Add a return value to hasher_t.get_hash()
authorMartin Willi <martin@revosec.ch>
Mon, 9 Jul 2012 13:33:41 +0000 (15:33 +0200)
committerMartin Willi <martin@revosec.ch>
Mon, 16 Jul 2012 12:55:06 +0000 (14:55 +0200)
23 files changed:
src/libcharon/network/receiver.c
src/libcharon/plugins/coupling/coupling_validator.c
src/libcharon/plugins/tnc_pdp/tnc_pdp.c
src/libradius/radius_message.c
src/libradius/radius_socket.c
src/libsimaka/simaka_crypto.c
src/libstrongswan/crypto/crypto_tester.c
src/libstrongswan/crypto/hashers/hasher.h
src/libstrongswan/plugins/af_alg/af_alg_hasher.c
src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c
src/libstrongswan/plugins/hmac/hmac.c
src/libstrongswan/plugins/md4/md4_hasher.c
src/libstrongswan/plugins/md5/md5_hasher.c
src/libstrongswan/plugins/openssl/openssl_hasher.c
src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c
src/libstrongswan/plugins/pem/pem_builder.c
src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c
src/libstrongswan/plugins/pkcs8/pkcs8_builder.c
src/libstrongswan/plugins/sha1/sha1_hasher.c
src/libstrongswan/plugins/sha2/sha2_hasher.c
src/libtls/tls_crypto.c
src/manager/storage.c
src/scepclient/scep.c

index 140d682..dff76e2 100644 (file)
@@ -171,8 +171,8 @@ static void send_notify(message_t *request, int major, exchange_type_t exchange,
 /**
  * build a cookie
  */
-static chunk_t cookie_build(private_receiver_t *this, message_t *message,
-                                                       u_int32_t t, chunk_t secret)
+static bool cookie_build(private_receiver_t *this, message_t *message,
+                                                u_int32_t t, chunk_t secret, chunk_t *cookie)
 {
        u_int64_t spi = message->get_initiator_spi(message);
        host_t *ip = message->get_source(message);
@@ -182,8 +182,12 @@ static chunk_t cookie_build(private_receiver_t *this, message_t *message,
        input = chunk_cata("cccc", ip->get_address(ip), chunk_from_thing(spi),
                                          chunk_from_thing(t), secret);
        hash = chunk_alloca(this->hasher->get_hash_size(this->hasher));
-       this->hasher->get_hash(this->hasher, input, hash.ptr);
-       return chunk_cat("cc", chunk_from_thing(t), hash);
+       if (!this->hasher->get_hash(this->hasher, input, hash.ptr))
+       {
+               return FALSE;
+       }
+       *cookie = chunk_cat("cc", chunk_from_thing(t), hash);
+       return TRUE;
 }
 
 /**
@@ -218,7 +222,10 @@ static bool cookie_verify(private_receiver_t *this, message_t *message,
        }
 
        /* compare own calculation against received */
-       reference = cookie_build(this, message, t, secret);
+       if (!cookie_build(this, message, t, secret, &reference))
+       {
+               return FALSE;
+       }
        if (chunk_equals(reference, cookie))
        {
                chunk_free(&reference);
@@ -311,11 +318,14 @@ static bool drop_ike_sa_init(private_receiver_t *this, message_t *message)
        {
                chunk_t cookie;
 
