Add a return value to crypter_t.set_key()
authorMartin Willi <martin@revosec.ch>
Fri, 6 Jul 2012 14:57:17 +0000 (16:57 +0200)
committerMartin Willi <martin@revosec.ch>
Mon, 16 Jul 2012 12:53:38 +0000 (14:53 +0200)
23 files changed:
src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
src/libcharon/sa/ikev1/keymat_v1.c
src/libcharon/sa/ikev2/keymat_v2.c
src/libsimaka/simaka_crypto.c
src/libstrongswan/crypto/aead.c
src/libstrongswan/crypto/crypters/crypter.h
src/libstrongswan/crypto/crypto_tester.c
src/libstrongswan/crypto/pkcs7.c
src/libstrongswan/plugins/aes/aes_crypter.c
src/libstrongswan/plugins/af_alg/af_alg_crypter.c
src/libstrongswan/plugins/blowfish/blowfish_crypter.c
src/libstrongswan/plugins/ccm/ccm_aead.c
src/libstrongswan/plugins/cmac/cmac.c
src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c
src/libstrongswan/plugins/des/des_crypter.c
src/libstrongswan/plugins/gcm/gcm_aead.c
src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c
src/libstrongswan/plugins/openssl/openssl_crypter.c
src/libstrongswan/plugins/padlock/padlock_aes_crypter.c
src/libstrongswan/plugins/pem/pem_builder.c
src/libstrongswan/plugins/pkcs8/pkcs8_builder.c
src/libstrongswan/plugins/xcbc/xcbc.c
src/libtls/tls_crypto.c

index c5c531e..dd6f56f 100644 (file)
@@ -339,8 +339,8 @@ static status_t ChallengeResponse(chunk_t challenge_hash, chunk_t password_hash,
                chunk_t expanded, encrypted;
 
                expanded = ExpandDESKey(keys[i]);
-               crypter->set_key(crypter, expanded);
-               if (!crypter->encrypt(crypter, challenge_hash, chunk_empty, &encrypted))
+               if (!crypter->set_key(crypter, expanded) ||
+                       !crypter->encrypt(crypter, challenge_hash, chunk_empty, &encrypted))
                {
                        chunk_clear(&expanded);
                        crypter->destroy(crypter);
index 554bd56..9540075 100644 (file)
@@ -205,8 +205,7 @@ METHOD(aead_t, get_key_size, size_t,
 METHOD(aead_t, set_key, bool,
        private_aead_t *this, chunk_t key)
 {
-       this->crypter->set_key(this->crypter, key);
-       return TRUE;
+       return this->crypter->set_key(this->crypter, key);
 }
 
 METHOD(aead_t, aead_destroy, void,
@@ -291,7 +290,11 @@ static aead_t *create_aead(proposal_t *proposal, prf_t *prf, chunk_t skeyid_e)
                return NULL;
        }
        DBG4(DBG_IKE, "encryption key Ka %B", &ka);
-       crypter->set_key(crypter, ka);
+       if (!crypter->set_key(crypter, ka))
+       {
+               chunk_clear(&ka);
+               return NULL;
+       }
        chunk_clear(&ka);
 
        INIT(this,
index f25d0bd..91f001b 100644 (file)
@@ -225,7 +225,14 @@ static bool derive_ike_traditional(private_keymat_v2_t *this, u_int16_t enc_alg,
                return FALSE;
        }
        DBG4(DBG_IKE, "Sk_ei secret %B", &key);
-       crypter_i->set_key(crypter_i, key);
+       if (!crypter_i->set_key(crypter_i, key))
+       {
+               crypter_i->destroy(crypter_i);
+               crypter_r->destroy(crypter_r);
+               signer_i->destroy(signer_i);
+               signer_r->destroy(signer_r);
+               return FALSE;
+       }
        chunk_clear(&key);
 
        if (!prf_plus->allocate_bytes(prf_plus, key_size, &key))
@@ -237,7 +244,14 @@ static bool derive_ike_traditional(private_keymat_v2_t *this, u_int16_t enc_alg,
                return FALSE;
        }
        DBG4(DBG_IKE, "Sk_er secret %B", &key);
-       crypter_r->set_key(crypter_r, key);
+       if (!crypter_r->set_key(crypter_r, key))
+       {
+               crypter_i->destroy(crypter_i);
+               crypter_r->destroy(crypter_r);
+               signer_i->destroy(signer_i);
+               signer_r->destroy(signer_r);
+               return FALSE;
+       }
        chunk_clear(&key);
 
        if (this->initiator)
index cdb3140..91aad95 100644 (file)
@@ -148,12 +148,12 @@ METHOD(simaka_crypto_t, derive_keys_full, bool,
        k_auth = chunk_create(str.ptr + KENCR_LEN, KAUTH_LEN);
        DBG3(DBG_LIB, "K_encr %B\nK_auth %B\nMSK %B", &k_encr, &k_auth, &msk);
 
