->hasher->allocate_hash(this->hasher, sig_chunk, &sig_hash))
+       {
+               sig_hash = chunk_empty;
+       }
        DBG3(DBG_IKE, "sig_chunk %#B", &sig_chunk);
        DBG3(DBG_IKE, "sig_hash %#B", &sig_hash);
 
index 10bb4d1..a93e513 100644 (file)
@@ -78,7 +78,12 @@ static cert_payload_t *build_cert_payload(private_ike_cert_post_t *this,
                hasher->destroy(hasher);
                return NULL;
        }
-       hasher->allocate_hash(hasher, encoded, &hash);
+       if (!hasher->allocate_hash(hasher, encoded, &hash))
+       {
+               hasher->destroy(hasher);
+               chunk_free(&encoded);
+               return cert_payload_create_from_cert(CERTIFICATE, cert);
+       }
        chunk_free(&encoded);
        hasher->destroy(hasher);
        id = identification_create_from_encoding(ID_KEY_ID, hash);
index 55c0286..b97b372 100644 (file)
@@ -104,7 +104,10 @@ static chunk_t generate_natd_hash(private_ike_natd_t *this,
 
        /*  natd_hash = SHA1( spi_i | spi_r | address | port ) */
        natd_chunk = chunk_cat("cccc", spi_i_chunk, spi_r_chunk, addr_chunk, port_chunk);
-       this->hasher->allocate_hash(this->hasher, natd_chunk, &natd_hash);
+       if (!this->hasher->allocate_hash(this->hasher, natd_chunk, &natd_hash))
+       {
+               natd_hash = chunk_empty;
+       }
        DBG3(DBG_IKE, "natd_chunk %B", &natd_chunk);
        DBG3(DBG_IKE, "natd_hash %B", &natd_hash);
 
@@ -152,6 +155,10 @@ static notify_payload_t *build_natd_payload(private_ike_natd_t *this,
        {
                hash = generate_natd_hash(this, ike_sa_id, host);
        }
+       if (!hash.len)
+       {
+               return NULL;
+       }
        notify = notify_payload_create(NOTIFY);
        notify->set_notify_type(notify, type);
        notify->set_notification_data(notify, hash);
@@ -298,7 +305,10 @@ METHOD(task_t, build_i, status_t,
        /* destination is always set */
        host = message->get_destination(message);
        notify = build_natd_payload(this, NAT_DETECTION_DESTINATION_IP, host);
-       message->add_payload(message, (payload_t*)notify);
+       if (notify)
+       {
+               message->add_payload(message, (payload_t*)notify);
+       }
 
        /* source may be any, we have 3 possibilities to get our source address:
         * 1. It is defined in the config => use the one of the IKE_SA
@@ -309,7 +319,10 @@ METHOD(task_t, build_i, status_t,
        if (!host->is_anyaddr(host) || ike_cfg->force_encap(ike_cfg))
        {       /* 1. or if we force UDP encap, as it doesn't matter if it's %any */
                notify = build_natd_payload(this, NAT_DETECTION_SOURCE_IP, host);
-               message->add_payload(message, (payload_t*)notify);
+               if (notify)
+               {
+                       message->add_payload(message, (payload_t*)notify);
+               }
        }
        else
        {
@@ -319,7 +332,10 @@ METHOD(task_t, build_i, status_t,
                {       /* 2. */
                        host->set_port(host, ike_cfg->get_my_port(ike_cfg));
                        notify = build_natd_payload(this, NAT_DETECTION_SOURCE_IP, host);
-                       message->add_payload(message, (payload_t*)notify);
+                       if (notify)
+                       {
+                               message->add_payload(message, (payload_t*)notify);
+                       }
                        host->destroy(host);
                }
                else
@@ -333,7 +349,10 @@ METHOD(task_t, build_i, status_t,
                                host->set_port(host, ike_cfg->get_my_port(ike_cfg));
                                notify = build_natd_payload(this, NAT_DETECTION_SOURCE_IP, host);
                                host->destroy(host);
-                               message->add_payload(message, (payload_t*)notify);
+                               if (notify)
+                               {
+                                       message->add_payload(message, (payload_t*)notify);
+                               }
                        }
                        enumerator->destroy(enumerator);
                }
@@ -365,11 +384,16 @@ METHOD(task_t, build_r, status_t,
                /* initiator seems to support NAT detection, add response */
                me = message->get_source(message);
                notify = build_natd_payload(this, NAT_DETECTION_SOURCE_IP, me);
-               message->add_payload(message, (payload_t*)notify);
-
+               if (notify)
+               {
+                       message->add_payload(message, (payload_t*)notify);
+               }
                other = message->get_destination(message);
                notify = build_natd_payload(this, NAT_DETECTION_DESTINATION_IP, other);
-               message->add_payload(message, (payload_t*)notify);
+               if (notify)
+               {
+                       message->add_payload(message, (payload_t*)notify);
+               }
        }
        return SUCCESS;
 }
index 01ed196..16047aa 100644 (file)
@@ -287,10 +287,15 @@ METHOD(pts_t, calculate_secret, bool,
        hash_alg = pts_meas_algo_to_hash(this->dh_hash_algorithm);
        hasher = lib->crypto->create_hasher(lib->crypto, hash_alg);
 
