1 files changed, 14 insertions, 4 deletions

diff --git a/src/libsodium/crypto_sign/ed25519/ref10/sign.c b/src/libsodium/crypto_sign/ed25519/ref10/sign.c
index 88f4710..1ee5d6c 100644
--- a/src/libsodium/crypto_sign/ed25519/ref10/sign.c
+++ b/src/libsodium/crypto_sign/ed25519/ref10/sign.c
@@ -5,6 +5,7 @@
 #include "crypto_hash_sha512.h"
 #include "ge.h"
 #include "sc.h"
+#include "utils.h"
 
 int
 crypto_sign_detached(unsigned char *sig, unsigned long long *siglen,
@@ -44,6 +45,9 @@ crypto_sign_detached(unsigned char *sig, unsigned long long *siglen,
     sc_reduce(hram);
     sc_muladd(sig + 32, hram, az, nonce);
 
+    sodium_memzero(az, sizeof az);
+    sodium_memzero(nonce, sizeof nonce);
+
     if (siglen != NULL) {
         *siglen = 64U;
     }
@@ -57,13 +61,19 @@ crypto_sign(unsigned char *sm, unsigned long long *smlen,
 {
     unsigned long long siglen;
 
-    if (crypto_sign_detached(sm, &siglen, m, mlen, sk) != 0 ||
-        siglen > crypto_sign_ed25519_BYTES) {
-        *smlen = 0;
+    memmove(sm + crypto_sign_ed25519_BYTES, m, mlen);
+/* LCOV_EXCL_START */
+    if (crypto_sign_detached(sm, &siglen, sm + crypto_sign_ed25519_BYTES,
+                             mlen, sk) != 0 ||
+        siglen != crypto_sign_ed25519_BYTES) {
+        if (smlen != NULL) {
+            *smlen = 0;
+        }
         memset(sm, 0, mlen + crypto_sign_ed25519_BYTES);
         return -1;
     }
-    memmove(sm + siglen, m, mlen);
+/* LCOV_EXCL_STOP */
+
     if (smlen != NULL) {
         *smlen = mlen + siglen;
     }