Add a return value to crypter_t.set_key()

2012-07-06 16:57:17 +02:00 · 2012-07-06 16:57:17 +02:00 · ce73fc19db
parent 3b96189a2a
commit ce73fc19db
23 changed files with 87 additions and 57 deletions
--- a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
+++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
@ -339,8 +339,8 @@ static status_t ChallengeResponse(chunk_t challenge_hash, chunk_t password_hash,
 		chunk_t expanded, encrypted;

 		expanded = ExpandDESKey(keys[i]);
-		crypter->set_key(crypter, expanded);
-		if (!crypter->encrypt(crypter, challenge_hash, chunk_empty, &encrypted))
+		if (!crypter->set_key(crypter, expanded) ||
+			!crypter->encrypt(crypter, challenge_hash, chunk_empty, &encrypted))
 		{
 			chunk_clear(&expanded);
 			crypter->destroy(crypter);
--- a/src/libcharon/sa/ikev1/keymat_v1.c
+++ b/src/libcharon/sa/ikev1/keymat_v1.c
@ -205,8 +205,7 @@ METHOD(aead_t, get_key_size, size_t,
 METHOD(aead_t, set_key, bool,
 	private_aead_t *this, chunk_t key)
 {
-	this->crypter->set_key(this->crypter, key);
-	return TRUE;
+	return this->crypter->set_key(this->crypter, key);
 }

 METHOD(aead_t, aead_destroy, void,
@ -291,7 +290,11 @@ static aead_t *create_aead(proposal_t *proposal, prf_t *prf, chunk_t skeyid_e)
 		return NULL;
 	}
 	DBG4(DBG_IKE, "encryption key Ka %B", &ka);
-	crypter->set_key(crypter, ka);
+	if (!crypter->set_key(crypter, ka))
+	{
+		chunk_clear(&ka);
+		return NULL;
+	}
 	chunk_clear(&ka);

 	INIT(this,
--- a/src/libcharon/sa/ikev2/keymat_v2.c
+++ b/src/libcharon/sa/ikev2/keymat_v2.c
@ -225,7 +225,14 @@ static bool derive_ike_traditional(private_keymat_v2_t *this, u_int16_t enc_alg,
 		return FALSE;
 	}
 	DBG4(DBG_IKE, "Sk_ei secret %B", &key);
-	crypter_i->set_key(crypter_i, key);
+	if (!crypter_i->set_key(crypter_i, key))
+	{
+		crypter_i->destroy(crypter_i);
+		crypter_r->destroy(crypter_r);
+		signer_i->destroy(signer_i);
+		signer_r->destroy(signer_r);
+		return FALSE;
+	}
 	chunk_clear(&key);

 	if (!prf_plus->allocate_bytes(prf_plus, key_size, &key))
@ -237,7 +244,14 @@ static bool derive_ike_traditional(private_keymat_v2_t *this, u_int16_t enc_alg,
 		return FALSE;
 	}
 	DBG4(DBG_IKE, "Sk_er secret %B", &key);
-	crypter_r->set_key(crypter_r, key);
+	if (!crypter_r->set_key(crypter_r, key))
+	{
+		crypter_i->destroy(crypter_i);
+		crypter_r->destroy(crypter_r);
+		signer_i->destroy(signer_i);
+		signer_r->destroy(signer_r);
+		return FALSE;
+	}
 	chunk_clear(&key);

 	if (this->initiator)
--- a/src/libsimaka/simaka_crypto.c
+++ b/src/libsimaka/simaka_crypto.c
@ -148,12 +148,12 @@ METHOD(simaka_crypto_t, derive_keys_full, bool,
 	k_auth = chunk_create(str.ptr + KENCR_LEN, KAUTH_LEN);
 	DBG3(DBG_LIB, "K_encr %B\nK_auth %B\nMSK %B", &k_encr, &k_auth, &msk);

