absolutebi/serai
1
0
Fork 0
mirror of https://github.com/serai-dex/serai.git synced 2025-12-08 20:29:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Zeroize buffer used in Scalar::from_hash

Browse Source 
from_hash is frequently used for private key/nonce generation, making 
this buffer a copy of private keys/nonces.
This commit is contained in:
Luke Parker
2022-08-04 14:40:54 -04:00
parent 797be71eb3
commit 42a3d38b48
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
crypto/dalek-ff-group/src/lib.rs
View File

@@ -185,7 +185,9 @@ impl Scalar {
pub fn from_hash<D: Digest<OutputSize = U64>>(hash: D) -> Scalar { pub fn from_hash<D: Digest<OutputSize = U64>>(hash: D) -> Scalar {
let mut output = [0u8; 64]; let mut output = [0u8; 64];
output.copy_from_slice(&hash.finalize()); output.copy_from_slice(&hash.finalize());
Scalar(DScalar::from_bytes_mod_order_wide(&output)) let res = Scalar(DScalar::from_bytes_mod_order_wide(&output));
output.zeroize();
res
} }
} }