illumos-gate Cdiff usr/src/lib/pkcs11/pkcs11

Print this page

9642 PKCS#11 softtoken should use explicit_bzero
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Alex Wilson <alex.wilson@joyent.com>


*** 478,493 ****
          int i;
  
          if (key->ck_format == CRYPTO_KEY_ATTR_LIST &&
              (key->ck_count > 0) && key->ck_attrs != NULL) {
                  for (i = 0; i < key->ck_count; i++) {
!                         if (key->ck_attrs[i].oa_value != NULL) {
!                                 bzero(key->ck_attrs[i].oa_value,
                                      key->ck_attrs[i].oa_value_len);
-                                 free(key->ck_attrs[i].oa_value);
                          }
-                 }
                  free(key->ck_attrs);
          }
  }
  
  
--- 478,490 ----
          int i;
  
          if (key->ck_format == CRYPTO_KEY_ATTR_LIST &&
              (key->ck_count > 0) && key->ck_attrs != NULL) {
                  for (i = 0; i < key->ck_count; i++) {
!                         freezero(key->ck_attrs[i].oa_value,
                              key->ck_attrs[i].oa_value_len);
                  }
                  free(key->ck_attrs);
          }
  }