-               cookie = cookie_build(this, message, now - this->secret_offset,
-                                                         chunk_from_thing(this->secret));
                DBG2(DBG_NET, "received packet from: %#H to %#H",
                         message->get_source(message),
                         message->get_destination(message));
+               if (!cookie_build(this, message, now - this->secret_offset,
+                                                 chunk_from_thing(this->secret), &cookie))
+               {
+                       return TRUE;
+               }
                DBG2(DBG_NET, "sending COOKIE notify to %H",
                         message->get_source(message));
                send_notify(message, IKEV2_MAJOR_VERSION, IKE_SA_INIT, COOKIE, cookie);
index 0289c55..58355d9 100644 (file)
@@ -70,7 +70,11 @@ static bool get_cert_hash(private_coupling_validator_t *this,
        {
                return FALSE;
        }
-       this->hasher->get_hash(this->hasher, encoding, buf);
+       if (!this->hasher->get_hash(this->hasher, encoding, buf))
+       {
+               free(encoding.ptr);
+               return FALSE;
+       }
        free(encoding.ptr);
        chunk_to_hex(chunk_create(buf, this->hasher->get_hash_size(this->hasher)),
                                 hex, FALSE);
index 6911364..7091458 100644 (file)
@@ -231,8 +231,12 @@ static chunk_t encrypt_mppe_key(private_tnc_pdp_t *this, u_int8_t type,
        while (c < data.ptr + data.len)
        {
                /* b(i) = MD5(S + c(i-1)) */
-               this->hasher->get_hash(this->hasher, this->secret, NULL);
-               this->hasher->get_hash(this->hasher, seed, b);
+               if (!this->hasher->get_hash(this->hasher, this->secret, NULL) ||
+                       !this->hasher->get_hash(this->hasher, seed, b))
+               {
+                       free(data.ptr);
+                       return chunk_empty;
+               }
 
                /* c(i) = b(i) xor p(1) */
                memxor(c, b, HASH_SIZE_MD5);
index 23f549c..77f9b03 100644 (file)
@@ -332,8 +332,11 @@ METHOD(radius_message_t, sign, bool,
 
                /* build Response-Authenticator */
                msg = chunk_create((u_char*)this->msg, ntohs(this->msg->length));
-               hasher->get_hash(hasher, msg, NULL);
-               hasher->get_hash(hasher, secret, this->msg->authenticator);
+               if (!hasher->get_hash(hasher, msg, NULL) ||
+                       !hasher->get_hash(hasher, secret, this->msg->authenticator))
+               {
+                       return FALSE;
+               }
        }
        return TRUE;
 }
@@ -364,9 +367,9 @@ METHOD(radius_message_t, verify, bool,
                }
 
                /* verify Response-Authenticator */
-               hasher->get_hash(hasher, msg, NULL);
-               hasher->get_hash(hasher, secret, buf);
-               if (!memeq(buf, res_auth, HASH_SIZE_MD5))
+               if (!hasher->get_hash(hasher, msg, NULL) ||
+                       !hasher->get_hash(hasher, secret, buf) ||
+                       !memeq(buf, res_auth, HASH_SIZE_MD5))
                {
                        DBG1(DBG_CFG, "RADIUS Response-Authenticator verification failed");
                        return FALSE;
index 3113fff..ba7cb14 100644 (file)
@@ -260,8 +260,11 @@ static chunk_t decrypt_mppe_key(private_radius_socket_t *this, u_int16_t salt,
        while (c < C.ptr + C.len)
        {
                /* b(i) = MD5(S + c(i-1)) */
-               this->hasher->get_hash(this->hasher, this->secret, NULL);
-               this->hasher->get_hash(this->hasher, seed, p);
+               if (!this->hasher->get_hash(this->hasher, this->secret, NULL) ||
+                       !this->hasher->get_hash(this->hasher, seed, p))
+               {
+                       return chunk_empty;
+               }
 
                /* p(i) = b(i) xor c(1) */
                memxor(p, c, HASH_SIZE_MD5);
index 91aad95..de6d1c3 100644 (file)
@@ -124,7 +124,10 @@ METHOD(simaka_crypto_t, derive_keys_full, bool,
 
        /* For SIM: MK = SHA1(Identity|n*Kc|NONCE_MT|Version List|Selected Version)
         * For AKA: MK = SHA1(Identity|IK|CK) */
-       this->hasher->get_hash(this->hasher, id->get_encoding(id), NULL);
+       if (!this->hasher->get_hash(this->hasher, id->get_encoding(id), NULL))
+       {
+               return FALSE;
+       }
        this->hasher->allocate_hash(this->hasher, data, mk);
        DBG3(DBG_LIB, "MK %B", mk);
 
@@ -207,10 +210,13 @@ METHOD(simaka_crypto_t, derive_keys_reauth_msk, bool,
        chunk_t str;
        int i;
 