-       hasher->allocate_hash(hasher, chunk_from_chars('1'), NULL);
-       hasher->allocate_hash(hasher, this->initiator_nonce, NULL);
-       hasher->allocate_hash(hasher, this->responder_nonce, NULL);
-       hasher->allocate_hash(hasher, shared_secret, &this->secret);
+       if (!hasher ||
+               !hasher->get_hash(hasher, chunk_from_chars('1'), NULL) ||
+               !hasher->get_hash(hasher, this->initiator_nonce, NULL) ||
+               !hasher->get_hash(hasher, this->responder_nonce, NULL) ||
+               !hasher->allocate_hash(hasher, shared_secret, &this->secret))
+       {
+               DESTROY_IF(hasher);
+               return FALSE;
+       }
        hasher->destroy(hasher);
 
        /* The DH secret must be destroyed */
@@ -1073,7 +1078,12 @@ METHOD(pts_t, get_quote_info, bool,
                hasher = lib->crypto->create_hasher(lib->crypto, algo);
 
                /* Hash the PCR Composite Structure */
-               hasher->allocate_hash(hasher, pcr_comp, out_pcr_comp);
+               if (!hasher || !hasher->allocate_hash(hasher, pcr_comp, out_pcr_comp))
+               {
+                       DESTROY_IF(hasher);
+                       free(pcr_comp.ptr);
+                       return FALSE;
+               }
                DBG3(DBG_PTS, "constructed PCR Composite hash: %#B", out_pcr_comp);
                hasher->destroy(hasher);
        }
@@ -1084,7 +1094,13 @@ METHOD(pts_t, get_quote_info, bool,
 
        /* SHA1 hash of PCR Composite to construct TPM_QUOTE_INFO */
        hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
-       hasher->allocate_hash(hasher, pcr_comp, &hash_pcr_comp);
+       if (!hasher || !hasher->allocate_hash(hasher, pcr_comp, &hash_pcr_comp))
+       {
+               DESTROY_IF(hasher);
+               chunk_free(out_pcr_comp);
+               free(pcr_comp.ptr);
+               return FALSE;
+       }
        hasher->destroy(hasher);
 
        /* Construct TPM_QUOTE_INFO/TPM_QUOTE_INFO2 structure */
index de6d1c3..898e668 100644 (file)
@@ -124,11 +124,11 @@ METHOD(simaka_crypto_t, derive_keys_full, bool,
 
        /* For SIM: MK = SHA1(Identity|n*Kc|NONCE_MT|Version List|Selected Version)
         * For AKA: MK = SHA1(Identity|IK|CK) */
-       if (!this->hasher->get_hash(this->hasher, id->get_encoding(id), NULL))
+       if (!this->hasher->get_hash(this->hasher, id->get_encoding(id), NULL) ||
+               !this->hasher->allocate_hash(this->hasher, data, mk))
        {
                return FALSE;
        }
-       this->hasher->allocate_hash(this->hasher, data, mk);
        DBG3(DBG_LIB, "MK %B", mk);
 
        /* K_encr | K_auth | MSK | EMSK = prf() | prf() | prf() | prf() */
index f422a2c..0462222 100644 (file)
@@ -735,7 +735,10 @@ METHOD(crypto_tester_t, test_hasher, bool,
 
