Add a return value to prf_t.allocate_bytes()
authorMartin Willi <martin@revosec.ch>
Fri, 6 Jul 2012 09:28:27 +0000 (11:28 +0200)
committerMartin Willi <martin@revosec.ch>
Mon, 16 Jul 2012 12:53:34 +0000 (14:53 +0200)
src/libcharon/sa/ikev1/keymat_v1.c
src/libcharon/sa/ikev2/keymat_v2.c
src/libstrongswan/crypto/crypto_tester.c
src/libstrongswan/crypto/prfs/mac_prf.c
src/libstrongswan/crypto/prfs/prf.h
src/libstrongswan/plugins/af_alg/af_alg_prf.c
src/libstrongswan/plugins/fips_prf/fips_prf.c
src/libstrongswan/plugins/openssl/openssl_sha1_prf.c
src/libstrongswan/plugins/sha1/sha1_prf.c

index d5e9ee0..f4b4a35 100644 (file)
@@ -435,7 +435,11 @@ METHOD(keymat_v1_t, derive_ike_keys, bool,
                        psk = shared_key->get_key(shared_key);
                        adjust_keylen(alg, &psk);
                        this->prf->set_key(this->prf, psk);
-                       this->prf->allocate_bytes(this->prf, nonces, &skeyid);
+                       if (!this->prf->allocate_bytes(this->prf, nonces, &skeyid))
+                       {
+                               chunk_clear(&g_xy);
+                               return FALSE;
+                       }
                        break;
                }
                case AUTH_RSA:
@@ -448,7 +452,11 @@ METHOD(keymat_v1_t, derive_ike_keys, bool,
                case AUTH_HYBRID_RESP_RSA:
                {
                        this->prf->set_key(this->prf, nonces);
-                       this->prf->allocate_bytes(this->prf, g_xy, &skeyid);
+                       if (!this->prf->allocate_bytes(this->prf, g_xy, &skeyid))
+                       {
+                               chunk_clear(&g_xy);
+                               return FALSE;
+                       }
                        break;
                }
                default:
@@ -463,19 +471,31 @@ METHOD(keymat_v1_t, derive_ike_keys, bool,
 
        /* SKEYID_d = prf(SKEYID, g^xy | CKY-I | CKY-R | 0) */
        data = chunk_cat("cccc", g_xy, spi_i, spi_r, octet_0);
-       this->prf->allocate_bytes(this->prf, data, &this->skeyid_d);
+       if (!this->prf->allocate_bytes(this->prf, data, &this->skeyid_d))
+       {
+               chunk_clear(&g_xy);
+               chunk_clear(&data);
+       }
        chunk_clear(&data);
        DBG4(DBG_IKE, "SKEYID_d %B", &this->skeyid_d);
 
        /* SKEYID_a = prf(SKEYID, SKEYID_d | g^xy | CKY-I | CKY-R | 1) */
        data = chunk_cat("ccccc", this->skeyid_d, g_xy, spi_i, spi_r, octet_1);
-       this->prf->allocate_bytes(this->prf, data, &this->skeyid_a);
+       if (!this->prf->allocate_bytes(this->prf, data, &this->skeyid_a))
+       {
+               chunk_clear(&g_xy);
+               chunk_clear(&data);
+       }
        chunk_clear(&data);
        DBG4(DBG_IKE, "SKEYID_a %B", &this->skeyid_a);
 
        /* SKEYID_e = prf(SKEYID, SKEYID_a | g^xy | CKY-I | CKY-R | 2) */
        data = chunk_cat("ccccc", this->skeyid_a, g_xy, spi_i, spi_r, octet_2);
-       this->prf->allocate_bytes(this->prf, data, &skeyid_e);
+       if (!this->prf->allocate_bytes(this->prf, data, &skeyid_e))
+       {
+               chunk_clear(&g_xy);
+               chunk_clear(&data);
+       }
        chunk_clear(&data);
        DBG4(DBG_IKE, "SKEYID_e %B", &skeyid_e);
 
@@ -724,7 +744,11 @@ METHOD(keymat_v1_t, get_hash, bool,
 
        DBG3(DBG_IKE, "HASH_%c data %B", initiator ? 'I' : 'R', &data);
 
-       this->prf_auth->allocate_bytes(this->prf_auth, data, hash);
+       if (!this->prf_auth->allocate_bytes(this->prf_auth, data, hash))
+       {
+               free(data.ptr);
+               return FALSE;
+       }
 
        DBG3(DBG_IKE, "HASH_%c %B", initiator ? 'I' : 'R', hash);
 
