Print this page
9642 PKCS#11 softtoken should use explicit_bzero
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Alex Wilson <alex.wilson@joyent.com>

*** 19,28 **** --- 19,29 ---- * CDDL HEADER END */ /* * Copyright 2008 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. + * Copyright (c) 2018, Joyent, Inc. */ #include <pthread.h> #include <stdlib.h> #include <string.h>
*** 295,313 **** } cleanup: (void) pthread_mutex_lock(&session_p->session_mutex); blowfish_ctx = (blowfish_ctx_t *)soft_blowfish_ctx->blowfish_cbc; ! if (blowfish_ctx != NULL) { ! bzero(blowfish_ctx->bc_keysched, ! blowfish_ctx->bc_keysched_len); ! free(soft_blowfish_ctx->blowfish_cbc); ! } ! ! bzero(soft_blowfish_ctx->key_sched, soft_blowfish_ctx->keysched_len); ! free(soft_blowfish_ctx->key_sched); ! free(session_p->encrypt.context); session_p->encrypt.context = NULL; (void) pthread_mutex_unlock(&session_p->session_mutex); return (rv); } --- 296,310 ---- } cleanup: (void) pthread_mutex_lock(&session_p->session_mutex); blowfish_ctx = (blowfish_ctx_t *)soft_blowfish_ctx->blowfish_cbc; ! freezero(blowfish_ctx, sizeof (cbc_ctx_t)); ! freezero(soft_blowfish_ctx->key_sched, ! soft_blowfish_ctx->keysched_len); ! freezero(session_p->encrypt.context, ! sizeof (soft_blowfish_ctx_t)); session_p->encrypt.context = NULL; (void) pthread_mutex_unlock(&session_p->session_mutex); return (rv); }
*** 463,481 **** } cleanup: (void) pthread_mutex_lock(&session_p->session_mutex); blowfish_ctx = (blowfish_ctx_t *)soft_blowfish_ctx->blowfish_cbc; ! if (blowfish_ctx != NULL) { ! bzero(blowfish_ctx->bc_keysched, ! blowfish_ctx->bc_keysched_len); ! free(soft_blowfish_ctx->blowfish_cbc); ! } ! ! bzero(soft_blowfish_ctx->key_sched, soft_blowfish_ctx->keysched_len); ! free(soft_blowfish_ctx->key_sched); ! free(session_p->decrypt.context); session_p->decrypt.context = NULL; (void) pthread_mutex_unlock(&session_p->session_mutex); return (rv); } --- 460,474 ---- } cleanup: (void) pthread_mutex_lock(&session_p->session_mutex); blowfish_ctx = (blowfish_ctx_t *)soft_blowfish_ctx->blowfish_cbc; ! free(blowfish_ctx); ! freezero(soft_blowfish_ctx->key_sched, ! soft_blowfish_ctx->keysched_len); ! freezero(session_p->decrypt.context, ! sizeof (soft_blowfish_ctx_t)); session_p->decrypt.context = NULL; (void) pthread_mutex_unlock(&session_p->session_mutex); return (rv); }