From d69a2342bccb98a3c28c0b7d5e4e6f3b8c789621 Mon Sep 17 00:00:00 2001
From: Steve Thomas <Sc00bz@users.noreply.github.com>
Date: Sat, 18 Jun 2022 13:32:35 -0500
Subject: [PATCH] Clear decrypted block from stack (#1190)

---
 src/libsodium/crypto_secretbox/crypto_secretbox_easy.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/libsodium/crypto_secretbox/crypto_secretbox_easy.c b/src/libsodium/crypto_secretbox/crypto_secretbox_easy.c
index 12132a2a..c991ac66 100644
--- a/src/libsodium/crypto_secretbox/crypto_secretbox_easy.c
+++ b/src/libsodium/crypto_secretbox/crypto_secretbox_easy.c
@@ -121,6 +121,7 @@ crypto_secretbox_open_detached(unsigned char *m, const unsigned char *c,
     for (i = 0U; i < mlen0; i++) {
         m[i] = block0[i + crypto_secretbox_ZEROBYTES];
     }
+    sodium_memzero(block0, sizeof block0);
     if (clen > mlen0) {
         crypto_stream_salsa20_xor_ic(m + mlen0, c + mlen0, clen - mlen0,
                                      n + 16, 1U, subkey);