From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:47975)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <berrange@redhat.com>) id 1bm0aD-0006Ra-A5
	for qemu-devel@nongnu.org; Mon, 19 Sep 2016 11:34:14 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <berrange@redhat.com>) id 1bm0a8-00073l-Ck
	for qemu-devel@nongnu.org; Mon, 19 Sep 2016 11:34:12 -0400
Received: from mx1.redhat.com ([209.132.183.28]:33178)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <berrange@redhat.com>) id 1bm0a8-00073O-6J
	for qemu-devel@nongnu.org; Mon, 19 Sep 2016 11:34:08 -0400
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Mon, 19 Sep 2016 16:33:52 +0100
Message-Id: <1474299237-1054-4-git-send-email-berrange@redhat.com>
In-Reply-To: <1474299237-1054-1-git-send-email-berrange@redhat.com>
References: <1474299237-1054-1-git-send-email-berrange@redhat.com>
Subject: [Qemu-devel] [PULL v2 3/8] crypto: clear out buffer after timing
 pbkdf algorithm
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: Peter Maydell <peter.maydell@linaro.org>, "Daniel P. Berrange" <berrange@redhat.com>

The 'out' buffer will hold a key derived from master
password, so it is best practice to clear this buffer
when no longer required.

At this time, the code isn't worrying about locking
buffers into RAM to prevent swapping sensitive data
to disk.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---
 crypto/pbkdf.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/crypto/pbkdf.c b/crypto/pbkdf.c
index 929458b..e391505 100644
--- a/crypto/pbkdf.c
+++ b/crypto/pbkdf.c
@@ -67,13 +67,14 @@ uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
                                     const uint8_t *salt, size_t nsalt,
                                     Error **errp)
 {
+    uint64_t ret = -1;
     uint8_t out[32];
     uint64_t iterations = (1 << 15);
     unsigned long long delta_ms, start_ms, end_ms;
 
     while (1) {
         if (qcrypto_pbkdf2_get_thread_cpu(&start_ms, errp) < 0) {
-            return -1;
+            goto cleanup;
         }
         if (qcrypto_pbkdf2(hash,
                            key, nkey,
@@ -81,10 +82,10 @@ uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
                            iterations,
                            out, sizeof(out),
                            errp) < 0) {
-            return -1;
+            goto cleanup;
         }
         if (qcrypto_pbkdf2_get_thread_cpu(&end_ms, errp) < 0) {
-            return -1;
+            goto cleanup;
         }
 
         delta_ms = end_ms - start_ms;
@@ -100,5 +101,9 @@ uint64_t qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
 
     iterations = iterations * 1000 / delta_ms;
 
-    return iterations;
+    ret = iterations;
+
+ cleanup:
+    memset(out, 0, sizeof(out));
+    return ret;
 }
-- 
2.7.4