ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

Add a return value to hasher_t.allocate_hash()

This commit is contained in:
Martin Willi 2012-07-09 17:15:52 +02:00
parent e185612dd8
commit 87dd205b61
40 changed files with 269 additions and 149 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/libcharon/plugins/eap_md5/eap_md5.c
View File

@ -100,7 +100,11 @@ static status_t hash_challenge(private_eap_md5_t *this, chunk_t *response,
DBG1(DBG_IKE, "EAP-MD5 failed, MD5 not supported");
return FAILED;
}
hasher->allocate_hash(hasher, concat, response);
if (!hasher->allocate_hash(hasher, concat, response))
{
hasher->destroy(hasher);
return FAILED;
}
hasher->destroy(hasher);
return SUCCESS;
}

55
src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
View File

@ -281,7 +281,11 @@ static status_t NtPasswordHash(chunk_t password, chunk_t *password_hash)
DBG1(DBG_IKE, "EAP-MS-CHAPv2 failed, no MD4 hasher available");
return FAILED;
}
hasher->allocate_hash(hasher, password, password_hash);
if (!hasher->allocate_hash(hasher, password, password_hash))
{
hasher->destroy(hasher);
return FAILED;
}
hasher->destroy(hasher);
return SUCCESS;
}
@ -302,7 +306,11 @@ static status_t ChallengeHash(chunk_t peer_challenge, chunk_t server_challenge,
return FAILED;
}
concat = chunk_cata("ccc", peer_challenge, server_challenge, username);
hasher->allocate_hash(hasher, concat, challenge_hash);
if (!hasher->allocate_hash(hasher, concat, challenge_hash))
{
hasher->destroy(hasher);
return FAILED;
}
hasher->destroy(hasher);
/* we need only the first 8 octets */
challenge_hash->len = 8;
@ -382,10 +390,17 @@ static status_t AuthenticatorResponse(chunk_t password_hash_hash,
}
concat = chunk_cata("ccc", password_hash_hash, nt_response, magic1);
hasher->allocate_hash(hasher, concat, &digest);
if (!hasher->allocate_hash(hasher, concat, &digest))
{
hasher->destroy(hasher);
return FAILED;
}
concat = chunk_cata("ccc", digest, challenge_hash, magic2);
hasher->allocate_hash(hasher, concat, response);
if (!hasher->allocate_hash(hasher, concat, response))
{
hasher->destroy(hasher);
return FAILED;
}
hasher->destroy(hasher);
chunk_free(&digest);
return SUCCESS;
@ -434,7 +449,9 @@ static status_t GenerateMSK(chunk_t password_hash_hash,
chunk_t keypad = chunk_from_chars(
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00);
chunk_t concat, master_key, master_receive_key, master_send_key;
char master_key[HASH_SIZE_SHA1];
char master_receive_key[HASH_SIZE_SHA1], master_send_key[HASH_SIZE_SHA1];
chunk_t concat, master;
hasher_t *hasher;
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
@ -444,24 +461,22 @@ static status_t GenerateMSK(chunk_t password_hash_hash,
return FAILED;
}
master = chunk_create(master_key, 16);
concat = chunk_cata("ccc", password_hash_hash, nt_response, magic1);
hasher->allocate_hash(hasher, concat, &master_key);
master_key.len = 16;
concat = chunk_cata("cccc", master, shapad1, magic2, shapad2);
concat = chunk_cata("cccc", master, shapad1, magic3, shapad2);
if (!hasher->get_hash(hasher, concat, master_key) ||
!hasher->get_hash(hasher, concat, master_receive_key) ||
!hasher->get_hash(hasher, concat, master_send_key))
{
hasher->destroy(hasher);
return FAILED;
}
concat = chunk_cata("cccc", master_key, shapad1, magic2, shapad2);
hasher->allocate_hash(hasher, concat, &master_receive_key);
master_receive_key.len = 16;
concat = chunk_cata("cccc", master_key, shapad1, magic3, shapad2);
hasher->allocate_hash(hasher, concat, &master_send_key);
master_send_key.len = 16;
*msk = chunk_cat("cccc", master_receive_key, master_send_key, keypad, keypad);
*msk = chunk_cat("cccc", chunk_create(master_receive_key, 16),
chunk_create(master_send_key, 16), keypad, keypad);
hasher->destroy(hasher);
chunk_free(&master_key);
chunk_free(&master_receive_key);
chunk_free(&master_send_key);
return SUCCESS;
}

8
src/libcharon/plugins/stroke/stroke_ca.c
View File

@ -354,10 +354,12 @@ METHOD(stroke_ca_t, check_for_hash_and_url, void,
if (cert->get_encoding(cert, CERT_ASN1_DER, &encoded))
{
hasher->allocate_hash(hasher, encoded, &hash);
section->hashes->insert_last(section->hashes,
if (hasher->allocate_hash(hasher, encoded, &hash))
{
section->hashes->insert_last(section->hashes,
identification_create_from_encoding(ID_KEY_ID, hash));
chunk_free(&hash);
chunk_free(&hash);
}
chunk_free(&encoded);
}
break;

