]> git.codecow.com Git - libnemo.git/commitdiff
Clear potentially sensitive values from blake buffers after digesting.
authorChris Duncan <chris@codecow.com>
Wed, 1 Jul 2026 05:59:06 +0000 (22:59 -0700)
committerChris Duncan <chris@codecow.com>
Wed, 1 Jul 2026 05:59:06 +0000 (22:59 -0700)
src/lib/crypto/blake2b.ts

index b51feb4a88af5af0ecaa7fa5a618de8c3a846743..b7c17aaa9f16d1bcc289833d7877c05a38a4b470 100644 (file)
@@ -190,6 +190,13 @@ export class Blake2b {
                for (let i = 0; i < out.length; i++) {
                        out[i] = data.getUint8(i)
                }
+               this.#h.fill(0n) // clear hash chain value
+               this.#b.fill(0) // clear byte buffer
+               this.#t = 0n // clear byte count
+               this.#c = 0 // clear input buffer pointer
+               this.#v.fill(0n) // clear state vector
+               this.#m.fill(0n) // clear message block
+               this.#outlen = 64 // reset output length to default
        }
 
        #parameter_block: Uint8Array = new Uint8Array([