[gnutls-devel] GnuTLS | Add ecdh compute function gnutls_ecdh_compute_key (!1395)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Sat Mar 20 18:31:17 CET 2021




Nicolas Mora commented on a discussion on lib/ecdh.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1395#note_534049763

> + * along with this program.  If not, see <https://www.gnu.org/licenses/>
> + *
> + */
> +
> +/* Helper functions for ECC handling 
> + * based on public domain code by Tom St. Dennis.
> + */
> +#include "gnutls_int.h"
> +#include <ecdh.h>
> +#include "errors.h"
> +
> +int gnutls_ecdh_compute_key(gnutls_privkey_t privkey, gnutls_pubkey_t pubkey, gnutls_datum_t *Z)
> +{
> +  gnutls_ecc_curve_t curve_pub = GNUTLS_ECC_CURVE_INVALID, curve_priv = GNUTLS_ECC_CURVE_INVALID;
> +  unsigned int bits_pub = 0, bits_priv = 0;
> +  gnutls_datum_t priv_x = {NULL, 0}, priv_y = {NULL, 0}, priv_k = {NULL, 0}, pub_x = {NULL, 0}, pub_y = {NULL, 0};

On lines 52 and 58, I use `gnutls_privkey_export_ecc_raw` and `gnutls_pubkey_export_ecc_raw` to fill those `gnutls_datum_t` variables, if one fails, then there's a `goto cleanup` with `gnutls_free` for them.

I assume that if one of the `*_export_ecc_raw` fails and the `gnutls_datum_t` data are undefined, `gnutls_free` may segfault.

I can split cleanup goto step into 2 steps instead if you don't want `gnutls_datum_t` values to be initialized with `{NULL, 0}`?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1395#note_534049763
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210320/515de5b8/attachment-0001.html>


More information about the Gnutls-devel mailing list