DBG1(DBG_IKE, "EAP-MD5 failed, MD5 not supported");
return FAILED;
}
- hasher->allocate_hash(hasher, concat, response);
+ if (!hasher->allocate_hash(hasher, concat, response))
+ {
+ hasher->destroy(hasher);
+ return FAILED;
+ }
hasher->destroy(hasher);
return SUCCESS;
}
DBG1(DBG_IKE, "EAP-MS-CHAPv2 failed, no MD4 hasher available");
return FAILED;
}
- hasher->allocate_hash(hasher, password, password_hash);
+ if (!hasher->allocate_hash(hasher, password, password_hash))
+ {
+ hasher->destroy(hasher);
+ return FAILED;
+ }
hasher->destroy(hasher);
return SUCCESS;
}
return FAILED;
}
concat = chunk_cata("ccc", peer_challenge, server_challenge, username);
- hasher->allocate_hash(hasher, concat, challenge_hash);
+ if (!hasher->allocate_hash(hasher, concat, challenge_hash))
+ {
+ hasher->destroy(hasher);
+ return FAILED;
+ }
hasher->destroy(hasher);
/* we need only the first 8 octets */
challenge_hash->len = 8;
}
concat = chunk_cata("ccc", password_hash_hash, nt_response, magic1);
- hasher->allocate_hash(hasher, concat, &digest);
+ if (!hasher->allocate_hash(hasher, concat, &digest))
+ {
+ hasher->destroy(hasher);
+ return FAILED;
+ }
concat = chunk_cata("ccc", digest, challenge_hash, magic2);
- hasher->allocate_hash(hasher, concat, response);
-
+ if (!hasher->allocate_hash(hasher, concat, response))
+ {
+ hasher->destroy(hasher);
+ return FAILED;
+ }
hasher->destroy(hasher);
chunk_free(&digest);
return SUCCESS;
chunk_t keypad = chunk_from_chars(
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00);
- chunk_t concat, master_key, master_receive_key, master_send_key;
+ char master_key[HASH_SIZE_SHA1];
+ char master_receive_key[HASH_SIZE_SHA1], master_send_key[HASH_SIZE_SHA1];
+ chunk_t concat, master;
hasher_t *hasher;
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
return FAILED;
}
+ master = chunk_create(master_key, 16);
concat = chunk_cata("ccc", password_hash_hash, nt_response, magic1);
- hasher->allocate_hash(hasher, concat, &master_key);
- master_key.len = 16;
-
- concat = chunk_cata("cccc", master_key, shapad1, magic2, shapad2);
- hasher->allocate_hash(hasher, concat, &master_receive_key);
- master_receive_key.len = 16;
-
- concat = chunk_cata("cccc", master_key, shapad1, magic3, shapad2);
- hasher->allocate_hash(hasher, concat, &master_send_key);
- master_send_key.len = 16;
+ concat = chunk_cata("cccc", master, shapad1, magic2, shapad2);
+ concat = chunk_cata("cccc", master, shapad1, magic3, shapad2);
+ if (!hasher->get_hash(hasher, concat, master_key) ||
+ !hasher->get_hash(hasher, concat, master_receive_key) ||
+ !hasher->get_hash(hasher, concat, master_send_key))
+ {
+ hasher->destroy(hasher);
+ return FAILED;
+ }
- *msk = chunk_cat("cccc", master_receive_key, master_send_key, keypad, keypad);
+ *msk = chunk_cat("cccc", chunk_create(master_receive_key, 16),
+ chunk_create(master_send_key, 16), keypad, keypad);
hasher->destroy(hasher);
- chunk_free(&master_key);
- chunk_free(&master_receive_key);
- chunk_free(&master_send_key);
return SUCCESS;
}
if (cert->get_encoding(cert, CERT_ASN1_DER, &encoded))
{
- hasher->allocate_hash(hasher, encoded, &hash);
