diff options
-rw-r--r-- | openpgp/src/crypto/mpi.rs | 7 | ||||
-rw-r--r-- | openpgp/src/crypto/sexp.rs | 6 |
2 files changed, 3 insertions, 10 deletions
diff --git a/openpgp/src/crypto/mpi.rs b/openpgp/src/crypto/mpi.rs index aa5c2b4c..2cddbb05 100644 --- a/openpgp/src/crypto/mpi.rs +++ b/openpgp/src/crypto/mpi.rs @@ -209,13 +209,6 @@ impl MPI { } } - /// Securely overwrites the stored value. - pub(crate) fn secure_memzero(&mut self) { - unsafe { - ::memsec::memzero(self.value.as_mut_ptr(), self.value.len()); - } - } - /// Securely compares two MPIs in constant time. fn secure_memcmp(&self, other: &Self) -> Ordering { let cmp = unsafe { diff --git a/openpgp/src/crypto/sexp.rs b/openpgp/src/crypto/sexp.rs index 17805234..96709651 100644 --- a/openpgp/src/crypto/sexp.rs +++ b/openpgp/src/crypto/sexp.rs @@ -121,10 +121,10 @@ impl Sexp { PublicKey::ECDH { curve, .. } => { // The shared point has been computed by the // remote agent. The shared point is not padded. - let mut s = mpi::MPI::new(s); + let s_: mpi::ProtectedMPI = s.to_vec().into(); #[allow(non_snake_case)] - let S: Protected = s.decode_point(curve)?.0.into(); - s.secure_memzero(); + let S: Protected = s_.decode_point(curve)?.0.into(); + // XXX: Erase shared point from s. // Now finish the decryption. crypto::ecdh::decrypt_shared(recipient, &S, ciphertext) |