blake2b: Zero-out bytes in update() because when using blake2b in key…

…ed mode, the secret_key will be copied into bytes using unprotected_as_bytes when calling update().
orion-rs · Dec 29, 2018 · 8bbf95b · 8bbf95b
1 parent 878ffb7
commit 8bbf95b
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/src/hazardous/hash/blake2b.rs b/src/hazardous/hash/blake2b.rs
@@ -73,6 +73,7 @@ use crate::{
 	hazardous::constants::{BLAKE2B_BLOCKSIZE, BLAKE2B_OUTSIZE},
 };
 use byteorder::{ByteOrder, LittleEndian};
+use clear_on_drop::clear::Clear;
 
 construct_blake2b_key! {
 	/// A type to represent the `SecretKey` that BLAKE2b uses for keyed mode.
@@ -348,6 +349,7 @@ impl Blake2b {
 				self.buffer[self.leftover..(self.leftover + bytes.len())].copy_from_slice(&bytes);
 				// Using .unwrap() since overflow should not happen in practice
 				self.leftover = self.leftover.checked_add(bytes.len()).unwrap();
+				bytes.clear();
 				return Ok(());
 			}
 
@@ -373,6 +375,8 @@ impl Blake2b {
 			self.leftover = self.leftover.checked_add(bytes.len()).unwrap();
 		}
 
+		bytes.clear();
+
 		Ok(())
 	}