Print this page
9642 PKCS#11 softtoken should use explicit_bzero
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Alex Wilson <alex.wilson@joyent.com>

Split Close
Expand all
Collapse all
          --- old/usr/src/lib/pkcs11/pkcs11_softtoken/common/softEncryptUtil.c
          +++ new/usr/src/lib/pkcs11/pkcs11_softtoken/common/softEncryptUtil.c
↓ open down ↓ 14 lines elided ↑ open up ↑
  15   15   * If applicable, add the following below this CDDL HEADER, with the
  16   16   * fields enclosed by brackets "[]" replaced with your own identifying
  17   17   * information: Portions Copyright [yyyy] [name of copyright owner]
  18   18   *
  19   19   * CDDL HEADER END
  20   20   */
  21   21  
  22   22  /*
  23   23   * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
  24   24   * Copyright 2015 Nexenta Systems, Inc.  All rights reserved.
       25 + * Copyright (c) 2018, Joyent, Inc.
  25   26   */
  26   27  
  27   28  #include <pthread.h>
  28   29  #include <stdlib.h>
  29   30  #include <string.h>
  30   31  #include <strings.h>
  31   32  #include <sys/types.h>
  32   33  #include <security/cryptoki.h>
  33   34  #include <modes/modes.h>
  34   35  #include <arcfour.h>
↓ open down ↓ 133 lines elided ↑ open up ↑
 168  169                  /* Copy Initialization Vector (IV) into the context. */
 169  170                  (void) memcpy(soft_des_ctx->ivec, pMechanism->pParameter,
 170  171                      DES_BLOCK_LEN);
 171  172  
 172  173                  /* Allocate a context for DES cipher-block chaining. */
 173  174                  soft_des_ctx->des_cbc = (void *)des_cbc_ctx_init(
 174  175                      soft_des_ctx->key_sched, soft_des_ctx->keysched_len,
 175  176                      soft_des_ctx->ivec, key_p->key_type);
 176  177  
 177  178                  if (soft_des_ctx->des_cbc == NULL) {
 178      -                        bzero(soft_des_ctx->key_sched,
      179 +                        freezero(soft_des_ctx->key_sched,
 179  180                              soft_des_ctx->keysched_len);
 180      -                        free(soft_des_ctx->key_sched);
 181      -                        free(session_p->encrypt.context);
      181 +                        freezero(session_p->encrypt.context,
      182 +                            sizeof (soft_des_ctx_t));
 182  183                          session_p->encrypt.context = NULL;
 183  184                          rv = CKR_HOST_MEMORY;
 184  185                  }
 185  186  
 186  187                  (void) pthread_mutex_unlock(&session_p->session_mutex);
 187  188  
 188  189                  return (rv);
 189  190          }
 190  191          case CKM_AES_ECB:
 191  192  
↓ open down ↓ 40 lines elided ↑ open up ↑
 232  233                          (void) memcpy(soft_aes_ctx->ivec,
 233  234                              pMechanism->pParameter,
 234  235                              AES_BLOCK_LEN);
 235  236                          /* Allocate a context for AES cipher-block chaining. */
 236  237                          soft_aes_ctx->aes_cbc = (void *)aes_cbc_ctx_init(
 237  238                              soft_aes_ctx->key_sched,
 238  239                              soft_aes_ctx->keysched_len,
 239  240                              soft_aes_ctx->ivec);
 240  241                  }
 241  242                  if (soft_aes_ctx->aes_cbc == NULL) {
 242      -                        bzero(soft_aes_ctx->key_sched,
      243 +                        freezero(soft_aes_ctx->key_sched,
 243  244                              soft_aes_ctx->keysched_len);
 244      -                        free(soft_aes_ctx->key_sched);
 245      -                        free(session_p->encrypt.context);
      245 +                        freezero(session_p->encrypt.context,
      246 +                            sizeof (soft_aes_ctx_t));
 246  247                          session_p->encrypt.context = NULL;
 247  248                          rv = CKR_HOST_MEMORY;
 248  249                  }
 249  250  
