For block and stream ciphers, don't set the size of the key vectors

until we are actually setting a key. This avoids the problem of
prototype objects consuming not just memory but the precious few bytes
of mlock'able memory that we're given by Linux.

Use clear_mem instead of a loop in BigInt::mask_bits

If OS2ECP encounters an invalid format type, include what type it was
in the exception message.

2 files changed, 5 insertions, 3 deletions

diff --git a/src/block/idea/idea.cpp b/src/block/idea/idea.cpp
index f9b6cc874..15062abdf 100644
--- a/src/block/idea/idea.cpp
+++ b/src/block/idea/idea.cpp
@@ -124,6 +124,9 @@ void IDEA::decrypt_n(const byte in[], byte out[], size_t blocks) const
 */
 void IDEA::key_schedule(const byte key[], size_t)
    {
+   EK.resize(52);
+   DK.resize(52);
+
    for(size_t i = 0; i != 8; ++i)
       EK[i] = load_be<u16bit>(key, i);
 
diff --git a/src/block/idea/idea.h b/src/block/idea/idea.h
index f3f0ce1bc..03ecb1f03 100644
--- a/src/block/idea/idea.h
+++ b/src/block/idea/idea.h
@@ -21,11 +21,9 @@ class BOTAN_DLL IDEA : public Block_Cipher_Fixed_Params<8, 16>
       void encrypt_n(const byte in[], byte out[], size_t blocks) const;
       void decrypt_n(const byte in[], byte out[], size_t blocks) const;
 
-      void clear() { zeroise(EK); zeroise(DK); }
+      void clear() { EK.clear(); DK.clear(); }
       std::string name() const { return "IDEA"; }
       BlockCipher* clone() const { return new IDEA; }
-
-      IDEA() : EK(52), DK(52) {}
    protected:
       /**
       * @return const reference to encryption subkeys
@@ -39,6 +37,7 @@ class BOTAN_DLL IDEA : public Block_Cipher_Fixed_Params<8, 16>
 
    private:
       void key_schedule(const byte[], size_t);
+
       secure_vector<u16bit> EK, DK;
    };