cheng/libsodium
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

pwhash_argon2i_str(): zero the output buffer even on error path

Browse Source
This commit is contained in:
Frank Denis 2016-03-08 13:55:04 +01:00
parent 3853d5a824
commit 7d4cfbf7af
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c
View File

@ -105,6 +105,7 @@ crypto_pwhash_argon2i_str(char out[crypto_pwhash_argon2i_STRBYTES],
{
unsigned char salt[crypto_pwhash_argon2i_SALTBYTES];
memset(out, 0, crypto_pwhash_argon2i_STRBYTES);
memlimit /= 1024U;
if (passwdlen > ARGON2_MAX_PWD_LENGTH ||
opslimit > ARGON2_MAX_TIME || memlimit > ARGON2_MAX_MEMORY) {
@ -117,7 +118,6 @@ crypto_pwhash_argon2i_str(char out[crypto_pwhash_argon2i_STRBYTES],
return -1;
}
randombytes_buf(salt, sizeof salt);
memset(out, 0, crypto_pwhash_argon2i_STRBYTES);
if (argon2i_hash_encoded((uint32_t) opslimit, (uint32_t) memlimit,
(uint32_t) 1U, passwd, (size_t) passwdlen,
salt, sizeof salt, STR_HASHBYTES,