 250  251                  (void) pthread_mutex_unlock(&session_p->session_mutex);
 251  252  
 252  253                  return (rv);
 253  254          }
 254  255          case CKM_AES_CTR:
 255  256          {
↓ open down ↓ 15 lines elided ↑ open up ↑
 271  272                          return (rv);
 272  273  
 273  274                  (void) pthread_mutex_lock(&session_p->session_mutex);
 274  275  
 275  276                  soft_aes_ctx = (soft_aes_ctx_t *)session_p->encrypt.context;
 276  277                  soft_aes_ctx->aes_cbc = aes_ctr_ctx_init(
 277  278                      soft_aes_ctx->key_sched, soft_aes_ctx->keysched_len,
 278  279                      pMechanism->pParameter);
 279  280  
 280  281                  if (soft_aes_ctx->aes_cbc == NULL) {
 281      -                        bzero(soft_aes_ctx->key_sched,
      282 +                        freezero(soft_aes_ctx->key_sched,
 282  283                              soft_aes_ctx->keysched_len);
 283      -                        free(soft_aes_ctx->key_sched);
 284      -                        free(session_p->encrypt.context);
      284 +                        freezero(session_p->encrypt.context,
      285 +                            sizeof (soft_aes_ctx_t));
 285  286                          session_p->encrypt.context = NULL;
 286  287                          rv = CKR_HOST_MEMORY;
 287  288                  }
 288  289  
 289  290                  (void) pthread_mutex_unlock(&session_p->session_mutex);
 290  291  
 291  292                  return (rv);
 292  293          }
 293  294          case CKM_RC4:
 294  295  
↓ open down ↓ 39 lines elided ↑ open up ↑
 334  335                  (void) memcpy(soft_blowfish_ctx->ivec, pMechanism->pParameter,
 335  336                      BLOWFISH_BLOCK_LEN);
 336  337  
 337  338                  /* Allocate a context for Blowfish cipher-block chaining */
 338  339                  soft_blowfish_ctx->blowfish_cbc =
 339  340                      (void *)blowfish_cbc_ctx_init(soft_blowfish_ctx->key_sched,
 340  341                      soft_blowfish_ctx->keysched_len,
 341  342                      soft_blowfish_ctx->ivec);
 342  343  
 343  344                  if (soft_blowfish_ctx->blowfish_cbc == NULL) {
 344      -                        bzero(soft_blowfish_ctx->key_sched,
      345 +                        freezero(soft_blowfish_ctx->key_sched,
 345  346                              soft_blowfish_ctx->keysched_len);
 346      -                        free(soft_blowfish_ctx->key_sched);
 347      -                        free(session_p->encrypt.context);
      347 +                        freezero(session_p->encrypt.context,
      348 +                            sizeof (soft_blowfish_ctx_t));
 348  349                          session_p->encrypt.context = NULL;
 349  350                          rv = CKR_HOST_MEMORY;
 350  351                  }
 351  352  
 352  353                  (void) pthread_mutex_unlock(&session_p->session_mutex);
 353  354  
 354  355                  return (rv);
 355  356          }
 356  357          default:
 357  358                  return (CKR_MECHANISM_INVALID);
↓ open down ↓ 263 lines elided ↑ open up ↑
 621  622  
 622  623                          if (rc == 0) {
 623  624                                  *pulLastEncryptedPartLen = out_len;
 624  625                          } else {
 625  626                                  *pulLastEncryptedPartLen = 0;
 626  627                                  rv = CKR_FUNCTION_FAILED;
 627  628                          }
 628  629  
 629  630                          /* Cleanup memory space. */
 630  631                          free(soft_des_ctx->des_cbc);
 631      -                        bzero(soft_des_ctx->key_sched,
      632 +                        freezero(soft_des_ctx->key_sched,
 632  633                              soft_des_ctx->keysched_len);
 633      -                        free(soft_des_ctx->key_sched);
 634  634                  }
 635  635  
 636  636                  break;
 637  637          }
