The function blake2b_set_input() was reading uninitialised memory.
While this didn't matter in practice (most platforms don't have trap
representations for unsigned integers), it is undefined behaviour under
the C and C++ standards. To fix it, we reset the whole input buffer
before setting its first byte.
The fix introduces a conditional, but that conditional only depend
on an index, which itself depends on the size of the input, which is not
secret. We're still "constant time" with respect to secrets.
projects / Monocypher.git / commit