- section->hashes->insert_last(section->hashes,
+ if (hasher->allocate_hash(hasher, encoded, &hash))
+ {
+ section->hashes->insert_last(section->hashes,
identification_create_from_encoding(ID_KEY_ID, hash));
- chunk_free(&hash);
+ chunk_free(&hash);
+ }
chunk_free(&encoded);
}
break;
u_int64_t our_spi;
chunk_t hash;
- this->hasher->allocate_hash(this->hasher,
- message->get_packet_data(message), &hash);
+ if (!this->hasher->allocate_hash(this->hasher,
+ message->get_packet_data(message), &hash))
+ {
+ DBG1(DBG_MGR, "ignoring message, failed to hash message");
+ id->destroy(id);
+ return NULL;
+ }
/* ensure this is not a retransmit of an already handled init message */
switch (check_and_put_init_hash(this, hash, &our_spi))
/* initial IV = hash(g^xi | g^xr) */
data = chunk_cata("cc", g_xi, g_xr);
- this->hasher->allocate_hash(this->hasher, data, &this->phase1_iv.iv);
+ if (!this->hasher->allocate_hash(this->hasher, data, &this->phase1_iv.iv))
+ {
+ chunk_free(&dh_me);
+ return FALSE;
+ }
if (this->phase1_iv.iv.len > this->aead->get_block_size(this->aead))
{
this->phase1_iv.iv.len = this->aead->get_block_size(this->aead);
else
{
/* initial phase 2 IV = hash(last_phase1_block | mid) */
- u_int32_t net = htonl(iv->mid);
- chunk_t data = chunk_cata("cc", this->phase1_iv.iv,
- chunk_from_thing(net));
- this->hasher->allocate_hash(this->hasher, data, &iv->iv);
+ u_int32_t net;;
+ chunk_t data;
+
+ net = htonl(iv->mid);
+ data = chunk_cata("cc", this->phase1_iv.iv, chunk_from_thing(net));
+ if (!this->hasher->allocate_hash(this->hasher, data, &iv->iv))
+ {
+ return FALSE;
+ }
if (iv->iv.len > this->aead->get_block_size(this->aead))
{
iv->iv.len = this->aead->get_block_size(this->aead);
natd_chunk = chunk_cata("cccc", chunk_from_thing(spi_i),
chunk_from_thing(spi_r), host->get_address(host),
chunk_from_thing(port));
- hasher->allocate_hash(hasher, natd_chunk, &natd_hash);
+ if (!hasher->allocate_hash(hasher, natd_chunk, &natd_hash))
+ {
+ DBG1(DBG_IKE, "creating NAT-D payload hash failed");
+ return chunk_empty;
+ }
DBG3(DBG_IKE, "natd_chunk %B", &natd_chunk);
DBG3(DBG_IKE, "natd_hash %B", &natd_hash);
ike_sa_id_t *ike_sa_id = this->ike_sa->get_id(this->ike_sa);
hash = generate_natd_hash(this, ike_sa_id, host);
}
+ if (!hash.len)
+ {
+ return NULL;
+ }
payload = hash_payload_create(NAT_D_V1);
payload->set_hash(payload, hash);
chunk_free(&hash);
/* destination has to be added first */
host = message->get_destination(message);
payload = build_natd_payload(this, FALSE, host);
- message->add_payload(message, (payload_t*)payload);
+ if (payload)
+ {
+ message->add_payload(message, (payload_t*)payload);
+ }
/* source is added second, compared with IKEv2 we always know the source,
* as these payloads are added in the second Phase 1 exchange or the
* response to the first */
host = message->get_source(message);
payload = build_natd_payload(this, TRUE, host);
- message->add_payload(message, (payload_t*)payload);
+ if (payload)
+ {
+ message->add_payload(message, (payload_t*)payload);
+ }
}
/**
/* signature = SHA1( MID | ME_CONNECTID | ME_ENDPOINT | ME_CONNECTKEY ) */
sig_chunk = chunk_cat("cccc", mid_chunk, check->connect_id,
