From e0150faf565bbc3f0a48baa94bd685f75dcc982b Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 19 Feb 2017 12:40:28 +0100 Subject: [PATCH] Always zero the argon2 output buffer prior to doing anything This is consistent with what we are doing with scrypt. On error/misuse, the buffer is zeroed; this may prevent bugs with reused/invalid buffers. --- src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c | 1 + test/default/pwhash.c | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c b/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c index bdc99cbe..d93ff38e 100644 --- a/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c +++ b/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c @@ -130,6 +130,7 @@ crypto_pwhash_argon2i(unsigned char * const out, unsigned long long opslimit, size_t memlimit, int alg) { + memset(out, 0, outlen); if (alg != crypto_pwhash_argon2i_ALG_ARGON2I13) { return -1; } diff --git a/test/default/pwhash.c b/test/default/pwhash.c index e50e90dc..25842c0c 100644 --- a/test/default/pwhash.c +++ b/test/default/pwhash.c @@ -166,9 +166,9 @@ static void tv2(void) salt, 2, 1ULL << 12, crypto_pwhash_alg_default()) != -1) { printf("[tv2] pwhash should have failed (3)\n"); } - if (crypto_pwhash(out, 0x100000000ULL, "password", strlen("password"), + if (crypto_pwhash(out, 15, "password", strlen("password"), salt, 3, 1ULL << 12, crypto_pwhash_alg_default()) != -1) { - printf("[tv2] pwhash with a long output length should have failed\n"); + printf("[tv2] pwhash with a short output length should have failed\n"); } if (crypto_pwhash(out, sizeof out, "password", 0x100000000ULL, salt, 3, 1ULL << 12, crypto_pwhash_alg_default()) != -1) {