[PATCH himitsu] crypto::argon2bug: correctly erase h0
Export this patch
Incorrect bytes::zero() call caused a pretty bad memory corruption and
was already fixed in upstream crypto::argon2.
This patch also conveniently prevents leaking 700MB of memory after
unlocking the store.
---
crypto/argon2bug/argon2.ha | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/argon2bug/argon2.ha b/crypto/argon2bug/argon2.ha
index 558e161..2c35eb7 100644
--- a/crypto/argon2bug/argon2.ha
+++ b/crypto/argon2bug/argon2.ha
@@ -228,7 +228,7 @@ fn argon2(
varhash(dest, b);
- bytes::zero((h0: []u64: *[*]u8)[..len(h0) * size(u64)]);
+ bytes::zero(h0);
bytes::zero((ctx.mem: *[*]u8)[..len(ctx.mem) * size(u64)]);
if (cfg.mem is u32) {
--
2.41.0
Thanks!
To https://git.sr.ht/~sircmpwn/himitsu
734a34b.. master -> master