                /* allocated hash */
                data = chunk_create(vector->data, vector->len);
-               hasher->allocate_hash(hasher, data, &hash);
+               if (!hasher->allocate_hash(hasher, data, &hash))
+               {
+                       failed = TRUE;
+               }
                if (hash.len != hasher->get_hash_size(hasher))
                {
                        failed = TRUE;
@@ -758,8 +761,8 @@ METHOD(crypto_tester_t, test_hasher, bool,
                if (data.len > 2)
                {
                        memset(hash.ptr, 0, hash.len);
-                       hasher->allocate_hash(hasher, chunk_create(data.ptr, 1), NULL);
-                       if (!hasher->get_hash(hasher, chunk_create(data.ptr + 1, 1), NULL) ||
+                       if (!hasher->allocate_hash(hasher, chunk_create(data.ptr, 1), NULL) ||
+                               !hasher->get_hash(hasher, chunk_create(data.ptr + 1, 1), NULL) ||
                                !hasher->get_hash(hasher, chunk_skip(data, 2), hash.ptr) ||
                                !memeq(vector->hash, hash.ptr, hash.len))
                        {
index 0c72bb7..0480fc6 100644 (file)
@@ -94,8 +94,10 @@ struct hasher_t {
         *
         * @param data          chunk with data to hash
         * @param hash          chunk which will hold allocated hash
+        * @return                      TRUE if hash allocated successfully
         */
-       void (*allocate_hash) (hasher_t *this, chunk_t data, chunk_t *hash);
+       __attribute__((warn_unused_result))
+       bool (*allocate_hash) (hasher_t *this, chunk_t data, chunk_t *hash);
 
        /**
         * Get the size of the resulting hash.
index ded3881..0ec19f2 100644 (file)
@@ -421,13 +421,13 @@ end:
 
                                algorithm = hasher_algorithm_from_oid(digest_alg);
                                hasher = lib->crypto->create_hasher(lib->crypto, algorithm);
-                               if (hasher == NULL)
+                               if (!hasher || !hasher->allocate_hash(hasher, this->data, &hash))
                                {
+                                       DESTROY_IF(hasher);
                                        DBG1(DBG_LIB, "hash algorithm %N not supported",
                                                 hash_algorithm_names, algorithm);
                                        return FALSE;
                                }
-                               hasher->allocate_hash(hasher, this->data, &hash);
                                hasher->destroy(hasher);
                                DBG3(DBG_LIB, "hash: %B", &hash);
 
@@ -921,13 +921,14 @@ METHOD(pkcs7_t, build_signedData, bool,
                        time_t now;
 
                        hasher = lib->crypto->create_hasher(lib->crypto, alg);
-                       if (hasher == NULL)
+                       if (!hasher ||
+                               !hasher->allocate_hash(hasher, this->data, &messageDigest))
                        {
+                               DESTROY_IF(hasher);
                                DBG1(DBG_LIB, "  hash algorithm %N not support",
                                         hash_algorithm_names, alg);
                                return FALSE;
                        }
-                       hasher->allocate_hash(hasher, this->data, &messageDigest);
                        hasher->destroy(hasher);
                        this->attributes->set_attribute(this->attributes,
                                                                        OID_PKCS9_MESSAGE_DIGEST,
index fd2db0d..95cdc61 100644 (file)
@@ -112,18 +112,15 @@ METHOD(hasher_t, get_hash, bool,
        return TRUE;
 }
 
-METHOD(hasher_t, allocate_hash, void,
+METHOD(hasher_t, allocate_hash, bool,
        private_af_alg_hasher_t *this, chunk_t chunk, chunk_t *hash)
 {
        if (hash)
        {
                *hash = chunk_alloc(get_hash_size(this));
-               get_hash(this, chunk, hash->ptr);
-       }
-       else
-       {
-               get_hash(this, chunk, NULL);
+               return get_hash(this, chunk, hash->ptr);
        }
+       return get_hash(this, chunk, NULL);
 }
 
 METHOD(hasher_t, destroy, void,
index 24e6480..5de5b11 100644 (file)
@@ -61,18 +61,15 @@ METHOD(hasher_t, get_hash, bool,
        return TRUE;
 }
 
