Add a return value to crypter_t.decrypt()

scripts/crypt_burn.c

@@ -110,9 +110,12 @@ int main(int argc, char *argv[])
 			{
 				continue;
 			}
-			crypter->decrypt(crypter,
-				chunk_create(buffer, sizeof(buffer) / bs * bs),
-				chunk_create(iv, crypter->get_iv_size(crypter)), NULL);
+			if (!crypter->decrypt(crypter,
+					chunk_create(buffer, sizeof(buffer) / bs * bs),
+					chunk_create(iv, crypter->get_iv_size(crypter)), NULL))
+			{
+				continue;
+			}
 			if (limit && ++i == limit)
 			{
 				break;

src/libcharon/sa/ikev1/keymat_v1.c

@@ -174,8 +174,7 @@ METHOD(aead_t, decrypt, bool,
 	private_aead_t *this, chunk_t encrypted, chunk_t assoc, chunk_t iv,
 	chunk_t *plain)
 {
-	this->crypter->decrypt(this->crypter, encrypted, iv, plain);
-	return TRUE;
+	return this->crypter->decrypt(this->crypter, encrypted, iv, plain);
 }
 
 METHOD(aead_t, get_block_size, size_t,

src/libsimaka/simaka_message.c

@@ -499,8 +499,10 @@ static bool decrypt(private_simaka_message_t *this)
 			 eap_type_names, this->hdr->type);
 		return FALSE;
 	}
-
-	crypter->decrypt(crypter, this->encr, this->iv, &plain);
+	if (!crypter->decrypt(crypter, this->encr, this->iv, &plain))
+	{
+		return FALSE;
+	}
 
 	this->encrypted = TRUE;
 	success = parse_attributes(this, plain);

src/libstrongswan/crypto/aead.c

@@ -105,8 +105,7 @@ METHOD(aead_t, decrypt, bool,
 		DBG1(DBG_LIB, "MAC verification failed");
 		return FALSE;
 	}
-	this->crypter->decrypt(this->crypter, encrypted, iv, plain);
-	return TRUE;
+	return this->crypter->decrypt(this->crypter, encrypted, iv, plain);
 }
 
 METHOD(aead_t, get_block_size, size_t,

src/libstrongswan/crypto/crypters/crypter.h

@@ -106,8 +106,10 @@ struct crypter_t {
 	 * @param data			data to decrypt
 	 * @param iv			initializing vector
 	 * @param encrypted		chunk to allocate decrypted data, or NULL
+	 * @return				TRUE if decryption successful
 	 */
-	void (*decrypt) (crypter_t *this, chunk_t data, chunk_t iv,
+	__attribute__((warn_unused_result))
+	bool (*decrypt) (crypter_t *this, chunk_t data, chunk_t iv,
 					 chunk_t *decrypted);
 
 	/**

src/libstrongswan/crypto/crypto_tester.c

@@ -164,8 +164,10 @@ static u_int bench_crypter(private_crypto_tester_t *this,
 			{
 				runs++;
 			}
-			crypter->decrypt(crypter, buf, chunk_from_thing(iv), NULL);
-			runs++;
+			if (crypter->decrypt(crypter, buf, chunk_from_thing(iv), NULL))
+			{
+				runs++;
+			}
 		}
 		free(buf.ptr);
 		crypter->destroy(crypter);
@@ -226,7 +228,10 @@ METHOD(crypto_tester_t, test_crypter, bool,
 			failed = TRUE;
 		}
 		/* inline decryption */
-		crypter->decrypt(crypter, cipher, iv, NULL);
+		if (!crypter->decrypt(crypter, cipher, iv, NULL))
+		{
+			failed = TRUE;
+		}
 		if (!memeq(vector->plain, cipher.ptr, cipher.len))
 		{
 			failed = TRUE;
@@ -234,7 +239,10 @@ METHOD(crypto_tester_t, test_crypter, bool,
 		free(cipher.ptr);
 		/* allocated decryption */
 		cipher = chunk_create(vector->cipher, vector->len);
-		crypter->decrypt(crypter, cipher, iv, &plain);
+		if (!crypter->decrypt(crypter, cipher, iv, &plain))
+		{
+			failed = TRUE;
+		}
 		if (!memeq(vector->plain, plain.ptr, plain.len))
 		{
 			failed = TRUE;

src/libstrongswan/crypto/pkcs7.c

@@ -639,7 +639,11 @@ end:
 