-       if (!this->signer->set_key(this->signer, k_auth))
+       if (!this->signer->set_key(this->signer, k_auth) ||
+               !this->crypter->set_key(this->crypter, k_encr))
        {
                chunk_clear(mk);
                return FALSE;
        }
-       this->crypter->set_key(this->crypter, k_encr);
 
        *msk = chunk_create(str.ptr + KENCR_LEN + KAUTH_LEN, MSK_LEN);
 
@@ -187,11 +187,11 @@ METHOD(simaka_crypto_t, derive_keys_reauth, bool,
        k_auth = chunk_create(str.ptr + KENCR_LEN, KAUTH_LEN);
        DBG3(DBG_LIB, "K_encr %B\nK_auth %B", &k_encr, &k_auth);
 
-       if (!this->signer->set_key(this->signer, k_auth))
+       if (!this->signer->set_key(this->signer, k_auth) ||
+               !this->crypter->set_key(this->crypter, k_encr))
        {
                return FALSE;
        }
-       this->crypter->set_key(this->crypter, k_encr);
 
        call_hook(this, k_encr, k_auth);
 
index 595b75f..02fb8d5 100644 (file)
@@ -141,13 +141,8 @@ METHOD(aead_t, set_key, bool,
        chunk_split(key, "mm", this->signer->get_key_size(this->signer), &sig,
                                this->crypter->get_key_size(this->crypter), &enc);
 
-       if (!this->signer->set_key(this->signer, sig))
-       {
-               return FALSE;
-       }
-       this->crypter->set_key(this->crypter, enc);
-
-       return TRUE;
+       return this->signer->set_key(this->signer, sig) &&
+                  this->crypter->set_key(this->crypter, enc);
 }
 
 METHOD(aead_t, destroy, void,
index a615c0e..4c27305 100644 (file)
@@ -147,8 +147,10 @@ struct crypter_t {
         * The length of the key must match get_key_size().
         *
         * @param key                   key to set
+        * @return                              TRUE if key set successfully
         */
-       void (*set_key) (crypter_t *this, chunk_t key);
+       __attribute__((warn_unused_result))
+       bool (*set_key) (crypter_t *this, chunk_t key);
 
        /**
         * Destroys a crypter_t object.
index 812e949..4e5e840 100644 (file)
@@ -151,7 +151,10 @@ static u_int bench_crypter(private_crypto_tester_t *this,
 
                memset(iv, 0x56, sizeof(iv));
                memset(key, 0x12, sizeof(key));
-               crypter->set_key(crypter, chunk_from_thing(key));
+               if (!crypter->set_key(crypter, chunk_from_thing(key)))
+               {
+                       return 0;
+               }
 
                buf = chunk_alloc(this->bench_size);
                memset(buf.ptr, 0x34, buf.len);
@@ -214,7 +217,10 @@ METHOD(crypto_tester_t, test_crypter, bool,
                tested++;
 
                key = chunk_create(vector->key, crypter->get_key_size(crypter));
-               crypter->set_key(crypter, key);
+               if (!crypter->set_key(crypter, key))
+               {
+                       failed = TRUE;
+               }
                iv = chunk_create(vector->iv, crypter->get_iv_size(crypter));
 
                /* allocated encryption */
index e422dae..ded3881 100644 (file)
@@ -638,8 +638,8 @@ end:
        success = FALSE;
 
        /* decrypt the content */
-       crypter->set_key(crypter, symmetric_key);
-       if (!crypter->decrypt(crypter, encrypted_content, iv, &this->data))
+       if (!crypter->set_key(crypter, symmetric_key) ||
+               !crypter->decrypt(crypter, encrypted_content, iv, &this->data))
        {
                success = FALSE;
                goto failed;
@@ -834,8 +834,8 @@ METHOD(pkcs7_t, build_envelopedData, bool,
        DBG3(DBG_LIB, "  padded unencrypted data: %B", &in);
 
        /* symmetric encryption of data object */
-       crypter->set_key(crypter, symmetricKey);
-       if (!crypter->encrypt(crypter, in, iv, &out))
+       if (!crypter->set_key(crypter, symmetricKey) ||
+               !crypter->encrypt(crypter, in, iv, &out))
        {
                crypter->destroy(crypter);
                chunk_clear(&in);
index 03d3cde..6b3d03c 100644 (file)
@@ -1430,7 +1430,7 @@ METHOD(crypter_t, get_key_size, size_t,
        return this->key_size;
 }
 
-METHOD(crypter_t, set_key, void,
+METHOD(crypter_t, set_key, bool,
        private_aes_crypter_t *this, chunk_t key)
 {
        u_int32_t    *kf, *kt, rci, f = 0;
@@ -1515,6 +1515,7 @@ METHOD(crypter_t, set_key, void,
                }
                cpy(kt, kf);
        }
+       return TRUE;
 }
 
