openpgp: Use a ProtectedMPI to handle the shared point.

  - Also remove the now unused MPI::secure_memzero.

2 files changed, 3 insertions, 10 deletions

diff --git a/openpgp/src/crypto/mpi.rs b/openpgp/src/crypto/mpi.rs
index aa5c2b4c..2cddbb05 100644
--- a/openpgp/src/crypto/mpi.rs
+++ b/openpgp/src/crypto/mpi.rs
@@ -209,13 +209,6 @@ impl MPI {
         }
     }
 
-    /// Securely overwrites the stored value.
-    pub(crate) fn secure_memzero(&mut self) {
-        unsafe {
-            ::memsec::memzero(self.value.as_mut_ptr(), self.value.len());
-        }
-    }
-
     /// Securely compares two MPIs in constant time.
     fn secure_memcmp(&self, other: &Self) -> Ordering {
         let cmp = unsafe {
diff --git a/openpgp/src/crypto/sexp.rs b/openpgp/src/crypto/sexp.rs
index 17805234..96709651 100644
--- a/openpgp/src/crypto/sexp.rs
+++ b/openpgp/src/crypto/sexp.rs
@@ -121,10 +121,10 @@ impl Sexp {
                 PublicKey::ECDH { curve, .. } => {
                     // The shared point has been computed by the
                     // remote agent.  The shared point is not padded.
-                    let mut s = mpi::MPI::new(s);
+                    let s_: mpi::ProtectedMPI = s.to_vec().into();
                     #[allow(non_snake_case)]
-                    let S: Protected = s.decode_point(curve)?.0.into();
-                    s.secure_memzero();
+                    let S: Protected = s_.decode_point(curve)?.0.into();
+                    // XXX: Erase shared point from s.
 
                     // Now finish the decryption.
                     crypto::ecdh::decrypt_shared(recipient, &S, ciphertext)