mirror of
https://github.com/jedisct1/libsodium.git
synced 2024-12-24 12:36:01 -07:00
pwhash: fill output buffer with junk prior to running the actual KDF
These functions are a little bit special, because unlike everything else, they do dynamic memory allocations, and are more likely to fail. Applications are expected to check the return code, and these functions are tagged with ((warn_unused_result)) but applications may still ignore these. This is also an issue with JavaScript, when total memory hasn't been properly configured. To be safe, fill the buffer with non-deterministic bytes, that are unlikely to ever verify later.
This commit is contained in:
parent
b166dbfb2b
commit
ebcc2a6636
@ -17,6 +17,7 @@
|
|||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
|
#include "randombytes.h"
|
||||||
#include "utils.h"
|
#include "utils.h"
|
||||||
|
|
||||||
#include "argon2-core.h"
|
#include "argon2-core.h"
|
||||||
@ -93,6 +94,10 @@ argon2_hash(const uint32_t t_cost, const uint32_t m_cost,
|
|||||||
int result;
|
int result;
|
||||||
uint8_t *out;
|
uint8_t *out;
|
||||||
|
|
||||||
|
if (hash != NULL) {
|
||||||
|
randombytes_buf(hash, hashlen);
|
||||||
|
}
|
||||||
|
|
||||||
if (pwdlen > ARGON2_MAX_PWD_LENGTH) {
|
if (pwdlen > ARGON2_MAX_PWD_LENGTH) {
|
||||||
return ARGON2_PWD_TOO_LONG;
|
return ARGON2_PWD_TOO_LONG;
|
||||||
}
|
}
|
||||||
|
@ -24,6 +24,7 @@
|
|||||||
#include "crypto_pwhash_scryptsalsa208sha256.h"
|
#include "crypto_pwhash_scryptsalsa208sha256.h"
|
||||||
#include "crypto_scrypt.h"
|
#include "crypto_scrypt.h"
|
||||||
#include "private/common.h"
|
#include "private/common.h"
|
||||||
|
#include "randombytes.h"
|
||||||
#include "runtime.h"
|
#include "runtime.h"
|
||||||
#include "utils.h"
|
#include "utils.h"
|
||||||
|
|
||||||
@ -150,6 +151,10 @@ escrypt_r(escrypt_local_t *local, const uint8_t *passwd, size_t passwdlen,
|
|||||||
uint32_t r;
|
uint32_t r;
|
||||||
uint32_t p;
|
uint32_t p;
|
||||||
|
|
||||||
|
if (buf != NULL) {
|
||||||
|
randombytes_buf(buf, buflen);
|
||||||
|
}
|
||||||
|
|
||||||
src = escrypt_parse_setting(setting, &N_log2, &r, &p);
|
src = escrypt_parse_setting(setting, &N_log2, &r, &p);
|
||||||
if (!src) {
|
if (!src) {
|
||||||
return NULL;
|
return NULL;
|
||||||
|
Loading…
Reference in New Issue
Block a user