diff --git a/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c b/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c index 1d7adb76..152770e8 100644 --- a/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c +++ b/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c @@ -97,6 +97,7 @@ blake2b_init0(blake2b_state *S) for (i = 0; i < 8; i++) { S->h[i] = blake2b_IV[i]; } + /* zero everything between .t and .last_node */ memset(S->t, 0, offsetof(blake2b_state, last_node) + sizeof(S->last_node) - offsetof(blake2b_state, t)); return 0; @@ -203,7 +204,7 @@ blake2b_init_key(blake2b_state *S, const uint8_t outlen, const void *key, { uint8_t block[BLAKE2B_BLOCKBYTES]; memset(block, 0, BLAKE2B_BLOCKBYTES); - memcpy(block, key, keylen); /* keylen cannot be 0 */ + memcpy(block, key, keylen); /* key and keylen cannot be 0 */ blake2b_update(S, block, BLAKE2B_BLOCKBYTES); sodium_memzero(block, BLAKE2B_BLOCKBYTES); /* Burn the key from stack */ } @@ -249,7 +250,7 @@ blake2b_init_key_salt_personal(blake2b_state *S, const uint8_t outlen, { uint8_t block[BLAKE2B_BLOCKBYTES]; memset(block, 0, BLAKE2B_BLOCKBYTES); - memcpy(block, key, keylen); /* keylen cannot be 0 */ + memcpy(block, key, keylen); /* key and keylen cannot be 0 */ blake2b_update(S, block, BLAKE2B_BLOCKBYTES); sodium_memzero(block, BLAKE2B_BLOCKBYTES); /* Burn the key from stack */ } diff --git a/src/libsodium/crypto_kx/crypto_kx.c b/src/libsodium/crypto_kx/crypto_kx.c index 877ab7ff..9f0c3aef 100644 --- a/src/libsodium/crypto_kx/crypto_kx.c +++ b/src/libsodium/crypto_kx/crypto_kx.c @@ -63,8 +63,8 @@ crypto_kx_client_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES], crypto_generichash_final(&h, keys, sizeof keys); sodium_memzero(&h, sizeof h); for (i = 0; i < crypto_kx_SESSIONKEYBYTES; i++) { - rx[i] = keys[i]; - tx[i] = keys[i + crypto_kx_SESSIONKEYBYTES]; + rx[i] = keys[i]; /* rx cannot be NULL */ + tx[i] = keys[i + crypto_kx_SESSIONKEYBYTES]; /* tx cannot be NULL */ } sodium_memzero(keys, sizeof keys);