-       this->hasher->get_hash(this->hasher, id->get_encoding(id), NULL);
-       this->hasher->get_hash(this->hasher, counter, NULL);
-       this->hasher->get_hash(this->hasher, nonce_s, NULL);
-       this->hasher->get_hash(this->hasher, mk, xkey);
+       if (!this->hasher->get_hash(this->hasher, id->get_encoding(id), NULL) ||
+               !this->hasher->get_hash(this->hasher, counter, NULL) ||
+               !this->hasher->get_hash(this->hasher, nonce_s, NULL) ||
+               !this->hasher->get_hash(this->hasher, mk, xkey))
+       {
+               return FALSE;
+       }
 
        /* MSK | EMSK = prf() | prf() | prf() | prf() */
        if (!this->prf->set_key(this->prf, chunk_create(xkey, sizeof(xkey))))
index 4e5e840..f422a2c 100644 (file)
@@ -688,8 +688,10 @@ static u_int bench_hasher(private_crypto_tester_t *this,
                start_timing(&start);
                while (end_timing(&start) < this->bench_time)
                {
-                       hasher->get_hash(hasher, buf, hash);
-                       runs++;
+                       if (hasher->get_hash(hasher, buf, hash))
+                       {
+                               runs++;
+                       }
                }
                free(buf.ptr);
                hasher->destroy(hasher);
@@ -744,7 +746,10 @@ METHOD(crypto_tester_t, test_hasher, bool,
                }
                /* hash to existing buffer */
                memset(hash.ptr, 0, hash.len);
-               hasher->get_hash(hasher, data, hash.ptr);
+               if (!hasher->get_hash(hasher, data, hash.ptr))
+               {
+                       failed = TRUE;
+               }
                if (!memeq(vector->hash, hash.ptr, hash.len))
                {
                        failed = TRUE;
@@ -754,9 +759,9 @@ METHOD(crypto_tester_t, test_hasher, bool,
                {
                        memset(hash.ptr, 0, hash.len);
                        hasher->allocate_hash(hasher, chunk_create(data.ptr, 1), NULL);
-                       hasher->get_hash(hasher, chunk_create(data.ptr + 1, 1), NULL);
-                       hasher->get_hash(hasher, chunk_skip(data, 2), hash.ptr);
-                       if (!memeq(vector->hash, hash.ptr, hash.len))
+                       if (!hasher->get_hash(hasher, chunk_create(data.ptr + 1, 1), NULL) ||
+                               !hasher->get_hash(hasher, chunk_skip(data, 2), hash.ptr) ||
+                               !memeq(vector->hash, hash.ptr, hash.len))
                        {
                                failed = TRUE;
                        }
index c5be29e..0c72bb7 100644 (file)
@@ -67,6 +67,7 @@ extern enum_name_t *hash_algorithm_names;
  * Generic interface for all hash functions.
  */
 struct hasher_t {
+
        /**
         * Hash data and write it in the buffer.
         *
@@ -79,8 +80,10 @@ struct hasher_t {
         *
         * @param data          data to hash
         * @param hash          pointer where the hash will be written
+        * @return                      TRUE if hash created successfully
         */
-       void (*get_hash) (hasher_t *this, chunk_t data, u_int8_t *hash);
+       __attribute__((warn_unused_result))
+       bool (*get_hash) (hasher_t *this, chunk_t data, u_int8_t *hash);
 
        /**
         * Hash data and allocate space for the hash.
index ef23504..fd2db0d 100644 (file)
@@ -105,10 +105,11 @@ METHOD(hasher_t, reset, void,
        this->ops->reset(this->ops);
 }
 
-METHOD(hasher_t, get_hash, void,
+METHOD(hasher_t, get_hash, bool,
        private_af_alg_hasher_t *this, chunk_t chunk, u_int8_t *hash)
 {
        this->ops->hash(this->ops, chunk, hash, this->size);
+       return TRUE;
 }
 
 METHOD(hasher_t, allocate_hash, void,
index 96c8761..24e6480 100644 (file)
@@ -49,7 +49,7 @@ METHOD(hasher_t, reset, void,
        gcry_md_reset(this->hd);
 }
 
-METHOD(hasher_t, get_hash, void,
+METHOD(hasher_t, get_hash, bool,
        private_gcrypt_hasher_t *this, chunk_t chunk, u_int8_t *hash)
 {
        gcry_md_write(this->hd, chunk.ptr, chunk.len);
@@ -58,6 +58,7 @@ METHOD(hasher_t, get_hash, void,
                memcpy(hash, gcry_md_read(this->hd, 0), get_hash_size(this));
                gcry_md_reset(this->hd);
        }
+       return TRUE;
 }
 