 	/* decrypt the content */
 	crypter->set_key(crypter, symmetric_key);
-	crypter->decrypt(crypter, encrypted_content, iv, &this->data);
+	if (!crypter->decrypt(crypter, encrypted_content, iv, &this->data))
+	{
+		success = FALSE;
+		goto failed;
+	}
 	DBG4(DBG_LIB, "decrypted content with padding: %B", &this->data);
 
 	/* remove the padding */

src/libstrongswan/plugins/aes/aes_crypter.c

@@ -1331,7 +1331,7 @@ static void decrypt_block(const private_aes_crypter_t *this, const unsigned char
     state_out(out_blk, b0);
 }
 
-METHOD(crypter_t, decrypt, void,
+METHOD(crypter_t, decrypt, bool,
 	private_aes_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted)
 {
 	int pos;
@@ -1371,6 +1371,7 @@ METHOD(crypter_t, decrypt, void,
 		out-=16;
 		pos-=16;
 	}
+	return TRUE;
 }
 
 METHOD(crypter_t, encrypt, bool,

src/libstrongswan/plugins/af_alg/af_alg_crypter.c

@@ -131,7 +131,7 @@ static size_t lookup_alg(encryption_algorithm_t algo, char **name,
 	return 0;
 }
 
-METHOD(crypter_t, decrypt, void,
+METHOD(crypter_t, decrypt, bool,
 	private_af_alg_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst)
 {
 	if (dst)
@@ -143,6 +143,7 @@ METHOD(crypter_t, decrypt, void,
 	{
 		this->ops->crypt(this->ops, ALG_OP_DECRYPT, iv, data, data.ptr);
 	}
+	return TRUE;
 }
 
 METHOD(crypter_t, encrypt, bool,

src/libstrongswan/plugins/blowfish/blowfish_crypter.c

@@ -87,7 +87,7 @@ struct private_blowfish_crypter_t {
 	u_int32_t key_size;
 };
 
-METHOD(crypter_t, decrypt, void,
+METHOD(crypter_t, decrypt, bool,
 	private_blowfish_crypter_t *this, chunk_t data, chunk_t iv,
 	chunk_t *decrypted)
 {
@@ -108,6 +108,8 @@ METHOD(crypter_t, decrypt, void,
 	BF_cbc_encrypt(in, out, data.len, &this->schedule, iv.ptr, 0);
 
 	free(iv.ptr);
+
+	return TRUE;
 }
 
 METHOD(crypter_t, encrypt, bool,

src/libstrongswan/plugins/des/des_crypter.c

@@ -1416,7 +1416,7 @@ static void des_ede3_cbc_encrypt(des_cblock *input, des_cblock *output, long len
 	tin[0]=tin[1]=0;
 }
 
-METHOD(crypter_t, decrypt, void,
+METHOD(crypter_t, decrypt, bool,
 	private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted)
 {
 	des_cblock ivb;
@@ -1431,6 +1431,7 @@ METHOD(crypter_t, decrypt, void,
 	memcpy(&ivb, iv.ptr, sizeof(des_cblock));
 	des_cbc_encrypt((des_cblock*)(data.ptr), (des_cblock*)out,
 					 data.len, this->ks, &ivb, DES_DECRYPT);
+	return TRUE;
 }
 
 
@@ -1452,7 +1453,7 @@ METHOD(crypter_t, encrypt, bool,
 	return TRUE;
 }
 
-METHOD(crypter_t, decrypt_ecb, void,
+METHOD(crypter_t, decrypt_ecb, bool,
 	private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted)
 {
 	u_int8_t *out;
@@ -1465,6 +1466,7 @@ METHOD(crypter_t, decrypt_ecb, void,
 	}
 	des_ecb_encrypt((des_cblock*)(data.ptr), (des_cblock*)out,
 					 data.len, this->ks, DES_DECRYPT);
+	return TRUE;
 }
 
 METHOD(crypter_t, encrypt_ecb, bool,
@@ -1483,7 +1485,7 @@ METHOD(crypter_t, encrypt_ecb, bool,
 	return TRUE;
 }
 
