Print this page
9642 PKCS#11 softtoken should use explicit_bzero
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Alex Wilson <alex.wilson@joyent.com>

@@ -19,10 +19,11 @@
  * CDDL HEADER END
  */
 /*
  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
+ * Copyright (c) 2018, Joyent, Inc.
  */
 
 #include <strings.h>
 #include <md5.h>
 #include <pthread.h>

@@ -300,11 +301,11 @@
                 break;
         }
 
         /* Paranoia on behalf of C_DigestKey callers: bzero the context */
         if (session_p->digest.flags & CRYPTO_KEY_DIGESTED) {
-                bzero(session_p->digest.context, len);
+                explicit_bzero(session_p->digest.context, len);
                 session_p->digest.flags &= ~CRYPTO_KEY_DIGESTED;
         }
         *pulDigestLen = digestLen;
         (void) pthread_mutex_lock(&session_p->session_mutex);
         free(session_p->digest.context);