9
src/libcharon/sa/ike_sa_manager.c
View File

@ -1164,8 +1164,13 @@ METHOD(ike_sa_manager_t, checkout_by_message, ike_sa_t*,
u_int64_t our_spi;
chunk_t hash;
this->hasher->allocate_hash(this->hasher,
message->get_packet_data(message), &hash);
if (!this->hasher->allocate_hash(this->hasher,
message->get_packet_data(message), &hash))
{
DBG1(DBG_MGR, "ignoring message, failed to hash message");
id->destroy(id);
return NULL;
}
/* ensure this is not a retransmit of an already handled init message */
switch (check_and_put_init_hash(this, hash, &our_spi))

19
src/libcharon/sa/ikev1/keymat_v1.c
View File

@ -554,7 +554,11 @@ METHOD(keymat_v1_t, derive_ike_keys, bool,
/* initial IV = hash(g^xi | g^xr) */
data = chunk_cata("cc", g_xi, g_xr);
this->hasher->allocate_hash(this->hasher, data, &this->phase1_iv.iv);
if (!this->hasher->allocate_hash(this->hasher, data, &this->phase1_iv.iv))
{
chunk_free(&dh_me);
return FALSE;
}
if (this->phase1_iv.iv.len > this->aead->get_block_size(this->aead))
{
this->phase1_iv.iv.len = this->aead->get_block_size(this->aead);
@ -975,10 +979,15 @@ static bool generate_iv(private_keymat_v1_t *this, iv_data_t *iv)
else
{
/* initial phase 2 IV = hash(last_phase1_block | mid) */
u_int32_t net = htonl(iv->mid);
chunk_t data = chunk_cata("cc", this->phase1_iv.iv,
chunk_from_thing(net));
this->hasher->allocate_hash(this->hasher, data, &iv->iv);
u_int32_t net;;
chunk_t data;
net = htonl(iv->mid);
data = chunk_cata("cc", this->phase1_iv.iv, chunk_from_thing(net));
if (!this->hasher->allocate_hash(this->hasher, data, &iv->iv))
{
return FALSE;
}
if (iv->iv.len > this->aead->get_block_size(this->aead))
{
iv->iv.len = this->aead->get_block_size(this->aead);

20
src/libcharon/sa/ikev1/tasks/isakmp_natd.c
View File

@ -100,7 +100,11 @@ static chunk_t generate_natd_hash(private_isakmp_natd_t *this,
natd_chunk = chunk_cata("cccc", chunk_from_thing(spi_i),
chunk_from_thing(spi_r), host->get_address(host),
chunk_from_thing(port));
hasher->allocate_hash(hasher, natd_chunk, &natd_hash);
if (!hasher->allocate_hash(hasher, natd_chunk, &natd_hash))
{
DBG1(DBG_IKE, "creating NAT-D payload hash failed");
return chunk_empty;
}
DBG3(DBG_IKE, "natd_chunk %B", &natd_chunk);
DBG3(DBG_IKE, "natd_hash %B", &natd_hash);
@ -154,6 +158,10 @@ static hash_payload_t *build_natd_payload(private_isakmp_natd_t *this, bool src,
ike_sa_id_t *ike_sa_id = this->ike_sa->get_id(this->ike_sa);
hash = generate_natd_hash(this, ike_sa_id, host);
}
if (!hash.len)
{
return NULL;
}
payload = hash_payload_create(NAT_D_V1);
payload->set_hash(payload, hash);
chunk_free(&hash);
@ -171,14 +179,20 @@ static void add_natd_payloads(private_isakmp_natd_t *this, message_t *message)
/* destination has to be added first */
host = message->get_destination(message);
payload = build_natd_payload(this, FALSE, host);
message->add_payload(message, (payload_t*)payload);
if (payload)
{
message->add_payload(message, (payload_t*)payload);
}
/* source is added second, compared with IKEv2 we always know the source,
* as these payloads are added in the second Phase 1 exchange or the
* response to the first */
host = message->get_source(message);
payload = build_natd_payload(this, TRUE, host);
message->add_payload(message, (payload_t*)payload);
if (payload)
{
message->add_payload(message, (payload_t*)payload);
}
}
/**

5
src/libcharon/sa/ikev2/connect_manager.c
View File

@ -839,7 +839,10 @@ static chunk_t build_signature(private_connect_manager_t *this,
/* signature = SHA1( MID | ME_CONNECTID | ME_ENDPOINT | ME_CONNECTKEY ) */
sig_chunk = chunk_cat("cccc", mid_chunk, check->connect_id,
check->endpoint_raw, key_chunk);
this->hasher->allocate_hash(this->hasher, sig_chunk, &sig_hash);
if (!this->hasher->allocate_hash(this->hasher, sig_chunk, &sig_hash))
{
sig_hash = chunk_empty;
}
DBG3(DBG_IKE, "sig_chunk %#B", &sig_chunk);
DBG3(DBG_IKE, "sig_hash %#B", &sig_hash);