-METHOD(crypter_t, decrypt3, void,
+METHOD(crypter_t, decrypt3, bool,
 	private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted)
 {
 	des_cblock ivb;
@@ -1499,6 +1501,7 @@ METHOD(crypter_t, decrypt3, void,
 	des_ede3_cbc_encrypt((des_cblock*)(data.ptr), (des_cblock*)out,
 						 data.len, this->ks3[0], this->ks3[1], this->ks3[2],
 						 &ivb, DES_DECRYPT);
+	return TRUE;
 }
 
 METHOD(crypter_t, encrypt3, bool,

src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c

@@ -70,20 +70,20 @@ static bool set_iv(private_gcrypt_crypter_t *this, chunk_t iv)
 	return gcry_cipher_setiv(this->h, iv.ptr, iv.len) == 0;
 }
 
-METHOD(crypter_t, decrypt, void,
+METHOD(crypter_t, decrypt, bool,
 	private_gcrypt_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst)
 {
-	set_iv(this, iv);
-
+	if (!set_iv(this, iv))
+	{
+		return FALSE;
+	}
 	if (dst)
 	{
 		*dst = chunk_alloc(data.len);
-		gcry_cipher_decrypt(this->h, dst->ptr, dst->len, data.ptr, data.len);
-	}
-	else
-	{
-		gcry_cipher_decrypt(this->h, data.ptr, data.len, NULL, 0);
+		return gcry_cipher_decrypt(this->h, dst->ptr, dst->len,
+								   data.ptr, data.len) == 0;
 	}
+	return gcry_cipher_decrypt(this->h, data.ptr, data.len, NULL, 0) == 0;
 }
 
 METHOD(crypter_t, encrypt, bool,

src/libstrongswan/plugins/openssl/openssl_crypter.c

@@ -114,10 +114,10 @@ static bool crypt(private_openssl_crypter_t *this, chunk_t data, chunk_t iv,
 		   EVP_CIPHER_CTX_cleanup(&ctx);
 }
 
-METHOD(crypter_t, decrypt, void,
+METHOD(crypter_t, decrypt, bool,
 	private_openssl_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst)
 {
-	crypt(this, data, iv, dst, 0);
+	return crypt(this, data, iv, dst, 0);
 }
 
 METHOD(crypter_t, encrypt, bool,

src/libstrongswan/plugins/padlock/padlock_aes_crypter.c

@@ -109,10 +109,11 @@ static void crypt(private_padlock_aes_crypter_t *this, char *iv,
 	memwipe(key_aligned, sizeof(key_aligned));
 }
 
-METHOD(crypter_t, decrypt, void,
+METHOD(crypter_t, decrypt, bool,
 	private_padlock_aes_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst)
 {
 	crypt(this, iv.ptr, data, dst, TRUE);
+	return TRUE;
 }
 
 METHOD(crypter_t, encrypt, bool,

src/libstrongswan/plugins/pem/pem_builder.c

@@ -134,7 +134,11 @@ static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg,
 		DBG1(DBG_ASN, "  data size is not multiple of block size");
 		return PARSE_ERROR;
 	}
-	crypter->decrypt(crypter, *blob, iv, &decrypted);
+	if (!crypter->decrypt(crypter, *blob, iv, &decrypted))
+	{
+		crypter->destroy(crypter);
+		return FAILED;
+	}
 	crypter->destroy(crypter);
 	memcpy(blob->ptr, decrypted.ptr, blob->len);
 	chunk_free(&decrypted);

src/libstrongswan/plugins/pkcs8/pkcs8_builder.c

@@ -170,7 +170,10 @@ static private_key_t *decrypt_private_key(chunk_t blob,
 		}
 
 		crypter->set_key(crypter, key);
-		crypter->decrypt(crypter, blob, iv, &decrypted);
+		if (!crypter->decrypt(crypter, blob, iv, &decrypted))
+		{
+			continue;
+		}
 		if (verify_padding(&decrypted))
 		{
 			private_key = parse_private_key(decrypted);

src/libtls/tls_protection.c

@@ -150,7 +150,12 @@ METHOD(tls_protection_t, process, status_t,
 				return NEED_MORE;
 			}
 		}
-		this->crypter_in->decrypt(this->crypter_in, data, iv, NULL);
+		if (!this->crypter_in->decrypt(this->crypter_in, data, iv, NULL))
+		{
+			free(next_iv.ptr);
+			this->alert->add(this->alert, TLS_FATAL, TLS_BAD_RECORD_MAC);
+			return NEED_MORE;
+		}
 
 		if (next_iv.len)
 		{	/* next record IV is last ciphertext block of this record */