Treat return values for security.c

This patch make functions in security.c return values when they should instead of beeing void. And it also fix the callers of these functions.
C4rt · Apr 1, 2015 · 0eb399a · 0eb399a
1 parent 121ea23
commit 0eb399a
Show file tree

Hide file tree

Showing 9 changed files with 215 additions and 130 deletions.
diff --git a/include/freerdp/crypto/crypto.h b/include/freerdp/crypto/crypto.h
@@ -103,15 +103,15 @@ typedef struct crypto_des3_struct* CryptoDes3;
 
 FREERDP_API CryptoDes3 crypto_des3_encrypt_init(const BYTE* key, const BYTE* ivec);
 FREERDP_API CryptoDes3 crypto_des3_decrypt_init(const BYTE* key, const BYTE* ivec);
-FREERDP_API void crypto_des3_encrypt(CryptoDes3 des3, UINT32 length, const BYTE *in_data, BYTE *out_data);
-FREERDP_API void crypto_des3_decrypt(CryptoDes3 des3, UINT32 length, const BYTE *in_data, BYTE* out_data);
+FREERDP_API BOOL crypto_des3_encrypt(CryptoDes3 des3, UINT32 length, const BYTE *in_data, BYTE *out_data);
+FREERDP_API BOOL crypto_des3_decrypt(CryptoDes3 des3, UINT32 length, const BYTE *in_data, BYTE* out_data);
 FREERDP_API void crypto_des3_free(CryptoDes3 des3);
 
 typedef struct crypto_hmac_struct* CryptoHmac;
 
 FREERDP_API CryptoHmac crypto_hmac_new(void);
-FREERDP_API void crypto_hmac_sha1_init(CryptoHmac hmac, const BYTE *data, UINT32 length);
-FREERDP_API void crypto_hmac_md5_init(CryptoHmac hmac, const BYTE *data, UINT32 length);
+FREERDP_API BOOL crypto_hmac_sha1_init(CryptoHmac hmac, const BYTE *data, UINT32 length);
+FREERDP_API BOOL crypto_hmac_md5_init(CryptoHmac hmac, const BYTE *data, UINT32 length);
 FREERDP_API void crypto_hmac_update(CryptoHmac hmac, const BYTE *data, UINT32 length);
 FREERDP_API void crypto_hmac_final(CryptoHmac hmac, BYTE *out_data, UINT32 length);
 FREERDP_API void crypto_hmac_free(CryptoHmac hmac);

diff --git a/libfreerdp/core/fastpath.c b/libfreerdp/core/fastpath.c
@@ -767,6 +767,7 @@ BOOL fastpath_send_multiple_input_pdu(rdpFastPath* fastpath, wStream* s, int iNu
 	rdpRdp* rdp;
 	UINT16 length;
 	BYTE eventHeader;
+	BOOL status;
 
 	/*
 	 *  A maximum of 15 events are allowed per request
@@ -817,7 +818,8 @@ BOOL fastpath_send_multiple_input_pdu(rdpFastPath* fastpath, wStream* s, int iNu
 			Stream_Write_UINT8(s, 0x1); /* TSFIPS_VERSION 1*/
 			Stream_Write_UINT8(s, pad); /* padding */
 
-			security_hmac_signature(fpInputEvents, fpInputEvents_length, Stream_Pointer(s), rdp);
+			if (!security_hmac_signature(fpInputEvents, fpInputEvents_length, Stream_Pointer(s), rdp))
+				return FALSE;
 
 			if (pad)
 				memset(fpInputEvents + fpInputEvents_length, 0, pad);
@@ -829,9 +831,12 @@ BOOL fastpath_send_multiple_input_pdu(rdpFastPath* fastpath, wStream* s, int iNu
 		else
 		{
 			if (rdp->sec_flags & SEC_SECURE_CHECKSUM)
-				security_salted_mac_signature(rdp, fpInputEvents, fpInputEvents_length, TRUE, Stream_Pointer(s));
+				status = security_salted_mac_signature(rdp, fpInputEvents, fpInputEvents_length, TRUE, Stream_Pointer(s));
 			else
-				security_mac_signature(rdp, fpInputEvents, fpInputEvents_length, Stream_Pointer(s));
+				status = security_mac_signature(rdp, fpInputEvents, fpInputEvents_length, Stream_Pointer(s));
+
+			if (!status)
+				return FALSE;
 
 			security_encrypt(fpInputEvents, fpInputEvents_length, rdp);
 		}
@@ -1021,16 +1026,19 @@ BOOL fastpath_send_update_pdu(rdpFastPath* fastpath, BYTE updateCode, wStream* s
 
 			if (rdp->settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS)
 			{
-				security_hmac_signature(data, dataSize - pad, pSignature, rdp);
+				if (!security_hmac_signature(data, dataSize - pad, pSignature, rdp))
+					return FALSE;
 				security_fips_encrypt(data, dataSize, rdp);
 			}
 			else
 			{
 				if (rdp->sec_flags & SEC_SECURE_CHECKSUM)
-					security_salted_mac_signature(rdp, data, dataSize, TRUE, pSignature);
+					status = security_salted_mac_signature(rdp, data, dataSize, TRUE, pSignature);
 				else
-					security_mac_signature(rdp, data, dataSize, pSignature);
+					status = security_mac_signature(rdp, data, dataSize, pSignature);
 
