Add a return value to signer_t.set_key()
This commit is contained in:
parent
9020f7d0b9
commit
2d56575d52
|
@ -526,9 +526,8 @@ eap_radius_dae_t *eap_radius_dae_create(eap_radius_accounting_t *accounting)
|
|||
return NULL;
|
||||
}
|
||||
this->secret.len = strlen(this->secret.ptr);
|
||||
this->signer->set_key(this->signer, this->secret);
|
||||
|
||||
if (!open_socket(this))
|
||||
if (!this->signer->set_key(this->signer, this->secret) ||
|
||||
!open_socket(this))
|
||||
{
|
||||
destroy(this);
|
||||
return NULL;
|
||||
|
|
|
@ -166,12 +166,24 @@ static bool derive_ike_traditional(private_keymat_v2_t *this, u_int16_t enc_alg,
|
|||
|
||||
prf_plus->allocate_bytes(prf_plus, key_size, &key);
|
||||
DBG4(DBG_IKE, "Sk_ai secret %B", &key);
|
||||
signer_i->set_key(signer_i, key);
|
||||
if (!signer_i->set_key(signer_i, key))
|
||||
{
|
||||
signer_i->destroy(signer_i);
|
||||
signer_r->destroy(signer_r);
|
||||
chunk_clear(&key);
|
||||
return FALSE;
|
||||
}
|
||||
chunk_clear(&key);
|
||||
|
||||
prf_plus->allocate_bytes(prf_plus, key_size, &key);
|
||||
DBG4(DBG_IKE, "Sk_ar secret %B", &key);
|
||||
signer_r->set_key(signer_r, key);
|
||||
if (!signer_r->set_key(signer_r, key))
|
||||
{
|
||||
signer_i->destroy(signer_i);
|
||||
signer_r->destroy(signer_r);
|
||||
chunk_clear(&key);
|
||||
return FALSE;
|
||||
}
|
||||
chunk_clear(&key);
|
||||
|
||||
/* SK_ei/SK_er used for encryption */
|
||||
|
|
|
@ -361,14 +361,14 @@ radius_socket_t *radius_socket_create(char *address, u_int16_t auth_port,
|
|||
.rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK),
|
||||
);
|
||||
|
||||
if (!this->hasher || !this->signer || !this->rng)
|
||||
if (!this->hasher || !this->signer || !this->rng ||
|
||||
!this->signer->set_key(this->signer, secret))
|
||||
{
|
||||
DBG1(DBG_CFG, "RADIUS initialization failed, HMAC/MD5/RNG required");
|
||||
destroy(this);
|
||||
return NULL;
|
||||
}
|
||||
this->secret = secret;
|
||||
this->signer->set_key(this->signer, secret);
|
||||
/* we use a random identifier, helps if we restart often */
|
||||
this->identifier = random();
|
||||
|
||||
|
|
|
@ -140,7 +140,11 @@ METHOD(simaka_crypto_t, derive_keys_full, bool,
|
|||
k_auth = chunk_create(str.ptr + KENCR_LEN, KAUTH_LEN);
|
||||
DBG3(DBG_LIB, "K_encr %B\nK_auth %B\nMSK %B", &k_encr, &k_auth, &msk);
|
||||
|
||||
this->signer->set_key(this->signer, k_auth);
|
||||
if (!this->signer->set_key(this->signer, k_auth))
|
||||
{
|
||||
chunk_clear(mk);
|
||||
return FALSE;
|
||||
}
|
||||
this->crypter->set_key(this->crypter, k_encr);
|
||||
|
||||
*msk = chunk_create(str.ptr + KENCR_LEN + KAUTH_LEN, MSK_LEN);
|
||||
|
@ -168,7 +172,10 @@ METHOD(simaka_crypto_t, derive_keys_reauth, bool,
|
|||
k_auth = chunk_create(str.ptr + KENCR_LEN, KAUTH_LEN);
|
||||
DBG3(DBG_LIB, "K_encr %B\nK_auth %B", &k_encr, &k_auth);
|
||||
|
||||
this->signer->set_key(this->signer, k_auth);
|
||||
if (!this->signer->set_key(this->signer, k_auth))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
this->crypter->set_key(this->crypter, k_encr);
|
||||
|
||||
call_hook(this, k_encr, k_auth);
|
||||
|
|
|
@ -138,7 +138,10 @@ METHOD(aead_t, set_key, bool,
|
|||
chunk_split(key, "mm", this->signer->get_key_size(this->signer), &sig,
