From d04756d51c18c1f4e6cb884843d680c8cfd5f143 Mon Sep 17 00:00:00 2001
From: Luke Taylor <tekul.hs@gmail.com>
Date: Mon, 13 Jun 2016 20:58:35 +0100
Subject: [PATCH] Fix buffer length in scrypt

The temporary XY buffer passed to the scrypt_smix C function should be
256r+64 bytes in length, but the Haskell code was only allocating 256r
bytes, causing the additional 64 to be written past the end of the
buffer.

See #91.
---
 Crypto/KDF/Scrypt.hs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Crypto/KDF/Scrypt.hs b/Crypto/KDF/Scrypt.hs
index a7e3496..7eec1d6 100644
--- a/Crypto/KDF/Scrypt.hs
+++ b/Crypto/KDF/Scrypt.hs
@@ -53,7 +53,7 @@ generate params password salt
         let b = PBKDF2.generate prf (PBKDF2.Parameters 1 intLen) password salt :: B.Bytes
         newSalt <- B.copy b $ \bPtr ->
             allocaBytesAligned (128*(fromIntegral $ n params)*(r params)) 8 $ \v ->
-            allocaBytesAligned (256*r params) 8 $ \xy -> do
+            allocaBytesAligned (256*r params + 64) 8 $ \xy -> do
                 forM_ [0..(p params-1)] $ \i ->
                     ccryptonite_scrypt_smix (bPtr `plusPtr` (i * 128 * (r params)))
                                             (fromIntegral $ r params) (n params) v xy