openpgp: Avoid leaking secrets when parsing secret key material.

author: Justus Winter <justus@sequoia-pgp.org> 2023-03-14 14:28:07 +0100
committer: Justus Winter <justus@sequoia-pgp.org> 2023-03-14 16:48:14 +0100
commit: 67819944a69a7faba0d1cf400facaffce6da01d5 (patch)
tree: 5621b075255d679c56f43de17d8123ab36e5df68 /openpgp/src/crypto
parent: 4989669caddf46613d17ccc08b5471eeaa25ac43 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/openpgp/src/crypto/mpi.rs b/openpgp/src/crypto/mpi.rs
index fe1bebff..961398c5 100644
--- a/openpgp/src/crypto/mpi.rs
+++ b/openpgp/src/crypto/mpi.rs
@@ -46,6 +46,12 @@ assert_send_and_sync!(MPI);
 
 impl From<Vec<u8>> for MPI {
     fn from(v: Vec<u8>) -> Self {
+        // XXX: This will leak secrets in v into the heap.  But,
+        // eagerly clearing the memory may have a very high overhead,
+        // after all, most MPIs that we encounter will not contain
+        // secrets.  I think it is better to avoid creating MPIs that
+        // contain secrets in the first place.  In 2.0, we can remove
+        // the impl From<MPI> for ProtectedMPI.
         Self::new(&v)
     }
 }
@@ -353,6 +359,8 @@ impl From<Protected> for ProtectedMPI {
     }
 }
 
+// XXX: In 2.0, get rid of this conversion.  If the value has been
+// parsed into an MPI, it may have already leaked.
 impl From<MPI> for ProtectedMPI {
     fn from(m: MPI) -> Self {
         ProtectedMPI {
author	Justus Winter <justus@sequoia-pgp.org>	2023-03-14 14:28:07 +0100
committer	Justus Winter <justus@sequoia-pgp.org>	2023-03-14 16:48:14 +0100
commit	67819944a69a7faba0d1cf400facaffce6da01d5 (patch)
tree	5621b075255d679c56f43de17d8123ab36e5df68 /openpgp/src/crypto
parent	4989669caddf46613d17ccc08b5471eeaa25ac43 (diff)