mii/qemu
1
0
Fork 0
mirror of https://github.com/mii443/qemu.git synced 2025-12-03 19:18:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

crypto: clear out buffer after timing pbkdf algorithm

Browse Source 
The 'out' buffer will hold a key derived from master
password, so it is best practice to clear this buffer
when no longer required.

At this time, the code isn't worrying about locking
buffers into RAM to prevent swapping sensitive data
to disk.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrange
2016-09-07 12:38:07 +01:00
parent 3bd18890ca
commit 8813800b7d
1 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
crypto/pbkdf.c
View File

@@ -67,13 +67,14 @@ uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
const uint8_t *salt, size_t nsalt,
Error **errp)
{
uint64_t ret = -1;
uint8_t out[32];
uint64_t iterations = (1 << 15);
unsigned long long delta_ms, start_ms, end_ms;
while (1) {
if (qcrypto_pbkdf2_get_thread_cpu(&start_ms, errp) < 0) {
return -1;
goto cleanup;
}
if (qcrypto_pbkdf2(hash,
key, nkey,
@@ -81,10 +82,10 @@ uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
iterations,
out, sizeof(out),
errp) < 0) {
return -1;
goto cleanup;
}
if (qcrypto_pbkdf2_get_thread_cpu(&end_ms, errp) < 0) {
return -1;
goto cleanup;
}
delta_ms = end_ms - start_ms;
@@ -100,5 +101,9 @@ uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
iterations = iterations * 1000 / delta_ms;
return iterations;
ret = iterations;
cleanup:
memset(out, 0, sizeof(out));
return ret;
}