From ace1e02b3a3a3729ceb437657e1a0c055ad217ce Mon Sep 17 00:00:00 2001
From: Justus Winter <justus@sequoia-pgp.org>
Date: Tue, 28 Feb 2023 12:27:21 +0100
Subject: openpgp: Stop secrets leaking into the heap during key generation.

---
 openpgp/src/crypto/backend/nettle/asymmetric.rs | 18 +++++++++---------
 openpgp/src/crypto/mpi.rs                       | 12 +++++++++++-
 2 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/openpgp/src/crypto/backend/nettle/asymmetric.rs b/openpgp/src/crypto/backend/nettle/asymmetric.rs
index 9efad861..7bfe617a 100644
--- a/openpgp/src/crypto/backend/nettle/asymmetric.rs
+++ b/openpgp/src/crypto/backend/nettle/asymmetric.rs
@@ -406,9 +406,9 @@ impl<R> Key4<SecretParts, R>
             },
             mpi::SecretKeyMaterial::RSA {
                 d: mpi::MPI::new(d).into(),
-                p: mpi::MPI::new(&a[..]).into(),
-                q: mpi::MPI::new(&b[..]).into(),
-                u: mpi::MPI::new(&c[..]).into(),
+                p: a.into(),
+                q: b.into(),
+                u: c.into(),
             }.into())
     }
 
@@ -423,10 +423,10 @@ impl<R> Key4<SecretParts, R>
             n: MPI::new(&*public.n()),
         };
         let private_mpis = mpi::SecretKeyMaterial::RSA {
-            d: MPI::new(&*private.d()).into(),
-            p: MPI::new(&*p).into(),
-            q: MPI::new(&*q).into(),
-            u: MPI::new(&*u).into(),
+            d: private.d().into(),
+            p: p.into(),
+            q: q.into(),
+            u: u.into(),
         };
 
         Self::with_secret(
@@ -518,7 +518,7 @@ impl<R> Key4<SecretParts, R>
                     q: MPI::new_point(&pub_x, &pub_y, field_sz),
                 };
                 let private_mpis = mpi::SecretKeyMaterial::ECDSA{
-                    scalar: MPI::new(&private.as_bytes()).into(),
+                    scalar: private.as_bytes().into(),
                 };
                 let sec = private_mpis.into();
 
@@ -557,7 +557,7 @@ impl<R> Key4<SecretParts, R>
                         sym,
                     };
                     let private_mpis = mpi::SecretKeyMaterial::ECDH{
-                        scalar: MPI::new(&private.as_bytes()).into(),
+                        scalar: private.as_bytes().into(),
                     };
                     let sec = private_mpis.into();
 
diff --git a/openpgp/src/crypto/mpi.rs b/openpgp/src/crypto/mpi.rs
index e21ba98a..a1631ded 100644
--- a/openpgp/src/crypto/mpi.rs
+++ b/openpgp/src/crypto/mpi.rs
@@ -327,7 +327,17 @@ assert_send_and_sync!(ProtectedMPI);
 
 impl From<Vec<u8>> for ProtectedMPI {
     fn from(m: Vec<u8>) -> Self {
-        MPI::from(m).into()
+        let p = MPI::new(&m).into();
+        drop(Protected::from(m)); // Erase source.
+        p
+    }
+}
+
+impl From<Box<[u8]>> for ProtectedMPI {
+    fn from(m: Box<[u8]>) -> Self {
+        let p = MPI::new(&m).into();
+        drop(Protected::from(m)); // Erase source.
+        p
     }
 }
 
-- 
cgit v1.2.3