From 7d4cfbf7af3287b8094b26bc07a17cd9c7b44be9 Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Tue, 8 Mar 2016 13:55:04 +0100
Subject: [PATCH] pwhash_argon2i_str(): zero the output buffer even on error
 path

---
 src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c b/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c
index 919055c5..73bf71d7 100644
--- a/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c
+++ b/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c
@@ -105,6 +105,7 @@ crypto_pwhash_argon2i_str(char out[crypto_pwhash_argon2i_STRBYTES],
 {
     unsigned char salt[crypto_pwhash_argon2i_SALTBYTES];
 
+    memset(out, 0, crypto_pwhash_argon2i_STRBYTES);
     memlimit /= 1024U;
     if (passwdlen > ARGON2_MAX_PWD_LENGTH ||
         opslimit > ARGON2_MAX_TIME || memlimit > ARGON2_MAX_MEMORY) {
@@ -117,7 +118,6 @@ crypto_pwhash_argon2i_str(char out[crypto_pwhash_argon2i_STRBYTES],
         return -1;
     }
     randombytes_buf(salt, sizeof salt);
-    memset(out, 0, crypto_pwhash_argon2i_STRBYTES);
     if (argon2i_hash_encoded((uint32_t) opslimit, (uint32_t) memlimit,
                              (uint32_t) 1U, passwd, (size_t) passwdlen,
                              salt, sizeof salt, STR_HASHBYTES,