-METHOD(hasher_t, allocate_hash, void,
+METHOD(hasher_t, allocate_hash, bool,
        private_gcrypt_hasher_t *this, chunk_t chunk, chunk_t *hash)
 {
        if (hash)
        {
                *hash = chunk_alloc(get_hash_size(this));
-               get_hash(this, chunk, hash->ptr);
-       }
-       else
-       {
-               get_hash(this, chunk, NULL);
+               return get_hash(this, chunk, hash->ptr);
        }
+       return get_hash(this, chunk, NULL);
 }
 
 METHOD(hasher_t, destroy, void,
index eb38eea..9fdb2d4 100644 (file)
@@ -165,11 +165,11 @@ static bool sign_pkcs1(private_gcrypt_rsa_private_key_t *this,
                return FALSE;
        }
        hasher = lib->crypto->create_hasher(lib->crypto, hash_algorithm);
-       if (!hasher)
+       if (!hasher || !hasher->allocate_hash(hasher, data, &hash))
        {
+               DESTROY_IF(hasher);
                return FALSE;
        }
-       hasher->allocate_hash(hasher, data, &hash);
        hasher->destroy(hasher);
 
        err = gcry_sexp_build(&in, NULL, "(data(flags pkcs1)(hash %s %b))",
index f8645da..c54f2c0 100644 (file)
@@ -121,11 +121,11 @@ static bool verify_pkcs1(private_gcrypt_rsa_public_key_t *this,
        gcry_sexp_t in, sig;
 
        hasher = lib->crypto->create_hasher(lib->crypto, algorithm);
-       if (!hasher)
+       if (!hasher || !hasher->allocate_hash(hasher, data, &hash))
        {
+               DESTROY_IF(hasher);
                return FALSE;
        }
-       hasher->allocate_hash(hasher, data, &hash);
        hasher->destroy(hasher);
 
        err = gcry_sexp_build(&in, NULL, "(data(flags pkcs1)(hash %s %b))",
index acd9ae2..590ab6c 100644 (file)
@@ -235,11 +235,11 @@ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this,
                }
 
                hasher = lib->crypto->create_hasher(lib->crypto, hash_algorithm);
-               if (hasher == NULL)
+               if (!hasher || !hasher->allocate_hash(hasher, data, &hash))
                {
+                       DESTROY_IF(hasher);
                        return FALSE;
                }
-               hasher->allocate_hash(hasher, data, &hash);
                hasher->destroy(hasher);
 
                /* build DER-encoded digestInfo */
index db7b8e4..2d84f00 100644 (file)
@@ -252,7 +252,11 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this,
                                        }
 
                                        /* build our own hash and compare */
-                                       hasher->allocate_hash(hasher, data, &hash);
+                                       if (!hasher->allocate_hash(hasher, data, &hash))
+                                       {
+                                               hasher->destroy(hasher);
+                                               goto end_parser;
+                                       }
                                        hasher->destroy(hasher);
                                        success = memeq(object.ptr, hash.ptr, hash.len);
                                        free(hash.ptr);
index 0d08006..bf93414 100644 (file)
@@ -266,8 +266,6 @@ static void MD4Final (private_md4_hasher_t *this, u_int8_t digest[16])
        }
 }
 
-
-
 METHOD(hasher_t, get_hash, bool,
        private_md4_hasher_t *this, chunk_t chunk, u_int8_t *buffer)
 {
@@ -280,7 +278,7 @@ METHOD(hasher_t, get_hash, bool,
        return TRUE;
 }
 
-METHOD(hasher_t, allocate_hash, void,
+METHOD(hasher_t, allocate_hash, bool,
        private_md4_hasher_t *this, chunk_t chunk, chunk_t *hash)
 {
        chunk_t allocated_hash;
@@ -296,6 +294,7 @@ METHOD(hasher_t, allocate_hash, void,
 
                *hash = allocated_hash;
        }
+       return TRUE;
 }
 
 METHOD(hasher_t, get_hash_size, size_t,
index dcd2cdd..ea8c450 100644 (file)
@@ -311,7 +311,7 @@ METHOD(hasher_t, get_hash, bool,
        return TRUE;
 }
 
