security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Activity

gpg: Clean up pk_ecdh_decrypt function. 

* g10/ecdh.c (pk_ecdh_decrypt): Allocate just the right size of memory
for the session key, simplifying the decrypt process.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2024-01-26 14:13:01 +09:00
parent ccfbb9ebdf
commit af6ac2ac02
No known key found for this signature in database
GPG Key ID: 640114AF89DE6054
1 changed files with 11 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
g10/ecdh.c
View File

@ -524,8 +524,7 @@ pk_ecdh_decrypt (gcry_mpi_t *r_result, const byte sk_fp[MAX_FINGERPRINT_LEN],
size_t nbytes; size_t nbytes;
byte *data_buf; byte *data_buf;
int data_buf_size; int data_buf_size;
byte *in; const unsigned char *p;
const void *p;
unsigned int nbits; unsigned int nbits;
*r_result = NULL; *r_result = NULL;
@ -546,7 +545,10 @@ pk_ecdh_decrypt (gcry_mpi_t *r_result, const byte sk_fp[MAX_FINGERPRINT_LEN],
return gpg_error (GPG_ERR_BAD_DATA); return gpg_error (GPG_ERR_BAD_DATA);
} }
data_buf = xtrymalloc_secure( 1 + 2*data_buf_size + 8); /* The first octet is for length. It's longer than the result
because of one additional block of AESWRAP. */
data_buf_size -= 1 + 8;
data_buf = xtrymalloc_secure (data_buf_size);
if (!data_buf) if (!data_buf)
{ {
err = gpg_error_from_syserror (); err = gpg_error_from_syserror ();
@ -560,22 +562,18 @@ pk_ecdh_decrypt (gcry_mpi_t *r_result, const byte sk_fp[MAX_FINGERPRINT_LEN],
gcry_cipher_close (hd); gcry_cipher_close (hd);
return gpg_error (GPG_ERR_BAD_MPI); return gpg_error (GPG_ERR_BAD_MPI);
} }
memcpy (data_buf, p, nbytes); if (p[0] != nbytes-1)
if (data_buf[0] != nbytes-1)
{ {
log_error ("ecdh inconsistent size\n"); log_error ("ecdh inconsistent size\n");
xfree (data_buf); xfree (data_buf);
gcry_cipher_close (hd); gcry_cipher_close (hd);
return gpg_error (GPG_ERR_BAD_MPI); return gpg_error (GPG_ERR_BAD_MPI);
} }
in = data_buf+data_buf_size;
data_buf_size = data_buf[0];
if (DBG_CRYPTO) if (DBG_CRYPTO)
log_printhex (data_buf+1, data_buf_size, "ecdh decrypting :"); log_printhex (p+1, nbytes-1, "ecdh decrypting :");
err = gcry_cipher_decrypt (hd, in, data_buf_size, data_buf+1, err = gcry_cipher_decrypt (hd, data_buf, data_buf_size, p+1, nbytes-1);
data_buf_size);
gcry_cipher_close (hd); gcry_cipher_close (hd);
if (err) if (err)
{ {
@ -585,10 +583,8 @@ pk_ecdh_decrypt (gcry_mpi_t *r_result, const byte sk_fp[MAX_FINGERPRINT_LEN],
return err; return err;
} }
data_buf_size -= 8;
if (DBG_CRYPTO) if (DBG_CRYPTO)
log_printhex (in, data_buf_size, "ecdh decrypted to :"); log_printhex (data_buf, data_buf_size, "ecdh decrypted to :");
/* Padding is removed later. */ /* Padding is removed later. */
/* if (in[data_buf_size-1] > 8 ) */ /* if (in[data_buf_size-1] > 8 ) */
@ -598,7 +594,8 @@ pk_ecdh_decrypt (gcry_mpi_t *r_result, const byte sk_fp[MAX_FINGERPRINT_LEN],
/* return gpg_error (GPG_ERR_BAD_KEY); */ /* return gpg_error (GPG_ERR_BAD_KEY); */
/* } */ /* } */
err = gcry_mpi_scan (r_result, GCRYMPI_FMT_USG, in, data_buf_size, NULL); err = gcry_mpi_scan (r_result, GCRYMPI_FMT_USG, data_buf,
data_buf_size, NULL);
xfree (data_buf); xfree (data_buf);
if (err) if (err)
{ {