diff options
| author | NIIBE Yutaka <gniibe@fsij.org> | 2024-01-26 06:13:01 +0100 |
|---|---|---|
| committer | NIIBE Yutaka <gniibe@fsij.org> | 2024-01-26 06:13:01 +0100 |
| commit | af6ac2ac0293a1863503a2c05cfc2192b8d2f804 (patch) | |
| tree | 5f4f2dc1ea77831146788bbcb950d21930d09eed /g10 | |
| parent | kbx: Have threads monitoring socket takeover and homedir if no inotify. (diff) | |
| download | gnupg2-af6ac2ac0293a1863503a2c05cfc2192b8d2f804.tar.xz gnupg2-af6ac2ac0293a1863503a2c05cfc2192b8d2f804.zip | |
gpg: Clean up pk_ecdh_decrypt function.
* g10/ecdh.c (pk_ecdh_decrypt): Allocate just the right size of memory
for the session key, simplifying the decrypt process.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/ecdh.c | 25 |
1 files changed, 11 insertions, 14 deletions
diff --git a/g10/ecdh.c b/g10/ecdh.c index eb14154a1..dbce846b9 100644 --- a/g10/ecdh.c +++ b/g10/ecdh.c @@ -524,8 +524,7 @@ pk_ecdh_decrypt (gcry_mpi_t *r_result, const byte sk_fp[MAX_FINGERPRINT_LEN], size_t nbytes; byte *data_buf; int data_buf_size; - byte *in; - const void *p; + const unsigned char *p; unsigned int nbits; *r_result = NULL; @@ -546,7 +545,10 @@ pk_ecdh_decrypt (gcry_mpi_t *r_result, const byte sk_fp[MAX_FINGERPRINT_LEN], return gpg_error (GPG_ERR_BAD_DATA); } - data_buf = xtrymalloc_secure( 1 + 2*data_buf_size + 8); + /* The first octet is for length. It's longer than the result + because of one additional block of AESWRAP. */ + data_buf_size -= 1 + 8; + data_buf = xtrymalloc_secure (data_buf_size); if (!data_buf) { err = gpg_error_from_syserror (); @@ -560,22 +562,18 @@ pk_ecdh_decrypt (gcry_mpi_t *r_result, const byte sk_fp[MAX_FINGERPRINT_LEN], gcry_cipher_close (hd); return gpg_error (GPG_ERR_BAD_MPI); } - memcpy (data_buf, p, nbytes); - if (data_buf[0] != nbytes-1) + if (p[0] != nbytes-1) { log_error ("ecdh inconsistent size\n"); xfree (data_buf); gcry_cipher_close (hd); return gpg_error (GPG_ERR_BAD_MPI); } - in = data_buf+data_buf_size; - data_buf_size = data_buf[0]; if (DBG_CRYPTO) - log_printhex (data_buf+1, data_buf_size, "ecdh decrypting :"); + log_printhex (p+1, nbytes-1, "ecdh decrypting :"); - err = gcry_cipher_decrypt (hd, in, data_buf_size, data_buf+1, - data_buf_size); + err = gcry_cipher_decrypt (hd, data_buf, data_buf_size, p+1, nbytes-1); gcry_cipher_close (hd); if (err) { @@ -585,10 +583,8 @@ pk_ecdh_decrypt (gcry_mpi_t *r_result, const byte sk_fp[MAX_FINGERPRINT_LEN], return err; } - data_buf_size -= 8; - if (DBG_CRYPTO) - log_printhex (in, data_buf_size, "ecdh decrypted to :"); + log_printhex (data_buf, data_buf_size, "ecdh decrypted to :"); /* Padding is removed later. */ /* if (in[data_buf_size-1] > 8 ) */ @@ -598,7 +594,8 @@ pk_ecdh_decrypt (gcry_mpi_t *r_result, const byte sk_fp[MAX_FINGERPRINT_LEN], /* return gpg_error (GPG_ERR_BAD_KEY); */ /* } */ - err = gcry_mpi_scan (r_result, GCRYMPI_FMT_USG, in, data_buf_size, NULL); + err = gcry_mpi_scan (r_result, GCRYMPI_FMT_USG, data_buf, + data_buf_size, NULL); xfree (data_buf); if (err) { |