Try to not leave secret data on the stack or heap.

This makes a basic effort and has not been audited.
Doesn't appear to have a measurable performance impact on bench.

It also adds a secp256k1_num_free to secp256k1_ecdsa_pubkey_create.
This commit is contained in:
Gregory Maxwell
2014-08-14 06:58:57 -07:00
parent 13e44df743
commit 2f6c801911
11 changed files with 84 additions and 3 deletions

View File

@@ -186,7 +186,10 @@ int static secp256k1_ecdsa_sig_sign(secp256k1_ecdsa_sig_t *sig, const secp256k1_
secp256k1_num_mod(&n, &c->order);
secp256k1_num_mod_inverse(&sig->s, nonce, &c->order);
secp256k1_num_mod_mul(&sig->s, &sig->s, &n, &c->order);
secp256k1_num_clear(&n);
secp256k1_num_free(&n);
secp256k1_gej_clear(&rp);
secp256k1_ge_clear(&r);
if (secp256k1_num_is_zero(&sig->s))
return 0;
if (secp256k1_num_cmp(&sig->s, &c->half_order) > 0) {