summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTed Unangst <tedu@cvs.openbsd.org>2019-11-21 16:07:25 +0000
committerTed Unangst <tedu@cvs.openbsd.org>2019-11-21 16:07:25 +0000
commit878c93744bd71b55e2fed1a51fa2de0963aae96d (patch)
tree9e2ffd410fc2de4f191ca2864fccdd1e2ee463b6
parent20c38d44ee9038537b8cafb249d329aac36ac2b7 (diff)
overwrite the key in failure modes in case the caller doesn't check.
ok deraadt
-rw-r--r--lib/libutil/bcrypt_pbkdf.c11
-rw-r--r--lib/libutil/pkcs5_pbkdf2.c13
2 files changed, 17 insertions, 7 deletions
diff --git a/lib/libutil/bcrypt_pbkdf.c b/lib/libutil/bcrypt_pbkdf.c
index cde347c3d38..21722f56f56 100644
--- a/lib/libutil/bcrypt_pbkdf.c
+++ b/lib/libutil/bcrypt_pbkdf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bcrypt_pbkdf.c,v 1.13 2015/01/12 03:20:04 tedu Exp $ */
+/* $OpenBSD: bcrypt_pbkdf.c,v 1.14 2019/11/21 16:07:24 tedu Exp $ */
/*
* Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
*
@@ -110,10 +110,10 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, size_t saltl
/* nothing crazy */
if (rounds < 1)
- return -1;
+ goto bad;
if (passlen == 0 || saltlen == 0 || keylen == 0 ||
keylen > sizeof(out) * sizeof(out))
- return -1;
+ goto bad;
stride = (keylen + sizeof(out) - 1) / sizeof(out);
amt = (keylen + stride - 1) / stride;
@@ -166,4 +166,9 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, size_t saltl
explicit_bzero(out, sizeof(out));
return 0;
+
+bad:
+ /* overwrite with random in case caller doesn't check return code */
+ arc4random_buf(key, keylen);
+ return -1;
}
diff --git a/lib/libutil/pkcs5_pbkdf2.c b/lib/libutil/pkcs5_pbkdf2.c
index 83d31a4487e..7da657e7496 100644
--- a/lib/libutil/pkcs5_pbkdf2.c
+++ b/lib/libutil/pkcs5_pbkdf2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pkcs5_pbkdf2.c,v 1.10 2017/04/18 04:06:21 deraadt Exp $ */
+/* $OpenBSD: pkcs5_pbkdf2.c,v 1.11 2019/11/21 16:07:24 tedu Exp $ */
/*-
* Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr>
@@ -84,11 +84,11 @@ pkcs5_pbkdf2(const char *pass, size_t pass_len, const uint8_t *salt,
size_t r;
if (rounds < 1 || key_len == 0)
- return -1;
+ goto bad;
if (salt_len == 0 || salt_len > SIZE_MAX - 4)
- return -1;
+ goto bad;
if ((asalt = malloc(salt_len + 4)) == NULL)
- return -1;
+ goto bad;
memcpy(asalt, salt, salt_len);
@@ -118,4 +118,9 @@ pkcs5_pbkdf2(const char *pass, size_t pass_len, const uint8_t *salt,
explicit_bzero(obuf, sizeof(obuf));
return 0;
+
+bad:
+ /* overwrite with random in case caller doesn't check return code */
+ arc4random_buf(key, key_len);
+ return -1;
}