diff mbox

[v2,3/7] crypto: clear out buffer after timing pbkdf algorithm

Message ID 1473689623-28870-4-git-send-email-berrange@redhat.com
State New
Headers show

Commit Message

Daniel P. Berrangé Sept. 12, 2016, 2:13 p.m. UTC 
The 'out' buffer will hold a key derived from master
password, so it is best practice to clear this buffer
when no longer required.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
 crypto/pbkdf.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

Comments

Eric Blake Sept. 12, 2016, 3:39 p.m. UTC | #1 
On 09/12/2016 09:13 AM, Daniel P. Berrange wrote:
> The 'out' buffer will hold a key derived from master
> password, so it is best practice to clear this buffer
> when no longer required.

Still might be worth an explicit mention that we are currently not going
to worry about even tougher protections against copies stored in swap.

> 
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> ---
>  crypto/pbkdf.c | 13 +++++++++----
>  1 file changed, 9 insertions(+), 4 deletions(-)
> 

Reviewed-by: Eric Blake <eblake@redhat.com>
diff mbox

Patch

diff --git a/crypto/pbkdf.c b/crypto/pbkdf.c
index 929458b..e391505 100644
--- a/crypto/pbkdf.c
+++ b/crypto/pbkdf.c
@@ -67,13 +67,14 @@  uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
                                     const uint8_t *salt, size_t nsalt,
                                     Error **errp)
 {
+    uint64_t ret = -1;
     uint8_t out[32];
     uint64_t iterations = (1 << 15);
     unsigned long long delta_ms, start_ms, end_ms;
 
     while (1) {
         if (qcrypto_pbkdf2_get_thread_cpu(&start_ms, errp) < 0) {
-            return -1;
+            goto cleanup;
         }
         if (qcrypto_pbkdf2(hash,
                            key, nkey,
@@ -81,10 +82,10 @@  uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
                            iterations,
                            out, sizeof(out),
                            errp) < 0) {
-            return -1;
+            goto cleanup;
         }
         if (qcrypto_pbkdf2_get_thread_cpu(&end_ms, errp) < 0) {
-            return -1;
+            goto cleanup;
         }
 
         delta_ms = end_ms - start_ms;
@@ -100,5 +101,9 @@  uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
 
     iterations = iterations * 1000 / delta_ms;
 
-    return iterations;
+    ret = iterations;
+
+ cleanup:
+    memset(out, 0, sizeof(out));
+    return ret;
 }