check->endpoint_raw, key_chunk);
- this->hasher->allocate_hash(this->hasher, sig_chunk, &sig_hash);
+ if (!this->hasher->allocate_hash(this->hasher, sig_chunk, &sig_hash))
+ {
+ sig_hash = chunk_empty;
+ }
DBG3(DBG_IKE, "sig_chunk %#B", &sig_chunk);
DBG3(DBG_IKE, "sig_hash %#B", &sig_hash);
hasher->destroy(hasher);
return NULL;
}
- hasher->allocate_hash(hasher, encoded, &hash);
+ if (!hasher->allocate_hash(hasher, encoded, &hash))
+ {
+ hasher->destroy(hasher);
+ chunk_free(&encoded);
+ return cert_payload_create_from_cert(CERTIFICATE, cert);
+ }
chunk_free(&encoded);
hasher->destroy(hasher);
id = identification_create_from_encoding(ID_KEY_ID, hash);
/* natd_hash = SHA1( spi_i | spi_r | address | port ) */
natd_chunk = chunk_cat("cccc", spi_i_chunk, spi_r_chunk, addr_chunk, port_chunk);
- this->hasher->allocate_hash(this->hasher, natd_chunk, &natd_hash);
+ if (!this->hasher->allocate_hash(this->hasher, natd_chunk, &natd_hash))
+ {
+ natd_hash = chunk_empty;
+ }
DBG3(DBG_IKE, "natd_chunk %B", &natd_chunk);
DBG3(DBG_IKE, "natd_hash %B", &natd_hash);
{
hash = generate_natd_hash(this, ike_sa_id, host);
}
+ if (!hash.len)
+ {
+ return NULL;
+ }
notify = notify_payload_create(NOTIFY);
notify->set_notify_type(notify, type);
notify->set_notification_data(notify, hash);
/* destination is always set */
host = message->get_destination(message);
notify = build_natd_payload(this, NAT_DETECTION_DESTINATION_IP, host);
- message->add_payload(message, (payload_t*)notify);
+ if (notify)
+ {
+ message->add_payload(message, (payload_t*)notify);
+ }
/* source may be any, we have 3 possibilities to get our source address:
* 1. It is defined in the config => use the one of the IKE_SA
if (!host->is_anyaddr(host) || ike_cfg->force_encap(ike_cfg))
{ /* 1. or if we force UDP encap, as it doesn't matter if it's %any */
notify = build_natd_payload(this, NAT_DETECTION_SOURCE_IP, host);
- message->add_payload(message, (payload_t*)notify);
+ if (notify)
+ {
+ message->add_payload(message, (payload_t*)notify);
+ }
}
else
{
{ /* 2. */
host->set_port(host, ike_cfg->get_my_port(ike_cfg));
notify = build_natd_payload(this, NAT_DETECTION_SOURCE_IP, host);
- message->add_payload(message, (payload_t*)notify);
+ if (notify)
+ {
+ message->add_payload(message, (payload_t*)notify);
+ }
host->destroy(host);
}
else
host->set_port(host, ike_cfg->get_my_port(ike_cfg));
notify = build_natd_payload(this, NAT_DETECTION_SOURCE_IP, host);
host->destroy(host);
- message->add_payload(message, (payload_t*)notify);
+ if (notify)
+ {
+ message->add_payload(message, (payload_t*)notify);
+ }
}
enumerator->destroy(enumerator);
}
/* initiator seems to support NAT detection, add response */
me = message->get_source(message);
notify = build_natd_payload(this, NAT_DETECTION_SOURCE_IP, me);
- message->add_payload(message, (payload_t*)notify);
-
+ if (notify)
+ {
+ message->add_payload(message, (payload_t*)notify);
+ }
other = message->get_destination(message);
notify = build_natd_payload(this, NAT_DETECTION_DESTINATION_IP, other);
- message->add_payload(message, (payload_t*)notify);
+ if (notify)
+ {
+ message->add_payload(message, (payload_t*)notify);
