Protect symmetric key material. (!39) · Merge requests · sequoia-pgp / nettle-rs

Justus Winter requested to merge staging into main Mar 15, 2023

The recent attempt to securely overwrite secret key material was incomplete in two ways. First, it missed Salsa20_256 and Salsa20R12_256. Second, because the cipher contexts were allocated on the stack and returned, the Rust compiler would happily copy it around in memory, and only clean up the last copy when it went out of scope.
- Fix this by allocating the cipher contexts on the heap.
- Fixes 857786fa.

Protect symmetric key material.