The default impl of Cipher::encrypt_bytes_array in packages/aead/src/cipher.rs calls .to_vec() on the input array before forwarding to encrypt_bytes_vec. We should verify what to_vec does internally and ensure the original stack array is zeroized before drop — otherwise sensitive bytes may linger on the stack after the cipher returns.
See packages/aead/src/cipher.rs (in Cipher::encrypt_bytes_array).
Tracked from PR #148.
The default impl of
Cipher::encrypt_bytes_arrayinpackages/aead/src/cipher.rscalls.to_vec()on the input array before forwarding toencrypt_bytes_vec. We should verify whatto_vecdoes internally and ensure the original stack array is zeroized before drop — otherwise sensitive bytes may linger on the stack after the cipher returns.See
packages/aead/src/cipher.rs(inCipher::encrypt_bytes_array).Tracked from PR #148.