Zeroize KeyObfuscator keys on Drop

tnull · tnull · commit 3c62a9f8dc8a · 2025-08-22T11:44:19.000+02:00
.. to make sure the values don't linger in memory.
diff --git a/src/util/key_obfuscator.rs b/src/util/key_obfuscator.rs
@@ -151,6 +151,14 @@ impl KeyObfuscator {
 	}
 }
 
+impl Drop for KeyObfuscator {
+	fn drop(&mut self) {
+		// Zeroize the owned keys
+		self.obfuscation_key.copy_from_slice(&[0u8]);
+		self.hashing_key.copy_from_slice(&[0u8]);
+	}
+}
+
 #[cfg(test)]
 mod tests {
 	use crate::util::key_obfuscator::KeyObfuscator;

Original file line number	Diff line number	Diff line change
`@@ -151,6 +151,14 @@ impl KeyObfuscator {`
`151`	`151`	`}`
`152`	`152`	`}`
`153`	`153`
	`154`	`+impl Drop for KeyObfuscator {`
	`155`	`+ fn drop(&mut self) {`
	`156`	`+ // Zeroize the owned keys`
	`157`	`+ self.obfuscation_key.copy_from_slice(&[0u8]);`
	`158`	`+ self.hashing_key.copy_from_slice(&[0u8]);`
	`159`	`+ }`
	`160`	`+}`
	`161`	`+`
`154`	`162`	`#[cfg(test)]`
`155`	`163`	`mod tests {`
`156`	`164`	`use crate::util::key_obfuscator::KeyObfuscator;`