7
src/libcharon/sa/ikev2/tasks/ike_cert_post.c
View File

@ -78,7 +78,12 @@ static cert_payload_t *build_cert_payload(private_ike_cert_post_t *this,
hasher->destroy(hasher);
return NULL;
}
hasher->allocate_hash(hasher, encoded, &hash);
if (!hasher->allocate_hash(hasher, encoded, &hash))
{
hasher->destroy(hasher);
chunk_free(&encoded);
return cert_payload_create_from_cert(CERTIFICATE, cert);
}
chunk_free(&encoded);
hasher->destroy(hasher);
id = identification_create_from_encoding(ID_KEY_ID, hash);

40
src/libcharon/sa/ikev2/tasks/ike_natd.c
View File

@ -104,7 +104,10 @@ static chunk_t generate_natd_hash(private_ike_natd_t *this,
/* natd_hash = SHA1( spi_i | spi_r | address | port ) */
natd_chunk = chunk_cat("cccc", spi_i_chunk, spi_r_chunk, addr_chunk, port_chunk);
this->hasher->allocate_hash(this->hasher, natd_chunk, &natd_hash);
if (!this->hasher->allocate_hash(this->hasher, natd_chunk, &natd_hash))
{
natd_hash = chunk_empty;
}
DBG3(DBG_IKE, "natd_chunk %B", &natd_chunk);
DBG3(DBG_IKE, "natd_hash %B", &natd_hash);
@ -152,6 +155,10 @@ static notify_payload_t *build_natd_payload(private_ike_natd_t *this,
{
hash = generate_natd_hash(this, ike_sa_id, host);
}
if (!hash.len)
{
return NULL;
}
notify = notify_payload_create(NOTIFY);
notify->set_notify_type(notify, type);
notify->set_notification_data(notify, hash);
@ -298,7 +305,10 @@ METHOD(task_t, build_i, status_t,
/* destination is always set */
host = message->get_destination(message);
notify = build_natd_payload(this, NAT_DETECTION_DESTINATION_IP, host);
message->add_payload(message, (payload_t*)notify);
if (notify)
{
message->add_payload(message, (payload_t*)notify);
}
/* source may be any, we have 3 possibilities to get our source address:
* 1. It is defined in the config => use the one of the IKE_SA
@ -309,7 +319,10 @@ METHOD(task_t, build_i, status_t,
if (!host->is_anyaddr(host) || ike_cfg->force_encap(ike_cfg))
{ /* 1. or if we force UDP encap, as it doesn't matter if it's %any */
notify = build_natd_payload(this, NAT_DETECTION_SOURCE_IP, host);
message->add_payload(message, (payload_t*)notify);
if (notify)
{
message->add_payload(message, (payload_t*)notify);
}
}
else
{
@ -319,7 +332,10 @@ METHOD(task_t, build_i, status_t,
{ /* 2. */
host->set_port(host, ike_cfg->get_my_port(ike_cfg));
notify = build_natd_payload(this, NAT_DETECTION_SOURCE_IP, host);
message->add_payload(message, (payload_t*)notify);
if (notify)
{
message->add_payload(message, (payload_t*)notify);
}
host->destroy(host);
}
else
@ -333,7 +349,10 @@ METHOD(task_t, build_i, status_t,
host->set_port(host, ike_cfg->get_my_port(ike_cfg));
notify = build_natd_payload(this, NAT_DETECTION_SOURCE_IP, host);
host->destroy(host);
message->add_payload(message, (payload_t*)notify);
if (notify)
{
message->add_payload(message, (payload_t*)notify);
}
}
enumerator->destroy(enumerator);
}
@ -365,11 +384,16 @@ METHOD(task_t, build_r, status_t,
/* initiator seems to support NAT detection, add response */
me = message->get_source(message);
notify = build_natd_payload(this, NAT_DETECTION_SOURCE_IP, me);
message->add_payload(message, (payload_t*)notify);
if (notify)
{
message->add_payload(message, (payload_t*)notify);
}
other = message->get_destination(message);
notify = build_natd_payload(this, NAT_DETECTION_DESTINATION_IP, other);
message->add_payload(message, (payload_t*)notify);
if (notify)
{
message->add_payload(message, (payload_t*)notify);
}
}
return SUCCESS;
}

