apc_priv_decrypt: Let the callee allocate the buffer.

This complements the previous commit which made the analogous
change for public encryption. Passing char ** instead of char * to
apc_priv_decrypt() allows us to get rid of the magic 1024 constant
in client_common.c.

diff --git a/client_common.c b/client_common.c
index 32a94492968dadae99f3b50ab1505449849ad293..396fd88c894cda20e4f55a7955a9a4fe77e9633d 100644 (file)
--- a/client_common.c
+++ b/client_common.c
@@ -324,7 +324,7 @@ static int client_post_monitor(struct sched *s, void *context)
                 */
                {
                /* decrypted challenge/session key buffer */
-               unsigned char crypt_buf[1024];
+               unsigned char *crypt_buf;
                struct sb_buffer sbb;
 
                ret = recv_sb(ct, &sbb);
@@ -337,12 +337,13 @@ static int client_post_monitor(struct sched *s, void *context)
                }
                n = sbb.iov.iov_len;
                PARA_INFO_LOG("<-- [challenge] (%zu bytes)\n", n);
-               ret = apc_priv_decrypt(ct->key_file, crypt_buf,
+               ret = apc_priv_decrypt(ct->key_file, &crypt_buf,
                        sbb.iov.iov_base, n);
                free(sbb.iov.iov_base);
                if (ret < 0)
                        goto out;
                if (ret != APC_CHALLENGE_SIZE + 2 * SESSION_KEY_LEN) {
+                       free(crypt_buf);
                        ret = -E_DECRYPT;
                        goto out;
                }
@@ -360,6 +361,7 @@ static int client_post_monitor(struct sched *s, void *context)
                         SESSION_KEY_LEN);
                ct->scc.recv = sc_new(crypt_buf + APC_CHALLENGE_SIZE
                        + SESSION_KEY_LEN, SESSION_KEY_LEN);
+               free(crypt_buf);
                PARA_INFO_LOG("--> %s\n", buf);
                ct->status = CL_RECEIVED_CHALLENGE;
                return 0;

diff --git a/crypt.h b/crypt.h
index 6507099507b1eb336fc9509732099319884665ca..2e094ced9ee760ced8a7647217a5046bc58e0c20 100644 (file)
--- a/crypt.h
+++ b/crypt.h
@@ -31,7 +31,7 @@ int apc_pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf,
  * Decrypt a buffer using a private key.
  *
  * \param key_file Full path of the key.
- * \param outbuf The output buffer.
+ * \param outbuf The output buffer is allocated by the callee.
  * \param inbuf The encrypted input buffer.
  * \param inlen The length of \a inbuf.
  *
@@ -39,7 +39,7 @@ int apc_pub_encrypt(struct asymmetric_key *pub, unsigned char *inbuf,
  *
  * \return The size of the recovered plaintext on success, negative on errors.
  */
-int apc_priv_decrypt(const char *key_file, unsigned char *outbuf,
+int apc_priv_decrypt(const char *key_file, unsigned char **outbuf,
                unsigned char *inbuf, int inlen);
 
 /**

diff --git a/gcrypt.c b/gcrypt.c
index 68f80f27fc30ff70fed05d5a7f7f8c89ef995260..e5f64688cbbc6ef5aa907fb7336675bdc9818e61 100644 (file)
--- a/gcrypt.c
+++ b/gcrypt.c
@@ -478,17 +478,20 @@ void apc_free_pubkey(struct asymmetric_key *key)
        free(key);
 }
 
-static int decode_rsa(gcry_sexp_t sexp, unsigned char *outbuf, size_t *nbytes)
+static int decode_rsa(gcry_sexp_t sexp, unsigned char **outbuf, size_t *nbytes)
 {
        const char *p = gcry_sexp_nth_data(sexp, 1, nbytes);
 
-       if (!p)
+       if (!p) {
+               *outbuf = NULL;
                return -E_RSA_DECODE;
-       memcpy(outbuf, p, *nbytes);
+       }
+       *outbuf = alloc(*nbytes);
+       memcpy(*outbuf, p, *nbytes);
        return 1;
 }
 
-int apc_priv_decrypt(const char *key_file, unsigned char *outbuf,
+int apc_priv_decrypt(const char *key_file, unsigned char **outbuf,
                unsigned char *inbuf, int inlen)
 {
        gcry_error_t gret;
@@ -498,6 +501,7 @@ int apc_priv_decrypt(const char *key_file, unsigned char *outbuf,
        gcry_sexp_t in, out, priv_key;
        size_t nbytes;
 
+       *outbuf = NULL;
        ret = check_private_key_file(key_file);
        if (ret < 0)
                return ret;

diff --git a/openssl.c b/openssl.c
index acf1120dd139aeb121a1533108f0f07b24dc6e61..5f981437061ee40f1110405c31160d6defbe2772 100644 (file)
--- a/openssl.c
+++ b/openssl.c
@@ -274,12 +274,13 @@ void apc_free_pubkey(struct asymmetric_key *pub)
        free(pub);
 }
 
-int apc_priv_decrypt(const char *key_file, unsigned char *outbuf,
+int apc_priv_decrypt(const char *key_file, unsigned char **outbuf,
                unsigned char *inbuf, int inlen)
 {
        struct asymmetric_key *priv;
        int ret;
 
+       *outbuf = NULL;
        ret = check_private_key_file(key_file);
        if (ret < 0)
                return ret;
@@ -298,11 +299,15 @@ int apc_priv_decrypt(const char *key_file, unsigned char *outbuf,
        ret = -E_BLINDING;
        if (RSA_blinding_on(priv->rsa, NULL) == 0)
                goto out;
-       ret = RSA_private_decrypt(inlen, inbuf, outbuf, priv->rsa,
+       *outbuf = alloc(RSA_size(priv->rsa));
+       ret = RSA_private_decrypt(inlen, inbuf, *outbuf, priv->rsa,
                RSA_PKCS1_OAEP_PADDING);
        RSA_blinding_off(priv->rsa);
-       if (ret <= 0)
+       if (ret <= 0) {
+               free(*outbuf);
+               *outbuf = NULL;
                ret = -E_DECRYPT;
+       }
 out:
        RSA_free(priv->rsa);
        free(priv);