-METHOD(hasher_t, allocate_hash, void,
+METHOD(hasher_t, allocate_hash, bool,
        private_md5_hasher_t *this, chunk_t chunk, chunk_t *hash)
 {
        chunk_t allocated_hash;
@@ -327,6 +327,7 @@ METHOD(hasher_t, allocate_hash, void,
 
                *hash = allocated_hash;
        }
+       return TRUE;
 }
 
 METHOD(hasher_t, get_hash_size, size_t,
index 7461695..9cb68a3 100644 (file)
@@ -221,13 +221,13 @@ bool openssl_ec_fingerprint(EC_KEY *ec, cred_encoding_type_t type, chunk_t *fp)
                        return FALSE;
        }
        hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
-       if (!hasher)
+       if (!hasher || !hasher->allocate_hash(hasher, key, fp))
        {
                DBG1(DBG_LIB, "SHA1 hash algorithm not supported, fingerprinting failed");
+               DESTROY_IF(hasher);
                free(key.ptr);
                return FALSE;
        }
-       hasher->allocate_hash(hasher, key, fp);
        hasher->destroy(hasher);
        free(key.ptr);
        lib->encoding->cache(lib->encoding, type, ec, *fp);
index 5b35364..67b49c1 100644 (file)
@@ -120,18 +120,15 @@ METHOD(hasher_t, get_hash, bool,
        return TRUE;
 }
 
-METHOD(hasher_t, allocate_hash, void,
+METHOD(hasher_t, allocate_hash, bool,
        private_openssl_hasher_t *this, chunk_t chunk, chunk_t *hash)
 {
        if (hash)
        {
                *hash = chunk_alloc(get_hash_size(this));
-               get_hash(this, chunk, hash->ptr);
-       }
-       else
-       {
-               get_hash(this, chunk, NULL);
+               return get_hash(this, chunk, hash->ptr);
        }
+       return get_hash(this, chunk, NULL);
 }
 
 METHOD(hasher_t, destroy, void,
index a24bae5..5872a81 100644 (file)
@@ -217,13 +217,13 @@ bool openssl_rsa_fingerprint(RSA *rsa, cred_encoding_type_t type, chunk_t *fp)
                        return FALSE;
        }
        hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
-       if (!hasher)
+       if (!hasher || !hasher->allocate_hash(hasher, key, fp))
        {
                DBG1(DBG_LIB, "SHA1 hash algorithm not supported, fingerprinting failed");
+               DESTROY_IF(hasher);
                free(key.ptr);
                return FALSE;
        }
-       hasher->allocate_hash(hasher, key, fp);
        free(key.ptr);
        hasher->destroy(hasher);
        lib->encoding->cache(lib->encoding, type, rsa, *fp);
index ee19c41..e85c5cc 100644 (file)
@@ -973,11 +973,11 @@ static bool parse_certificate(private_openssl_x509_t *this)
        parse_extKeyUsage(this);
 
        hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
-       if (!hasher)
+       if (!hasher || !hasher->allocate_hash(hasher, this->encoding, &this->hash))
        {
+               DESTROY_IF(hasher);
                return FALSE;
        }
-       hasher->allocate_hash(hasher, this->encoding, &this->hash);
        hasher->destroy(hasher);
 
        if (issued_by(this, &this->public.x509.interface, NULL))
index fd3d195..406daad 100644 (file)
@@ -112,18 +112,15 @@ METHOD(hasher_t, get_hash, bool,
        return TRUE;
 }
 
-METHOD(hasher_t, allocate_hash, void,
+METHOD(hasher_t, allocate_hash, bool,
        private_padlock_sha1_hasher_t *this, chunk_t chunk, chunk_t *hash)
 {
        if (hash)
        {
                *hash = chunk_alloc(HASH_SIZE_SHA1);
-               get_hash(this, chunk, hash->ptr);
-       }
-       else
-       {
-               get_hash(this, chunk, NULL);
+               return get_hash(this, chunk, hash->ptr);
        }
+       return get_hash(this, chunk, NULL);
 }
 