 638  638          case CKM_DES_CBC:
 639  639          case CKM_DES_ECB:
 640  640          case CKM_DES3_CBC:
 641  641          case CKM_DES3_ECB:
 642  642          {
 643  643  
↓ open down ↓ 8 lines elided ↑ open up ↑
 652  652                  *pulLastEncryptedPartLen = 0;
 653  653                  if (soft_des_ctx->remain_len != 0) {
 654  654                          rv = CKR_DATA_LEN_RANGE;
 655  655                  } else {
 656  656                          if (pLastEncryptedPart == NULL)
 657  657                                  goto clean1;
 658  658                  }
 659  659  
 660  660                  /* Cleanup memory space. */
 661  661                  free(soft_des_ctx->des_cbc);
 662      -                bzero(soft_des_ctx->key_sched, soft_des_ctx->keysched_len);
 663      -                free(soft_des_ctx->key_sched);
      662 +                freezero(soft_des_ctx->key_sched,
      663 +                    soft_des_ctx->keysched_len);
 664  664  
 665  665                  break;
 666  666          }
 667  667          case CKM_AES_CBC_PAD:
 668  668          {
 669  669                  soft_aes_ctx_t *soft_aes_ctx;
 670  670  
 671  671                  soft_aes_ctx = (soft_aes_ctx_t *)session_p->encrypt.context;
 672  672                  /*
 673  673                   * For CKM_AES_CBC_PAD, compute output length with
↓ open down ↓ 42 lines elided ↑ open up ↑
 716  716  
 717  717                          if (rc == 0) {
 718  718                                  *pulLastEncryptedPartLen = out_len;
 719  719                          } else {
 720  720                                  *pulLastEncryptedPartLen = 0;
 721  721                                  rv = CKR_FUNCTION_FAILED;
 722  722                          }
 723  723  
 724  724                          /* Cleanup memory space. */
 725  725                          free(soft_aes_ctx->aes_cbc);
 726      -                        bzero(soft_aes_ctx->key_sched,
      726 +                        freezero(soft_aes_ctx->key_sched,
 727  727                              soft_aes_ctx->keysched_len);
 728      -                        free(soft_aes_ctx->key_sched);
 729  728                  }
 730  729  
 731  730                  break;
 732  731          }
 733  732          case CKM_AES_CMAC:
 734  733          {
 735  734                  soft_aes_ctx_t *soft_aes_ctx;
 736  735                  soft_aes_ctx = (soft_aes_ctx_t *)session_p->encrypt.context;
 737  736  
 738  737                  if (pLastEncryptedPart == NULL) {
↓ open down ↓ 17 lines elided ↑ open up ↑
 756  755  
 757  756                          if (rc == 0) {
 758  757                                  *pulLastEncryptedPartLen = AES_BLOCK_LEN;
 759  758                          } else {
 760  759                                  *pulLastEncryptedPartLen = 0;
 761  760                                  rv = CKR_FUNCTION_FAILED;
 762  761                          }
 763  762  
 764  763                          /* Cleanup memory space. */
 765  764                          free(soft_aes_ctx->aes_cbc);
 766      -                        bzero(soft_aes_ctx->key_sched,
      765 +                        freezero(soft_aes_ctx->key_sched,
 767  766                              soft_aes_ctx->keysched_len);
 768      -                        free(soft_aes_ctx->key_sched);
 769  767                  }
 770  768  
 771  769                  break;
 772  770          }
 773  771          case CKM_AES_CBC:
 774  772          case CKM_AES_ECB:
 775  773          {
 776  774                  soft_aes_ctx_t *soft_aes_ctx;
 777  775  
 778  776                  soft_aes_ctx = (soft_aes_ctx_t *)session_p->encrypt.context;
↓ open down ↓ 5 lines elided ↑ open up ↑
 784  782                  *pulLastEncryptedPartLen = 0;
 785  783                  if (soft_aes_ctx->remain_len != 0) {
 786  784                          rv = CKR_DATA_LEN_RANGE;
 787  785                  } else {
 788  786                          if (pLastEncryptedPart == NULL)