+ }
}
return SUCCESS;
}
hash_alg = pts_meas_algo_to_hash(this->dh_hash_algorithm);
hasher = lib->crypto->create_hasher(lib->crypto, hash_alg);
- hasher->allocate_hash(hasher, chunk_from_chars('1'), NULL);
- hasher->allocate_hash(hasher, this->initiator_nonce, NULL);
- hasher->allocate_hash(hasher, this->responder_nonce, NULL);
- hasher->allocate_hash(hasher, shared_secret, &this->secret);
+ if (!hasher ||
+ !hasher->get_hash(hasher, chunk_from_chars('1'), NULL) ||
+ !hasher->get_hash(hasher, this->initiator_nonce, NULL) ||
+ !hasher->get_hash(hasher, this->responder_nonce, NULL) ||
+ !hasher->allocate_hash(hasher, shared_secret, &this->secret))
+ {
+ DESTROY_IF(hasher);
+ return FALSE;
+ }
hasher->destroy(hasher);
/* The DH secret must be destroyed */
hasher = lib->crypto->create_hasher(lib->crypto, algo);
/* Hash the PCR Composite Structure */
- hasher->allocate_hash(hasher, pcr_comp, out_pcr_comp);
+ if (!hasher || !hasher->allocate_hash(hasher, pcr_comp, out_pcr_comp))
+ {
+ DESTROY_IF(hasher);
+ free(pcr_comp.ptr);
+ return FALSE;
+ }
DBG3(DBG_PTS, "constructed PCR Composite hash: %#B", out_pcr_comp);
hasher->destroy(hasher);
}
/* SHA1 hash of PCR Composite to construct TPM_QUOTE_INFO */
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
- hasher->allocate_hash(hasher, pcr_comp, &hash_pcr_comp);
+ if (!hasher || !hasher->allocate_hash(hasher, pcr_comp, &hash_pcr_comp))
+ {
+ DESTROY_IF(hasher);
+ chunk_free(out_pcr_comp);
+ free(pcr_comp.ptr);
+ return FALSE;
+ }
hasher->destroy(hasher);
/* Construct TPM_QUOTE_INFO/TPM_QUOTE_INFO2 structure */
/* For SIM: MK = SHA1(Identity|n*Kc|NONCE_MT|Version List|Selected Version)
* For AKA: MK = SHA1(Identity|IK|CK) */
- if (!this->hasher->get_hash(this->hasher, id->get_encoding(id), NULL))
+ if (!this->hasher->get_hash(this->hasher, id->get_encoding(id), NULL) ||
+ !this->hasher->allocate_hash(this->hasher, data, mk))
{
return FALSE;
}
- this->hasher->allocate_hash(this->hasher, data, mk);
DBG3(DBG_LIB, "MK %B", mk);
/* K_encr | K_auth | MSK | EMSK = prf() | prf() | prf() | prf() */
/* allocated hash */
data = chunk_create(vector->data, vector->len);
- hasher->allocate_hash(hasher, data, &hash);
+ if (!hasher->allocate_hash(hasher, data, &hash))
+ {
+ failed = TRUE;
+ }
if (hash.len != hasher->get_hash_size(hasher))
{
failed = TRUE;
if (data.len > 2)
{
memset(hash.ptr, 0, hash.len);
- hasher->allocate_hash(hasher, chunk_create(data.ptr, 1), NULL);
- if (!hasher->get_hash(hasher, chunk_create(data.ptr + 1, 1), NULL) ||
+ if (!hasher->allocate_hash(hasher, chunk_create(data.ptr, 1), NULL) ||
+ !hasher->get_hash(hasher, chunk_create(data.ptr + 1, 1), NULL) ||
!hasher->get_hash(hasher, chunk_skip(data, 2), hash.ptr) ||
!memeq(vector->hash, hash.ptr, hash.len))
{
*
* @param data chunk with data to hash
* @param hash chunk which will hold allocated hash
+ * @return TRUE if hash allocated successfully
*/
- void (*allocate_hash) (hasher_t *this, chunk_t data, chunk_t *hash);
+ __attribute__((warn_unused_result))
+ bool (*allocate_hash) (hasher_t *this, chunk_t data, chunk_t *hash);
/**
* Get the size of the resulting hash.
