diff options
author | Ted Unangst <tedu@cvs.openbsd.org> | 2019-11-21 16:07:25 +0000 |
---|---|---|
committer | Ted Unangst <tedu@cvs.openbsd.org> | 2019-11-21 16:07:25 +0000 |
commit | 878c93744bd71b55e2fed1a51fa2de0963aae96d (patch) | |
tree | 9e2ffd410fc2de4f191ca2864fccdd1e2ee463b6 | |
parent | 20c38d44ee9038537b8cafb249d329aac36ac2b7 (diff) |
overwrite the key in failure modes in case the caller doesn't check.
ok deraadt
-rw-r--r-- | lib/libutil/bcrypt_pbkdf.c | 11 | ||||
-rw-r--r-- | lib/libutil/pkcs5_pbkdf2.c | 13 |
2 files changed, 17 insertions, 7 deletions
diff --git a/lib/libutil/bcrypt_pbkdf.c b/lib/libutil/bcrypt_pbkdf.c index cde347c3d38..21722f56f56 100644 --- a/lib/libutil/bcrypt_pbkdf.c +++ b/lib/libutil/bcrypt_pbkdf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bcrypt_pbkdf.c,v 1.13 2015/01/12 03:20:04 tedu Exp $ */ +/* $OpenBSD: bcrypt_pbkdf.c,v 1.14 2019/11/21 16:07:24 tedu Exp $ */ /* * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org> * @@ -110,10 +110,10 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, size_t saltl /* nothing crazy */ if (rounds < 1) - return -1; + goto bad; if (passlen == 0 || saltlen == 0 || keylen == 0 || keylen > sizeof(out) * sizeof(out)) - return -1; + goto bad; stride = (keylen + sizeof(out) - 1) / sizeof(out); amt = (keylen + stride - 1) / stride; @@ -166,4 +166,9 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, size_t saltl explicit_bzero(out, sizeof(out)); return 0; + +bad: + /* overwrite with random in case caller doesn't check return code */ + arc4random_buf(key, keylen); + return -1; } diff --git a/lib/libutil/pkcs5_pbkdf2.c b/lib/libutil/pkcs5_pbkdf2.c index 83d31a4487e..7da657e7496 100644 --- a/lib/libutil/pkcs5_pbkdf2.c +++ b/lib/libutil/pkcs5_pbkdf2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pkcs5_pbkdf2.c,v 1.10 2017/04/18 04:06:21 deraadt Exp $ */ +/* $OpenBSD: pkcs5_pbkdf2.c,v 1.11 2019/11/21 16:07:24 tedu Exp $ */ /*- * Copyright (c) 2008 Damien Bergamini <damien.bergamini@free.fr> @@ -84,11 +84,11 @@ pkcs5_pbkdf2(const char *pass, size_t pass_len, const uint8_t *salt, size_t r; if (rounds < 1 || key_len == 0) - return -1; + goto bad; if (salt_len == 0 || salt_len > SIZE_MAX - 4) - return -1; + goto bad; if ((asalt = malloc(salt_len + 4)) == NULL) - return -1; + goto bad; memcpy(asalt, salt, salt_len); @@ -118,4 +118,9 @@ pkcs5_pbkdf2(const char *pass, size_t pass_len, const uint8_t *salt, explicit_bzero(obuf, sizeof(obuf)); return 0; + +bad: + /* overwrite with random in case caller doesn't check return code */ + arc4random_buf(key, key_len); + return -1; } |