 789  787                                  goto clean1;
 790  788                  }
 791  789  
 792  790                  /* Cleanup memory space. */
 793  791                  free(soft_aes_ctx->aes_cbc);
 794      -                bzero(soft_aes_ctx->key_sched, soft_aes_ctx->keysched_len);
 795      -                free(soft_aes_ctx->key_sched);
      792 +                freezero(soft_aes_ctx->key_sched,
      793 +                    soft_aes_ctx->keysched_len);
 796  794  
 797  795                  break;
 798  796          }
 799  797          case CKM_AES_CTR:
 800  798          {
 801  799                  crypto_data_t out;
 802  800                  soft_aes_ctx_t *soft_aes_ctx;
 803  801                  ctr_ctx_t *ctr_ctx;
 804  802                  size_t len;
 805  803  
↓ open down ↓ 14 lines elided ↑ open up ↑
 820  818  
 821  819                          rv = ctr_mode_final(ctr_ctx, &out, aes_encrypt_block);
 822  820                  }
 823  821                  if (rv == CRYPTO_BUFFER_TOO_SMALL) {
 824  822                          *pulLastEncryptedPartLen = len;
 825  823                          goto clean1;
 826  824                  }
 827  825  
 828  826                  /* Cleanup memory space. */
 829  827                  free(ctr_ctx);
 830      -                bzero(soft_aes_ctx->key_sched, soft_aes_ctx->keysched_len);
 831      -                free(soft_aes_ctx->key_sched);
      828 +                freezero(soft_aes_ctx->key_sched,
      829 +                    soft_aes_ctx->keysched_len);
 832  830  
 833  831                  break;
 834  832          }
 835  833          case CKM_BLOWFISH_CBC:
 836  834          {
 837  835                  soft_blowfish_ctx_t *soft_blowfish_ctx;
 838  836  
 839  837                  soft_blowfish_ctx =
 840  838                      (soft_blowfish_ctx_t *)session_p->encrypt.context;
 841  839                  /*
↓ open down ↓ 3 lines elided ↑ open up ↑
 845  843                   */
 846  844                  *pulLastEncryptedPartLen = 0;
 847  845                  if (soft_blowfish_ctx->remain_len != 0)
 848  846                          rv = CKR_DATA_LEN_RANGE;
 849  847                  else {
 850  848                          if (pLastEncryptedPart == NULL)
 851  849                                  goto clean1;
 852  850                  }
 853  851  
 854  852                  free(soft_blowfish_ctx->blowfish_cbc);
 855      -                bzero(soft_blowfish_ctx->key_sched,
      853 +                freezero(soft_blowfish_ctx->key_sched,
 856  854                      soft_blowfish_ctx->keysched_len);
 857      -                free(soft_blowfish_ctx->key_sched);
 858  855                  break;
 859  856          }
 860  857  
 861  858          case CKM_RC4:
 862  859          {
 863  860                  ARCFour_key *key = (ARCFour_key *)session_p->encrypt.context;
 864  861                  /* Remaining data size is always zero for RC4. */
 865  862                  *pulLastEncryptedPartLen = 0;
 866  863                  if (pLastEncryptedPart == NULL)
 867  864                          goto clean1;
 868      -                bzero(key, sizeof (*key));
      865 +                explicit_bzero(key, sizeof (*key));
 869  866                  break;
 870  867          }
 871  868          default:
 872  869                  /* PKCS11: The mechanism only supports single-part operation. */
 873  870                  rv = CKR_MECHANISM_INVALID;
 874  871                  break;
 875  872          }
 876  873  
 877  874          free(session_p->encrypt.context);
 878  875          session_p->encrypt.context = NULL;
↓ open down ↓ 35 lines elided ↑ open up ↑
 914  911          case CKM_DES3_ECB:
 915  912          {
 916  913  
 917  914                  soft_des_ctx_t *soft_des_ctx =
 918  915                      (soft_des_ctx_t *)active_op->context;
 919  916                  des_ctx_t *des_ctx;
 920  917  
 921  918                  if (soft_des_ctx != NULL) {
 922  919                          des_ctx = (des_ctx_t *)soft_des_ctx->des_cbc;
