sha256 key data is not zeroed

Michael W. Bombardieri Mon, 08 May 2017 10:24:06 -0700

Hi,

I was reading over bf_key_init() in Vim's blowfish.c.


* sha256_key() finalises the "input" key to be used by blowfish
* sha256_key() is simply a wrapper for sha256_bytes()
* sha256_bytes() has a static buffer (hexit), which is the hex string
  of the key it generates
* sha256_bytes() returns a pointer to hexit; after bf_key_init() uses
  this data it is persisted in memory
* buffer hexit is local to sha256_bytes() so the only way to clear it
  is to call the function again (without restructuring the code)
* sha256_bytes() also doesn't zero the binary value of the key (sha256sum)
  or the sha256 context (ctx).

This patch adds a new function, sha256_poison(), to reset the variables
in sha256_bytes(). bf_key_init() uses this this after it finishes
building the blowfish key context.
While here, zero ctx & sha256sum in sha256_bytes().

- Michael


diff --git a/src/blowfish.c b/src/blowfish.c
index eaf0b9e..e145708 100644
--- a/src/blowfish.c
+++ b/src/blowfish.c
@@ -464,6 +464,8 @@ bf_key_init(
            bfs->sbx[i][j + 1] = data_r;
        }
     }
+
+    sha256_poison();
 }
 
 /*
diff --git a/src/sha256.c b/src/sha256.c
index 3bb7791..6bc8ab7 100644
--- a/src/sha256.c
+++ b/src/sha256.c
@@ -293,6 +293,10 @@ sha256_bytes(
     for (j = 0; j < 32; j++)
        sprintf((char *)hexit + j * 2, "%02x", sha256sum[j]);
     hexit[sizeof(hexit) - 1] = '\0';
+
+    vim_memset(sha256sum, 0, sizeof(sha256sum));
+    vim_memset(&ctx, 0, sizeof(ctx));
+
     return hexit;
 }
 
@@ -312,6 +316,13 @@ sha256_key(
     return sha256_bytes(buf, (int)STRLEN(buf), salt, salt_len);
 }
 
+void
+sha256_poison(void)
+{
+    char_u *buf = "...";
+    (void) sha256_bytes(buf, (int)STRLEN(buf), NULL, 0);
+}
+
 /*
  * These are the standard FIPS-180-2 test vectors
  */

-- 
-- 
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php

--- 
You received this message because you are subscribed to the Google Groups 
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

sha256 key data is not zeroed

Raspunde prin e-mail lui