Skip to content

Commit

Permalink
fix: zeroize temp fields during serializing (#126)
Browse files Browse the repository at this point in the history 
* fix: zeroize temp fields during serializing

* fmt
  • Loading branch information
@stringhandler
stringhandler authored Aug 29, 2022
1 parent c98d41a commit e13c556
Showing 1 changed file with 9 additions and 3 deletions.
12 changes: 9 additions & 3 deletions src/ristretto/serialize.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ use serde::{
Serializer,
};
use tari_utilities::{byte_array::ByteArray, hex::Hex};
use zeroize::Zeroize;

use crate::ristretto::{RistrettoPublicKey, RistrettoSecretKey};

Expand Down Expand Up @@ -92,8 +93,10 @@ impl<'de> Deserialize<'de> for RistrettoSecretKey {
}

if deserializer.is_human_readable() {
let s = String::deserialize(deserializer)?;
RistrettoSecretKey::from_hex(&s).map_err(de::Error::custom)
let mut s = String::deserialize(deserializer)?;
let v = RistrettoSecretKey::from_hex(&s).map_err(de::Error::custom);
s.zeroize();
v
} else {
deserializer.deserialize_bytes(RistrettoVisitor)
}
Expand All @@ -104,7 +107,10 @@ impl Serialize for RistrettoSecretKey {
fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
where S: Serializer {
if serializer.is_human_readable() {
self.to_hex().serialize(serializer)
let mut s = self.to_hex();
let result = s.serialize(serializer);
s.zeroize();
result
} else {
serializer.serialize_bytes(self.as_bytes())
}
Expand Down

0 comments on commit e13c556

Please sign in to comment.