From 704e97fdf5a56a288217a514b09e233e96de28e0 Mon Sep 17 00:00:00 2001 From: Frank Denis <github@pureftpd.org> Date: Thu, 30 May 2024 15:56:54 +0200 Subject: [PATCH] Proper zeroization in hkdf Fixes #1375 --- src/libsodium/crypto_kdf/hkdf/kdf_hkdf_sha256.c | 2 +- src/libsodium/crypto_kdf/hkdf/kdf_hkdf_sha512.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/libsodium/crypto_kdf/hkdf/kdf_hkdf_sha256.c b/src/libsodium/crypto_kdf/hkdf/kdf_hkdf_sha256.c index 8eb7c878..f1b369e9 100644 --- a/src/libsodium/crypto_kdf/hkdf/kdf_hkdf_sha256.c +++ b/src/libsodium/crypto_kdf/hkdf/kdf_hkdf_sha256.c @@ -26,7 +26,7 @@ crypto_kdf_hkdf_sha256_extract_final(crypto_kdf_hkdf_sha256_state *state, unsigned char prk[crypto_kdf_hkdf_sha256_KEYBYTES]) { crypto_auth_hmacsha256_final(&state->st, prk); - sodium_memzero(state, sizeof state); + sodium_memzero(state, sizeof *state); return 0; } diff --git a/src/libsodium/crypto_kdf/hkdf/kdf_hkdf_sha512.c b/src/libsodium/crypto_kdf/hkdf/kdf_hkdf_sha512.c index cb3735fe..a4144e2d 100644 --- a/src/libsodium/crypto_kdf/hkdf/kdf_hkdf_sha512.c +++ b/src/libsodium/crypto_kdf/hkdf/kdf_hkdf_sha512.c @@ -26,7 +26,7 @@ crypto_kdf_hkdf_sha512_extract_final(crypto_kdf_hkdf_sha512_state *state, unsigned char prk[crypto_kdf_hkdf_sha512_KEYBYTES]) { crypto_auth_hmacsha512_final(&state->st, prk); - sodium_memzero(state, sizeof state); + sodium_memzero(state, sizeof *state); return 0; }