From cebcb112523e584792e0c4f160316d7482be890d Mon Sep 17 00:00:00 2001 From: Chris Duncan Date: Tue, 30 Jun 2026 22:59:06 -0700 Subject: [PATCH] Clear potentially sensitive values from blake buffers after digesting. --- src/lib/crypto/blake2b.ts | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/lib/crypto/blake2b.ts b/src/lib/crypto/blake2b.ts index b51feb4..b7c17aa 100644 --- a/src/lib/crypto/blake2b.ts +++ b/src/lib/crypto/blake2b.ts @@ -190,6 +190,13 @@ export class Blake2b { for (let i = 0; i < out.length; i++) { out[i] = data.getUint8(i) } + this.#h.fill(0n) // clear hash chain value + this.#b.fill(0) // clear byte buffer + this.#t = 0n // clear byte count + this.#c = 0 // clear input buffer pointer + this.#v.fill(0n) // clear state vector + this.#m.fill(0n) // clear message block + this.#outlen = 64 // reset output length to default } #parameter_block: Uint8Array = new Uint8Array([ -- 2.52.0