cipher-kdf.c: balloon_close: missing factor in wipememory() call
Bert van der Weerd
bert at teamspicy.net
Fri Apr 17 00:14:59 CEST 2026
Hi all,
Okay, next issue, this one should be straightforward (one-liner):
A forgotten (... * b->blklen) factor in balloon_close causes
wipememory() to wipe only a tiny fraction of the balloon working memory
before freeing it.
--- - wipememory (b->block, parallelism * b->n_blocks); + wipememory
(b->block, parallelism * b->n_blocks * b->blklen); ---
The allocation is in: balloon_open (line 1145):
block = xtrycalloc (parallelism * b->n_blocks, b->blklen);
This block contains intermediate hash values of the key material, but
it's a wipe after the algo has run, so it's not critical, probably.
Thanks for your time, --Bert
-------------- next part --------------
A non-text attachment was scrubbed...
Name: balloon-close-wipememory.patch
Type: text/x-patch
Size: 351 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20260416/d0dd9a4a/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x1B93BFCB9DEDFAA0.asc
Type: application/pgp-keys
Size: 4703 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20260416/d0dd9a4a/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 849 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20260416/d0dd9a4a/attachment-0001.sig>
More information about the Gcrypt-devel
mailing list