algorithm = hasher_algorithm_from_oid(digest_alg);
hasher = lib->crypto->create_hasher(lib->crypto, algorithm);
- if (hasher == NULL)
+ if (!hasher || !hasher->allocate_hash(hasher, this->data, &hash))
{
+ DESTROY_IF(hasher);
DBG1(DBG_LIB, "hash algorithm %N not supported",
hash_algorithm_names, algorithm);
return FALSE;
}
- hasher->allocate_hash(hasher, this->data, &hash);
hasher->destroy(hasher);
DBG3(DBG_LIB, "hash: %B", &hash);
time_t now;
hasher = lib->crypto->create_hasher(lib->crypto, alg);
- if (hasher == NULL)
+ if (!hasher ||
+ !hasher->allocate_hash(hasher, this->data, &messageDigest))
{
+ DESTROY_IF(hasher);
DBG1(DBG_LIB, " hash algorithm %N not support",
hash_algorithm_names, alg);
return FALSE;
}
- hasher->allocate_hash(hasher, this->data, &messageDigest);
hasher->destroy(hasher);
this->attributes->set_attribute(this->attributes,
OID_PKCS9_MESSAGE_DIGEST,
return TRUE;
}
-METHOD(hasher_t, allocate_hash, void,
+METHOD(hasher_t, allocate_hash, bool,
private_af_alg_hasher_t *this, chunk_t chunk, chunk_t *hash)
{
if (hash)
{
*hash = chunk_alloc(get_hash_size(this));
- get_hash(this, chunk, hash->ptr);
- }
- else
- {
- get_hash(this, chunk, NULL);
+ return get_hash(this, chunk, hash->ptr);
}
+ return get_hash(this, chunk, NULL);
}
METHOD(hasher_t, destroy, void,
return TRUE;
}
-METHOD(hasher_t, allocate_hash, void,
+METHOD(hasher_t, allocate_hash, bool,
private_gcrypt_hasher_t *this, chunk_t chunk, chunk_t *hash)
{
if (hash)
{
*hash = chunk_alloc(get_hash_size(this));
- get_hash(this, chunk, hash->ptr);
- }
- else
- {
- get_hash(this, chunk, NULL);
+ return get_hash(this, chunk, hash->ptr);
}
+ return get_hash(this, chunk, NULL);
}
METHOD(hasher_t, destroy, void,
return FALSE;
}
hasher = lib->crypto->create_hasher(lib->crypto, hash_algorithm);
- if (!hasher)
+ if (!hasher || !hasher->allocate_hash(hasher, data, &hash))
{
+ DESTROY_IF(hasher);
return FALSE;
}
- hasher->allocate_hash(hasher, data, &hash);
hasher->destroy(hasher);
err = gcry_sexp_build(&in, NULL, "(data(flags pkcs1)(hash %s %b))",
gcry_sexp_t in, sig;
hasher = lib->crypto->create_hasher(lib->crypto, algorithm);
- if (!hasher)
+ if (!hasher || !hasher->allocate_hash(hasher, data, &hash))
{
+ DESTROY_IF(hasher);
return FALSE;
}
- hasher->allocate_hash(hasher, data, &hash);
hasher->destroy(hasher);
err = gcry_sexp_build(&in, NULL, "(data(flags pkcs1)(hash %s %b))",
}
hasher = lib->crypto->create_hasher(lib->crypto, hash_algorithm);
- if (hasher == NULL)
+ if (!hasher || !hasher->allocate_hash(hasher, data, &hash))
{
+ DESTROY_IF(hasher);
return FALSE;
}
- hasher->allocate_hash(hasher, data, &hash);
hasher->destroy(hasher);
/* build DER-encoded digestInfo */
}
/* build our own hash and compare */
- hasher->allocate_hash(hasher, data, &hash);
+ if (!hasher->allocate_hash(hasher, data, &hash))
+ {
+ hasher->destroy(hasher);
+ goto end_parser;
+ }
hasher->destroy(hasher);
success = memeq(object.ptr, hash.ptr, hash.len);
free(hash.ptr);
}
}
-
-
METHOD(hasher_t, get_hash, bool,
private_md4_hasher_t *this, chunk_t chunk, u_int8_t *buffer)
{
return TRUE;
}
-METHOD(hasher_t, allocate_hash, void,
+METHOD(hasher_t, allocate_hash, bool,
