Don't retain T in PMBTOKEN_PRETOKEN.
We only need r, t, and T'.
Change-Id: I736c5638c73e80c99036182fa3cd30397c33d923
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/40884
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
diff --git a/crypto/trust_token/internal.h b/crypto/trust_token/internal.h
index 3154077..582dc49 100644
--- a/crypto/trust_token/internal.h
+++ b/crypto/trust_token/internal.h
@@ -67,7 +67,6 @@
typedef struct pmb_pretoken_st {
uint8_t t[PMBTOKEN_NONCE_SIZE];
EC_SCALAR r;
- EC_RAW_POINT T;
EC_RAW_POINT Tp;
} PMBTOKEN_PRETOKEN;
diff --git a/crypto/trust_token/pmbtoken.c b/crypto/trust_token/pmbtoken.c
index 080368a..4b9451d 100644
--- a/crypto/trust_token/pmbtoken.c
+++ b/crypto/trust_token/pmbtoken.c
@@ -351,8 +351,9 @@
ec_scalar_from_montgomery(group, &pretoken->r, &pretoken->r);
ec_scalar_from_montgomery(group, &rinv, &rinv);
- if (!hash_t(group, &pretoken->T, pretoken->t) ||
- !ec_point_mul_scalar(group, &pretoken->Tp, &pretoken->T, &rinv)) {
+ EC_RAW_POINT T;
+ if (!hash_t(group, &T, pretoken->t) ||
+ !ec_point_mul_scalar(group, &pretoken->Tp, &T, &rinv)) {
goto err;
}