28
src/libpts/pts/pts.c
View File

@ -287,10 +287,15 @@ METHOD(pts_t, calculate_secret, bool,
hash_alg = pts_meas_algo_to_hash(this->dh_hash_algorithm);
hasher = lib->crypto->create_hasher(lib->crypto, hash_alg);
hasher->allocate_hash(hasher, chunk_from_chars('1'), NULL);
hasher->allocate_hash(hasher, this->initiator_nonce, NULL);
hasher->allocate_hash(hasher, this->responder_nonce, NULL);
hasher->allocate_hash(hasher, shared_secret, &this->secret);
if (!hasher ||
!hasher->get_hash(hasher, chunk_from_chars('1'), NULL) ||
!hasher->get_hash(hasher, this->initiator_nonce, NULL) ||
!hasher->get_hash(hasher, this->responder_nonce, NULL) ||
!hasher->allocate_hash(hasher, shared_secret, &this->secret))
{
DESTROY_IF(hasher);
return FALSE;
}
hasher->destroy(hasher);
/* The DH secret must be destroyed */
@ -1073,7 +1078,12 @@ METHOD(pts_t, get_quote_info, bool,
hasher = lib->crypto->create_hasher(lib->crypto, algo);
/* Hash the PCR Composite Structure */
hasher->allocate_hash(hasher, pcr_comp, out_pcr_comp);
if (!hasher || !hasher->allocate_hash(hasher, pcr_comp, out_pcr_comp))
{
DESTROY_IF(hasher);
free(pcr_comp.ptr);
return FALSE;
}
DBG3(DBG_PTS, "constructed PCR Composite hash: %#B", out_pcr_comp);
hasher->destroy(hasher);
}
@ -1084,7 +1094,13 @@ METHOD(pts_t, get_quote_info, bool,
/* SHA1 hash of PCR Composite to construct TPM_QUOTE_INFO */
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
hasher->allocate_hash(hasher, pcr_comp, &hash_pcr_comp);
if (!hasher || !hasher->allocate_hash(hasher, pcr_comp, &hash_pcr_comp))
{
DESTROY_IF(hasher);
chunk_free(out_pcr_comp);
free(pcr_comp.ptr);
return FALSE;
}
hasher->destroy(hasher);
/* Construct TPM_QUOTE_INFO/TPM_QUOTE_INFO2 structure */

4
src/libsimaka/simaka_crypto.c
View File

@ -124,11 +124,11 @@ METHOD(simaka_crypto_t, derive_keys_full, bool,
/* For SIM: MK = SHA1(Identity|n*Kc|NONCE_MT|Version List|Selected Version)
* For AKA: MK = SHA1(Identity|IK|CK) */
if (!this->hasher->get_hash(this->hasher, id->get_encoding(id), NULL))
if (!this->hasher->get_hash(this->hasher, id->get_encoding(id), NULL) ||
!this->hasher->allocate_hash(this->hasher, data, mk))
{
return FALSE;
}
this->hasher->allocate_hash(this->hasher, data, mk);
DBG3(DBG_LIB, "MK %B", mk);
/* K_encr | K_auth | MSK | EMSK = prf() | prf() | prf() | prf() */

9
src/libstrongswan/crypto/crypto_tester.c
View File

@ -735,7 +735,10 @@ METHOD(crypto_tester_t, test_hasher, bool,
/* allocated hash */
data = chunk_create(vector->data, vector->len);
hasher->allocate_hash(hasher, data, &hash);
if (!hasher->allocate_hash(hasher, data, &hash))
{
failed = TRUE;
}
if (hash.len != hasher->get_hash_size(hasher))
{
failed = TRUE;
@ -758,8 +761,8 @@ METHOD(crypto_tester_t, test_hasher, bool,
if (data.len > 2)
{
memset(hash.ptr, 0, hash.len);
hasher->allocate_hash(hasher, chunk_create(data.ptr, 1), NULL);
if (!hasher->get_hash(hasher, chunk_create(data.ptr + 1, 1), NULL) ||
if (!hasher->allocate_hash(hasher, chunk_create(data.ptr, 1), NULL) ||
!hasher->get_hash(hasher, chunk_create(data.ptr + 1, 1), NULL) ||
!hasher->get_hash(hasher, chunk_skip(data, 2), hash.ptr) ||
!memeq(vector->hash, hash.ptr, hash.len))
{

4
src/libstrongswan/crypto/hashers/hasher.h
View File

@ -94,8 +94,10 @@ struct hasher_t {
*
* @param data chunk with data to hash
* @param hash chunk which will hold allocated hash
* @return TRUE if hash allocated successfully
*/
void (*allocate_hash) (hasher_t *this, chunk_t data, chunk_t *hash);
__attribute__((warn_unused_result))
bool (*allocate_hash) (hasher_t *this, chunk_t data, chunk_t *hash);
/**
* Get the size of the resulting hash.

9
src/libstrongswan/crypto/pkcs7.c
View File

@ -421,13 +421,13 @@ end:
algorithm = hasher_algorithm_from_oid(digest_alg);
hasher = lib->crypto->create_hasher(lib->crypto, algorithm);
if (hasher == NULL)
if (!hasher || !hasher->allocate_hash(hasher, this->data, &hash))
{
DESTROY_IF(hasher);
DBG1(DBG_LIB, "hash algorithm %N not supported",
hash_algorithm_names, algorithm);
return FALSE;
}
hasher->allocate_hash(hasher, this->data, &hash);
hasher->destroy(hasher);
DBG3(DBG_LIB, "hash: %B", &hash);
@ -921,13 +921,14 @@ METHOD(pkcs7_t, build_signedData, bool,
time_t now;
hasher = lib->crypto->create_hasher(lib->crypto, alg);
if (hasher == NULL)
if (!hasher ||
!hasher->allocate_hash(hasher, this->data, &messageDigest))
{
DESTROY_IF(hasher);
DBG1(DBG_LIB, " hash algorithm %N not support",
hash_algorithm_names, alg);
return FALSE;
}
hasher->allocate_hash(hasher, this->data, &messageDigest);
hasher->destroy(hasher);
this->attributes->set_attribute(this->attributes,
OID_PKCS9_MESSAGE_DIGEST,