-	if (!this->signer->set_key(this->signer, k_auth))
+	if (!this->signer->set_key(this->signer, k_auth) ||
+		!this->crypter->set_key(this->crypter, k_encr))
 	{
 		chunk_clear(mk);
 		return FALSE;
 	}
-	this->crypter->set_key(this->crypter, k_encr);

 	*msk = chunk_create(str.ptr + KENCR_LEN + KAUTH_LEN, MSK_LEN);

@ -187,11 +187,11 @@ METHOD(simaka_crypto_t, derive_keys_reauth, bool,
 	k_auth = chunk_create(str.ptr + KENCR_LEN, KAUTH_LEN);
 	DBG3(DBG_LIB, "K_encr %B\nK_auth %B", &k_encr, &k_auth);

-	if (!this->signer->set_key(this->signer, k_auth))
+	if (!this->signer->set_key(this->signer, k_auth) ||
+		!this->crypter->set_key(this->crypter, k_encr))
 	{
 		return FALSE;
 	}
-	this->crypter->set_key(this->crypter, k_encr);

 	call_hook(this, k_encr, k_auth);

--- a/src/libstrongswan/crypto/aead.c
+++ b/src/libstrongswan/crypto/aead.c
@ -141,13 +141,8 @@ METHOD(aead_t, set_key, bool,
 	chunk_split(key, "mm", this->signer->get_key_size(this->signer), &sig,
 				this->crypter->get_key_size(this->crypter), &enc);

-	if (!this->signer->set_key(this->signer, sig))
-	{
-		return FALSE;
-	}
-	this->crypter->set_key(this->crypter, enc);
-
-	return TRUE;
+	return this->signer->set_key(this->signer, sig) &&
+		   this->crypter->set_key(this->crypter, enc);
 }

 METHOD(aead_t, destroy, void,
--- a/src/libstrongswan/crypto/crypters/crypter.h
+++ b/src/libstrongswan/crypto/crypters/crypter.h
@ -147,8 +147,10 @@ struct crypter_t {
 	 * The length of the key must match get_key_size().
 	 *
 	 * @param key			key to set
+	 * @return				TRUE if key set successfully
 	 */
-	void (*set_key) (crypter_t *this, chunk_t key);
+	__attribute__((warn_unused_result))
+	bool (*set_key) (crypter_t *this, chunk_t key);

 	/**
 	 * Destroys a crypter_t object.
--- a/src/libstrongswan/crypto/crypto_tester.c
+++ b/src/libstrongswan/crypto/crypto_tester.c
@ -151,7 +151,10 @@ static u_int bench_crypter(private_crypto_tester_t *this,

 		memset(iv, 0x56, sizeof(iv));
 		memset(key, 0x12, sizeof(key));
-		crypter->set_key(crypter, chunk_from_thing(key));
+		if (!crypter->set_key(crypter, chunk_from_thing(key)))
+		{
+			return 0;
+		}

 		buf = chunk_alloc(this->bench_size);
 		memset(buf.ptr, 0x34, buf.len);
@ -214,7 +217,10 @@ METHOD(crypto_tester_t, test_crypter, bool,
 		tested++;

 		key = chunk_create(vector->key, crypter->get_key_size(crypter));
-		crypter->set_key(crypter, key);
+		if (!crypter->set_key(crypter, key))
+		{
+			failed = TRUE;
+		}
 		iv = chunk_create(vector->iv, crypter->get_iv_size(crypter));

 		/* allocated encryption */
--- a/src/libstrongswan/crypto/pkcs7.c
+++ b/src/libstrongswan/crypto/pkcs7.c
@ -638,8 +638,8 @@ end:
 	success = FALSE;