private_md4_hasher_t *this, chunk_t chunk, chunk_t *hash)
{
chunk_t allocated_hash;
*hash = allocated_hash;
}
+ return TRUE;
}
METHOD(hasher_t, get_hash_size, size_t,
return TRUE;
}
-METHOD(hasher_t, allocate_hash, void,
+METHOD(hasher_t, allocate_hash, bool,
private_md5_hasher_t *this, chunk_t chunk, chunk_t *hash)
{
chunk_t allocated_hash;
*hash = allocated_hash;
}
+ return TRUE;
}
METHOD(hasher_t, get_hash_size, size_t,
return FALSE;
}
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
- if (!hasher)
+ if (!hasher || !hasher->allocate_hash(hasher, key, fp))
{
DBG1(DBG_LIB, "SHA1 hash algorithm not supported, fingerprinting failed");
+ DESTROY_IF(hasher);
free(key.ptr);
return FALSE;
}
- hasher->allocate_hash(hasher, key, fp);
hasher->destroy(hasher);
free(key.ptr);
lib->encoding->cache(lib->encoding, type, ec, *fp);
return TRUE;
}
-METHOD(hasher_t, allocate_hash, void,
+METHOD(hasher_t, allocate_hash, bool,
private_openssl_hasher_t *this, chunk_t chunk, chunk_t *hash)
{
if (hash)
{
*hash = chunk_alloc(get_hash_size(this));
- get_hash(this, chunk, hash->ptr);
- }
- else
- {
- get_hash(this, chunk, NULL);
+ return get_hash(this, chunk, hash->ptr);
}
+ return get_hash(this, chunk, NULL);
}
METHOD(hasher_t, destroy, void,
return FALSE;
}
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
- if (!hasher)
+ if (!hasher || !hasher->allocate_hash(hasher, key, fp))
{
DBG1(DBG_LIB, "SHA1 hash algorithm not supported, fingerprinting failed");
+ DESTROY_IF(hasher);
free(key.ptr);
return FALSE;
}
- hasher->allocate_hash(hasher, key, fp);
free(key.ptr);
hasher->destroy(hasher);
lib->encoding->cache(lib->encoding, type, rsa, *fp);
parse_extKeyUsage(this);
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
- if (!hasher)
+ if (!hasher || !hasher->allocate_hash(hasher, this->encoding, &this->hash))
{
+ DESTROY_IF(hasher);
return FALSE;
}
- hasher->allocate_hash(hasher, this->encoding, &this->hash);
hasher->destroy(hasher);
if (issued_by(this, &this->public.x509.interface, NULL))
return TRUE;
}
-METHOD(hasher_t, allocate_hash, void,
+METHOD(hasher_t, allocate_hash, bool,
private_padlock_sha1_hasher_t *this, chunk_t chunk, chunk_t *hash)
{
if (hash)
{
*hash = chunk_alloc(HASH_SIZE_SHA1);
- get_hash(this, chunk, hash->ptr);
- }
- else
- {
- get_hash(this, chunk, NULL);
+ return get_hash(this, chunk, hash->ptr);
}
+ return get_hash(this, chunk, NULL);
}
METHOD(hasher_t, get_hash_size, size_t,
DBG1(DBG_ASN, "no SHA-1 hasher available");
return FALSE;
}
- hasher->allocate_hash(hasher, pubkey_packet_header, NULL);
- hasher->allocate_hash(hasher, pubkey_packet, &this->fingerprint);
+ if (!hasher->allocate_hash(hasher, pubkey_packet_header, NULL) ||
+ !hasher->allocate_hash(hasher, pubkey_packet, &this->fingerprint))
+ {
+ hasher->destroy(hasher);
+ return FALSE;
+ }
hasher->destroy(hasher);
DBG2(DBG_ASN, "L2 - v4 fingerprint %#B", &this->fingerprint);
}
{
e = chunk_skip(e, 1);
}
- hasher->allocate_hash(hasher, n, NULL);
- hasher->allocate_hash(hasher, e, encoding);
+ if (!hasher->allocate_hash(hasher, n, NULL) ||
+ !hasher->allocate_hash(hasher, e, encoding))
+ {
+ hasher->destroy(hasher);
+ return FALSE;
+ }
hasher->destroy(hasher);
return TRUE;
}
hasher_t *hasher;