9
src/libstrongswan/plugins/af_alg/af_alg_hasher.c
View File

@ -112,18 +112,15 @@ METHOD(hasher_t, get_hash, bool,
return TRUE;
}
METHOD(hasher_t, allocate_hash, void,
METHOD(hasher_t, allocate_hash, bool,
private_af_alg_hasher_t *this, chunk_t chunk, chunk_t *hash)
{
if (hash)
{
*hash = chunk_alloc(get_hash_size(this));
get_hash(this, chunk, hash->ptr);
}
else
{
get_hash(this, chunk, NULL);
return get_hash(this, chunk, hash->ptr);
}
return get_hash(this, chunk, NULL);
}
METHOD(hasher_t, destroy, void,

9
src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c
View File

@ -61,18 +61,15 @@ METHOD(hasher_t, get_hash, bool,
return TRUE;
}
METHOD(hasher_t, allocate_hash, void,
METHOD(hasher_t, allocate_hash, bool,
private_gcrypt_hasher_t *this, chunk_t chunk, chunk_t *hash)
{
if (hash)
{
*hash = chunk_alloc(get_hash_size(this));
get_hash(this, chunk, hash->ptr);
}
else
{
get_hash(this, chunk, NULL);
return get_hash(this, chunk, hash->ptr);
}
return get_hash(this, chunk, NULL);
}
METHOD(hasher_t, destroy, void,

4
src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
View File

@ -165,11 +165,11 @@ static bool sign_pkcs1(private_gcrypt_rsa_private_key_t *this,
return FALSE;
}
hasher = lib->crypto->create_hasher(lib->crypto, hash_algorithm);
if (!hasher)
if (!hasher || !hasher->allocate_hash(hasher, data, &hash))
{
DESTROY_IF(hasher);
return FALSE;
}
hasher->allocate_hash(hasher, data, &hash);
hasher->destroy(hasher);
err = gcry_sexp_build(&in, NULL, "(data(flags pkcs1)(hash %s %b))",

4
src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c
View File

@ -121,11 +121,11 @@ static bool verify_pkcs1(private_gcrypt_rsa_public_key_t *this,
gcry_sexp_t in, sig;
hasher = lib->crypto->create_hasher(lib->crypto, algorithm);
if (!hasher)
if (!hasher || !hasher->allocate_hash(hasher, data, &hash))
{
DESTROY_IF(hasher);
return FALSE;
}
hasher->allocate_hash(hasher, data, &hash);
hasher->destroy(hasher);
err = gcry_sexp_build(&in, NULL, "(data(flags pkcs1)(hash %s %b))",

4
src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
View File

@ -235,11 +235,11 @@ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this,
}
hasher = lib->crypto->create_hasher(lib->crypto, hash_algorithm);
if (hasher == NULL)
if (!hasher || !hasher->allocate_hash(hasher, data, &hash))
{
DESTROY_IF(hasher);
return FALSE;
}
hasher->allocate_hash(hasher, data, &hash);
hasher->destroy(hasher);
/* build DER-encoded digestInfo */

6
src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
View File

@ -252,7 +252,11 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this,
}
/* build our own hash and compare */
hasher->allocate_hash(hasher, data, &hash);
if (!hasher->allocate_hash(hasher, data, &hash))
{
hasher->destroy(hasher);
goto end_parser;
}
hasher->destroy(hasher);
success = memeq(object.ptr, hash.ptr, hash.len);
free(hash.ptr);

5
src/libstrongswan/plugins/md4/md4_hasher.c
View File

@ -266,8 +266,6 @@ static void MD4Final (private_md4_hasher_t *this, u_int8_t digest[16])
}
}
METHOD(hasher_t, get_hash, bool,
private_md4_hasher_t *this, chunk_t chunk, u_int8_t *buffer)
{
@ -280,7 +278,7 @@ METHOD(hasher_t, get_hash, bool,
return TRUE;
}
METHOD(hasher_t, allocate_hash, void,
METHOD(hasher_t, allocate_hash, bool,
private_md4_hasher_t *this, chunk_t chunk, chunk_t *hash)
{
chunk_t allocated_hash;
@ -296,6 +294,7 @@ METHOD(hasher_t, allocate_hash, void,
*hash = allocated_hash;
}
return TRUE;
}
METHOD(hasher_t, get_hash_size, size_t,

3
src/libstrongswan/plugins/md5/md5_hasher.c
View File

@ -311,7 +311,7 @@ METHOD(hasher_t, get_hash, bool,
return TRUE;
}
METHOD(hasher_t, allocate_hash, void,
METHOD(hasher_t, allocate_hash, bool,
private_md5_hasher_t *this, chunk_t chunk, chunk_t *hash)
{
chunk_t allocated_hash;
@ -327,6 +327,7 @@ METHOD(hasher_t, allocate_hash, void,
*hash = allocated_hash;
}
return TRUE;
}
METHOD(hasher_t, get_hash_size, size_t,

