ecdsa: impl Zeroize for Signature (#948)

daxpedda · web-flow · commit edb327f4a794 · 2025-04-29T14:33:58.000-06:00
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/ecdsa/Cargo.toml b/ecdsa/Cargo.toml
@@ -19,6 +19,7 @@ rust-version = "1.85"
 [dependencies]
 elliptic-curve = { version = "0.14.0-rc.1", default-features = false, features = ["sec1"] }
 signature = { version = "=3.0.0-pre", default-features = false, features = ["rand_core"] }
+zeroize = { version = "1.5", default-features = false }
 
 # optional dependencies
 der = { version = "0.8.0-rc.2", optional = true }
diff --git a/ecdsa/src/lib.rs b/ecdsa/src/lib.rs
@@ -77,6 +77,7 @@ pub use elliptic_curve::{self, PrimeCurve, sec1::EncodedPoint};
 
 // Re-export the `signature` crate (and select types)
 pub use signature::{self, Error, Result, SignatureEncoding};
+use zeroize::Zeroize;
 
 #[cfg(feature = "signing")]
 pub use crate::signing::SigningKey;
@@ -525,6 +526,13 @@ where
     }
 }
 
+impl<C: EcdsaCurve> Zeroize for Signature<C> {
+    fn zeroize(&mut self) {
+        self.r = ScalarPrimitive::ONE;
+        self.s = ScalarPrimitive::ONE;
+    }
+}
+
 /// An extended [`Signature`] type which is parameterized by an
 /// `ObjectIdentifier` which identifies the ECDSA variant used by a
 /// particular signature.
