From e90429dbb8d291ffebb8f8525e8abce87a30a35e Mon Sep 17 00:00:00 2001
From: Josh Holtrop <josh@wolfssl.com>
Date: Sun, 18 Jan 2026 22:20:14 -0500
Subject: [PATCH] HMAC-BLAKE2: avoid clang-analyzer warnings about x_key being
 uninitialized

---
 wolfcrypt/src/blake2b.c | 12 ++++++++----
 wolfcrypt/src/blake2s.c | 12 ++++++++----
 2 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/wolfcrypt/src/blake2b.c b/wolfcrypt/src/blake2b.c
index db1a96842..7aab2e40f 100644
--- a/wolfcrypt/src/blake2b.c
+++ b/wolfcrypt/src/blake2b.c
@@ -537,8 +537,10 @@ int wc_Blake2bHmacInit(Blake2b* b2b, const byte* key, size_t key_len)
         XMEMSET(x_key + key_len, 0, BLAKE2B_BLOCKBYTES - key_len);
     }
 
-    for (i = 0; i < BLAKE2B_BLOCKBYTES; ++i)
-        x_key[i] ^= 0x36U;
+    if (ret == 0) {
+        for (i = 0; i < BLAKE2B_BLOCKBYTES; ++i)
+            x_key[i] ^= 0x36U;
+    }
 
     if (ret == 0)
         ret = wc_InitBlake2b(b2b, BLAKE2B_OUTBYTES);
@@ -582,8 +584,10 @@ int wc_Blake2bHmacFinal(Blake2b* b2b, const byte* key, size_t key_len,
         XMEMSET(x_key + key_len, 0, BLAKE2B_BLOCKBYTES - key_len);
     }
 
-    for (i = 0; i < BLAKE2B_BLOCKBYTES; ++i)
-        x_key[i] ^= 0x5CU;
+    if (ret == 0) {
+        for (i = 0; i < BLAKE2B_BLOCKBYTES; ++i)
+            x_key[i] ^= 0x5CU;
+    }
 
     if (ret == 0)
         ret = wc_Blake2bFinal(b2b, out, 0);
diff --git a/wolfcrypt/src/blake2s.c b/wolfcrypt/src/blake2s.c
index d71f9c9ac..6f5d1d2e9 100644
--- a/wolfcrypt/src/blake2s.c
+++ b/wolfcrypt/src/blake2s.c
@@ -531,8 +531,10 @@ int wc_Blake2sHmacInit(Blake2s* b2s, const byte* key, size_t key_len)
         XMEMSET(x_key + key_len, 0, BLAKE2S_BLOCKBYTES - key_len);
     }
 
-    for (i = 0; i < BLAKE2S_BLOCKBYTES; ++i)
-        x_key[i] ^= 0x36U;
+    if (ret == 0) {
+        for (i = 0; i < BLAKE2S_BLOCKBYTES; ++i)
+            x_key[i] ^= 0x36U;
+    }
 
     if (ret == 0)
         ret = wc_InitBlake2s(b2s, BLAKE2S_OUTBYTES);
@@ -576,8 +578,10 @@ int wc_Blake2sHmacFinal(Blake2s* b2s, const byte* key, size_t key_len,
         XMEMSET(x_key + key_len, 0, BLAKE2S_BLOCKBYTES - key_len);
     }
 
-    for (i = 0; i < BLAKE2S_BLOCKBYTES; ++i)
-        x_key[i] ^= 0x5CU;
+    if (ret == 0) {
+        for (i = 0; i < BLAKE2S_BLOCKBYTES; ++i)
+            x_key[i] ^= 0x5CU;
+    }
 
     if (ret == 0)
         ret = wc_Blake2sFinal(b2s, out, 0);