Ecosystem/serai
Ecosystem/serai
1
0
Fork 0
mirror of https://github.com/serai-dex/serai.git synced 2025-01-22 02:34:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Zeroize buffer used in Scalar::from_hash

Browse source 
from_hash is frequently used for private key/nonce generation, making 
this buffer a copy of private keys/nonces.
This commit is contained in:
Luke Parker 2022-08-04 14:40:54 -04:00
parent 797be71eb3
commit 42a3d38b48
No known key found for this signature in database
GPG key ID: F9F1386DB1E119B6
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
crypto/dalek-ff-group/src/lib.rs
View file

@ -185,7 +185,9 @@ impl Scalar {
pub fn from_hash<D: Digest<OutputSize = U64>>(hash: D) -> Scalar {
let mut output = [0u8; 64];
output.copy_from_slice(&hash.finalize());
Scalar(DScalar::from_bytes_mod_order_wide(&output))
let res = Scalar(DScalar::from_bytes_mod_order_wide(&output));
output.zeroize();
res
}
}