 METHOD(hasher_t, allocate_hash, void,
index 4f12265..c8cb0b8 100644 (file)
@@ -72,25 +72,18 @@ METHOD(mac_t, get_mac, bool,
        if (out == NULL)
        {
                /* append data to inner */
-               this->h->get_hash(this->h, data, NULL);
+               return this->h->get_hash(this->h, data, NULL);
        }
-       else
-       {
-               /* append and do outer hash */
-               inner.ptr = buffer;
-               inner.len = this->h->get_hash_size(this->h);
-
-               /* complete inner */
-               this->h->get_hash(this->h, data, buffer);
 
-               /* do outer */
-               this->h->get_hash(this->h, this->opaded_key, NULL);
-               this->h->get_hash(this->h, inner, out);
+       /* append and do outer hash */
+       inner.ptr = buffer;
+       inner.len = this->h->get_hash_size(this->h);
 
-               /* reinit for next call */
-               this->h->get_hash(this->h, this->ipaded_key, NULL);
-       }
-       return TRUE;
+       /* complete inner, do outer and reinit for next call */
+       return this->h->get_hash(this->h, data, buffer) &&
+                  this->h->get_hash(this->h, this->opaded_key, NULL) &&
+                  this->h->get_hash(this->h, inner, out) &&
+                  this->h->get_hash(this->h, this->ipaded_key, NULL);
 }
 
 METHOD(mac_t, get_mac_size, size_t,
@@ -110,7 +103,10 @@ METHOD(mac_t, set_key, bool,
        if (key.len > this->b)
        {
                /* if key is too long, it will be hashed */
-               this->h->get_hash(this->h, key, buffer);
+               if (!this->h->get_hash(this->h, key, buffer))
+               {
+                       return FALSE;
+               }
        }
        else
        {
@@ -127,9 +123,7 @@ METHOD(mac_t, set_key, bool,
 
        /* begin hashing of inner pad */
        this->h->reset(this->h);
-       this->h->get_hash(this->h, this->ipaded_key, NULL);
-
-       return TRUE;
+       return this->h->get_hash(this->h, this->ipaded_key, NULL);
 }
 
 METHOD(mac_t, destroy, void,
index 6a31017..0d08006 100644 (file)
@@ -268,7 +268,7 @@ static void MD4Final (private_md4_hasher_t *this, u_int8_t digest[16])
 
 
 
-METHOD(hasher_t, get_hash, void,
+METHOD(hasher_t, get_hash, bool,
        private_md4_hasher_t *this, chunk_t chunk, u_int8_t *buffer)
 {
        MD4Update(this, chunk.ptr, chunk.len);
@@ -277,6 +277,7 @@ METHOD(hasher_t, get_hash, void,
                MD4Final(this, buffer);
                this->public.hasher_interface.reset(&(this->public.hasher_interface));
        }
+       return TRUE;
 }
 
 METHOD(hasher_t, allocate_hash, void,
index 45c2391..dcd2cdd 100644 (file)
@@ -299,7 +299,7 @@ static void MD5Final (private_md5_hasher_t *this, u_int8_t digest[16])
        }
 }
 
-METHOD(hasher_t, get_hash, void,
+METHOD(hasher_t, get_hash, bool,
        private_md5_hasher_t *this, chunk_t chunk, u_int8_t *buffer)
 {
        MD5Update(this, chunk.ptr, chunk.len);
@@ -308,6 +308,7 @@ METHOD(hasher_t, get_hash, void,
                MD5Final(this, buffer);
                this->public.hasher_interface.reset(&(this->public.hasher_interface));
        }
+       return TRUE;
 }
 
 METHOD(hasher_t, allocate_hash, void,
index d81f4b2..5b35364 100644 (file)
@@ -102,15 +102,22 @@ METHOD(hasher_t, reset, void,
        EVP_DigestInit_ex(this->ctx, this->hasher, NULL);
 }
 