 	/* decrypt the content */
-	crypter->set_key(crypter, symmetric_key);
-	if (!crypter->decrypt(crypter, encrypted_content, iv, &this->data))
+	if (!crypter->set_key(crypter, symmetric_key) ||
+		!crypter->decrypt(crypter, encrypted_content, iv, &this->data))
 	{
 		success = FALSE;
 		goto failed;
@ -834,8 +834,8 @@ METHOD(pkcs7_t, build_envelopedData, bool,
 	DBG3(DBG_LIB, "  padded unencrypted data: %B", &in);

 	/* symmetric encryption of data object */
-	crypter->set_key(crypter, symmetricKey);
-	if (!crypter->encrypt(crypter, in, iv, &out))
+	if (!crypter->set_key(crypter, symmetricKey) ||
+		!crypter->encrypt(crypter, in, iv, &out))
 	{
 		crypter->destroy(crypter);
 		chunk_clear(&in);
--- a/src/libstrongswan/plugins/aes/aes_crypter.c
+++ b/src/libstrongswan/plugins/aes/aes_crypter.c
@ -1430,7 +1430,7 @@ METHOD(crypter_t, get_key_size, size_t,
 	return this->key_size;
 }

-METHOD(crypter_t, set_key, void,
+METHOD(crypter_t, set_key, bool,
 	private_aes_crypter_t *this, chunk_t key)
 {
 	u_int32_t    *kf, *kt, rci, f = 0;
@ -1515,6 +1515,7 @@ METHOD(crypter_t, set_key, void,
 		}
 		cpy(kt, kf);
 	}
+	return TRUE;
 }

 METHOD(crypter_t, destroy, void,
--- a/src/libstrongswan/plugins/af_alg/af_alg_crypter.c
+++ b/src/libstrongswan/plugins/af_alg/af_alg_crypter.c
@ -179,10 +179,11 @@ METHOD(crypter_t, get_key_size, size_t,
 	return this->keymat_size;
 }

-METHOD(crypter_t, set_key, void,
+METHOD(crypter_t, set_key, bool,
 	private_af_alg_crypter_t *this, chunk_t key)
 {
 	this->ops->set_key(this->ops, key);
+	return TRUE;
 }

 METHOD(crypter_t, destroy, void,
--- a/src/libstrongswan/plugins/blowfish/blowfish_crypter.c
+++ b/src/libstrongswan/plugins/blowfish/blowfish_crypter.c
@ -155,10 +155,11 @@ METHOD(crypter_t, get_key_size, size_t,
 	return this->key_size;
 }

-METHOD(crypter_t, set_key, void,
+METHOD(crypter_t, set_key, bool,
 	private_blowfish_crypter_t *this, chunk_t key)
 {
 	BF_set_key(&this->schedule, key.len , key.ptr);
+	return TRUE;
 }

 METHOD(crypter_t, destroy, void,
--- a/src/libstrongswan/plugins/ccm/ccm_aead.c
+++ b/src/libstrongswan/plugins/ccm/ccm_aead.c
@ -316,8 +316,7 @@ METHOD(aead_t, set_key, bool,
 {
 	memcpy(this->salt, key.ptr + key.len - SALT_SIZE, SALT_SIZE);
 	key.len -= SALT_SIZE;
-	this->crypter->set_key(this->crypter, key);
-	return TRUE;
+	return this->crypter->set_key(this->crypter, key);
 }

 METHOD(aead_t, destroy, void,
--- a/src/libstrongswan/plugins/cmac/cmac.c
+++ b/src/libstrongswan/plugins/cmac/cmac.c
@ -279,8 +279,8 @@ METHOD(mac_t, set_key, bool,
 	memset(iv.ptr, 0, iv.len);
 	l = chunk_alloca(this->b);
 	memset(l.ptr, 0, l.len);
-	this->k->set_key(this->k, resized);
-	if (!this->k->encrypt(this->k, l, iv, NULL))
+	if (!this->k->set_key(this->k, resized) ||
+		!this->k->encrypt(this->k, l, iv, NULL))
 	{
 		return FALSE;
 	}
--- a/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c
+++ b/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c
@ -113,13 +113,13 @@ METHOD(crypter_t, get_key_size, size_t,
 			+ sizeof(this->state.nonce);
 }