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
- if (hasher == NULL)
+ if (!hasher || !hasher->allocate_hash(hasher, pubkey, hash))
{
+ DESTROY_IF(hasher);
chunk_free(&pubkey);
DBG1(DBG_LIB, "SHA1 hash algorithm not supported, "
"fingerprinting failed");
return FALSE;
}
- hasher->allocate_hash(hasher, pubkey, hash);
hasher->destroy(hasher);
chunk_free(&pubkey);
return TRUE;
return TRUE;
}
-METHOD(hasher_t, allocate_hash, void,
+METHOD(hasher_t, allocate_hash, bool,
private_pkcs11_hasher_t *this, chunk_t chunk, chunk_t *hash)
{
if (hash)
{
*hash = chunk_alloc(this->size);
- get_hash(this, chunk, hash->ptr);
- }
- else
- {
- get_hash(this, chunk, NULL);
+ return get_hash(this, chunk, hash->ptr);
}
+ return get_hash(this, chunk, NULL);
}
METHOD(hasher_t, destroy, void,
}
if (hash_alg != HASH_UNKNOWN)
{
- hasher_t *hasher = lib->crypto->create_hasher(lib->crypto, hash_alg);
- if (!hasher)
+ hasher_t *hasher;
+
+ hasher = lib->crypto->create_hasher(lib->crypto, hash_alg);
+ if (!hasher || !hasher->allocate_hash(hasher, data, &hash))
{
+ DESTROY_IF(hasher);
this->lib->f->C_CloseSession(session);
return FALSE;
}
- hasher->allocate_hash(hasher, data, &hash);
hasher->destroy(hasher);
data = hash;
}
}
if (hash_alg != HASH_UNKNOWN)
{
- hasher_t *hasher = lib->crypto->create_hasher(lib->crypto, hash_alg);
- if (!hasher)
+ hasher_t *hasher;
+
+ hasher = lib->crypto->create_hasher(lib->crypto, hash_alg);
+ if (!hasher || !hasher->allocate_hash(hasher, data, &hash))
{
+ DESTROY_IF(hasher);
this->lib->f->C_CloseSession(session);
return FALSE;
}
- hasher->allocate_hash(hasher, data, &hash);
hasher->destroy(hasher);
data = hash;
}
return FALSE;
}
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
- if (!hasher)
+ if (!hasher || !hasher->allocate_hash(hasher, asn1, fp))
{
+ DESTROY_IF(hasher);
chunk_clear(&asn1);
return FALSE;
}
- hasher->allocate_hash(hasher, asn1, fp);
hasher->destroy(hasher);
chunk_clear(&asn1);
lib->encoding->cache(lib->encoding, type, this, *fp);
return TRUE;
}
-METHOD(hasher_t, allocate_hash, void,
+METHOD(hasher_t, allocate_hash, bool,
private_sha1_hasher_t *this, chunk_t chunk, chunk_t *hash)
{
SHA1Update(this, chunk.ptr, chunk.len);
SHA1Final(this, hash->ptr);
reset(this);
}
+ return TRUE;
}
METHOD(hasher_t, get_hash_size, size_t,
return TRUE;
}
-METHOD(hasher_t, allocate_hash224, void,
+METHOD(hasher_t, allocate_hash224, bool,
private_sha256_hasher_t *this, chunk_t chunk, chunk_t *hash)
{
chunk_t allocated_hash;
reset224(this);
*hash = allocated_hash;
}
+ return TRUE;
}
-METHOD(hasher_t, allocate_hash256, void,
+METHOD(hasher_t, allocate_hash256, bool,
private_sha256_hasher_t *this, chunk_t chunk, chunk_t *hash)
{
chunk_t allocated_hash;
reset256(this);
*hash = allocated_hash;
}
+ return TRUE;
}
-METHOD(hasher_t, allocate_hash384, void,
+METHOD(hasher_t, allocate_hash384, bool,
private_sha512_hasher_t *this, chunk_t chunk, chunk_t *hash)
{
chunk_t allocated_hash;
reset384(this);
*hash = allocated_hash;
}
+ return TRUE;
}
-METHOD(hasher_t, allocate_hash512, void,
+METHOD(hasher_t, allocate_hash512, bool,
private_sha512_hasher_t *this, chunk_t chunk, chunk_t *hash)
{
chunk_t allocated_hash;
reset512(this);