 METHOD(crypter_t, destroy, void,
index 7fc0e59..ed268c0 100644 (file)
@@ -179,10 +179,11 @@ METHOD(crypter_t, get_key_size, size_t,
        return this->keymat_size;
 }
 
-METHOD(crypter_t, set_key, void,
+METHOD(crypter_t, set_key, bool,
        private_af_alg_crypter_t *this, chunk_t key)
 {
        this->ops->set_key(this->ops, key);
+       return TRUE;
 }
 
 METHOD(crypter_t, destroy, void,
index 18c8f48..253f9b4 100644 (file)
@@ -155,10 +155,11 @@ METHOD(crypter_t, get_key_size, size_t,
        return this->key_size;
 }
 
-METHOD(crypter_t, set_key, void,
+METHOD(crypter_t, set_key, bool,
        private_blowfish_crypter_t *this, chunk_t key)
 {
        BF_set_key(&this->schedule, key.len , key.ptr);
+       return TRUE;
 }
 
 METHOD(crypter_t, destroy, void,
index 06d0878..0e2f9b7 100644 (file)
@@ -316,8 +316,7 @@ METHOD(aead_t, set_key, bool,
 {
        memcpy(this->salt, key.ptr + key.len - SALT_SIZE, SALT_SIZE);
        key.len -= SALT_SIZE;
-       this->crypter->set_key(this->crypter, key);
-       return TRUE;
+       return this->crypter->set_key(this->crypter, key);
 }
 
 METHOD(aead_t, destroy, void,
index e5c44d0..725d02d 100644 (file)
@@ -279,8 +279,8 @@ METHOD(mac_t, set_key, bool,
        memset(iv.ptr, 0, iv.len);
        l = chunk_alloca(this->b);
        memset(l.ptr, 0, l.len);
-       this->k->set_key(this->k, resized);
-       if (!this->k->encrypt(this->k, l, iv, NULL))
+       if (!this->k->set_key(this->k, resized) ||
+               !this->k->encrypt(this->k, l, iv, NULL))
        {
                return FALSE;
        }
index 78aad84..59d201a 100644 (file)
@@ -113,13 +113,13 @@ METHOD(crypter_t, get_key_size, size_t,
                        + sizeof(this->state.nonce);
 }
 
-METHOD(crypter_t, set_key, void,
+METHOD(crypter_t, set_key, bool,
        private_ctr_ipsec_crypter_t *this, chunk_t key)
 {
        memcpy(this->state.nonce, key.ptr + key.len - sizeof(this->state.nonce),
                   sizeof(this->state.nonce));
        key.len -= sizeof(this->state.nonce);
-       this->crypter->set_key(this->crypter, key);
+       return this->crypter->set_key(this->crypter, key);
 }
 
 METHOD(crypter_t, destroy, void,
index ca9ae8f..c81318b 100644 (file)
@@ -1541,18 +1541,20 @@ METHOD(crypter_t, get_key_size, size_t,
        return this->key_size;
 }
 
-METHOD(crypter_t, set_key, void,
+METHOD(crypter_t, set_key, bool,
        private_des_crypter_t *this, chunk_t key)
 {
        des_set_key((des_cblock*)(key.ptr), &this->ks);
+       return TRUE;
 }
 
-METHOD(crypter_t, set_key3, void,
+METHOD(crypter_t, set_key3, bool,
        private_des_crypter_t *this, chunk_t key)
 {
        des_set_key((des_cblock*)(key.ptr) + 0, &this->ks3[0]);
        des_set_key((des_cblock*)(key.ptr) + 1, &this->ks3[1]);
        des_set_key((des_cblock*)(key.ptr) + 2, &this->ks3[2]);
+       return TRUE;
 }
 
 METHOD(crypter_t, destroy, void,
index 985e759..79ee65d 100644 (file)
@@ -348,8 +348,8 @@ METHOD(aead_t, set_key, bool,
 {
        memcpy(this->salt, key.ptr + key.len - SALT_SIZE, SALT_SIZE);
        key.len -= SALT_SIZE;
-       this->crypter->set_key(this->crypter, key);
-       return create_h(this, this->h);
+       return this->crypter->set_key(this->crypter, key) &&
+                  create_h(this, this->h);
 }
 
 METHOD(aead_t, destroy, void,
index 3627c50..0b5dc03 100644 (file)
@@ -141,7 +141,7 @@ METHOD(crypter_t, get_key_size, size_t,
        return len;
 }
 
-METHOD(crypter_t, set_key, void,
+METHOD(crypter_t, set_key, bool,
        private_gcrypt_crypter_t *this, chunk_t key)
 {
        if (this->ctr_mode)
@@ -151,7 +151,7 @@ METHOD(crypter_t, set_key, void,
                           sizeof(this->ctr.nonce));
                key.len -= sizeof(this->ctr.nonce);
        }
-       gcry_cipher_setkey(this->h, key.ptr, key.len);
+       return gcry_cipher_setkey(this->h, key.ptr, key.len) == 0;
 }
 
 METHOD(crypter_t, destroy, void,
index 07799b1..07b96b3 100644 (file)
@@ -144,10 +144,11 @@ METHOD(crypter_t, get_key_size, size_t,
        return this->key.len;
 }
 
-METHOD(crypter_t, set_key, void,
+METHOD(crypter_t, set_key, bool,
        private_openssl_crypter_t *this, chunk_t key)
 {
        memcpy(this->key.ptr, key.ptr, min(key.len, this->key.len));
+       return TRUE;
 }
 
 METHOD(crypter_t, destroy, void,
index b9d4eac..b5060de 100644 (file)
@@ -141,10 +141,11 @@ METHOD(crypter_t, get_key_size, size_t,
        return this->key.len;
 }
 
-METHOD(crypter_t, set_key, void,
+METHOD(crypter_t, set_key, bool,
        private_padlock_aes_crypter_t *this, chunk_t key)
 {
        memcpy(this->key.ptr, key.ptr, min(key.len, this->key.len));
+       return TRUE;
 }
 
 METHOD(crypter_t, destroy, void,
index c1ce5c8..655491e 100644 (file)
@@ -125,7 +125,6 @@ static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg,
                         encryption_algorithm_names, alg);
                return NOT_SUPPORTED;
        }
-       crypter->set_key(crypter, key);
 
        if (iv.len != crypter->get_iv_size(crypter) ||
                blob->len % crypter->get_block_size(crypter))
@@ -134,7 +133,8 @@ static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg,
                DBG1(DBG_ASN, "  data size is not multiple of block size");
                return PARSE_ERROR;
        }
-       if (!crypter->decrypt(crypter, *blob, iv, &decrypted))
+       if (!crypter->set_key(crypter, key) ||
+               !crypter->decrypt(crypter, *blob, iv, &decrypted))
        {
                crypter->destroy(crypter);
                return FAILED;
index f9bef77..9afd0d4 100644 (file)
@@ -168,9 +168,8 @@ static private_key_t *decrypt_private_key(chunk_t blob,
                {
                        continue;
                }
-
-               crypter->set_key(crypter, key);
-               if (!crypter->decrypt(crypter, blob, iv, &decrypted))
+               if (!crypter->set_key(crypter, key) ||
+                       !crypter->decrypt(crypter, blob, iv, &decrypted))
                {
                        continue;
                }
index 745efca..1bb7e64 100644 (file)
@@ -257,17 +257,16 @@ METHOD(mac_t, set_key, bool,
        memset(this->k2, 0x02, this->b);
        memset(this->k3, 0x03, this->b);
 
-       this->k1->set_key(this->k1, lengthened);
-       if (!this->k1->encrypt(this->k1, chunk_create(this->k2, this->b), iv, NULL) ||
+       if (!this->k1->set_key(this->k1, lengthened) ||
+               !this->k1->encrypt(this->k1, chunk_create(this->k2, this->b), iv, NULL) ||
                !this->k1->encrypt(this->k1, chunk_create(this->k3, this->b), iv, NULL) ||
-               !this->k1->encrypt(this->k1, k1, iv, NULL))
+               !this->k1->encrypt(this->k1, k1, iv, NULL) ||
+               !this->k1->set_key(this->k1, k1))
        {
+               memwipe(k1.ptr, k1.len);
                return FALSE;
        }
-       this->k1->set_key(this->k1, k1);
-
        memwipe(k1.ptr, k1.len);
-
        return TRUE;
 }
 
index fde03b8..0744794 100644 (file)
@@ -1560,13 +1560,19 @@ static bool expand_keys(private_tls_crypto_t *this,
 
                if (this->tls->is_server(this->tls))
                {
-                       this->crypter_in->set_key(this->crypter_in, client_write);
-                       this->crypter_out->set_key(this->crypter_out, server_write);
+                       if (!this->crypter_in->set_key(this->crypter_in, client_write) ||
+                               !this->crypter_out->set_key(this->crypter_out, server_write))
+                       {
+                               return FALSE;
+                       }
                }
                else
                {
-                       this->crypter_out->set_key(this->crypter_out, client_write);
-                       this->crypter_in->set_key(this->crypter_in, server_write);
+                       if (!this->crypter_out->set_key(this->crypter_out, client_write) ||
+                               !this->crypter_in->set_key(this->crypter_in, server_write))
+                       {
+                               return FALSE;
+                       }
                }
                if (ivs)
                {