Print this page
9642 PKCS#11 softtoken should use explicit_bzero
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Alex Wilson <alex.wilson@joyent.com>

Split Close
Expand all
Collapse all
          --- old/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDigestUtil.c
          +++ new/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDigestUtil.c
↓ open down ↓ 13 lines elided ↑ open up ↑
  14   14   * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15   15   * If applicable, add the following below this CDDL HEADER, with the
  16   16   * fields enclosed by brackets "[]" replaced with your own identifying
  17   17   * information: Portions Copyright [yyyy] [name of copyright owner]
  18   18   *
  19   19   * CDDL HEADER END
  20   20   */
  21   21  /*
  22   22   * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  23   23   * Use is subject to license terms.
       24 + * Copyright (c) 2018, Joyent, Inc.
  24   25   */
  25   26  
  26   27  #include <strings.h>
  27   28  #include <md5.h>
  28   29  #include <pthread.h>
  29   30  #include <stdlib.h>
  30   31  #include <sys/sha1.h>
  31   32  #include <sys/sha2.h>
  32   33  #include <sys/types.h>
  33   34  #include <security/cryptoki.h>
↓ open down ↓ 261 lines elided ↑ open up ↑
 295  296                          SHA2Final(pDigest,
 296  297                              (SHA2_CTX *)session_p->digest.context);
 297  298                          len = sizeof (SHA2_CTX);
 298  299                  }
 299  300  
 300  301                  break;
 301  302          }
 302  303  
 303  304          /* Paranoia on behalf of C_DigestKey callers: bzero the context */
 304  305          if (session_p->digest.flags & CRYPTO_KEY_DIGESTED) {
 305      -                bzero(session_p->digest.context, len);
      306 +                explicit_bzero(session_p->digest.context, len);
 306  307                  session_p->digest.flags &= ~CRYPTO_KEY_DIGESTED;
 307  308          }
 308  309          *pulDigestLen = digestLen;
 309  310          (void) pthread_mutex_lock(&session_p->session_mutex);
 310  311          free(session_p->digest.context);
 311  312          session_p->digest.context = NULL;
 312  313          (void) pthread_mutex_unlock(&session_p->session_mutex);
 313  314  
 314  315          return (CKR_OK);
 315  316  }
↓ open down ↓ 197 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX