1 files changed, 8 insertions, 5 deletions

diff --git a/third_party/nix/src/libstore/crypto.cc b/third_party/nix/src/libstore/crypto.cc
index bec0b08c67..2a03f825a7 100644
--- a/third_party/nix/src/libstore/crypto.cc
+++ b/third_party/nix/src/libstore/crypto.cc
@@ -54,10 +54,11 @@ SecretKey::SecretKey(const std::string& s) : Key(s) {
 std::string SecretKey::signDetached(const std::string& data) const {
 #if HAVE_SODIUM
   unsigned char sig[crypto_sign_BYTES];
-  unsigned long long sigLen;
+  unsigned long long sigLen = 0;
   crypto_sign_detached(sig, &sigLen, (unsigned char*)data.data(), data.size(),
                        (unsigned char*)key.data());
-  return name + ":" + absl::Base64Escape(std::string((char*)sig, sigLen));
+  return name + ":" +
+         absl::Base64Escape(std::string(reinterpret_cast<char*>(sig), sigLen));
 #else
   noSodium();
 #endif
@@ -67,7 +68,8 @@ PublicKey SecretKey::toPublicKey() const {
 #if HAVE_SODIUM
   unsigned char pk[crypto_sign_PUBLICKEYBYTES];
   crypto_sign_ed25519_sk_to_pk(pk, (unsigned char*)key.data());
-  return PublicKey(name, std::string((char*)pk, crypto_sign_PUBLICKEYBYTES));
+  return PublicKey(name, std::string(reinterpret_cast<char*>(pk),
+                                     crypto_sign_PUBLICKEYBYTES));
 #else
   noSodium();
 #endif
@@ -101,8 +103,9 @@ bool verifyDetached(const std::string& data, const std::string& sig,
   }
 
   return crypto_sign_verify_detached(
-             (unsigned char*)sig2.data(), (unsigned char*)data.data(),
-             data.size(), (unsigned char*)key->second.key.data()) == 0;
+             reinterpret_cast<unsigned char*>(sig2.data()),
+             (unsigned char*)data.data(), data.size(),
+             (unsigned char*)key->second.key.data()) == 0;
 #else
   noSodium();
 #endif