-METHOD(crypter_t, set_key, void,
+METHOD(crypter_t, set_key, bool,
 	private_ctr_ipsec_crypter_t *this, chunk_t key)
 {
 	memcpy(this->state.nonce, key.ptr + key.len - sizeof(this->state.nonce),
 		   sizeof(this->state.nonce));
 	key.len -= sizeof(this->state.nonce);
-	this->crypter->set_key(this->crypter, key);
+	return this->crypter->set_key(this->crypter, key);
 }

 METHOD(crypter_t, destroy, void,
--- a/src/libstrongswan/plugins/des/des_crypter.c
+++ b/src/libstrongswan/plugins/des/des_crypter.c
@ -1541,18 +1541,20 @@ METHOD(crypter_t, get_key_size, size_t,
 	return this->key_size;
 }

-METHOD(crypter_t, set_key, void,
+METHOD(crypter_t, set_key, bool,
 	private_des_crypter_t *this, chunk_t key)
 {
 	des_set_key((des_cblock*)(key.ptr), &this->ks);
+	return TRUE;
 }

-METHOD(crypter_t, set_key3, void,
+METHOD(crypter_t, set_key3, bool,
 	private_des_crypter_t *this, chunk_t key)
 {
 	des_set_key((des_cblock*)(key.ptr) + 0, &this->ks3[0]);
 	des_set_key((des_cblock*)(key.ptr) + 1, &this->ks3[1]);
 	des_set_key((des_cblock*)(key.ptr) + 2, &this->ks3[2]);
+	return TRUE;
 }

 METHOD(crypter_t, destroy, void,
--- a/src/libstrongswan/plugins/gcm/gcm_aead.c
+++ b/src/libstrongswan/plugins/gcm/gcm_aead.c
@ -348,8 +348,8 @@ METHOD(aead_t, set_key, bool,
 {
 	memcpy(this->salt, key.ptr + key.len - SALT_SIZE, SALT_SIZE);
 	key.len -= SALT_SIZE;
-	this->crypter->set_key(this->crypter, key);
-	return create_h(this, this->h);
+	return this->crypter->set_key(this->crypter, key) &&
+		   create_h(this, this->h);
 }

 METHOD(aead_t, destroy, void,
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c
@ -141,7 +141,7 @@ METHOD(crypter_t, get_key_size, size_t,
 	return len;
 }

-METHOD(crypter_t, set_key, void,
+METHOD(crypter_t, set_key, bool,
 	private_gcrypt_crypter_t *this, chunk_t key)
 {
 	if (this->ctr_mode)
@ -151,7 +151,7 @@ METHOD(crypter_t, set_key, void,
 			   sizeof(this->ctr.nonce));
 		key.len -= sizeof(this->ctr.nonce);
 	}
-	gcry_cipher_setkey(this->h, key.ptr, key.len);
+	return gcry_cipher_setkey(this->h, key.ptr, key.len) == 0;
 }

 METHOD(crypter_t, destroy, void,
--- a/src/libstrongswan/plugins/openssl/openssl_crypter.c
+++ b/src/libstrongswan/plugins/openssl/openssl_crypter.c
@ -144,10 +144,11 @@ METHOD(crypter_t, get_key_size, size_t,
 	return this->key.len;
 }

-METHOD(crypter_t, set_key, void,
+METHOD(crypter_t, set_key, bool,
 	private_openssl_crypter_t *this, chunk_t key)
 {
 	memcpy(this->key.ptr, key.ptr, min(key.len, this->key.len));
+	return TRUE;
 }

 METHOD(crypter_t, destroy, void,
--- a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c
+++ b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c
@ -141,10 +141,11 @@ METHOD(crypter_t, get_key_size, size_t,
 	return this->key.len;
 }

