From 704e97fdf5a56a288217a514b09e233e96de28e0 Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Thu, 30 May 2024 15:56:54 +0200
Subject: [PATCH] Proper zeroization in hkdf

Fixes #1375
---
 src/libsodium/crypto_kdf/hkdf/kdf_hkdf_sha256.c | 2 +-
 src/libsodium/crypto_kdf/hkdf/kdf_hkdf_sha512.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/libsodium/crypto_kdf/hkdf/kdf_hkdf_sha256.c b/src/libsodium/crypto_kdf/hkdf/kdf_hkdf_sha256.c
index 8eb7c878..f1b369e9 100644
--- a/src/libsodium/crypto_kdf/hkdf/kdf_hkdf_sha256.c
+++ b/src/libsodium/crypto_kdf/hkdf/kdf_hkdf_sha256.c
@@ -26,7 +26,7 @@ crypto_kdf_hkdf_sha256_extract_final(crypto_kdf_hkdf_sha256_state *state,
                                      unsigned char prk[crypto_kdf_hkdf_sha256_KEYBYTES])
 {
     crypto_auth_hmacsha256_final(&state->st, prk);
-    sodium_memzero(state, sizeof state);
+    sodium_memzero(state, sizeof *state);
 
     return 0;
 }
diff --git a/src/libsodium/crypto_kdf/hkdf/kdf_hkdf_sha512.c b/src/libsodium/crypto_kdf/hkdf/kdf_hkdf_sha512.c
index cb3735fe..a4144e2d 100644
--- a/src/libsodium/crypto_kdf/hkdf/kdf_hkdf_sha512.c
+++ b/src/libsodium/crypto_kdf/hkdf/kdf_hkdf_sha512.c
@@ -26,7 +26,7 @@ crypto_kdf_hkdf_sha512_extract_final(crypto_kdf_hkdf_sha512_state *state,
                                      unsigned char prk[crypto_kdf_hkdf_sha512_KEYBYTES])
 {
     crypto_auth_hmacsha512_final(&state->st, prk);
-    sodium_memzero(state, sizeof state);
+    sodium_memzero(state, sizeof *state);
 
     return 0;
 }