illumos-gate Udiff usr/src/lib/pkcs11/pkcs11_kernel/common/kernelObjectUtil.c

Print this page

9642 PKCS#11 softtoken should use explicit_bzero
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Alex Wilson <alex.wilson@joyent.com>

@@ -19,10 +19,11 @@
  * CDDL HEADER END
  */
 /*
  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
+ * Copyright (c) 2018, Joyent, Inc.
  */
 
 #include <stdio.h>
 #include <stdlib.h>
 #include <strings.h>

@@ -75,12 +76,11 @@
         /*
          * Free the storage allocated to a secret key object.
          */
         if (objp->class == CKO_SECRET_KEY) {
                 if (OBJ_SEC(objp) != NULL && OBJ_SEC_VALUE(objp) != NULL) {
-                        bzero(OBJ_SEC_VALUE(objp), OBJ_SEC_VALUE_LEN(objp));
-                        free(OBJ_SEC_VALUE(objp));
+                        freezero(OBJ_SEC_VALUE(objp), OBJ_SEC_VALUE_LEN(objp));
                         OBJ_SEC_VALUE(objp) = NULL;
                         OBJ_SEC_VALUE_LEN(objp) = 0;
                 }
                 free(OBJ_SEC(objp));
                 OBJ_SEC(objp) = NULL;