-METHOD(crypter_t, set_key, void,
+METHOD(crypter_t, set_key, bool,
 	private_padlock_aes_crypter_t *this, chunk_t key)
 {
 	memcpy(this->key.ptr, key.ptr, min(key.len, this->key.len));
+	return TRUE;
 }

 METHOD(crypter_t, destroy, void,
--- a/src/libstrongswan/plugins/pem/pem_builder.c
+++ b/src/libstrongswan/plugins/pem/pem_builder.c
@ -125,7 +125,6 @@ static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg,
 			 encryption_algorithm_names, alg);
 		return NOT_SUPPORTED;
 	}
-	crypter->set_key(crypter, key);

 	if (iv.len != crypter->get_iv_size(crypter) ||
 		blob->len % crypter->get_block_size(crypter))
@ -134,7 +133,8 @@ static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg,
 		DBG1(DBG_ASN, "  data size is not multiple of block size");
 		return PARSE_ERROR;
 	}
-	if (!crypter->decrypt(crypter, *blob, iv, &decrypted))
+	if (!crypter->set_key(crypter, key) ||
+		!crypter->decrypt(crypter, *blob, iv, &decrypted))
 	{
 		crypter->destroy(crypter);
 		return FAILED;
--- a/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c
+++ b/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c
@ -168,9 +168,8 @@ static private_key_t *decrypt_private_key(chunk_t blob,
 		{
 			continue;
 		}
-
-		crypter->set_key(crypter, key);
-		if (!crypter->decrypt(crypter, blob, iv, &decrypted))
+		if (!crypter->set_key(crypter, key) ||
+			!crypter->decrypt(crypter, blob, iv, &decrypted))
 		{
 			continue;
 		}
--- a/src/libstrongswan/plugins/xcbc/xcbc.c
+++ b/src/libstrongswan/plugins/xcbc/xcbc.c
@ -257,17 +257,16 @@ METHOD(mac_t, set_key, bool,
 	memset(this->k2, 0x02, this->b);
 	memset(this->k3, 0x03, this->b);

-	this->k1->set_key(this->k1, lengthened);
-	if (!this->k1->encrypt(this->k1, chunk_create(this->k2, this->b), iv, NULL) ||
+	if (!this->k1->set_key(this->k1, lengthened) ||
+		!this->k1->encrypt(this->k1, chunk_create(this->k2, this->b), iv, NULL) ||
 		!this->k1->encrypt(this->k1, chunk_create(this->k3, this->b), iv, NULL) ||
-		!this->k1->encrypt(this->k1, k1, iv, NULL))
+		!this->k1->encrypt(this->k1, k1, iv, NULL) ||
+		!this->k1->set_key(this->k1, k1))
 	{
+		memwipe(k1.ptr, k1.len);
 		return FALSE;
 	}
-	this->k1->set_key(this->k1, k1);
-
 	memwipe(k1.ptr, k1.len);
-
 	return TRUE;
 }

--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@ -1560,13 +1560,19 @@ static bool expand_keys(private_tls_crypto_t *this,

 		if (this->tls->is_server(this->tls))
 		{
-			this->crypter_in->set_key(this->crypter_in, client_write);
-			this->crypter_out->set_key(this->crypter_out, server_write);
+			if (!this->crypter_in->set_key(this->crypter_in, client_write) ||
+				!this->crypter_out->set_key(this->crypter_out, server_write))
+			{
+				return FALSE;
+			}
 		}
 		else
 		{
-			this->crypter_out->set_key(this->crypter_out, client_write);
-			this->crypter_in->set_key(this->crypter_in, server_write);
+			if (!this->crypter_out->set_key(this->crypter_out, client_write) ||
+				!this->crypter_in->set_key(this->crypter_in, server_write))
+			{
+				return FALSE;
+			}
 		}
 		if (ivs)
 		{