From 557029e8e6fa621d3951f7f912a6755bedb49901 Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Thu, 20 Jul 2017 20:17:52 +0200
Subject: [PATCH] sodium ext: clear the hash state after we're done hashing

---
 ext/sodium/libsodium.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ext/sodium/libsodium.c b/ext/sodium/libsodium.c
index 2a3c8eb2a6e..e0b5b91127a 100644
--- a/ext/sodium/libsodium.c
+++ b/ext/sodium/libsodium.c
@@ -852,6 +852,7 @@ PHP_FUNCTION(sodium_crypto_generichash_update)
 	memcpy(&state_tmp, state, sizeof state_tmp);
 	if (crypto_generichash_update((void *) &state_tmp, msg,
 								  (unsigned long long) msg_len) != 0) {
+		sodium_memzero(&state_tmp, sizeof state_tmp);
 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
 		return;
 	}
@@ -896,10 +897,12 @@ PHP_FUNCTION(sodium_crypto_generichash_final)
 	if (crypto_generichash_final((void *) &state_tmp,
 								 (unsigned char *) ZSTR_VAL(hash),
 								 (size_t) hash_len) != 0) {
+		sodium_memzero(&state_tmp, sizeof state_tmp);
 		zend_string_free(hash);
 		zend_throw_exception(sodium_exception_ce, "internal error", 0);
 		return;
 	}
+	sodium_memzero(&state_tmp, sizeof state_tmp);
 	sodium_memzero(state, state_len);
 	convert_to_null(state_zv);
 	ZSTR_VAL(hash)[hash_len] = 0;
@@ -2640,6 +2643,7 @@ PHP_FUNCTION(sodium_crypto_kx_client_session_keys)
 	crypto_generichash_update(&h, client_pk, crypto_kx_PUBLICKEYBYTES);
 	crypto_generichash_update(&h, server_pk, crypto_kx_PUBLICKEYBYTES);
 	crypto_generichash_final(&h, session_keys, 2 * crypto_kx_SESSIONKEYBYTES);
+	sodium_memzero(&h, sizeof h);
 	array_init(return_value);
 	add_next_index_stringl(return_value,
 						   (const char *) session_keys,
@@ -2688,6 +2692,7 @@ PHP_FUNCTION(sodium_crypto_kx_server_session_keys)
 	crypto_generichash_update(&h, client_pk, crypto_kx_PUBLICKEYBYTES);
 	crypto_generichash_update(&h, server_pk, crypto_kx_PUBLICKEYBYTES);
 	crypto_generichash_final(&h, session_keys, 2 * crypto_kx_SESSIONKEYBYTES);
+	sodium_memzero(&h, sizeof h);
 	array_init(return_value);
 	add_next_index_stringl(return_value,
 						   (const char *) session_keys + crypto_kx_SESSIONKEYBYTES,