Add a return value to keymat_v1_t.get_hash()
authorMartin Willi <martin@revosec.ch>
Fri, 6 Jul 2012 09:07:39 +0000 (11:07 +0200)
committerMartin Willi <martin@revosec.ch>
Mon, 16 Jul 2012 12:53:34 +0000 (14:53 +0200)
src/libcharon/sa/ikev1/authenticators/psk_v1_authenticator.c
src/libcharon/sa/ikev1/authenticators/pubkey_v1_authenticator.c
src/libcharon/sa/ikev1/keymat_v1.c
src/libcharon/sa/ikev1/keymat_v1.h

index 769c0da..ee15408 100644 (file)
@@ -76,9 +76,13 @@ METHOD(authenticator_t, build, status_t,
 
        this->dh->get_my_public_value(this->dh, &dh);
        keymat = (keymat_v1_t*)this->ike_sa->get_keymat(this->ike_sa);
-       hash = keymat->get_hash(keymat, this->initiator, dh, this->dh_value,
+       if (!keymat->get_hash(keymat, this->initiator, dh, this->dh_value,
                                        this->ike_sa->get_id(this->ike_sa), this->sa_payload,
-                                       this->id_payload);
+                                       this->id_payload, &hash))
+       {
+               free(dh.ptr);
+               return FAILED;
+       }
        free(dh.ptr);
 
        hash_payload = hash_payload_create(HASH_V1);
@@ -106,9 +110,13 @@ METHOD(authenticator_t, process, status_t,
 
        this->dh->get_my_public_value(this->dh, &dh);
        keymat = (keymat_v1_t*)this->ike_sa->get_keymat(this->ike_sa);
-       hash = keymat->get_hash(keymat, !this->initiator, this->dh_value, dh,
+       if (!keymat->get_hash(keymat, !this->initiator, this->dh_value, dh,
                                        this->ike_sa->get_id(this->ike_sa), this->sa_payload,
-                                       this->id_payload);
+                                       this->id_payload, &hash))
+       {
+               free(dh.ptr);
+               return FAILED;
+       }
        free(dh.ptr);
        if (chunk_equals(hash, hash_payload->get_hash(hash_payload)))
        {
index 8d3f21c..d81c77f 100644 (file)
@@ -96,9 +96,14 @@ METHOD(authenticator_t, build, status_t,
 
        this->dh->get_my_public_value(this->dh, &dh);
        keymat = (keymat_v1_t*)this->ike_sa->get_keymat(this->ike_sa);
-       hash = keymat->get_hash(keymat, this->initiator, dh, this->dh_value,
+       if (!keymat->get_hash(keymat, this->initiator, dh, this->dh_value,
                                        this->ike_sa->get_id(this->ike_sa), this->sa_payload,
-                                       this->id_payload);
+                                       this->id_payload, &hash))
+       {
+               private->destroy(private);
+               free(dh.ptr);
+               return FAILED;
+       }
        free(dh.ptr);
 
        if (private->sign(private, scheme, hash, &sig))
@@ -149,9 +154,13 @@ METHOD(authenticator_t, process, status_t,
        id = this->ike_sa->get_other_id(this->ike_sa);
        this->dh->get_my_public_value(this->dh, &dh);
        keymat = (keymat_v1_t*)this->ike_sa->get_keymat(this->ike_sa);
-       hash = keymat->get_hash(keymat, !this->initiator, this->dh_value, dh,
+       if (!keymat->get_hash(keymat, !this->initiator, this->dh_value, dh,
                                        this->ike_sa->get_id(this->ike_sa), this->sa_payload,
-                                       this->id_payload);
+                                       this->id_payload, &hash))
+       {
+               free(dh.ptr);
+               return FAILED;
+       }
        free(dh.ptr);
 
        sig = sig_payload->get_hash(sig_payload);
index 2b22b14..f543a03 100644 (file)
@@ -698,11 +698,11 @@ METHOD(keymat_v1_t, get_hasher, hasher_t*,
        return this->hasher;
 }
 
-METHOD(keymat_v1_t, get_hash, chunk_t,
+METHOD(keymat_v1_t, get_hash, bool,
        private_keymat_v1_t *this, bool initiator, chunk_t dh, chunk_t dh_other,
-       ike_sa_id_t *ike_sa_id, chunk_t sa_i, chunk_t id)
+       ike_sa_id_t *ike_sa_id, chunk_t sa_i, chunk_t id, chunk_t *hash)
 {
-       chunk_t hash, data;
+       chunk_t data;
        u_int64_t spi, spi_other;
 
        /* HASH_I = prf(SKEYID, g^xi | g^xr | CKY-I | CKY-R | SAi_b | IDii_b )
@@ -724,12 +724,12 @@ METHOD(keymat_v1_t, get_hash, chunk_t,
 
        DBG3(DBG_IKE, "HASH_%c data %B", initiator ? 'I' : 'R', &data);
 
-       this->prf_auth->allocate_bytes(this->prf_auth, data, &hash);
+       this->prf_auth->allocate_bytes(this->prf_auth, data, hash);
 
-       DBG3(DBG_IKE, "HASH_%c %B", initiator ? 'I' : 'R', &hash);
+       DBG3(DBG_IKE, "HASH_%c %B", initiator ? 'I' : 'R', hash);
 
        free(data.ptr);
-       return hash;
+       return TRUE;
 }
 
 /**
index e003ed7..77aff88 100644 (file)
@@ -101,11 +101,12 @@ struct keymat_v1_t {
         * @param ike_sa_id             IKE_SA identifier
         * @param sa_i                  encoded SA payload of initiator
         * @param id                    encoded IDii payload for HASH_I (IDir for HASH_R)
-        * @return                              allocated HASH data
+        * @param hash                  chunk receiving allocated HASH data
+        * @return                              TRUE if hash allocated successfully
         */
-       chunk_t (*get_hash)(keymat_v1_t *this, bool initiator,
+       bool (*get_hash)(keymat_v1_t *this, bool initiator,
                                                chunk_t dh, chunk_t dh_other, ike_sa_id_t *ike_sa_id,
-                                               chunk_t sa_i, chunk_t id);
+                                               chunk_t sa_i, chunk_t id, chunk_t *hash);
 
        /**
         * Get HASH data for integrity/authentication in Phase 2 exchanges.