illumos-gate Cdiff usr/src/lib/pkcs11/pkcs11_softtoken/common/softBlowfishCrypt.c

Print this page

9642 PKCS#11 softtoken should use explicit_bzero
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Alex Wilson <alex.wilson@joyent.com>


*** 19,28 ****
--- 19,29 ----
   * CDDL HEADER END
   */
  /*
   * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
   * Use is subject to license terms.
+  * Copyright (c) 2018, Joyent, Inc.
   */
  
  #include <pthread.h>
  #include <stdlib.h>
  #include <string.h>
*** 295,313 ****
          }
  
  cleanup:
          (void) pthread_mutex_lock(&session_p->session_mutex);
          blowfish_ctx = (blowfish_ctx_t *)soft_blowfish_ctx->blowfish_cbc;
!         if (blowfish_ctx != NULL) {
!                 bzero(blowfish_ctx->bc_keysched,
!                     blowfish_ctx->bc_keysched_len);
!                 free(soft_blowfish_ctx->blowfish_cbc);
!         }
! 
!         bzero(soft_blowfish_ctx->key_sched, soft_blowfish_ctx->keysched_len);
!         free(soft_blowfish_ctx->key_sched);
!         free(session_p->encrypt.context);
          session_p->encrypt.context = NULL;
          (void) pthread_mutex_unlock(&session_p->session_mutex);
  
          return (rv);
  }
--- 296,310 ----
          }
  
  cleanup:
          (void) pthread_mutex_lock(&session_p->session_mutex);
          blowfish_ctx = (blowfish_ctx_t *)soft_blowfish_ctx->blowfish_cbc;
!         freezero(blowfish_ctx, sizeof (cbc_ctx_t));
!         freezero(soft_blowfish_ctx->key_sched,
!             soft_blowfish_ctx->keysched_len);
!         freezero(session_p->encrypt.context,
!             sizeof (soft_blowfish_ctx_t));
          session_p->encrypt.context = NULL;
          (void) pthread_mutex_unlock(&session_p->session_mutex);
  
          return (rv);
  }
*** 463,481 ****
          }
  
  cleanup:
          (void) pthread_mutex_lock(&session_p->session_mutex);
          blowfish_ctx = (blowfish_ctx_t *)soft_blowfish_ctx->blowfish_cbc;
!         if (blowfish_ctx != NULL) {
!                 bzero(blowfish_ctx->bc_keysched,
!                     blowfish_ctx->bc_keysched_len);
!                 free(soft_blowfish_ctx->blowfish_cbc);
!         }
! 
!         bzero(soft_blowfish_ctx->key_sched, soft_blowfish_ctx->keysched_len);
!         free(soft_blowfish_ctx->key_sched);
!         free(session_p->decrypt.context);
          session_p->decrypt.context = NULL;
          (void) pthread_mutex_unlock(&session_p->session_mutex);
  
          return (rv);
  }
--- 460,474 ----
          }
  
  cleanup:
          (void) pthread_mutex_lock(&session_p->session_mutex);
          blowfish_ctx = (blowfish_ctx_t *)soft_blowfish_ctx->blowfish_cbc;
!         free(blowfish_ctx);
!         freezero(soft_blowfish_ctx->key_sched,
!             soft_blowfish_ctx->keysched_len);
!         freezero(session_p->decrypt.context,
!             sizeof (soft_blowfish_ctx_t));
          session_p->decrypt.context = NULL;
          (void) pthread_mutex_unlock(&session_p->session_mutex);
  
          return (rv);
  }