From: Chris Duncan Date: Wed, 1 Jul 2026 05:59:06 +0000 (-0700) Subject: Clear potentially sensitive values from blake buffers after digesting. X-Git-Url: https://git.codecow.com/?a=commitdiff_plain;h=cebcb112523e584792e0c4f160316d7482be890d;p=libnemo.git Clear potentially sensitive values from blake buffers after digesting. --- diff --git a/src/lib/crypto/blake2b.ts b/src/lib/crypto/blake2b.ts index b51feb4..b7c17aa 100644 --- a/src/lib/crypto/blake2b.ts +++ b/src/lib/crypto/blake2b.ts @@ -190,6 +190,13 @@ export class Blake2b { for (let i = 0; i < out.length; i++) { out[i] = data.getUint8(i) } + this.#h.fill(0n) // clear hash chain value + this.#b.fill(0) // clear byte buffer + this.#t = 0n // clear byte count + this.#c = 0 // clear input buffer pointer + this.#v.fill(0n) // clear state vector + this.#m.fill(0n) // clear message block + this.#outlen = 64 // reset output length to default } #parameter_block: Uint8Array = new Uint8Array([