Try to not leave secret data on the stack or heap.

This makes a basic effort and has not been audited.
Doesn't appear to have a measurable performance impact on bench.

It also adds a secp256k1_num_free to secp256k1_ecdsa_pubkey_create.
This commit is contained in:
Gregory Maxwell
2014-08-14 06:58:57 -07:00
parent 13e44df743
commit 2f6c801911
11 changed files with 84 additions and 3 deletions

View File

@@ -124,6 +124,16 @@ int static inline secp256k1_fe_is_odd(const secp256k1_fe_t *a) {
return a->n[0] & 1;
}
void static inline secp256k1_fe_clear(secp256k1_fe_t *a) {
#ifdef VERIFY
a->magnitude = 0;
a->normalized = 0;
#endif
for (int i=0; i<5; i++) {
a->n[i] = 0;
}
}
// TODO: not constant time!
int static inline secp256k1_fe_equal(const secp256k1_fe_t *a, const secp256k1_fe_t *b) {
#ifdef VERIFY