4
src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
View File

@ -221,13 +221,13 @@ bool openssl_ec_fingerprint(EC_KEY *ec, cred_encoding_type_t type, chunk_t *fp)
return FALSE;
}
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
if (!hasher)
if (!hasher || !hasher->allocate_hash(hasher, key, fp))
{
DBG1(DBG_LIB, "SHA1 hash algorithm not supported, fingerprinting failed");
DESTROY_IF(hasher);
free(key.ptr);
return FALSE;
}
hasher->allocate_hash(hasher, key, fp);
hasher->destroy(hasher);
free(key.ptr);
lib->encoding->cache(lib->encoding, type, ec, *fp);

9
src/libstrongswan/plugins/openssl/openssl_hasher.c
View File

@ -120,18 +120,15 @@ METHOD(hasher_t, get_hash, bool,
return TRUE;
}
METHOD(hasher_t, allocate_hash, void,
METHOD(hasher_t, allocate_hash, bool,
private_openssl_hasher_t *this, chunk_t chunk, chunk_t *hash)
{
if (hash)
{
*hash = chunk_alloc(get_hash_size(this));
get_hash(this, chunk, hash->ptr);
}
else
{
get_hash(this, chunk, NULL);
return get_hash(this, chunk, hash->ptr);
}
return get_hash(this, chunk, NULL);
}
METHOD(hasher_t, destroy, void,

4
src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
View File

@ -217,13 +217,13 @@ bool openssl_rsa_fingerprint(RSA *rsa, cred_encoding_type_t type, chunk_t *fp)
return FALSE;
}
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
if (!hasher)
if (!hasher || !hasher->allocate_hash(hasher, key, fp))
{
DBG1(DBG_LIB, "SHA1 hash algorithm not supported, fingerprinting failed");
DESTROY_IF(hasher);
free(key.ptr);
return FALSE;
}
hasher->allocate_hash(hasher, key, fp);
free(key.ptr);
hasher->destroy(hasher);
lib->encoding->cache(lib->encoding, type, rsa, *fp);

4
src/libstrongswan/plugins/openssl/openssl_x509.c
View File

@ -973,11 +973,11 @@ static bool parse_certificate(private_openssl_x509_t *this)
parse_extKeyUsage(this);
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
if (!hasher)
if (!hasher || !hasher->allocate_hash(hasher, this->encoding, &this->hash))
{
DESTROY_IF(hasher);
return FALSE;
}
hasher->allocate_hash(hasher, this->encoding, &this->hash);
hasher->destroy(hasher);
if (issued_by(this, &this->public.x509.interface, NULL))

9
src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c
View File

@ -112,18 +112,15 @@ METHOD(hasher_t, get_hash, bool,
return TRUE;
}
METHOD(hasher_t, allocate_hash, void,
METHOD(hasher_t, allocate_hash, bool,
private_padlock_sha1_hasher_t *this, chunk_t chunk, chunk_t *hash)
{
if (hash)
{
*hash = chunk_alloc(HASH_SIZE_SHA1);
get_hash(this, chunk, hash->ptr);
}
else
{
get_hash(this, chunk, NULL);
return get_hash(this, chunk, hash->ptr);
}
return get_hash(this, chunk, NULL);
}
METHOD(hasher_t, get_hash_size, size_t,

8
src/libstrongswan/plugins/pgp/pgp_cert.c
View File

@ -321,8 +321,12 @@ static bool parse_public_key(private_pgp_cert_t *this, chunk_t packet)
DBG1(DBG_ASN, "no SHA-1 hasher available");
return FALSE;
}
hasher->allocate_hash(hasher, pubkey_packet_header, NULL);
hasher->allocate_hash(hasher, pubkey_packet, &this->fingerprint);
if (!hasher->allocate_hash(hasher, pubkey_packet_header, NULL) ||
!hasher->allocate_hash(hasher, pubkey_packet, &this->fingerprint))
{
hasher->destroy(hasher);
return FALSE;
}
hasher->destroy(hasher);
DBG2(DBG_ASN, "L2 - v4 fingerprint %#B", &this->fingerprint);
}

8
src/libstrongswan/plugins/pgp/pgp_encoder.c
View File

@ -44,8 +44,12 @@ static bool build_v3_fingerprint(chunk_t *encoding, va_list args)
{
e = chunk_skip(e, 1);
}
hasher->allocate_hash(hasher, n, NULL);
hasher->allocate_hash(hasher, e, encoding);
if (!hasher->allocate_hash(hasher, n, NULL) ||
!hasher->allocate_hash(hasher, e, encoding))
{
hasher->destroy(hasher);
return FALSE;
}
hasher->destroy(hasher);
return TRUE;
}

