The 'out' buffer will hold a key derived from master
password, so it is best practice to clear this buffer
when no longer required.
Signed-off-by: Daniel P. Berrange <berra...@redhat.com>
---
crypto/pbkdf.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/crypto/pbkdf.c b/crypto/pbkdf.c
index 695cc35..35dccc2 100644
--- a/crypto/pbkdf.c
+++ b/crypto/pbkdf.c
@@ -67,13 +67,14 @@ int qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
const uint8_t *salt, size_t nsalt,
Error **errp)
{
+ int ret = -1;
uint8_t out[32];
long long int iterations = (1 << 15);
unsigned long long delta_ms, start_ms, end_ms;
while (1) {
if (qcrypto_pbkdf2_get_thread_cpu(&start_ms, errp) < 0) {
- return -1;
+ goto cleanup;
}
if (qcrypto_pbkdf2(hash,
key, nkey,
@@ -81,10 +82,10 @@ int qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
iterations,
out, sizeof(out),
errp) < 0) {
- return -1;
+ goto cleanup;
}
if (qcrypto_pbkdf2_get_thread_cpu(&end_ms, errp) < 0) {
- return -1;
+ goto cleanup;
}
delta_ms = end_ms - start_ms;
@@ -103,8 +104,12 @@ int qcrypto_pbkdf2_count_iters(QCryptoHashAlgorithm hash,
if (iterations > INT32_MAX) {
error_setg(errp, "Iterations %lld too large for a 32-bit int",
iterations);
- return -1;
+ goto cleanup;
}
- return iterations;
+ ret = iterations;
+
+ cleanup:
+ memset(out, 0, sizeof(out));
+ return ret;
}
--
2.7.4
