apc_priv_decrypt: Let the callee allocate the buffer.

[paraslash.git] / openssl.c

diff --git a/openssl.c b/openssl.c
index acf1120dd139aeb121a1533108f0f07b24dc6e61..5f981437061ee40f1110405c31160d6defbe2772 100644 (file)
--- a/openssl.c
+++ b/openssl.c
@@ -274,12 +274,13 @@ void apc_free_pubkey(struct asymmetric_key *pub)
        free(pub);
 }
 
-int apc_priv_decrypt(const char *key_file, unsigned char *outbuf,
+int apc_priv_decrypt(const char *key_file, unsigned char **outbuf,
                unsigned char *inbuf, int inlen)
 {
        struct asymmetric_key *priv;
        int ret;
 
+       *outbuf = NULL;
        ret = check_private_key_file(key_file);
        if (ret < 0)
                return ret;
@@ -298,11 +299,15 @@ int apc_priv_decrypt(const char *key_file, unsigned char *outbuf,
        ret = -E_BLINDING;
        if (RSA_blinding_on(priv->rsa, NULL) == 0)
                goto out;
-       ret = RSA_private_decrypt(inlen, inbuf, outbuf, priv->rsa,
+       *outbuf = alloc(RSA_size(priv->rsa));
+       ret = RSA_private_decrypt(inlen, inbuf, *outbuf, priv->rsa,
                RSA_PKCS1_OAEP_PADDING);
        RSA_blinding_off(priv->rsa);
-       if (ret <= 0)
+       if (ret <= 0) {
+               free(*outbuf);
+               *outbuf = NULL;
                ret = -E_DECRYPT;
+       }
 out:
        RSA_free(priv->rsa);
        free(priv);