Closed libitx closed 1 year ago
Inputs must be read-only. If they're mutated, it's a bug.
Just double checked - version 1.3.0
- definitely the Blake3Opts.key
gets mutated as described. Also checked Blake3Opts.context
which does not get mutated.
I see what's going on. In the destroy()
method this.IV
gets filled with zeros. In the constructor key
should be copied to prevent it being zeroed out.
https://github.com/paulmillr/noble-hashes/blob/main/src/blake3.ts#L59-L75
Eg line 62: const key = toBytes(opts.key).slice()
I can do a PR if that would be helpful?
Yes please.
If you could do a quick check of other places where toBytes is used, that would be very helpful.
Unsure if this is intended - feels like a bug. When using blake3 in keyed hash mode, the key uint8array is blanked out. Eg:
I currently work round this by copying the key each time I use it: