X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fgcrypt%2Fcipher.c;h=2813da6b5d0079564041fbe038dae7d45a79b3af;hb=c44b08613508c993e7fd9f625e0b1b4775efffed;hp=37f232f61adf342cf3b65edcc30a22f4523d66d1;hpb=efca41606d4083eade90047d57cb963eb3b7e731;p=tinc

diff --git a/src/gcrypt/cipher.c b/src/gcrypt/cipher.c
index 37f232f6..2813da6b 100644
--- a/src/gcrypt/cipher.c
+++ b/src/gcrypt/cipher.c
@@ -106,7 +106,7 @@ static bool cipher_open(cipher_t *cipher, cipher_algo_t algo, cipher_mode_t mode
 
 	cipher->keylen = gcry_cipher_get_algo_keylen(algo);
 	cipher->blklen = gcry_cipher_get_algo_blklen(algo);
-	cipher->key = xmalloc(cipher->keylen + cipher->blklen);
+	cipher->key = xmalloc(cipher_keylength(cipher));
 	cipher->padding = mode == GCRY_CIPHER_MODE_ECB || mode == GCRY_CIPHER_MODE_CBC;
 
 	return true;
@@ -137,13 +137,15 @@ bool cipher_open_by_nid(cipher_t *cipher, nid_t nid) {
 }
 
 void cipher_close(cipher_t *cipher) {
+	if(!cipher) {
+		return;
+	}
+
 	if(cipher->handle) {
 		gcry_cipher_close(cipher->handle);
-		cipher->handle = NULL;
 	}
 
-	free(cipher->key);
-
+	xzfree(cipher->key, cipher_keylength(cipher));
 	memset(cipher, 0, sizeof(*cipher));
 }
 
@@ -184,7 +186,7 @@ size_t cipher_blocksize(const cipher_t *cipher) {
 bool cipher_set_key(cipher_t *cipher, void *key, bool encrypt) {
 	(void)encrypt;
 
-	memcpy(cipher->key, key, cipher->keylen + cipher->blklen);
+	memcpy(cipher->key, key, cipher_keylength(cipher));
 
 	gcry_cipher_setkey(cipher->handle, cipher->key, cipher->keylen);
 	gcry_cipher_setiv(cipher->handle, cipher->key + cipher->keylen, cipher->blklen);