*hash = allocated_hash;
}
+ return TRUE;
}
METHOD(hasher_t, get_hash_size224, size_t,
}
/* create certificate hash */
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
- if (hasher == NULL)
+ if (!hasher ||
+ !hasher->allocate_hash(hasher, this->encoding, &this->encoding_hash))
{
+ DESTROY_IF(hasher);
DBG1(DBG_ASN, " unable to create hash of certificate, SHA1 not supported");
return FALSE;
}
- hasher->allocate_hash(hasher, this->encoding, &this->encoding_hash);
hasher->destroy(hasher);
}
return success;
asn1_bitstring("c", cert->signature));
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
- if (!hasher)
+ if (!hasher ||
+ !hasher->allocate_hash(hasher, cert->encoding, &cert->encoding_hash))
{
+ DESTROY_IF(hasher);
return FALSE;
}
- hasher->allocate_hash(hasher, cert->encoding, &cert->encoding_hash);
hasher->destroy(hasher);
return TRUE;
}
enumerator_t *enumerator;
issuer = cert->get_subject(cert);
- hasher->allocate_hash(hasher, issuer->get_encoding(issuer),
- &issuerNameHash);
- hasher->destroy(hasher);
-
- enumerator = this->candidates->create_enumerator(this->candidates);
- while (enumerator->enumerate(enumerator, &x509))
+ if (hasher->allocate_hash(hasher, issuer->get_encoding(issuer),
+ &issuerNameHash))
{
- chunk_t request, serialNumber;
-
- serialNumber = x509->get_serial(x509);
- request = build_Request(this, issuerNameHash, issuerKeyHash,
- serialNumber);
- list = chunk_cat("mm", list, request);
+ enumerator = this->candidates->create_enumerator(
+ this->candidates);
+ while (enumerator->enumerate(enumerator, &x509))
+ {
+ chunk_t request, serialNumber;
+
+ serialNumber = x509->get_serial(x509);
+ request = build_Request(this, issuerNameHash,
+ issuerKeyHash, serialNumber);
+ list = chunk_cat("mm", list, request);
+ }
+ enumerator->destroy(enumerator);
+ chunk_free(&issuerNameHash);
}
- enumerator->destroy(enumerator);
- chunk_free(&issuerNameHash);
+ hasher->destroy(hasher);
}
}
else
/* check issuerNameHash, if available */
else if (response->issuerNameHash.ptr)
{
+ id = issuercert->get_subject(issuercert);
hasher = lib->crypto->create_hasher(lib->crypto,
hasher_algorithm_from_oid(response->hashAlgorithm));
- if (!hasher)
+ if (!hasher ||
+ !hasher->allocate_hash(hasher, id->get_encoding(id), &hash))
{
+ DESTROY_IF(hasher);
continue;
}
- id = issuercert->get_subject(issuercert);
- hasher->allocate_hash(hasher, id->get_encoding(id), &hash);
hasher->destroy(hasher);
if (!chunk_equals(hash, response->issuerNameHash))
{
+ free(hash.ptr);
continue;
}
+ free(hash.ptr);
}
else
{
return FALSE;
}
hasher = lib->crypto->create_hasher(lib->crypto, alg->hash);
- if (!hasher)
+ if (!hasher || !hasher->allocate_hash(hasher, data, hash))
{
DBG1(DBG_TLS, "%N not supported", hash_algorithm_names, alg->hash);
+ DESTROY_IF(hasher);
return FALSE;
}
- hasher->allocate_hash(hasher, data, hash);
hasher->destroy(hasher);
}
else
}
data = chunk_cata("cc", chunk_create(login, strlen(login)),
chunk_create(password, strlen(password)));
- hasher->allocate_hash(hasher, data, &hash);
+ if (!hasher->allocate_hash(hasher, data, &hash))
+ {
+ hasher->destroy(hasher);
+ return chunk_empty;
+ }
hasher->destroy(hasher);
return hash;
}