Print this page
9642 PKCS#11 softtoken should use explicit_bzero
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Alex Wilson <alex.wilson@joyent.com>

@@ -20,10 +20,11 @@
  */
 /*
  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  * Copyright 2012 Milan Jurik. All rights reserved.
+ * Copyright (c) 2018, Joyent, Inc.
  */
 
 #include <string.h>
 #include <stdlib.h>
 #include <strings.h>

@@ -524,11 +525,12 @@
                  * Zero-out any attribute values. We could do this just for
                  * attributes with isSensitive == True, but it's not much
                  * extra work to just do them all. [Most attributes are just
                  * 1 or 4 bytes]
                  */
-                bzero(attr->attribute.pValue, attr->attribute.ulValueLen);
+                explicit_bzero(attr->attribute.pValue,
+                    attr->attribute.ulValueLen);
 
                 if (attr->isMalloced)
                         free(attr->attribute.pValue);
         }
 

@@ -562,17 +564,19 @@
         /* Store the new value. */
         if (attr->attribute.ulValueLen >= new_attr->ulValueLen) {
                 /* Existing storage is sufficient to store new value. */
 
                 /* bzero() out any data that won't be overwritten. */
-                bzero((char *)attr->attribute.pValue + new_attr->ulValueLen,
+                explicit_bzero((char *)attr->attribute.pValue +
+                    new_attr->ulValueLen,
                     attr->attribute.ulValueLen - new_attr->ulValueLen);
 
         } else if (new_attr->ulValueLen <= sizeof (attr->generic_data)) {
                 /* Use generic storage to avoid a malloc. */
 
-                bzero(attr->attribute.pValue, attr->attribute.ulValueLen);
+                explicit_bzero(attr->attribute.pValue,
+                    attr->attribute.ulValueLen);
                 if (attr->isMalloced) {
                         /*
                          * If app sets a large value (triggering a malloc),
                          * then sets a tiny value, and finally again sets
                          * a large value (phew!) we could end up here.