 METHOD(hasher_t, get_hash_size, size_t,
index e6d13a2..a99bed2 100644 (file)
@@ -321,8 +321,12 @@ static bool parse_public_key(private_pgp_cert_t *this, chunk_t packet)
                        DBG1(DBG_ASN, "no SHA-1 hasher available");
                        return FALSE;
                }
-               hasher->allocate_hash(hasher, pubkey_packet_header, NULL);
-               hasher->allocate_hash(hasher, pubkey_packet, &this->fingerprint);
+               if (!hasher->allocate_hash(hasher, pubkey_packet_header, NULL) ||
+                       !hasher->allocate_hash(hasher, pubkey_packet, &this->fingerprint))
+               {
+                       hasher->destroy(hasher);
+                       return FALSE;
+               }
                hasher->destroy(hasher);
                DBG2(DBG_ASN, "L2 - v4 fingerprint %#B", &this->fingerprint);
        }
index 9043cdb..d16d1d7 100644 (file)
@@ -44,8 +44,12 @@ static bool build_v3_fingerprint(chunk_t *encoding, va_list args)
                {
                        e = chunk_skip(e, 1);
                }
-               hasher->allocate_hash(hasher, n, NULL);
-               hasher->allocate_hash(hasher, e, encoding);
+               if (!hasher->allocate_hash(hasher, n, NULL) ||
+                       !hasher->allocate_hash(hasher, e, encoding))
+               {
+                       hasher->destroy(hasher);
+                       return FALSE;
+               }
                hasher->destroy(hasher);
                return TRUE;
        }
index 6957b2a..9122e8d 100644 (file)
@@ -94,14 +94,14 @@ static bool hash_pubkey(chunk_t pubkey, chunk_t *hash)
        hasher_t *hasher;
 
        hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
-       if (hasher == NULL)
+       if (!hasher || !hasher->allocate_hash(hasher, pubkey, hash))
        {
+               DESTROY_IF(hasher);
                chunk_free(&pubkey);
                DBG1(DBG_LIB, "SHA1 hash algorithm not supported, "
                         "fingerprinting failed");
                return FALSE;
        }
-       hasher->allocate_hash(hasher, pubkey, hash);
        hasher->destroy(hasher);
        chunk_free(&pubkey);
        return TRUE;
index 56aec3d..29b7fb7 100644 (file)
@@ -203,18 +203,15 @@ METHOD(hasher_t, get_hash, bool,
        return TRUE;
 }
 
-METHOD(hasher_t, allocate_hash, void,
+METHOD(hasher_t, allocate_hash, bool,
        private_pkcs11_hasher_t *this, chunk_t chunk, chunk_t *hash)
 {
        if (hash)
        {
                *hash = chunk_alloc(this->size);
-               get_hash(this, chunk, hash->ptr);
-       }
-       else
-       {
-               get_hash(this, chunk, NULL);
+               return get_hash(this, chunk, hash->ptr);
        }
+       return get_hash(this, chunk, NULL);
 }
 
 METHOD(hasher_t, destroy, void,
index b616abc..f7f7d3f 100644 (file)
@@ -266,13 +266,15 @@ METHOD(private_key_t, sign, bool,
        }
        if (hash_alg != HASH_UNKNOWN)
        {
-               hasher_t *hasher = lib->crypto->create_hasher(lib->crypto, hash_alg);
-               if (!hasher)
+               hasher_t *hasher;
+
+               hasher = lib->crypto->create_hasher(lib->crypto, hash_alg);
+               if (!hasher || !hasher->allocate_hash(hasher, data, &hash))
                {
+                       DESTROY_IF(hasher);
                        this->lib->f->C_CloseSession(session);
                        return FALSE;
                }
-               hasher->allocate_hash(hasher, data, &hash);
                hasher->destroy(hasher);
                data = hash;
        }
index d4ec923..f0d7093 100644 (file)
@@ -235,13 +235,15 @@ METHOD(public_key_t, verify, bool,
        }
        if (hash_alg != HASH_UNKNOWN)
        {
-               hasher_t *hasher = lib->crypto->create_hasher(lib->crypto, hash_alg);
-               if (!hasher)
+               hasher_t *hasher;
+
+               hasher = lib->crypto->create_hasher(lib->crypto, hash_alg);
+               if (!hasher || !hasher->allocate_hash(hasher, data, &hash))
                {
+                       DESTROY_IF(hasher);
                        this->lib->f->C_CloseSession(session);
                        return FALSE;
                }
-               hasher->allocate_hash(hasher, data, &hash);
                hasher->destroy(hasher);
                data = hash;
        }
@@ -374,12 +376,12 @@ static bool fingerprint_ecdsa(private_pkcs11_public_key_t *this,
                        return FALSE;
        }
        hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
-       if (!hasher)
+       if (!hasher || !hasher->allocate_hash(hasher, asn1, fp))
        {
+               DESTROY_IF(hasher);
                chunk_clear(&asn1);
                return FALSE;
        }
-       hasher->allocate_hash(hasher, asn1, fp);
        hasher->destroy(hasher);
        chunk_clear(&asn1);
        lib->encoding->cache(lib->encoding, type, this, *fp);
index 51d9674..ceb8fc0 100644 (file)
@@ -199,7 +199,7 @@ METHOD(hasher_t, get_hash, bool,
        return TRUE;
 }
 