 923  920                          if (des_ctx != NULL) {
 924      -                                bzero(des_ctx->dc_keysched,
      921 +                                explicit_bzero(des_ctx->dc_keysched,
 925  922                                      des_ctx->dc_keysched_len);
 926  923                                  free(soft_des_ctx->des_cbc);
 927  924                          }
 928      -                        bzero(soft_des_ctx->key_sched,
      925 +                        freezero(soft_des_ctx->key_sched,
 929  926                              soft_des_ctx->keysched_len);
 930      -                        free(soft_des_ctx->key_sched);
 931  927                  }
 932  928                  break;
 933  929          }
 934  930  
 935  931          case CKM_AES_CBC_PAD:
 936  932          case CKM_AES_CBC:
 937  933          case CKM_AES_CMAC:
 938  934          case CKM_AES_ECB:
 939  935          {
 940  936                  soft_aes_ctx_t *soft_aes_ctx =
 941  937                      (soft_aes_ctx_t *)active_op->context;
 942  938                  aes_ctx_t *aes_ctx;
 943  939  
 944  940                  if (soft_aes_ctx != NULL) {
 945  941                          aes_ctx = (aes_ctx_t *)soft_aes_ctx->aes_cbc;
 946  942                          if (aes_ctx != NULL) {
 947      -                                bzero(aes_ctx->ac_keysched,
      943 +                                explicit_bzero(aes_ctx->ac_keysched,
 948  944                                      aes_ctx->ac_keysched_len);
 949  945                                  free(soft_aes_ctx->aes_cbc);
 950  946                          }
 951      -                        bzero(soft_aes_ctx->key_sched,
      947 +                        freezero(soft_aes_ctx->key_sched,
 952  948                              soft_aes_ctx->keysched_len);
 953      -                        free(soft_aes_ctx->key_sched);
 954  949                  }
 955  950                  break;
 956  951          }
 957  952  
 958  953          case CKM_BLOWFISH_CBC:
 959  954          {
 960  955                  soft_blowfish_ctx_t *soft_blowfish_ctx =
 961  956                      (soft_blowfish_ctx_t *)active_op->context;
 962  957                  blowfish_ctx_t *blowfish_ctx;
 963  958  
 964  959                  if (soft_blowfish_ctx != NULL) {
 965  960                          blowfish_ctx =
 966  961                              (blowfish_ctx_t *)soft_blowfish_ctx->blowfish_cbc;
 967  962                          if (blowfish_ctx != NULL) {
 968      -                                bzero(blowfish_ctx->bc_keysched,
      963 +                                explicit_bzero(blowfish_ctx->bc_keysched,
 969  964                                      blowfish_ctx->bc_keysched_len);
 970  965                                  free(soft_blowfish_ctx->blowfish_cbc);
 971  966                          }
 972  967  
 973      -                        bzero(soft_blowfish_ctx->key_sched,
      968 +                        freezero(soft_blowfish_ctx->key_sched,
 974  969                              soft_blowfish_ctx->keysched_len);
 975      -                        free(soft_blowfish_ctx->key_sched);
 976  970                  }
 977  971                  break;
 978  972          }
 979  973  
 980  974          case CKM_RC4:
 981  975          {
 982  976                  ARCFour_key *key = (ARCFour_key *)active_op->context;
 983  977  
 984  978                  if (key != NULL)
 985      -                        bzero(key, sizeof (*key));
      979 +                        explicit_bzero(key, sizeof (*key));
 986  980                  break;
 987  981          }
 988  982  
 989  983          case CKM_RSA_X_509:
 990  984          case CKM_RSA_PKCS:
 991  985          {
 992  986                  soft_rsa_ctx_t *rsa_ctx =
 993  987                      (soft_rsa_ctx_t *)active_op->context;
 994  988  
 995  989                  if (rsa_ctx != NULL)
↓ open down ↓ 20 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX