Deprecate DER_Encoder::get_contents_unlocked

It's better to use the version taking the vector in the constructor as otherwise we store to locked memory then copy out at the end. Convert all library uses.
author: Jack Lloyd <[email protected]> 2019-10-28 06:48:38 -0400
committer: Jack Lloyd <[email protected]> 2019-10-28 06:51:35 -0400
commit: f84a03eaace029270d2d026fc3ecf5ba004f0c89 (patch)
tree: b8d96422275d9686bb56c532c9bdcd2770f3552b /src/lib/pubkey
parent: dcb621e23a8ff8f1cb24adc681807a52dc6a49b3 (diff)
1 files changed, 4 insertions, 7 deletions
diff --git a/src/lib/pubkey/pbes2/pbes2.cpp b/src/lib/pubkey/pbes2/pbes2.cpp
index d68bf184b..66c621644 100644
--- a/src/lib/pubkey/pbes2/pbes2.cpp
+++ b/src/lib/pubkey/pbes2/pbes2.cpp
@@ -239,16 +239,14 @@ pbes2_encrypt_shared(const secure_vector<uint8_t>& key_bits,
    secure_vector<uint8_t> ctext = key_bits;
    enc->finish(ctext);
 
-   std::vector<uint8_t> pbes2_params;
+   std::vector<uint8_t> encoded_iv;
+   DER_Encoder(encoded_iv).encode(iv, OCTET_STRING);
 
+   std::vector<uint8_t> pbes2_params;
    DER_Encoder(pbes2_params)
       .start_cons(SEQUENCE)
       .encode(kdf_algo)
-      .encode(
-         AlgorithmIdentifier(cipher,
-            DER_Encoder().encode(iv, OCTET_STRING).get_contents_unlocked()
-            )
-         )
+      .encode(AlgorithmIdentifier(cipher, encoded_iv))
       .end_cons();
 
    AlgorithmIdentifier id(OID::from_string("PBE-PKCS5v20"), pbes2_params);
@@ -256,7 +254,6 @@ pbes2_encrypt_shared(const secure_vector<uint8_t>& key_bits,
    return std::make_pair(id, unlock(ctext));
    }
 
-
 }
 
 std::pair<AlgorithmIdentifier, std::vector<uint8_t>>
author	Jack Lloyd <[email protected]>	2019-10-28 06:48:38 -0400
committer	Jack Lloyd <[email protected]>	2019-10-28 06:51:35 -0400
commit	f84a03eaace029270d2d026fc3ecf5ba004f0c89 (patch)
tree	b8d96422275d9686bb56c532c9bdcd2770f3552b /src/lib/pubkey
parent	dcb621e23a8ff8f1cb24adc681807a52dc6a49b3 (diff)