Zeroize local seed buffer in PrivateKey::random#2995
Conversation
The local [u8;32] secret buffer was filled with key material and moved into the PrivateKey, but the stack copy was left un-zeroized. Zeroize it after constructing the key so the seed does not linger in memory. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01W9KHEfpGFsSaJ6XTnHoFoM
|
Your PR title does not adhere to the Conventional Commits convention: Common errors to avoid:
|
![meroreviewer[bot]](https://avatars.githubusercontent.com/in/2793509?s=60&v=4){kind=small}
There was a problem hiding this comment.
🤖 MeroReviewer
Reviewed by 1 agents | Quality score: 85% | Review time: 48.0s
✅ No Issues Found
All agents reviewed the code and found no issues. LGTM! 🎉
🤖 Generated by MeroReviewer | Review ID: review-d69a4b5e
There was a problem hiding this comment.
🤖 AI Code Reviewer
Reviewed by 1 agents | Quality score: 28% | Review time: 47.3s
💡 1 suggestions. See inline comments.
🤖 Generated by AI Code Reviewer | Review ID: review-fa09069a
| // after being moved into the key. | ||
| secret.zeroize(); | ||
|
|
||
| key |
There was a problem hiding this comment.
💡 Zeroize may be optimized away by the compiler
Calling secret.zeroize() on a stack-local [u8; 32] after it has been moved into Self::from(secret) is correct in intent, but the Rust compiler (or LLVM) may still optimize this call away as a dead store, since secret is no longer used after the zeroize call and the optimizer can see that the bytes are not read again. The zeroize crate's Zeroize impl for primitive arrays uses volatile_set_memory / write_volatile internally to prevent this, so in practice the call is safe — but it is worth confirming that the zeroize dependency version used here provides the volatile-write guarantee (versions ≥ 1.x do). If the zeroize crate's impl is correct, this is fine as-is.
Suggested fix:
No code change needed if `zeroize` >= 1.x is in use (it uses volatile writes). Consider adding a comment referencing this guarantee: `// zeroize uses volatile writes to prevent the compiler from eliding this.`
2 participants
The local [u8;32] secret buffer was filled with key material and moved
into the PrivateKey, but the stack copy was left un-zeroized. Zeroize it
after constructing the key so the seed does not linger in memory.
Co-Authored-By: Claude Opus 4.8 noreply@anthropic.com
Claude-Session: https://claude.ai/code/session_01W9KHEfpGFsSaJ6XTnHoFoM