-METHOD(hasher_t, get_hash, void,
+METHOD(hasher_t, get_hash, bool,
        private_openssl_hasher_t *this, chunk_t chunk, u_int8_t *hash)
 {
-       EVP_DigestUpdate(this->ctx, chunk.ptr, chunk.len);
+       if (EVP_DigestUpdate(this->ctx, chunk.ptr, chunk.len) != 1)
+       {
+               return FALSE;
+       }
        if (hash)
        {
-               EVP_DigestFinal_ex(this->ctx, hash, NULL);
+               if (EVP_DigestFinal_ex(this->ctx, hash, NULL) != 1)
+               {
+                       return FALSE;
+               }
                reset(this);
        }
+       return TRUE;
 }
 
 METHOD(hasher_t, allocate_hash, void,
index 66a0773..fd3d195 100644 (file)
@@ -89,7 +89,7 @@ METHOD(hasher_t, reset, void,
        chunk_free(&this->data);
 }
 
-METHOD(hasher_t, get_hash, void,
+METHOD(hasher_t, get_hash, bool,
        private_padlock_sha1_hasher_t *this, chunk_t chunk, u_int8_t *hash)
 {
        if (hash)
@@ -109,6 +109,7 @@ METHOD(hasher_t, get_hash, void,
        {
                append_data(this, chunk);
        }
+       return TRUE;
 }
 
 METHOD(hasher_t, allocate_hash, void,
index 655491e..efbf47d 100644 (file)
@@ -104,15 +104,21 @@ static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg,
        }
        hash.len = hasher->get_hash_size(hasher);
        hash.ptr = alloca(hash.len);
-       hasher->get_hash(hasher, passphrase, NULL);
-       hasher->get_hash(hasher, salt, hash.ptr);
+       if (!hasher->get_hash(hasher, passphrase, NULL) ||
+               !hasher->get_hash(hasher, salt, hash.ptr))
+       {
+               return FAILED;
+       }
        memcpy(key.ptr, hash.ptr, hash.len);
 
        if (key.len > hash.len)
        {
-               hasher->get_hash(hasher, hash, NULL);
-               hasher->get_hash(hasher, passphrase, NULL);
-               hasher->get_hash(hasher, salt, hash.ptr);
+               if (!hasher->get_hash(hasher, hash, NULL) ||
+                       !hasher->get_hash(hasher, passphrase, NULL) ||
+                       !hasher->get_hash(hasher, salt, hash.ptr))
+               {
+                       return FAILED;
+               }
                memcpy(key.ptr + hash.len, hash.ptr, key.len - hash.len);
        }
        hasher->destroy(hasher);
index 069fa98..56aec3d 100644 (file)
@@ -84,7 +84,7 @@ METHOD(hasher_t, get_hash_size, size_t,
 /**
  * Save the Operation state to host memory
  */
-static void save_state(private_pkcs11_hasher_t *this)
+static bool save_state(private_pkcs11_hasher_t *this)
 {
        CK_RV rv;
 
@@ -110,20 +110,20 @@ static void save_state(private_pkcs11_hasher_t *this)
                                continue;
                        case CKR_OK:
                                this->have_state = TRUE;
-                               return;
+                               return TRUE;
                        default:
                                break;
                }
                break;
        }
        DBG1(DBG_CFG, "C_GetOperationState() failed: %N", ck_rv_names, rv);
-       abort();
+       return FALSE;
 }
 
 /**
  * Load the Operation state from host memory
  */
-static void load_state(private_pkcs11_hasher_t *this)
+static bool load_state(private_pkcs11_hasher_t *this)
 {
        CK_RV rv;
 
@@ -132,9 +132,10 @@ static void load_state(private_pkcs11_hasher_t *this)
        if (rv != CKR_OK)
        {
                DBG1(DBG_CFG, "C_SetOperationState() failed: %N", ck_rv_names, rv);
-               abort();
+               return FALSE;
        }
        this->have_state = FALSE;
+       return TRUE;
 }
 
 METHOD(hasher_t, reset, void,
@@ -143,7 +144,7 @@ METHOD(hasher_t, reset, void,
        this->have_state = FALSE;
 }
 