4
src/libstrongswan/plugins/pkcs1/pkcs1_encoder.c
View File

@ -94,14 +94,14 @@ static bool hash_pubkey(chunk_t pubkey, chunk_t *hash)
hasher_t *hasher;
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
if (hasher == NULL)
if (!hasher || !hasher->allocate_hash(hasher, pubkey, hash))
{
DESTROY_IF(hasher);
chunk_free(&pubkey);
DBG1(DBG_LIB, "SHA1 hash algorithm not supported, "
"fingerprinting failed");
return FALSE;
}
hasher->allocate_hash(hasher, pubkey, hash);
hasher->destroy(hasher);
chunk_free(&pubkey);
return TRUE;

9
src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c
View File

@ -203,18 +203,15 @@ METHOD(hasher_t, get_hash, bool,
return TRUE;
}
METHOD(hasher_t, allocate_hash, void,
METHOD(hasher_t, allocate_hash, bool,
private_pkcs11_hasher_t *this, chunk_t chunk, chunk_t *hash)
{
if (hash)
{
*hash = chunk_alloc(this->size);
get_hash(this, chunk, hash->ptr);
}
else
{
get_hash(this, chunk, NULL);
return get_hash(this, chunk, hash->ptr);
}
return get_hash(this, chunk, NULL);
}
METHOD(hasher_t, destroy, void,

8
src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
View File

@ -266,13 +266,15 @@ METHOD(private_key_t, sign, bool,
}
if (hash_alg != HASH_UNKNOWN)
{
hasher_t *hasher = lib->crypto->create_hasher(lib->crypto, hash_alg);
if (!hasher)
hasher_t *hasher;
hasher = lib->crypto->create_hasher(lib->crypto, hash_alg);
if (!hasher || !hasher->allocate_hash(hasher, data, &hash))
{
DESTROY_IF(hasher);
this->lib->f->C_CloseSession(session);
return FALSE;
}
hasher->allocate_hash(hasher, data, &hash);
hasher->destroy(hasher);
data = hash;
}

12
src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c
View File

@ -235,13 +235,15 @@ METHOD(public_key_t, verify, bool,
}
if (hash_alg != HASH_UNKNOWN)
{
hasher_t *hasher = lib->crypto->create_hasher(lib->crypto, hash_alg);
if (!hasher)
hasher_t *hasher;
hasher = lib->crypto->create_hasher(lib->crypto, hash_alg);
if (!hasher || !hasher->allocate_hash(hasher, data, &hash))
{
DESTROY_IF(hasher);
this->lib->f->C_CloseSession(session);
return FALSE;
}
hasher->allocate_hash(hasher, data, &hash);
hasher->destroy(hasher);
data = hash;
}
@ -374,12 +376,12 @@ static bool fingerprint_ecdsa(private_pkcs11_public_key_t *this,
return FALSE;
}
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
if (!hasher)
if (!hasher || !hasher->allocate_hash(hasher, asn1, fp))
{
DESTROY_IF(hasher);
chunk_clear(&asn1);
return FALSE;
}
hasher->allocate_hash(hasher, asn1, fp);
hasher->destroy(hasher);
chunk_clear(&asn1);
lib->encoding->cache(lib->encoding, type, this, *fp);

3
src/libstrongswan/plugins/sha1/sha1_hasher.c
View File

@ -199,7 +199,7 @@ METHOD(hasher_t, get_hash, bool,
return TRUE;
}
METHOD(hasher_t, allocate_hash, void,
METHOD(hasher_t, allocate_hash, bool,
private_sha1_hasher_t *this, chunk_t chunk, chunk_t *hash)
{
SHA1Update(this, chunk.ptr, chunk.len);
@ -211,6 +211,7 @@ METHOD(hasher_t, allocate_hash, void,
SHA1Final(this, hash->ptr);
reset(this);
}
return TRUE;
}
METHOD(hasher_t, get_hash_size, size_t,

12
src/libstrongswan/plugins/sha2/sha2_hasher.c
View File

@ -512,7 +512,7 @@ METHOD(hasher_t, get_hash512, bool,
return TRUE;
}
METHOD(hasher_t, allocate_hash224, void,
METHOD(hasher_t, allocate_hash224, bool,
private_sha256_hasher_t *this, chunk_t chunk, chunk_t *hash)
{
chunk_t allocated_hash;
@ -526,9 +526,10 @@ METHOD(hasher_t, allocate_hash224, void,
reset224(this);
*hash = allocated_hash;
}
return TRUE;
}
METHOD(hasher_t, allocate_hash256, void,
METHOD(hasher_t, allocate_hash256, bool,
private_sha256_hasher_t *this, chunk_t chunk, chunk_t *hash)
{
chunk_t allocated_hash;
@ -542,9 +543,10 @@ METHOD(hasher_t, allocate_hash256, void,
reset256(this);
*hash = allocated_hash;
}
return TRUE;
}
METHOD(hasher_t, allocate_hash384, void,
METHOD(hasher_t, allocate_hash384, bool,
private_sha512_hasher_t *this, chunk_t chunk, chunk_t *hash)
{
chunk_t allocated_hash;
@ -558,9 +560,10 @@ METHOD(hasher_t, allocate_hash384, void,
reset384(this);
*hash = allocated_hash;
}
return TRUE;
}
METHOD(hasher_t, allocate_hash512, void,
METHOD(hasher_t, allocate_hash512, bool,
private_sha512_hasher_t *this, chunk_t chunk, chunk_t *hash)
{
chunk_t allocated_hash;
@ -574,6 +577,7 @@ METHOD(hasher_t, allocate_hash512, void,
reset512(this);
*hash = allocated_hash;
}
return TRUE;
}
METHOD(hasher_t, get_hash_size224, size_t,