-METHOD(hasher_t, allocate_hash, void,
+METHOD(hasher_t, allocate_hash, bool,
        private_sha1_hasher_t *this, chunk_t chunk, chunk_t *hash)
 {
        SHA1Update(this, chunk.ptr, chunk.len);
@@ -211,6 +211,7 @@ METHOD(hasher_t, allocate_hash, void,
                SHA1Final(this, hash->ptr);
                reset(this);
        }
+       return TRUE;
 }
 
 METHOD(hasher_t, get_hash_size, size_t,
index b21eba4..607e329 100644 (file)
@@ -512,7 +512,7 @@ METHOD(hasher_t, get_hash512, bool,
        return TRUE;
 }
 
-METHOD(hasher_t, allocate_hash224, void,
+METHOD(hasher_t, allocate_hash224, bool,
        private_sha256_hasher_t *this, chunk_t chunk, chunk_t *hash)
 {
        chunk_t allocated_hash;
@@ -526,9 +526,10 @@ METHOD(hasher_t, allocate_hash224, void,
                reset224(this);
                *hash = allocated_hash;
        }
+       return TRUE;
 }
 
-METHOD(hasher_t, allocate_hash256, void,
+METHOD(hasher_t, allocate_hash256, bool,
        private_sha256_hasher_t *this, chunk_t chunk, chunk_t *hash)
 {
        chunk_t allocated_hash;
@@ -542,9 +543,10 @@ METHOD(hasher_t, allocate_hash256, void,
                reset256(this);
                *hash = allocated_hash;
        }
+       return TRUE;
 }
 
-METHOD(hasher_t, allocate_hash384, void,
+METHOD(hasher_t, allocate_hash384, bool,
        private_sha512_hasher_t *this, chunk_t chunk, chunk_t *hash)
 {
        chunk_t allocated_hash;
@@ -558,9 +560,10 @@ METHOD(hasher_t, allocate_hash384, void,
                reset384(this);
                *hash = allocated_hash;
        }
+       return TRUE;
 }
 
-METHOD(hasher_t, allocate_hash512, void,
+METHOD(hasher_t, allocate_hash512, bool,
        private_sha512_hasher_t *this, chunk_t chunk, chunk_t *hash)
 {
        chunk_t allocated_hash;
@@ -574,6 +577,7 @@ METHOD(hasher_t, allocate_hash512, void,
                reset512(this);
                *hash = allocated_hash;
        }
+       return TRUE;
 }
 
 METHOD(hasher_t, get_hash_size224, size_t,
index 88101e8..2269eb4 100644 (file)
@@ -1490,12 +1490,13 @@ end:
                }
                /* create certificate hash */
                hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
-               if (hasher == NULL)
+               if (!hasher ||
+                       !hasher->allocate_hash(hasher, this->encoding, &this->encoding_hash))
                {
+                       DESTROY_IF(hasher);
                        DBG1(DBG_ASN, "  unable to create hash of certificate, SHA1 not supported");
                        return FALSE;
                }
-               hasher->allocate_hash(hasher, this->encoding, &this->encoding_hash);
                hasher->destroy(hasher);
        }
        return success;
@@ -2344,11 +2345,12 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert,
                                                           asn1_bitstring("c", cert->signature));
 
        hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
-       if (!hasher)
+       if (!hasher ||
+               !hasher->allocate_hash(hasher, cert->encoding, &cert->encoding_hash))
        {
+               DESTROY_IF(hasher);
                return FALSE;
        }
-       hasher->allocate_hash(hasher, cert->encoding, &cert->encoding_hash);
        hasher->destroy(hasher);
        return TRUE;
 }
index adeae30..bbd1c59 100644 (file)
@@ -159,22 +159,24 @@ static chunk_t build_requestList(private_x509_ocsp_request_t *this)
                                enumerator_t *enumerator;
 