@@ -897,15 +921,25 @@ METHOD(keymat_v1_t, get_hash_phase2, bool,
        this->prf->set_key(this->prf, this->skeyid_a);
        if (add_message)
        {
-               generator_t *generator = generator_create_no_dbg();
-               chunk_t msg = get_message_data(message, generator);
-               this->prf->allocate_bytes(this->prf, data, NULL);
-               this->prf->allocate_bytes(this->prf, msg, hash);
+               generator_t *generator;
+               chunk_t msg;
+
+               generator = generator_create_no_dbg();
+               msg = get_message_data(message, generator);
+               if (!this->prf->allocate_bytes(this->prf, data, NULL) ||
+                       !this->prf->allocate_bytes(this->prf, msg, hash))
+               {
+                       generator->destroy(generator);
+                       return FALSE;
+               }
                generator->destroy(generator);
        }
        else
        {
-               this->prf->allocate_bytes(this->prf, data, hash);
+               if (!this->prf->allocate_bytes(this->prf, data, hash))
+               {
+                       return FALSE;
+               }
        }
        DBG3(DBG_IKE, "%s %B", name, hash);
        return TRUE;
index 4db02be..1704f55 100644 (file)
@@ -260,7 +260,7 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
 {
        chunk_t skeyseed, key, secret, full_nonce, fixed_nonce, prf_plus_seed;
        chunk_t spi_i, spi_r;
-       prf_plus_t *prf_plus;
+       prf_plus_t *prf_plus = NULL;
        u_int16_t alg, key_size, int_alg;
        prf_t *rekey_prf = NULL;
 
@@ -323,9 +323,11 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
        {
                /* SKEYSEED = prf(Ni | Nr, g^ir) */
                this->prf->set_key(this->prf, fixed_nonce);
-               this->prf->allocate_bytes(this->prf, secret, &skeyseed);
-               this->prf->set_key(this->prf, skeyseed);
-               prf_plus = prf_plus_create(this->prf, TRUE, prf_plus_seed);
+               if (this->prf->allocate_bytes(this->prf, secret, &skeyseed))
+               {
+                       this->prf->set_key(this->prf, skeyseed);
+                       prf_plus = prf_plus_create(this->prf, TRUE, prf_plus_seed);
+               }
        }
        else
        {
@@ -343,9 +345,11 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
                }
                secret = chunk_cat("mc", secret, full_nonce);
                rekey_prf->set_key(rekey_prf, rekey_skd);
-               rekey_prf->allocate_bytes(rekey_prf, secret, &skeyseed);
-               rekey_prf->set_key(rekey_prf, skeyseed);
-               prf_plus = prf_plus_create(rekey_prf, TRUE, prf_plus_seed);
+               if (rekey_prf->allocate_bytes(rekey_prf, secret, &skeyseed))
+               {
+                       rekey_prf->set_key(rekey_prf, skeyseed);
+                       prf_plus = prf_plus_create(rekey_prf, TRUE, prf_plus_seed);
+               }
        }
        DBG4(DBG_IKE, "SKEYSEED %B", &skeyseed);
 
@@ -593,8 +597,10 @@ METHOD(keymat_v2_t, get_auth_octets, bool,
        DBG3(DBG_IKE, "IDx' %B", &idx);
        DBG3(DBG_IKE, "SK_p %B", &skp);
        this->prf->set_key(this->prf, skp);
-       this->prf->allocate_bytes(this->prf, idx, &chunk);
-
+       if (!this->prf->allocate_bytes(this->prf, idx, &chunk))
+       {
+               return FALSE;
+       }
        *octets = chunk_cat("ccm", ike_sa_init, nonce, chunk);
        DBG3(DBG_IKE, "octets = message + nonce + prf(Sk_px, IDx') %B", octets);
        return TRUE;
@@ -623,9 +629,18 @@ METHOD(keymat_v2_t, get_psk_sig, bool,
        /* AUTH = prf(prf(Shared Secret,"Key Pad for IKEv2"), <msg octets>) */
        key_pad = chunk_create(IKEV2_KEY_PAD, IKEV2_KEY_PAD_LENGTH);
        this->prf->set_key(this->prf, secret);
-       this->prf->allocate_bytes(this->prf, key_pad, &key);
+       if (!this->prf->allocate_bytes(this->prf, key_pad, &key))
+       {
+               chunk_free(&octets);
+               return FALSE;
+       }
        this->prf->set_key(this->prf, key);
-       this->prf->allocate_bytes(this->prf, octets, sig);
+       if (!this->prf->allocate_bytes(this->prf, octets, sig))
+       {
+               chunk_free(&key);
+               chunk_free(&octets);
+               return FALSE;
+       }
        DBG4(DBG_IKE, "secret %B", &secret);
        DBG4(DBG_IKE, "prf(secret, keypad) %B", &key);
        DBG3(DBG_IKE, "AUTH = prf(prf(secret, keypad), octets) %B", sig);
index 4690593..8398bc8 100644 (file)
@@ -847,7 +847,10 @@ METHOD(crypto_tester_t, test_prf, bool,
 
