From 42a3d38b48ae6155a3b11b2649db0a5058950cd4 Mon Sep 17 00:00:00 2001
From: Luke Parker <lukeparker5132@gmail.com>
Date: Thu, 4 Aug 2022 14:40:54 -0400
Subject: [PATCH] Zeroize buffer used in Scalar::from_hash

from_hash is frequently used for private key/nonce generation, making
this buffer a copy of private keys/nonces.
---
 crypto/dalek-ff-group/src/lib.rs | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/crypto/dalek-ff-group/src/lib.rs b/crypto/dalek-ff-group/src/lib.rs
index 6dbf7fba..c2d795bd 100644
--- a/crypto/dalek-ff-group/src/lib.rs
+++ b/crypto/dalek-ff-group/src/lib.rs
@@ -185,7 +185,9 @@ impl Scalar {
   pub fn from_hash<D: Digest<OutputSize = U64>>(hash: D) -> Scalar {
     let mut output = [0u8; 64];
     output.copy_from_slice(&hash.finalize());
-    Scalar(DScalar::from_bytes_mod_order_wide(&output))
+    let res = Scalar(DScalar::from_bytes_mod_order_wide(&output));
+    output.zeroize();
+    res
   }
 }