diff options
-rw-r--r-- | openpgp/src/crypto/ecdh.rs | 8 | ||||
-rw-r--r-- | openpgp/src/crypto/mem.rs | 6 |
2 files changed, 6 insertions, 8 deletions
diff --git a/openpgp/src/crypto/ecdh.rs b/openpgp/src/crypto/ecdh.rs index b8250f9f..8649753d 100644 --- a/openpgp/src/crypto/ecdh.rs +++ b/openpgp/src/crypto/ecdh.rs @@ -147,9 +147,7 @@ fn pkcs5_pad(sk: Protected, target_len: usize) -> Result<Protected> { } // !!! THIS FUNCTION MUST NOT FAIL FROM THIS POINT ON !!! - let mut buf: Vec<u8> = unsafe { - sk.into_vec() - }; + let mut buf: Vec<u8> = sk.expose_into_unprotected_vec(); let missing = target_len - buf.len(); assert!(missing <= 0xff); for _ in 0..missing { @@ -173,9 +171,7 @@ fn pkcs5_unpad(sk: Protected, target_len: usize) -> Result<Protected> { return Err(Error::InvalidArgument("message too small".into()).into()); } - let mut buf: Vec<u8> = unsafe { - sk.into_vec() - }; + let mut buf: Vec<u8> = sk.expose_into_unprotected_vec(); let mut good = true; let missing = (buf.len() - target_len) as u8; for &b in &buf[target_len..] { diff --git a/openpgp/src/crypto/mem.rs b/openpgp/src/crypto/mem.rs index 9ad839f7..6b2ed613 100644 --- a/openpgp/src/crypto/mem.rs +++ b/openpgp/src/crypto/mem.rs @@ -64,8 +64,10 @@ impl Hash for Protected { impl Protected { /// Converts to a buffer for modification. - pub(crate) unsafe fn into_vec(self) -> Vec<u8> { - self.iter().cloned().collect() + /// + /// Don't expose `Protected` values unless you know what you're doing. + pub(crate) fn expose_into_unprotected_vec(self) -> Vec<u8> { + self.0.clone().into() } } |