                /* allocated bytes */
                seed = chunk_create(vector->seed, vector->len);
-               prf->allocate_bytes(prf, seed, &out);
+               if (!prf->allocate_bytes(prf, seed, &out))
+               {
+                       failed = TRUE;
+               }
                if (out.len != prf->get_block_size(prf))
                {
                        failed = TRUE;
@@ -878,8 +881,8 @@ METHOD(crypto_tester_t, test_prf, bool,
                        {
                                prf->set_key(prf, key);
                        }
-                       prf->allocate_bytes(prf, chunk_create(seed.ptr, 1), NULL);
-                       if (!prf->get_bytes(prf, chunk_create(seed.ptr + 1, 1), NULL) ||
+                       if (!prf->allocate_bytes(prf, chunk_create(seed.ptr, 1), NULL) ||
+                               !prf->get_bytes(prf, chunk_create(seed.ptr + 1, 1), NULL) ||
                                !prf->get_bytes(prf, chunk_skip(seed, 2), out.ptr))
                        {
                                failed = TRUE;
index 489797f..cd39586 100644 (file)
@@ -42,7 +42,7 @@ METHOD(prf_t, get_bytes, bool,
        return TRUE;
 }
 
-METHOD(prf_t, allocate_bytes, void,
+METHOD(prf_t, allocate_bytes, bool,
        private_prf_t *this, chunk_t seed, chunk_t *chunk)
 {
        if (!chunk)
@@ -54,6 +54,7 @@ METHOD(prf_t, allocate_bytes, void,
                *chunk = chunk_alloc(this->mac->get_mac_size(this->mac));
                this->mac->get_mac(this->mac, seed, chunk->ptr);
        }
+       return TRUE;
 }
 
 METHOD(prf_t, get_block_size, size_t,
index 8b98b41..05380b5 100644 (file)
@@ -87,8 +87,10 @@ struct prf_t {
         *
         * @param seed          a chunk containing the seed for the next bytes
         * @param chunk         chunk which will hold generated bytes
+        * @return                      TRUE if bytes allocated and generated successfully
         */
-       void (*allocate_bytes) (prf_t *this, chunk_t seed, chunk_t *chunk);
+       __attribute__((warn_unused_result))
+       bool (*allocate_bytes) (prf_t *this, chunk_t seed, chunk_t *chunk);
 
        /**
         * Get the block size of this prf_t object.
index 5b12adf..14df573 100644 (file)
@@ -112,18 +112,15 @@ METHOD(prf_t, get_bytes, bool,
        return TRUE;
 }
 
-METHOD(prf_t, allocate_bytes, void,
+METHOD(prf_t, allocate_bytes, bool,
        private_af_alg_prf_t *this, chunk_t seed, chunk_t *chunk)
 {
        if (chunk)
        {
                *chunk = chunk_alloc(this->block_size);
-               get_bytes(this, seed, chunk->ptr);
-       }
-       else
-       {
-               get_bytes(this, seed, NULL);
+               return get_bytes(this, seed, chunk->ptr);
        }
+       return get_bytes(this, seed, NULL);
 }
 
 METHOD(prf_t, get_block_size, size_t,
index ae5ed98..8c4dc9e 100644 (file)
@@ -147,11 +147,11 @@ METHOD(prf_t, get_block_size, size_t,
 {
        return 2 * this->b;
 }
-METHOD(prf_t, allocate_bytes, void,
+METHOD(prf_t, allocate_bytes, bool,
        private_fips_prf_t *this, chunk_t seed, chunk_t *chunk)
 {
        *chunk = chunk_alloc(get_block_size(this));
-       get_bytes(this, seed, chunk->ptr);
+       return get_bytes(this, seed, chunk->ptr);
 }
 
 METHOD(prf_t, get_key_size, size_t,
index 03b7fa0..1c6dbd8 100644 (file)
@@ -60,18 +60,15 @@ METHOD(prf_t, get_block_size, size_t,
        return HASH_SIZE_SHA1;
 }
 
-METHOD(prf_t, allocate_bytes, void,
+METHOD(prf_t, allocate_bytes, bool,
        private_openssl_sha1_prf_t *this, chunk_t seed, chunk_t *chunk)
 {
        if (chunk)
        {
                *chunk = chunk_alloc(HASH_SIZE_SHA1);
-               get_bytes(this, seed, chunk->ptr);
-       }
-       else
-       {
-               get_bytes(this, seed, NULL);
+               return get_bytes(this, seed, chunk->ptr);
        }
+       return get_bytes(this, seed, NULL);
 }
 
 METHOD(prf_t, get_key_size, size_t,
index f3e44ed..1ce3750 100644 (file)
@@ -81,11 +81,11 @@ METHOD(prf_t, get_block_size, size_t,
        return HASH_SIZE_SHA1;
 }
 
-METHOD(prf_t, allocate_bytes, void,
+METHOD(prf_t, allocate_bytes, bool,
        private_sha1_prf_t *this, chunk_t seed, chunk_t *chunk)
 {
        *chunk = chunk_alloc(HASH_SIZE_SHA1);
-       get_bytes(this, seed, chunk->ptr);
+       return get_bytes(this, seed, chunk->ptr);
 }
 
 METHOD(prf_t, get_key_size, size_t,