illumos-gate Udiff usr/src/lib/pkcs11/pkcs11

Print this page

9642 PKCS#11 softtoken should use explicit_bzero
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Alex Wilson <alex.wilson@joyent.com>

@@ -19,10 +19,11 @@
  * CDDL HEADER END
  */
 /*
  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
+ * Copyright 2018, Joyent, Inc.
  */
 
 #include <fcntl.h>
 #include <strings.h>
 #include <sys/stat.h>

@@ -923,12 +924,11 @@
         }
 
         if (new_tmpl_allocated)
                 free(new_tmpl);
 
-        if (export_keys != NULL)
-                free(export_keys);
+        freezero(export_keys, 2 * MD5_HASH_SIZE);
 
         return (rv);
 
 out_err:
         if (kmo->hClientMacSecret != CK_INVALID_HANDLE) {

@@ -953,12 +953,11 @@
         }
 
         if (new_tmpl_allocated)
                 free(new_tmpl);
 
-        if (export_keys != NULL)
-                free(export_keys);
+        freezero(export_keys, 2 * MD5_HASH_SIZE);
 
         return (rv);
 }
 
 /*