prf_plus_create() can return NULL on failure
authorMartin Willi <martin@revosec.ch>
Fri, 6 Jul 2012 06:43:58 +0000 (08:43 +0200)
committerMartin Willi <martin@revosec.ch>
Mon, 16 Jul 2012 12:53:33 +0000 (14:53 +0200)
src/libcharon/sa/ikev1/keymat_v1.c
src/libcharon/sa/ikev2/keymat_v2.c
src/libstrongswan/crypto/prf_plus.h

index 3cc944c..77f0a56 100644 (file)
@@ -614,6 +614,11 @@ METHOD(keymat_v1_t, derive_child_keys, bool,
        DBG4(DBG_CHD, "initiator SA seed %B", &seed);
 
        prf_plus = prf_plus_create(this->prf, FALSE, seed);
+       if (!prf_plus)
+       {
+               chunk_clear(&secret);
+               return FALSE;
+       }
        if (!prf_plus->allocate_bytes(prf_plus, enc_size, encr_i) ||
                !prf_plus->allocate_bytes(prf_plus, int_size, integ_i))
        {
@@ -627,6 +632,11 @@ METHOD(keymat_v1_t, derive_child_keys, bool,
                                          chunk_from_thing(spi_i), nonce_i, nonce_r);
        DBG4(DBG_CHD, "responder SA seed %B", &seed);
        prf_plus = prf_plus_create(this->prf, FALSE, seed);
+       if (!prf_plus)
+       {
+               chunk_clear(&secret);
+               return FALSE;
+       }
        if (!prf_plus->allocate_bytes(prf_plus, enc_size, encr_r) ||
                !prf_plus->allocate_bytes(prf_plus, int_size, integ_r))
        {
index 55af8f1..3e36b09 100644 (file)
@@ -355,6 +355,12 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
        chunk_free(&fixed_nonce);
        chunk_clear(&prf_plus_seed);
 
+       if (!prf_plus)
+       {
+               DESTROY_IF(rekey_prf);
+               return FALSE;
+       }
+
        /* KEYMAT = SK_d | SK_ai | SK_ar | SK_ei | SK_er | SK_pi | SK_pr */
 
        /* SK_d is used for generating CHILD_SA key mat => store for later use */
@@ -528,6 +534,10 @@ METHOD(keymat_v2_t, derive_child_keys, bool,
 
        this->prf->set_key(this->prf, this->skd);
        prf_plus = prf_plus_create(this->prf, TRUE, seed);
+       if (!prf_plus)
+       {
+               return FALSE;
+       }
 
        if (!prf_plus->allocate_bytes(prf_plus, enc_size, encr_i) ||
                !prf_plus->allocate_bytes(prf_plus, int_size, integ_i) ||
index 1f668ed..92f5dd7 100644 (file)
@@ -63,7 +63,7 @@ struct prf_plus_t {
  * @param prf                          prf object to use, must be destroyd after prf+.
  * @param counter                      use an appending counter byte (for IKEv2 variant)
  * @param seed                         input seed for prf
- * @return                                     prf_plus_t object
+ * @return                                     prf_plus_t object, NULL on failure
  */
 prf_plus_t *prf_plus_create(prf_t *prf, bool counter, chunk_t seed);