Print this page
9642 PKCS#11 softtoken should use explicit_bzero
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Alex Wilson <alex.wilson@joyent.com>
@@ -20,10 +20,11 @@
*/
/*
* Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
* Copyright 2012 Milan Jurik. All rights reserved.
+ * Copyright (c) 2018, Joyent, Inc.
*/
#include <string.h>
#include <stdlib.h>
#include <strings.h>
@@ -524,11 +525,12 @@
* Zero-out any attribute values. We could do this just for
* attributes with isSensitive == True, but it's not much
* extra work to just do them all. [Most attributes are just
* 1 or 4 bytes]
*/
- bzero(attr->attribute.pValue, attr->attribute.ulValueLen);
+ explicit_bzero(attr->attribute.pValue,
+ attr->attribute.ulValueLen);
if (attr->isMalloced)
free(attr->attribute.pValue);
}
@@ -562,17 +564,19 @@
/* Store the new value. */
if (attr->attribute.ulValueLen >= new_attr->ulValueLen) {
/* Existing storage is sufficient to store new value. */
/* bzero() out any data that won't be overwritten. */
- bzero((char *)attr->attribute.pValue + new_attr->ulValueLen,
+ explicit_bzero((char *)attr->attribute.pValue +
+ new_attr->ulValueLen,
attr->attribute.ulValueLen - new_attr->ulValueLen);
} else if (new_attr->ulValueLen <= sizeof (attr->generic_data)) {
/* Use generic storage to avoid a malloc. */
- bzero(attr->attribute.pValue, attr->attribute.ulValueLen);
+ explicit_bzero(attr->attribute.pValue,
+ attr->attribute.ulValueLen);
if (attr->isMalloced) {
/*
* If app sets a large value (triggering a malloc),
* then sets a tiny value, and finally again sets
* a large value (phew!) we could end up here.