illumos-gate Sdiff usr/src/lib/pkcs11/pkcs11

Print this page

9642 PKCS#11 softtoken should use explicit_bzero
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Alex Wilson <alex.wilson@joyent.com>

 463         (void) pthread_mutex_unlock(&object_p->object_mutex);
 464         return (CKR_OK);
 465 
 466 mem_failure:
 467         (void) pthread_mutex_unlock(&object_p->object_mutex);
 468         free_key_attributes(key);
 469         return (CKR_HOST_MEMORY);
 470 }
 471 
 472 /*
 473  * Free attribute storage in a crypto_key structure.
 474  */
 475 void
 476 free_key_attributes(crypto_key_t *key)
 477 {
 478         int i;
 479 
 480         if (key->ck_format == CRYPTO_KEY_ATTR_LIST &&
 481             (key->ck_count > 0) && key->ck_attrs != NULL) {
 482                 for (i = 0; i < key->ck_count; i++) {
 483                         if (key->ck_attrs[i].oa_value != NULL) {
 484                                 bzero(key->ck_attrs[i].oa_value,
 485                                     key->ck_attrs[i].oa_value_len);
 486                                 free(key->ck_attrs[i].oa_value);
 487                         }
 488                 }
 489                 free(key->ck_attrs);
 490         }
 491 }
 492 
 493 
 494 /*
 495  * Convert a DSA private key object into a crypto_key structure.
 496  * Memory is allocated for each attribute stored in the crypto_key
 497  * structure.  Memory for the crypto_key structure is not
 498  * allocated.  Attributes can be freed by free_dsa_key_attributes().
 499  */
 500 CK_RV
 501 get_dsa_private_key(kernel_object_t *object_p, crypto_key_t *key)
 502 {
 503         biginteger_t *big;
 504         crypto_object_attribute_t *attrs, *cur_attr;
 505         char *ptr;
 506 
 507         (void) pthread_mutex_lock(&object_p->object_mutex);
 508         if (object_p->key_type != CKK_DSA ||

 463         (void) pthread_mutex_unlock(&object_p->object_mutex);
 464         return (CKR_OK);
 465 
 466 mem_failure:
 467         (void) pthread_mutex_unlock(&object_p->object_mutex);
 468         free_key_attributes(key);
 469         return (CKR_HOST_MEMORY);
 470 }
 471 
 472 /*
 473  * Free attribute storage in a crypto_key structure.
 474  */
 475 void
 476 free_key_attributes(crypto_key_t *key)
 477 {
 478         int i;
 479 
 480         if (key->ck_format == CRYPTO_KEY_ATTR_LIST &&
 481             (key->ck_count > 0) && key->ck_attrs != NULL) {
 482                 for (i = 0; i < key->ck_count; i++) {
 483                         freezero(key->ck_attrs[i].oa_value,

 484                             key->ck_attrs[i].oa_value_len);

 485                 }

 486                 free(key->ck_attrs);
 487         }
 488 }
 489 
 490 
 491 /*
 492  * Convert a DSA private key object into a crypto_key structure.
 493  * Memory is allocated for each attribute stored in the crypto_key
 494  * structure.  Memory for the crypto_key structure is not
 495  * allocated.  Attributes can be freed by free_dsa_key_attributes().
 496  */
 497 CK_RV
 498 get_dsa_private_key(kernel_object_t *object_p, crypto_key_t *key)
 499 {
 500         biginteger_t *big;
 501         crypto_object_attribute_t *attrs, *cur_attr;
 502         char *ptr;
 503 
 504         (void) pthread_mutex_lock(&object_p->object_mutex);
 505         if (object_p->key_type != CKK_DSA ||