+				if (!status)
+					return FALSE;
 				security_encrypt(data, dataSize, rdp);
 			}
 		}

diff --git a/libfreerdp/core/info.c b/libfreerdp/core/info.c
@@ -72,7 +72,8 @@ BOOL rdp_compute_client_auto_reconnect_cookie(rdpRdp* rdp)
 
 	/* SecurityVerifier = HMAC_MD5(AutoReconnectRandom, ClientRandom) */
 
-	crypto_hmac_md5_init(hmac, AutoReconnectRandom, 16);
+	if (!crypto_hmac_md5_init(hmac, AutoReconnectRandom, 16))
+		return FALSE;
 	crypto_hmac_update(hmac, ClientRandom, 32);
 	crypto_hmac_final(hmac, clientCookie->securityVerifier, 16);
 	crypto_hmac_free(hmac);

diff --git a/libfreerdp/core/license.c b/libfreerdp/core/license.c
@@ -297,7 +297,8 @@ int license_recv(rdpLicense* license, wStream* s)
 			if (!license_read_platform_challenge_packet(license, s))
 				return -1;
 
-			license_send_platform_challenge_response_packet(license);
+			if (!license_send_platform_challenge_response_packet(license))
+				return -1;
 			break;
 		case NEW_LICENSE:
 			license_read_new_license_packet(license, s);
@@ -336,15 +337,21 @@ void license_generate_randoms(rdpLicense* license)
  * @param license license module
  */
 
-void license_generate_keys(rdpLicense* license)
+BOOL license_generate_keys(rdpLicense* license)
 {
-	security_master_secret(license->PremasterSecret, license->ClientRandom,
-						   license->ServerRandom, license->MasterSecret); /* MasterSecret */
-	security_session_key_blob(license->MasterSecret, license->ClientRandom,
-							  license->ServerRandom, license->SessionKeyBlob); /* SessionKeyBlob */
+	if (
+		/* MasterSecret */
+		!security_master_secret(license->PremasterSecret, license->ClientRandom,
+								license->ServerRandom, license->MasterSecret) ||
+		/* SessionKeyBlob */
+		!security_session_key_blob(license->MasterSecret, license->ClientRandom,
+							  license->ServerRandom, license->SessionKeyBlob))
+	{
+		return FALSE;
+	}
 	security_mac_salt_key(license->SessionKeyBlob, license->ClientRandom,
 						  license->ServerRandom, license->MacSaltKey); /* MacSaltKey */
-	security_licensing_encryption_key(license->SessionKeyBlob, license->ClientRandom,
+	return security_licensing_encryption_key(license->SessionKeyBlob, license->ClientRandom,
 									  license->ServerRandom, license->LicensingEncryptionKey); /* LicensingEncryptionKey */
 #ifdef WITH_DEBUG_LICENSE
 	WLog_DBG(TAG, "ClientRandom:");
@@ -369,7 +376,7 @@ void license_generate_keys(rdpLicense* license)
  * @param license license module
  */
 
-void license_generate_hwid(rdpLicense* license)
+BOOL license_generate_hwid(rdpLicense* license)
 {
 	CryptoMd5 md5;
 	BYTE macAddress[6];
@@ -382,11 +389,12 @@ void license_generate_hwid(rdpLicense* license)
 	if (!md5)
 	{
 		WLog_ERR(TAG, "unable to allocate a md5");
-		return;
+		return FALSE;
 	}
 
 	crypto_md5_update(md5, macAddress, sizeof(macAddress));
 	crypto_md5_final(md5, &license->HardwareId[HWID_PLATFORM_ID_LENGTH]);
+	return TRUE;
 }
 
 void license_get_server_rsa_public_key(rdpLicense* license)
@@ -411,7 +419,7 @@ void license_get_server_rsa_public_key(rdpLicense* license)
 	CopyMemory(license->Modulus, Modulus, ModulusLength);
 }
 
-void license_encrypt_premaster_secret(rdpLicense* license)
+BOOL license_encrypt_premaster_secret(rdpLicense* license)
 {
 	BYTE* EncryptedPremasterSecret;
 	license_get_server_rsa_public_key(license);
@@ -422,6 +430,8 @@ void license_encrypt_premaster_secret(rdpLicense* license)
 	winpr_HexDump(TAG, WLOG_DEBUG, license->Exponent, 4);
 #endif
 	EncryptedPremasterSecret = (BYTE*) calloc(1, license->ModulusLength);
+	if (!EncryptedPremasterSecret)
+		return FALSE;
 
 	license->EncryptedPremasterSecret->type = BB_RANDOM_BLOB;
 	license->EncryptedPremasterSecret->length = PREMASTER_SECRET_LENGTH;
@@ -431,6 +441,7 @@ void license_encrypt_premaster_secret(rdpLicense* license)
 			license->ModulusLength, license->Modulus, license->Exponent, EncryptedPremasterSecret);
 #endif
 	license->EncryptedPremasterSecret->data = EncryptedPremasterSecret;
+	return TRUE;
 }
 
 void license_decrypt_platform_challenge(rdpLicense* license)
@@ -742,9 +753,10 @@ BOOL license_read_license_request_packet(rdpLicense* license, wStream* s)
 			license->ServerCertificate->data, license->ServerCertificate->length))
 		return FALSE;
 
