Argon2: fix buffer overflow

diff --git a/src/monocypher.c b/src/monocypher.c
index cac46fbbe78b46b8bcb0dc47da53674788976e92..11b817e973bd27edc328d6d2a9ac9c6cc1369065 100644 (file)
--- a/src/monocypher.c
+++ b/src/monocypher.c
@@ -831,7 +831,7 @@ void crypto_argon2(u8 *hash, void *work_area, const u8 *password,
                                        u32 window_size  = nb_segments * segment_size + block - 1;
 
                                        // Generate offset from pseudo-random seed
-                                       u64 seed  = index_block.a[block];
+                                       u64 seed  = index_block.a[block % 128];
                                        u64 j1    = seed & 0xffffffff; // block selector
                                        u64 j2    = seed >> 32;        // lane selector
                                        u64 x     = (j1 * j1)         >> 32;
@@ -862,6 +862,7 @@ void crypto_argon2(u8 *hash, void *work_area, const u8 *password,
                        }
                }
        }
+
        // Wipe temporary block
        volatile u64* p = tmp.a;
        ZERO(p, 128);

diff --git a/tests/gen/argon2i.c b/tests/gen/argon2i.c
index 3bbee5f3fc64655fd57ab4173187326e5ffff1d5..fca623bc21bb3565df82f033660ff956fd8a2838 100644 (file)
--- a/tests/gen/argon2i.c
+++ b/tests/gen/argon2i.c
@@ -83,7 +83,7 @@ static void test(size_t nb_blocks, size_t hash_size, size_t nb_iterations)
 int main(void)
 {
        SODIUM_INIT;
-       FOR (nb_blocks    , 508, 516) { test(nb_blocks, 32       , 3            ); }
+       FOR (nb_blocks    , 508, 517) { test(nb_blocks, 32       , 3            ); }
        FOR (hash_size    ,  63,  65) { test(8        , hash_size, 3            ); }
        FOR (nb_iterations,   3,   6) { test(8        , 32       , nb_iterations); }
        return 0;