                                issuer = cert->get_subject(cert);
-                               hasher->allocate_hash(hasher, issuer->get_encoding(issuer),
-                                                                         &issuerNameHash);
-                               hasher->destroy(hasher);
-
-                               enumerator = this->candidates->create_enumerator(this->candidates);
-                               while (enumerator->enumerate(enumerator, &x509))
+                               if (hasher->allocate_hash(hasher, issuer->get_encoding(issuer),
+                                                                                 &issuerNameHash))
                                {
-                                       chunk_t request, serialNumber;
-
-                                       serialNumber = x509->get_serial(x509);
-                                       request = build_Request(this, issuerNameHash, issuerKeyHash,
-                                                                                       serialNumber);
-                                       list = chunk_cat("mm", list, request);
+                                       enumerator = this->candidates->create_enumerator(
+                                                                                                                       this->candidates);
+                                       while (enumerator->enumerate(enumerator, &x509))
+                                       {
+                                               chunk_t request, serialNumber;
+
+                                               serialNumber = x509->get_serial(x509);
+                                               request = build_Request(this, issuerNameHash,
+                                                                                               issuerKeyHash, serialNumber);
+                                               list = chunk_cat("mm", list, request);
+                                       }
+                                       enumerator->destroy(enumerator);
+                                       chunk_free(&issuerNameHash);
                                }
-                               enumerator->destroy(enumerator);
-                               chunk_free(&issuerNameHash);
+                               hasher->destroy(hasher);
                        }
                }
                else
index dc3fc27..27497e0 100644 (file)
@@ -201,19 +201,22 @@ METHOD(ocsp_response_t, get_status, cert_validation_t,
                /* check issuerNameHash, if available */
                else if (response->issuerNameHash.ptr)
                {
+                       id = issuercert->get_subject(issuercert);
                        hasher = lib->crypto->create_hasher(lib->crypto,
                                                        hasher_algorithm_from_oid(response->hashAlgorithm));
-                       if (!hasher)
+                       if (!hasher ||
+                               !hasher->allocate_hash(hasher, id->get_encoding(id), &hash))
                        {
+                               DESTROY_IF(hasher);
                                continue;
                        }
-                       id = issuercert->get_subject(issuercert);
-                       hasher->allocate_hash(hasher, id->get_encoding(id), &hash);
                        hasher->destroy(hasher);
                        if (!chunk_equals(hash, response->issuerNameHash))
                        {
+                               free(hash.ptr);
                                continue;
                        }
+                       free(hash.ptr);
                }
                else
                {
index 65a8682..820ae74 100644 (file)
@@ -1196,12 +1196,12 @@ static bool hash_data(private_tls_crypto_t *this, chunk_t data, chunk_t *hash)
                        return FALSE;
                }
                hasher = lib->crypto->create_hasher(lib->crypto, alg->hash);
-               if (!hasher)
+               if (!hasher || !hasher->allocate_hash(hasher, data, hash))
                {
                        DBG1(DBG_TLS, "%N not supported", hash_algorithm_names, alg->hash);
+                       DESTROY_IF(hasher);
                        return FALSE;
                }
-               hasher->allocate_hash(hasher, data, hash);
                hasher->destroy(hasher);
        }
        else
index 12bd938..35c9d90 100644 (file)
@@ -64,7 +64,11 @@ static chunk_t hash_password(char *login, char *password)
        }
        data = chunk_cata("cc", chunk_create(login, strlen(login)),
                                                        chunk_create(password, strlen(password)));
-       hasher->allocate_hash(hasher, data, &hash);
+       if (!hasher->allocate_hash(hasher, data, &hash))
+       {
+               hasher->destroy(hasher);
+               return chunk_empty;
+       }
        hasher->destroy(hasher);
        return hash;
 }