From d1a1afb6e9b8e21482f2b6d533f38b6ab72a03d2 Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Wed, 7 May 2014 00:12:10 -0700
Subject: [PATCH] zeroing the on-stack output in escrypt_r() doesn't hurt.

---
 .../scryptxsalsa208sha256/crypto_scrypt-common.c              | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/libsodium/crypto_pwhash/scryptxsalsa208sha256/crypto_scrypt-common.c b/src/libsodium/crypto_pwhash/scryptxsalsa208sha256/crypto_scrypt-common.c
index b8f6afda..0df27f03 100644
--- a/src/libsodium/crypto_pwhash/scryptxsalsa208sha256/crypto_scrypt-common.c
+++ b/src/libsodium/crypto_pwhash/scryptxsalsa208sha256/crypto_scrypt-common.c
@@ -24,6 +24,7 @@
 #include "crypto_pwhash_scryptxsalsa208sha256.h"
 #include "crypto_scrypt.h"
 #include "runtime.h"
+#include "utils.h"
 
 #define BYTES2CHARS(bytes) \
         ((((bytes) * 8) + 5) / 6)
@@ -170,8 +171,7 @@ escrypt_r(escrypt_local_t * local, const uint8_t * passwd, size_t passwdlen,
     *dst++ = '$';
 
     dst = encode64(dst, buflen - (dst - buf), hash, sizeof(hash));
-    /* Could zeroize hash[] here, but escrypt_kdf() doesn't zeroize its
-     * memory allocations yet anyway. */
+    sodium_memzero(hash, sizeof hash);
     if (!dst || dst >= buf + buflen) { /* Can't happen */
         return NULL;
     }