X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fgcrypt%2Fcipher.c;h=ee3856add941a941421da0f35fa983407046c360;hb=021293e0d03de8d29b22104a8f9bef625b135640;hp=37f232f61adf342cf3b65edcc30a22f4523d66d1;hpb=90cde91141ec61be4354d8deab21edb8fdf01022;p=tinc

diff --git a/src/gcrypt/cipher.c b/src/gcrypt/cipher.c
index 37f232f6..ee3856ad 100644
--- a/src/gcrypt/cipher.c
+++ b/src/gcrypt/cipher.c
@@ -106,7 +106,7 @@ static bool cipher_open(cipher_t *cipher, cipher_algo_t algo, cipher_mode_t mode
 
 	cipher->keylen = gcry_cipher_get_algo_keylen(algo);
 	cipher->blklen = gcry_cipher_get_algo_blklen(algo);
-	cipher->key = xmalloc(cipher->keylen + cipher->blklen);
+	cipher->key = xmalloc(cipher_keylength(cipher));
 	cipher->padding = mode == GCRY_CIPHER_MODE_ECB || mode == GCRY_CIPHER_MODE_CBC;
 
 	return true;
@@ -137,13 +137,15 @@ bool cipher_open_by_nid(cipher_t *cipher, nid_t nid) {
 }
 
 void cipher_close(cipher_t *cipher) {
+	if(!cipher) {
+		return;
+	}
+
 	if(cipher->handle) {
 		gcry_cipher_close(cipher->handle);
-		cipher->handle = NULL;
 	}
 
-	free(cipher->key);
-
+	xzfree(cipher->key, cipher_keylength(cipher));
 	memset(cipher, 0, sizeof(*cipher));
 }
 
@@ -184,7 +186,7 @@ size_t cipher_blocksize(const cipher_t *cipher) {
 bool cipher_set_key(cipher_t *cipher, void *key, bool encrypt) {
 	(void)encrypt;
 
-	memcpy(cipher->key, key, cipher->keylen + cipher->blklen);
+	memcpy(cipher->key, key, cipher_keylength(cipher));
 
 	gcry_cipher_setkey(cipher->handle, cipher->key, cipher->keylen);
 	gcry_cipher_setiv(cipher->handle, cipher->key + cipher->keylen, cipher->blklen);
@@ -206,7 +208,7 @@ bool cipher_set_key_from_rsa(cipher_t *cipher, void *key, size_t len, bool encry
 
 bool cipher_encrypt(cipher_t *cipher, const void *indata, size_t inlen, void *outdata, size_t *outlen, bool oneshot) {
 	gcry_error_t err;
-	uint8_t pad[cipher->blklen];
+	uint8_t *pad = alloca(cipher->blklen);
 
 	if(cipher->padding) {
 		if(!oneshot) {