don't create BN_CTX for ECIES tunnel build record decryption

3 years ago · 167d3a0e3c
parent 86415bc61f
commit 167d3a0e3c
3 changed files with 10 additions and 8 deletions
--- a/libi2pd/I2NPProtocol.cpp
+++ b/libi2pd/I2NPProtocol.cpp
@ -371,10 +371,7 @@ namespace i2p
 			if (!memcmp (record + BUILD_REQUEST_RECORD_TO_PEER_OFFSET, (const uint8_t *)i2p::context.GetRouterInfo ().GetIdentHash (), 16))
 			{
 				LogPrint (eLogDebug, "I2NP: Build request record ", i, " is ours");
-				BN_CTX * ctx = BN_CTX_new ();
-				bool success = i2p::context.DecryptTunnelBuildRecord (record + BUILD_REQUEST_RECORD_ENCRYPTED_OFFSET, clearText, ctx);
-				BN_CTX_free (ctx);
-				if(!success) return false;
+				if (!i2p::context.DecryptTunnelBuildRecord (record + BUILD_REQUEST_RECORD_ENCRYPTED_OFFSET, clearText)) return false;
 				uint8_t retCode = 0;
 				bool isECIES = i2p::context.IsECIES ();
 				// replace record to reply
--- a/libi2pd/RouterContext.cpp
+++ b/libi2pd/RouterContext.cpp
@ -865,7 +865,7 @@ namespace i2p
 		return m_Decryptor ? m_Decryptor->Decrypt (encrypted, data, ctx, true) : false;
 	}

-	bool RouterContext::DecryptTunnelBuildRecord (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx)
+	bool RouterContext::DecryptTunnelBuildRecord (const uint8_t * encrypted, uint8_t * data)
 	{
 		if (!m_TunnelDecryptor) return false;
 		if (IsECIES ())
@ -875,7 +875,7 @@ namespace i2p
 			m_CurrentNoiseState.reset (new i2p::crypto::NoiseSymmetricState (*m_InitialNoiseState));		
 			m_CurrentNoiseState->MixHash (encrypted, 32); // h = SHA256(h || sepk)
 			uint8_t sharedSecret[32];
-			if (!m_TunnelDecryptor->Decrypt (encrypted, sharedSecret, ctx, false))
+			if (!m_TunnelDecryptor->Decrypt (encrypted, sharedSecret, nullptr, false))
 			{
 				LogPrint (eLogWarning, "Router: Incorrect ephemeral public key");
 				return false;
@ -894,7 +894,12 @@ namespace i2p
 			return true;
 		}	
 		else	
-			return m_TunnelDecryptor->Decrypt (encrypted, data, ctx, false);
+		{
+			BN_CTX * ctx = BN_CTX_new ();
+			bool success = m_TunnelDecryptor->Decrypt (encrypted, data, ctx, false);
+			BN_CTX_free (ctx);
+			return success;
+		}	
 	}

 	i2p::crypto::X25519Keys& RouterContext::GetStaticKeys ()
--- a/libi2pd/RouterContext.h
+++ b/libi2pd/RouterContext.h
@ -95,7 +95,7 @@ namespace garlic
 			void SetStatusV6 (RouterStatus status);
 			int GetNetID () const { return m_NetID; };
 			void SetNetID (int netID) { m_NetID = netID; };
-			bool DecryptTunnelBuildRecord (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx);
+			bool DecryptTunnelBuildRecord (const uint8_t * encrypted, uint8_t * data);

 			void UpdatePort (int port); // called from Daemon
 			void UpdateAddress (const boost::asio::ip::address& host);	// called from SSU or Daemon