From 2947ea863d58d9bea2ed44104fc6f857d23819eb Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Fri, 15 Aug 2014 11:57:50 -0700
Subject: [PATCH] Clear the seed in crypto_sign_keypair() - Reported by the
 Stanford SCS group.

---
 src/libsodium/crypto_sign/ed25519/ref10/keypair.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/libsodium/crypto_sign/ed25519/ref10/keypair.c b/src/libsodium/crypto_sign/ed25519/ref10/keypair.c
index a83095b1..920cf0f0 100644
--- a/src/libsodium/crypto_sign/ed25519/ref10/keypair.c
+++ b/src/libsodium/crypto_sign/ed25519/ref10/keypair.c
@@ -30,9 +30,13 @@ int crypto_sign_seed_keypair(unsigned char *pk, unsigned char *sk,
 int crypto_sign_keypair(unsigned char *pk, unsigned char *sk)
 {
     unsigned char seed[32];
+    int           ret;
 
-    randombytes(seed,32);
-    return crypto_sign_seed_keypair(pk,sk,seed);
+    randombytes(seed, sizeof seed);
+    ret = crypto_sign_seed_keypair(pk, sk, seed);
+    sodium_memzero(seed, sizeof seed);
+
+    return ret;
 }
 
 int crypto_sign_ed25519_pk_to_curve25519(unsigned char *curve25519_pk,