From 4989669caddf46613d17ccc08b5471eeaa25ac43 Mon Sep 17 00:00:00 2001
From: Justus Winter <justus@sequoia-pgp.org>
Date: Tue, 14 Mar 2023 14:22:00 +0100
Subject: openpgp: Avoid leaking secrets when constructing ProtectedMPIs.

---
 openpgp/src/crypto/mpi.rs | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/openpgp/src/crypto/mpi.rs b/openpgp/src/crypto/mpi.rs
index e9b65bf6..fe1bebff 100644
--- a/openpgp/src/crypto/mpi.rs
+++ b/openpgp/src/crypto/mpi.rs
@@ -325,23 +325,31 @@ assert_send_and_sync!(ProtectedMPI);
 
 impl From<Vec<u8>> for ProtectedMPI {
     fn from(m: Vec<u8>) -> Self {
-        let p = MPI::new(&m).into();
+        let value = Protected::from(MPI::trim_leading_zeros(&m));
         drop(Protected::from(m)); // Erase source.
-        p
+        ProtectedMPI {
+            value,
+        }
     }
 }
 
 impl From<Box<[u8]>> for ProtectedMPI {
     fn from(m: Box<[u8]>) -> Self {
-        let p = MPI::new(&m).into();
+        let value = Protected::from(MPI::trim_leading_zeros(&m));
         drop(Protected::from(m)); // Erase source.
-        p
+        ProtectedMPI {
+            value,
+        }
     }
 }
 
 impl From<Protected> for ProtectedMPI {
     fn from(m: Protected) -> Self {
-        MPI::new(&m).into()
+        let value = Protected::from(MPI::trim_leading_zeros(&m));
+        drop(m); // Erase source.
+        ProtectedMPI {
+            value,
+        }
     }
 }
 
-- 
cgit v1.2.3