diff --git a/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c b/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c index bdc99cbe..d93ff38e 100644 --- a/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c +++ b/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c @@ -130,6 +130,7 @@ crypto_pwhash_argon2i(unsigned char * const out, unsigned long long opslimit, size_t memlimit, int alg) { + memset(out, 0, outlen); if (alg != crypto_pwhash_argon2i_ALG_ARGON2I13) { return -1; } diff --git a/test/default/pwhash.c b/test/default/pwhash.c index e50e90dc..25842c0c 100644 --- a/test/default/pwhash.c +++ b/test/default/pwhash.c @@ -166,9 +166,9 @@ static void tv2(void) salt, 2, 1ULL << 12, crypto_pwhash_alg_default()) != -1) { printf("[tv2] pwhash should have failed (3)\n"); } - if (crypto_pwhash(out, 0x100000000ULL, "password", strlen("password"), + if (crypto_pwhash(out, 15, "password", strlen("password"), salt, 3, 1ULL << 12, crypto_pwhash_alg_default()) != -1) { - printf("[tv2] pwhash with a long output length should have failed\n"); + printf("[tv2] pwhash with a short output length should have failed\n"); } if (crypto_pwhash(out, sizeof out, "password", 0x100000000ULL, salt, 3, 1ULL << 12, crypto_pwhash_alg_default()) != -1) {