-METHOD(hasher_t, get_hash, void,
+METHOD(hasher_t, get_hash, bool,
        private_pkcs11_hasher_t *this, chunk_t chunk, u_int8_t *hash)
 {
        CK_RV rv;
@@ -152,7 +153,11 @@ METHOD(hasher_t, get_hash, void,
        this->mutex->lock(this->mutex);
        if (this->have_state)
        {
-               load_state(this);
+               if (!load_state(this))
+               {
+                       this->mutex->unlock(this->mutex);
+                       return FALSE;
+               }
        }
        else
        {
@@ -160,7 +165,8 @@ METHOD(hasher_t, get_hash, void,
                if (rv != CKR_OK)
                {
                        DBG1(DBG_CFG, "C_DigestInit() failed: %N", ck_rv_names, rv);
-                       abort();
+                       this->mutex->unlock(this->mutex);
+                       return FALSE;
                }
        }
        if (chunk.len)
@@ -169,7 +175,8 @@ METHOD(hasher_t, get_hash, void,
                if (rv != CKR_OK)
                {
                        DBG1(DBG_CFG, "C_DigestUpdate() failed: %N", ck_rv_names, rv);
-                       abort();
+                       this->mutex->unlock(this->mutex);
+                       return FALSE;
                }
        }
        if (hash)
@@ -180,14 +187,20 @@ METHOD(hasher_t, get_hash, void,
                if (rv != CKR_OK)
                {
                        DBG1(DBG_CFG, "C_DigestFinal() failed: %N", ck_rv_names, rv);
-                       abort();
+                       this->mutex->unlock(this->mutex);
+                       return FALSE;
                }
        }
        else
        {
-               save_state(this);
+               if (!save_state(this))
+               {
+                       this->mutex->unlock(this->mutex);
+                       return FALSE;
+               }
        }
        this->mutex->unlock(this->mutex);
+       return TRUE;
 }
 
 METHOD(hasher_t, allocate_hash, void,
index 9afd0d4..a501423 100644 (file)
@@ -293,12 +293,18 @@ static bool pbkdf1(hasher_t *hasher, chunk_t password, chunk_t salt,
        u_int64_t i;
 
        hash = chunk_alloca(hasher->get_hash_size(hasher));
-       hasher->get_hash(hasher, password, NULL);
-       hasher->get_hash(hasher, salt, hash.ptr);
+       if (!hasher->get_hash(hasher, password, NULL) ||
+               !hasher->get_hash(hasher, salt, hash.ptr))
+       {
+               return FALSE;
+       }
 
        for (i = 1; i < iterations; i++)
        {
-               hasher->get_hash(hasher, hash, hash.ptr);
+               if (!hasher->get_hash(hasher, hash, hash.ptr))
+               {
+                       return FALSE;
+               }
        }
 
        memcpy(key.ptr, hash.ptr, key.len);
index 4d69ad5..51d9674 100644 (file)
@@ -187,7 +187,7 @@ METHOD(hasher_t, reset, void,
        this->count[1] = 0;
 }
 
-METHOD(hasher_t, get_hash, void,
+METHOD(hasher_t, get_hash, bool,
        private_sha1_hasher_t *this, chunk_t chunk, u_int8_t *buffer)
 {
        SHA1Update(this, chunk.ptr, chunk.len);
@@ -196,6 +196,7 @@ METHOD(hasher_t, get_hash, void,
                SHA1Final(this, buffer);
                reset(this);
        }
+       return TRUE;
 }
 
 METHOD(hasher_t, allocate_hash, void,
index 60fe4bd..b21eba4 100644 (file)
@@ -460,7 +460,7 @@ METHOD(hasher_t, reset512, void,
        this->sha_bufCnt = 0;
 }
 
-METHOD(hasher_t, get_hash224, void,
+METHOD(hasher_t, get_hash224, bool,
        private_sha256_hasher_t *this, chunk_t chunk, u_int8_t *buffer)
 {
        sha256_write(this, chunk.ptr, chunk.len);
@@ -470,9 +470,10 @@ METHOD(hasher_t, get_hash224, void,
                memcpy(buffer, this->sha_out, HASH_SIZE_SHA224);
                reset224(this);
        }
+       return TRUE;
 }
 
-METHOD(hasher_t, get_hash256, void,
+METHOD(hasher_t, get_hash256, bool,
        private_sha256_hasher_t *this, chunk_t chunk, u_int8_t *buffer)
 {
        sha256_write(this, chunk.ptr, chunk.len);
@@ -482,9 +483,10 @@ METHOD(hasher_t, get_hash256, void,
                memcpy(buffer, this->sha_out, HASH_SIZE_SHA256);
                reset256(this);
        }
+       return TRUE;
 }
 
