diff options
author | Jack Lloyd <[email protected]> | 2017-09-22 19:47:54 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2017-09-22 19:48:17 -0400 |
commit | de581bbf6dfc1fadc0755925300d047f392bf986 (patch) | |
tree | e2af8a23e5d317c08ab4d26ad6695a8537e38c70 /src | |
parent | bac9f93cd68994710f2a2b916a0f121f715458b1 (diff) |
Avoid new/delete in BearSSL ECDSA code
Especially storing private key that way was bad, wasn't zeroed.
Diffstat (limited to 'src')
-rw-r--r-- | src/lib/prov/bearssl/bearssl_ec.cpp | 27 |
1 files changed, 10 insertions, 17 deletions
diff --git a/src/lib/prov/bearssl/bearssl_ec.cpp b/src/lib/prov/bearssl/bearssl_ec.cpp index 7a0808c47..29ff1b5ad 100644 --- a/src/lib/prov/bearssl/bearssl_ec.cpp +++ b/src/lib/prov/bearssl/bearssl_ec.cpp @@ -92,10 +92,10 @@ class BearSSL_ECDSA_Verification_Operation final : public PK_Ops::Verification if (m_hf == nullptr) throw Lookup_Error("BearSSL ECDSA does not support hash " + req.arg(0)); - const secure_vector<uint8_t> enc = EC2OSP(ecdsa.public_point(), PointGFp::UNCOMPRESSED); - m_key.qlen = enc.size(); - m_key.q = new uint8_t[m_key.qlen]; - memcpy(m_key.q, enc.data(), m_key.qlen); + m_q_buf = EC2OSP(ecdsa.public_point(), PointGFp::UNCOMPRESSED); + + m_key.qlen = m_q_buf.size(); + m_key.q = m_q_buf.data(); m_key.curve = curve; } @@ -120,14 +120,10 @@ class BearSSL_ECDSA_Verification_Operation final : public PK_Ops::Verification size_t max_input_bits() const { return m_order_bits; } - ~BearSSL_ECDSA_Verification_Operation() - { - delete m_key.q; - } - private: br_ec_public_key m_key; std::unique_ptr<HashFunction> m_hf; + secure_vector<uint8_t> m_q_buf; const br_hash_class *m_hash; size_t m_order_bits; }; @@ -151,9 +147,10 @@ class BearSSL_ECDSA_Signing_Operation final : public PK_Ops::Signature if (m_hf == nullptr) throw Lookup_Error("BearSSL ECDSA does not support hash " + req.arg(0)); - m_key.xlen = ecdsa.private_value().bytes(); - m_key.x = new uint8_t[m_key.xlen]; - ecdsa.private_value().binary_encode(m_key.x); + m_x_buf = BigInt::encode_locked(ecdsa.private_value()); + + m_key.xlen = m_x_buf.size(); + m_key.x = m_x_buf.data(); m_key.curve = curve; } @@ -178,14 +175,10 @@ class BearSSL_ECDSA_Signing_Operation final : public PK_Ops::Signature size_t max_input_bits() const { return m_order_bits; } - ~BearSSL_ECDSA_Signing_Operation() - { - delete m_key.x; - } - private: br_ec_private_key m_key; std::unique_ptr<HashFunction> m_hf; + secure_vector<uint8_t> m_x_buf; const br_hash_class *m_hash; size_t m_order_bits; }; |