Browse Source

overwrite the key in failure modes in case the caller doesn't check.

ok deraadt
OPENBSD_6_7
tedu 5 years ago
parent
commit
030f5c6e7b
2 changed files with 17 additions and 7 deletions
  1. +8
    -3
      src/lib/libutil/bcrypt_pbkdf.c
  2. +9
    -4
      src/lib/libutil/pkcs5_pbkdf2.c

+ 8
- 3
src/lib/libutil/bcrypt_pbkdf.c View File

@ -1,4 +1,4 @@
/* $OpenBSD: bcrypt_pbkdf.c,v 1.13 2015/01/12 03:20:04 tedu Exp $ */
/* $OpenBSD: bcrypt_pbkdf.c,v 1.14 2019/11/21 16:07:24 tedu Exp $ */
/* /*
* Copyright (c) 2013 Ted Unangst <tedu@openbsd.org> * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
* *
@ -110,10 +110,10 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, size_t saltl
/* nothing crazy */ /* nothing crazy */
if (rounds < 1) if (rounds < 1)
return -1;
goto bad;
if (passlen == 0 || saltlen == 0 || keylen == 0 || if (passlen == 0 || saltlen == 0 || keylen == 0 ||
keylen > sizeof(out) * sizeof(out)) keylen > sizeof(out) * sizeof(out))
return -1;
goto bad;
stride = (keylen + sizeof(out) - 1) / sizeof(out); stride = (keylen + sizeof(out) - 1) / sizeof(out);
amt = (keylen + stride - 1) / stride; amt = (keylen + stride - 1) / stride;
@ -166,4 +166,9 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, size_t saltl
explicit_bzero(out, sizeof(out)); explicit_bzero(out, sizeof(out));
return 0; return 0;
bad:
/* overwrite with random in case caller doesn't check return code */
arc4random_buf(key, keylen);
return -1;
} }

+ 9
- 4
src/lib/libutil/pkcs5_pbkdf2.c View File

@ -1,4 +1,4 @@
/* $OpenBSD: pkcs5_pbkdf2.c,v 1.10 2017/04/18 04:06:21 deraadt Exp $ */
/* $OpenBSD: pkcs5_pbkdf2.c,v 1.11 2019/11/21 16:07:24 tedu Exp $ */
/*- /*-
* Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr> * Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
@ -84,11 +84,11 @@ pkcs5_pbkdf2(const char *pass, size_t pass_len, const uint8_t *salt,
size_t r; size_t r;
if (rounds < 1 || key_len == 0) if (rounds < 1 || key_len == 0)
return -1;
goto bad;
if (salt_len == 0 || salt_len > SIZE_MAX - 4) if (salt_len == 0 || salt_len > SIZE_MAX - 4)
return -1;
goto bad;
if ((asalt = malloc(salt_len + 4)) == NULL) if ((asalt = malloc(salt_len + 4)) == NULL)
return -1;
goto bad;
memcpy(asalt, salt, salt_len); memcpy(asalt, salt, salt_len);
@ -118,4 +118,9 @@ pkcs5_pbkdf2(const char *pass, size_t pass_len, const uint8_t *salt,
explicit_bzero(obuf, sizeof(obuf)); explicit_bzero(obuf, sizeof(obuf));
return 0; return 0;
bad:
/* overwrite with random in case caller doesn't check return code */
arc4random_buf(key, key_len);
return -1;
} }

Loading…
Cancel
Save