-METHOD(hasher_t, get_hash384, void,
+METHOD(hasher_t, get_hash384, bool,
        private_sha512_hasher_t *this, chunk_t chunk, u_int8_t *buffer)
 {
        sha512_write(this, chunk.ptr, chunk.len);
@@ -494,9 +496,10 @@ METHOD(hasher_t, get_hash384, void,
                memcpy(buffer, this->sha_out, HASH_SIZE_SHA384);
                reset384(this);
        }
+       return TRUE;
 }
 
-METHOD(hasher_t, get_hash512, void,
+METHOD(hasher_t, get_hash512, bool,
        private_sha512_hasher_t *this, chunk_t chunk, u_int8_t *buffer)
 {
        sha512_write(this, chunk.ptr, chunk.len);
@@ -506,6 +509,7 @@ METHOD(hasher_t, get_hash512, void,
                memcpy(buffer, this->sha_out, HASH_SIZE_SHA512);
                reset512(this);
        }
+       return TRUE;
 }
 
 METHOD(hasher_t, allocate_hash224, void,
index 0744794..65a8682 100644 (file)
@@ -1210,20 +1210,20 @@ static bool hash_data(private_tls_crypto_t *this, chunk_t data, chunk_t *hash)
                char buf[HASH_SIZE_MD5 + HASH_SIZE_SHA1];
 
                md5 = lib->crypto->create_hasher(lib->crypto, HASH_MD5);
-               if (!md5)
+               if (!md5 || !md5->get_hash(md5, data, buf))
                {
                        DBG1(DBG_TLS, "%N not supported", hash_algorithm_names, HASH_MD5);
+                       DESTROY_IF(md5);
                        return FALSE;
                }
-               md5->get_hash(md5, data, buf);
                md5->destroy(md5);
                sha1 = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
-               if (!sha1)
+               if (!sha1 || !sha1->get_hash(sha1, data, buf + HASH_SIZE_MD5))
                {
                        DBG1(DBG_TLS, "%N not supported", hash_algorithm_names, HASH_SHA1);
+                       DESTROY_IF(sha1);
                        return FALSE;
                }
-               sha1->get_hash(sha1, data, buf + HASH_SIZE_MD5);
                sha1->destroy(sha1);
 
                *hash = chunk_clone(chunk_from_thing(buf));
index 5461a42..6a8e76e 100644 (file)
@@ -58,7 +58,11 @@ METHOD(storage_t, login, int,
        data = chunk_alloca(username_len + password_len);
        memcpy(data.ptr, username, username_len);
        memcpy(data.ptr + username_len, password, password_len);
-       hasher->get_hash(hasher, data, hash.ptr);
+       if (!hasher->get_hash(hasher, data, hash.ptr))
+       {
+               hasher->destroy(hasher);
+               return 0;
+       }
        hasher->destroy(hasher);
        hex_str = chunk_to_hex(hash, NULL, FALSE);
 
index d6cf5f2..8b2fd17 100644 (file)
@@ -131,7 +131,11 @@ chunk_t scep_generate_pkcs10_fingerprint(chunk_t pkcs10)
        hasher_t *hasher;
 
        hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5);
-       hasher->get_hash(hasher, pkcs10, digest.ptr);
+       if (!hasher || !hasher->get_hash(hasher, pkcs10, digest.ptr))
+       {
+               DESTROY_IF(hasher);
+               return chunk_empty;
+       }
        hasher->destroy(hasher);
 
        return chunk_to_hex(digest, NULL, FALSE);
@@ -157,8 +161,11 @@ void scep_generate_transaction_id(public_key_t *key, chunk_t *transID,
                                                asn1_bitstring("m", keyEncoding));
 
        hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5);
-       hasher->get_hash(hasher, keyInfo, digest.ptr);
-       hasher->destroy(hasher);
+       if (!hasher || !hasher->get_hash(hasher, keyInfo, digest.ptr))
+       {
+               memset(digest.ptr, 0, digest.len);
+       }
+       DESTROY_IF(hasher);
        free(keyInfo.ptr);
 
        /* is the most significant bit of the digest set? */