aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2017-09-22 19:47:54 -0400
committerJack Lloyd <[email protected]>2017-09-22 19:48:17 -0400
commitde581bbf6dfc1fadc0755925300d047f392bf986 (patch)
treee2af8a23e5d317c08ab4d26ad6695a8537e38c70 /src
parentbac9f93cd68994710f2a2b916a0f121f715458b1 (diff)
Avoid new/delete in BearSSL ECDSA code
Especially storing private key that way was bad, wasn't zeroed.
Diffstat (limited to 'src')
-rw-r--r--src/lib/prov/bearssl/bearssl_ec.cpp27
1 files changed, 10 insertions, 17 deletions
diff --git a/src/lib/prov/bearssl/bearssl_ec.cpp b/src/lib/prov/bearssl/bearssl_ec.cpp
index 7a0808c47..29ff1b5ad 100644
--- a/src/lib/prov/bearssl/bearssl_ec.cpp
+++ b/src/lib/prov/bearssl/bearssl_ec.cpp
@@ -92,10 +92,10 @@ class BearSSL_ECDSA_Verification_Operation final : public PK_Ops::Verification
if (m_hf == nullptr)
throw Lookup_Error("BearSSL ECDSA does not support hash " + req.arg(0));
- const secure_vector<uint8_t> enc = EC2OSP(ecdsa.public_point(), PointGFp::UNCOMPRESSED);
- m_key.qlen = enc.size();
- m_key.q = new uint8_t[m_key.qlen];
- memcpy(m_key.q, enc.data(), m_key.qlen);
+ m_q_buf = EC2OSP(ecdsa.public_point(), PointGFp::UNCOMPRESSED);
+
+ m_key.qlen = m_q_buf.size();
+ m_key.q = m_q_buf.data();
m_key.curve = curve;
}
@@ -120,14 +120,10 @@ class BearSSL_ECDSA_Verification_Operation final : public PK_Ops::Verification
size_t max_input_bits() const { return m_order_bits; }
- ~BearSSL_ECDSA_Verification_Operation()
- {
- delete m_key.q;
- }
-
private:
br_ec_public_key m_key;
std::unique_ptr<HashFunction> m_hf;
+ secure_vector<uint8_t> m_q_buf;
const br_hash_class *m_hash;
size_t m_order_bits;
};
@@ -151,9 +147,10 @@ class BearSSL_ECDSA_Signing_Operation final : public PK_Ops::Signature
if (m_hf == nullptr)
throw Lookup_Error("BearSSL ECDSA does not support hash " + req.arg(0));
- m_key.xlen = ecdsa.private_value().bytes();
- m_key.x = new uint8_t[m_key.xlen];
- ecdsa.private_value().binary_encode(m_key.x);
+ m_x_buf = BigInt::encode_locked(ecdsa.private_value());
+
+ m_key.xlen = m_x_buf.size();
+ m_key.x = m_x_buf.data();
m_key.curve = curve;
}
@@ -178,14 +175,10 @@ class BearSSL_ECDSA_Signing_Operation final : public PK_Ops::Signature
size_t max_input_bits() const { return m_order_bits; }
- ~BearSSL_ECDSA_Signing_Operation()
- {
- delete m_key.x;
- }
-
private:
br_ec_private_key m_key;
std::unique_ptr<HashFunction> m_hf;
+ secure_vector<uint8_t> m_x_buf;
const br_hash_class *m_hash;
size_t m_order_bits;
};