-	license_generate_keys(license);
-	license_generate_hwid(license);
-	license_encrypt_premaster_secret(license);
+	if (!license_generate_keys(license) || !license_generate_hwid(license) ||
+			!license_encrypt_premaster_secret(license))
+		return FALSE;
+
 #ifdef WITH_DEBUG_LICENSE
 	WLog_DBG(TAG, "ServerRandom:");
 	winpr_HexDump(TAG, WLOG_DEBUG, license->ServerRandom, 32);
@@ -952,30 +964,41 @@ void license_write_platform_challenge_response_packet(rdpLicense* license, wStre
  * @param license license module
  */
 
-void license_send_platform_challenge_response_packet(rdpLicense* license)
+BOOL license_send_platform_challenge_response_packet(rdpLicense* license)
 {
 	wStream* s;
 	int length;
 	BYTE* buffer;
 	CryptoRc4 rc4;
 	BYTE mac_data[16];
+	BOOL status;
+
 	DEBUG_LICENSE("Sending Platform Challenge Response Packet");
 	s = license_send_stream_init(license);
 	license->EncryptedPlatformChallenge->type = BB_DATA_BLOB;
 	length = license->PlatformChallenge->length + HWID_LENGTH;
+
 	buffer = (BYTE*) malloc(length);
+	if (!buffer)
+		return FALSE;
+
 	CopyMemory(buffer, license->PlatformChallenge->data, license->PlatformChallenge->length);
 	CopyMemory(&buffer[license->PlatformChallenge->length], license->HardwareId, HWID_LENGTH);
-	security_mac_data(license->MacSaltKey, buffer, length, mac_data);
+	status = security_mac_data(license->MacSaltKey, buffer, length, mac_data);
 	free(buffer);
+
+	if (!status)
+		return FALSE;
+
 	buffer = (BYTE*) malloc(HWID_LENGTH);
-	rc4 = crypto_rc4_init(license->LicensingEncryptionKey, LICENSING_ENCRYPTION_KEY_LENGTH);
+	if (!buffer)
+		return FALSE;
 
+	rc4 = crypto_rc4_init(license->LicensingEncryptionKey, LICENSING_ENCRYPTION_KEY_LENGTH);
 	if (!rc4)
 	{
 		WLog_ERR(TAG, "unable to allocate a rc4");
-		free(buffer);
-		return;
+		return FALSE;
 	}
 
 	crypto_rc4(rc4, HWID_LENGTH, license->HardwareId, buffer);
@@ -992,7 +1015,7 @@ void license_send_platform_challenge_response_packet(rdpLicense* license)
 	winpr_HexDump(TAG, WLOG_DEBUG, license->EncryptedHardwareId->data, HWID_LENGTH);
 #endif
 	license_write_platform_challenge_response_packet(license, s, mac_data);
-	license_send(license, s, PLATFORM_CHALLENGE_RESPONSE);
+	return license_send(license, s, PLATFORM_CHALLENGE_RESPONSE);
 }
 
 /**

diff --git a/libfreerdp/core/license.h b/libfreerdp/core/license.h
@@ -205,9 +205,9 @@ BOOL license_send(rdpLicense* license, wStream* s, BYTE type);
 wStream* license_send_stream_init(rdpLicense* license);
 
 void license_generate_randoms(rdpLicense* license);
-void license_generate_keys(rdpLicense* license);
-void license_generate_hwid(rdpLicense* license);
-void license_encrypt_premaster_secret(rdpLicense* license);
+BOOL license_generate_keys(rdpLicense* license);
+BOOL license_generate_hwid(rdpLicense* license);
+BOOL license_encrypt_premaster_secret(rdpLicense* license);
 void license_decrypt_platform_challenge(rdpLicense* license);
 
 LICENSE_PRODUCT_INFO* license_new_product_info(void);
@@ -233,7 +233,7 @@ void license_write_new_license_request_packet(rdpLicense* license, wStream* s);
 void license_send_new_license_request_packet(rdpLicense* license);
 
 void license_write_platform_challenge_response_packet(rdpLicense* license, wStream* s, BYTE* mac_data);
-void license_send_platform_challenge_response_packet(rdpLicense* license);
+BOOL license_send_platform_challenge_response_packet(rdpLicense* license);
 
 BOOL license_send_valid_client_error_packet(rdpLicense* license);