From a82287fb85746e0f7ea142a68a859e56ee86ee10 Mon Sep 17 00:00:00 2001
From: Sebastian Falbesoner <sebastian.falbesoner@gmail.com>
Date: Wed, 29 Jan 2025 03:59:32 +0100
Subject: [PATCH] schnorrsig: clear out masked secret key in BIP-340 nonce
 function

---
 src/modules/schnorrsig/main_impl.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/modules/schnorrsig/main_impl.h b/src/modules/schnorrsig/main_impl.h
index 82bba2f597..2ed7be677f 100644
--- a/src/modules/schnorrsig/main_impl.h
+++ b/src/modules/schnorrsig/main_impl.h
@@ -94,6 +94,8 @@ static int nonce_function_bip340(unsigned char *nonce32, const unsigned char *ms
     secp256k1_sha256_write(&sha, msg, msglen);
     secp256k1_sha256_finalize(&sha, nonce32);
     secp256k1_sha256_clear(&sha);
+    secp256k1_memclear(masked_key, sizeof(masked_key));
+
     return 1;
 }