|
||||
this->crypter->get_key_size(this->crypter), &enc);
|
||||
|
||||
this->signer->set_key(this->signer, sig);
|
||||
if (!this->signer->set_key(this->signer, sig))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
this->crypter->set_key(this->crypter, enc);
|
||||
|
||||
return TRUE;
|
||||
|
|
|
@ -488,7 +488,10 @@ static u_int bench_signer(private_crypto_tester_t *this,
|
|||
u_int runs;
|
||||
|
||||
memset(key, 0x12, sizeof(key));
|
||||
signer->set_key(signer, chunk_from_thing(key));
|
||||
if (!signer->set_key(signer, chunk_from_thing(key)))
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
buf = chunk_alloc(this->bench_size);
|
||||
memset(buf.ptr, 0x34, buf.len);
|
||||
|
@ -547,8 +550,10 @@ METHOD(crypto_tester_t, test_signer, bool,
|
|||
failed = FALSE;
|
||||
|
||||
key = chunk_create(vector->key, signer->get_key_size(signer));
|
||||
signer->set_key(signer, key);
|
||||
|
||||
if (!signer->set_key(signer, key))
|
||||
{
|
||||
failed = TRUE;
|
||||
}
|
||||
/* allocated signature */
|
||||
data = chunk_create(vector->data, vector->len);
|
||||
if (!signer->allocate_signature(signer, data, &mac))
|
||||
|
|
|
@ -101,10 +101,11 @@ METHOD(signer_t, get_block_size, size_t,
|
|||
return this->truncation;
|
||||
}
|
||||
|
||||
METHOD(signer_t, set_key, void,
|
||||
METHOD(signer_t, set_key, bool,
|
||||
private_signer_t *this, chunk_t key)
|
||||
{
|
||||
this->mac->set_key(this->mac, key);
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
METHOD(signer_t, destroy, void,
|
||||
|
|
|
@ -140,8 +140,10 @@ struct signer_t {
|
|||
* Set the key for this object.
|
||||
*
|
||||
* @param key key to set
|
||||
* @return TRUE if key set
|
||||
*/
|
||||
void (*set_key) (signer_t *this, chunk_t key);
|
||||
__attribute__((warn_unused_result))
|
||||
bool (*set_key) (signer_t *this, chunk_t key);
|
||||
|
||||
/**
|
||||
* Destroys a signer_t object.
|
||||
|
|
|
@ -153,10 +153,11 @@ METHOD(signer_t, get_block_size, size_t,
|
|||
return this->block_size;
|
||||
}
|
||||
|
||||
METHOD(signer_t, set_key, void,
|
||||
METHOD(signer_t, set_key, bool,
|
||||
private_af_alg_signer_t *this, chunk_t key)
|
||||
{
|
||||
this->ops->set_key(this->ops, key);
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
METHOD(signer_t, destroy, void,
|
||||
|
|
|
@ -1522,13 +1522,19 @@ static bool expand_keys(private_tls_crypto_t *this,
|
|||
block = chunk_skip(block, mks);
|
||||
if (this->tls->is_server(this->tls))
|
||||
{
|
||||
this->signer_in->set_key(this->signer_in, client_write);
|
||||
this->signer_out->set_key(this->signer_out, server_write);
|
||||
if (!this->signer_in->set_key(this->signer_in, client_write) ||
|
||||
!this->signer_out->set_key(this->signer_out, server_write))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
this->signer_out->set_key(this->signer_out, client_write);
|
||||
this->signer_in->set_key(this->signer_in, server_write);
|
||||
if (!this->signer_out->set_key(this->signer_out, client_write) ||
|
||||
!this->signer_in->set_key(this->signer_in, server_write))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
|
||||
/* crypter keys, and IVs if < TLSv1.2 */
|
||||
|
|
Loading…
Reference in New Issue