10
src/libstrongswan/plugins/x509/x509_cert.c
View File

@ -1490,12 +1490,13 @@ end:
}
/* create certificate hash */
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
if (hasher == NULL)
if (!hasher ||
!hasher->allocate_hash(hasher, this->encoding, &this->encoding_hash))
{
DESTROY_IF(hasher);
DBG1(DBG_ASN, " unable to create hash of certificate, SHA1 not supported");
return FALSE;
}
hasher->allocate_hash(hasher, this->encoding, &this->encoding_hash);
hasher->destroy(hasher);
}
return success;
@ -2344,11 +2345,12 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert,
asn1_bitstring("c", cert->signature));
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
if (!hasher)
if (!hasher ||
!hasher->allocate_hash(hasher, cert->encoding, &cert->encoding_hash))
{
DESTROY_IF(hasher);
return FALSE;
}
hasher->allocate_hash(hasher, cert->encoding, &cert->encoding_hash);
hasher->destroy(hasher);
return TRUE;
}

28
src/libstrongswan/plugins/x509/x509_ocsp_request.c
View File

@ -159,22 +159,24 @@ static chunk_t build_requestList(private_x509_ocsp_request_t *this)
enumerator_t *enumerator;
issuer = cert->get_subject(cert);
hasher->allocate_hash(hasher, issuer->get_encoding(issuer),
&issuerNameHash);
hasher->destroy(hasher);
enumerator = this->candidates->create_enumerator(this->candidates);
while (enumerator->enumerate(enumerator, &x509))
if (hasher->allocate_hash(hasher, issuer->get_encoding(issuer),
&issuerNameHash))
{
chunk_t request, serialNumber;
enumerator = this->candidates->create_enumerator(
this->candidates);
while (enumerator->enumerate(enumerator, &x509))
{
chunk_t request, serialNumber;
serialNumber = x509->get_serial(x509);
request = build_Request(this, issuerNameHash, issuerKeyHash,
serialNumber);
list = chunk_cat("mm", list, request);
serialNumber = x509->get_serial(x509);
request = build_Request(this, issuerNameHash,
issuerKeyHash, serialNumber);
list = chunk_cat("mm", list, request);
}
enumerator->destroy(enumerator);
chunk_free(&issuerNameHash);
}
enumerator->destroy(enumerator);
chunk_free(&issuerNameHash);
hasher->destroy(hasher);
}
}
else

9
src/libstrongswan/plugins/x509/x509_ocsp_response.c
View File

@ -201,19 +201,22 @@ METHOD(ocsp_response_t, get_status, cert_validation_t,
/* check issuerNameHash, if available */
else if (response->issuerNameHash.ptr)
{
id = issuercert->get_subject(issuercert);
hasher = lib->crypto->create_hasher(lib->crypto,
hasher_algorithm_from_oid(response->hashAlgorithm));
if (!hasher)
if (!hasher ||
!hasher->allocate_hash(hasher, id->get_encoding(id), &hash))
{
DESTROY_IF(hasher);
continue;
}
id = issuercert->get_subject(issuercert);
hasher->allocate_hash(hasher, id->get_encoding(id), &hash);
hasher->destroy(hasher);
if (!chunk_equals(hash, response->issuerNameHash))
{
free(hash.ptr);
continue;
}
free(hash.ptr);
}
else
{

4
src/libtls/tls_crypto.c
View File

@ -1196,12 +1196,12 @@ static bool hash_data(private_tls_crypto_t *this, chunk_t data, chunk_t *hash)
return FALSE;
}
hasher = lib->crypto->create_hasher(lib->crypto, alg->hash);
if (!hasher)
if (!hasher || !hasher->allocate_hash(hasher, data, hash))
{
DBG1(DBG_TLS, "%N not supported", hash_algorithm_names, alg->hash);
DESTROY_IF(hasher);
return FALSE;
}
hasher->allocate_hash(hasher, data, hash);
hasher->destroy(hasher);
}
else

6
src/medsrv/controller/user_controller.c
View File

@ -64,7 +64,11 @@ static chunk_t hash_password(char *login, char *password)
}
data = chunk_cata("cc", chunk_create(login, strlen(login)),
chunk_create(password, strlen(password)));
hasher->allocate_hash(hasher, data, &hash);
if (!hasher->allocate_hash(hasher, data, &hash))
{
hasher->destroy(hasher);
return chunk_empty;
}
hasher->destroy(hasher);
return hash;
}