From 167d3a0e3cdaad6b3b82cea9835359855b896a8a Mon Sep 17 00:00:00 2001 From: orignal Date: Sun, 28 Mar 2021 12:14:02 -0400 Subject: [PATCH] don't create BN_CTX for ECIES tunnel build record decryption --- libi2pd/I2NPProtocol.cpp | 5 +---- libi2pd/RouterContext.cpp | 11 ++++++++--- libi2pd/RouterContext.h | 2 +- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/libi2pd/I2NPProtocol.cpp b/libi2pd/I2NPProtocol.cpp index 6897148b..7f059d72 100644 --- a/libi2pd/I2NPProtocol.cpp +++ b/libi2pd/I2NPProtocol.cpp @@ -371,10 +371,7 @@ namespace i2p if (!memcmp (record + BUILD_REQUEST_RECORD_TO_PEER_OFFSET, (const uint8_t *)i2p::context.GetRouterInfo ().GetIdentHash (), 16)) { LogPrint (eLogDebug, "I2NP: Build request record ", i, " is ours"); - BN_CTX * ctx = BN_CTX_new (); - bool success = i2p::context.DecryptTunnelBuildRecord (record + BUILD_REQUEST_RECORD_ENCRYPTED_OFFSET, clearText, ctx); - BN_CTX_free (ctx); - if(!success) return false; + if (!i2p::context.DecryptTunnelBuildRecord (record + BUILD_REQUEST_RECORD_ENCRYPTED_OFFSET, clearText)) return false; uint8_t retCode = 0; bool isECIES = i2p::context.IsECIES (); // replace record to reply diff --git a/libi2pd/RouterContext.cpp b/libi2pd/RouterContext.cpp index fadbb51a..4d1cdec3 100644 --- a/libi2pd/RouterContext.cpp +++ b/libi2pd/RouterContext.cpp @@ -865,7 +865,7 @@ namespace i2p return m_Decryptor ? m_Decryptor->Decrypt (encrypted, data, ctx, true) : false; } - bool RouterContext::DecryptTunnelBuildRecord (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx) + bool RouterContext::DecryptTunnelBuildRecord (const uint8_t * encrypted, uint8_t * data) { if (!m_TunnelDecryptor) return false; if (IsECIES ()) @@ -875,7 +875,7 @@ namespace i2p m_CurrentNoiseState.reset (new i2p::crypto::NoiseSymmetricState (*m_InitialNoiseState)); m_CurrentNoiseState->MixHash (encrypted, 32); // h = SHA256(h || sepk) uint8_t sharedSecret[32]; - if (!m_TunnelDecryptor->Decrypt (encrypted, sharedSecret, ctx, false)) + if (!m_TunnelDecryptor->Decrypt (encrypted, sharedSecret, nullptr, false)) { LogPrint (eLogWarning, "Router: Incorrect ephemeral public key"); return false; @@ -894,7 +894,12 @@ namespace i2p return true; } else - return m_TunnelDecryptor->Decrypt (encrypted, data, ctx, false); + { + BN_CTX * ctx = BN_CTX_new (); + bool success = m_TunnelDecryptor->Decrypt (encrypted, data, ctx, false); + BN_CTX_free (ctx); + return success; + } } i2p::crypto::X25519Keys& RouterContext::GetStaticKeys () diff --git a/libi2pd/RouterContext.h b/libi2pd/RouterContext.h index a7594e36..a4d18f82 100644 --- a/libi2pd/RouterContext.h +++ b/libi2pd/RouterContext.h @@ -95,7 +95,7 @@ namespace garlic void SetStatusV6 (RouterStatus status); int GetNetID () const { return m_NetID; }; void SetNetID (int netID) { m_NetID = netID; }; - bool DecryptTunnelBuildRecord (const uint8_t * encrypted, uint8_t * data, BN_CTX * ctx); + bool DecryptTunnelBuildRecord (const uint8_t * encrypted, uint8_t * data); void UpdatePort (int port); // called from Daemon void UpdateAddress (const boost::asio::ip::address& host); // called from SSU or Daemon