place buffer on stack instead and zero it when done

2025-08-01 03:34:39 +02:00 · 2018-01-10 13:36:03 -07:00
parent 0bfa399b6c
commit 59b9ab9097
1 changed files with 3 additions and 13 deletions
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -1804,8 +1804,8 @@ int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der)
    #ifdef HAVE_ECC
    if (der->keyOID == ECDSAk) {
        ecc_key key_pair;
-        byte*   privDer;
-        word32  privSz;
+        byte    privDer[MAX_ECC_BYTES];
+        word32  privSz = MAX_ECC_BYTES;
        word32  keyIdx = 0;

        if ((ret = wc_ecc_init(&key_pair)) < 0)
@@ -1815,15 +1815,6 @@ int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der)
                                                                 keySz)) == 0) {
            WOLFSSL_MSG("Checking ECC key pair");

-            if ((privSz = wc_ecc_size(&key_pair)) <= 0) {
-                return WC_KEY_SIZE_E;
-            }
-
-            privDer = (byte*)XMALLOC(privSz, der->heap, DYNAMIC_TYPE_KEY);
-            if (privDer == NULL) {
-                return MEMORY_E;
-            }
-
            if ((ret = wc_ecc_export_private_only(&key_pair, privDer, &privSz))
                                                                         == 0) {
                wc_ecc_free(&key_pair);
@@ -1842,9 +1833,8 @@ int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der)
                        ret = 1;
                    }
                }
+                ForceZero(privDer, privSz);
            }
-            XFREE(privDer, der->heap, DYNAMIC_TYPE_KEY);
-
        }
        wc_ecc_free(&key_pair);
    }