Print this page
9642 PKCS#11 softtoken should use explicit_bzero
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Alex Wilson <alex.wilson@joyent.com>

@@ -19,10 +19,11 @@
  * CDDL HEADER END
  */
 /*
  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
+ * Copyright (c) 2018, Joyent, Inc.
  */
 
 #include <pthread.h>
 #include <stdlib.h>
 #include <string.h>

@@ -295,19 +296,15 @@
         }
 
 cleanup:
         (void) pthread_mutex_lock(&session_p->session_mutex);
         blowfish_ctx = (blowfish_ctx_t *)soft_blowfish_ctx->blowfish_cbc;
-        if (blowfish_ctx != NULL) {
-                bzero(blowfish_ctx->bc_keysched,
-                    blowfish_ctx->bc_keysched_len);
-                free(soft_blowfish_ctx->blowfish_cbc);
-        }
-
-        bzero(soft_blowfish_ctx->key_sched, soft_blowfish_ctx->keysched_len);
-        free(soft_blowfish_ctx->key_sched);
-        free(session_p->encrypt.context);
+        freezero(blowfish_ctx, sizeof (cbc_ctx_t));
+        freezero(soft_blowfish_ctx->key_sched,
+            soft_blowfish_ctx->keysched_len);
+        freezero(session_p->encrypt.context,
+            sizeof (soft_blowfish_ctx_t));
         session_p->encrypt.context = NULL;
         (void) pthread_mutex_unlock(&session_p->session_mutex);
 
         return (rv);
 }

@@ -463,19 +460,15 @@
         }
 
 cleanup:
         (void) pthread_mutex_lock(&session_p->session_mutex);
         blowfish_ctx = (blowfish_ctx_t *)soft_blowfish_ctx->blowfish_cbc;
-        if (blowfish_ctx != NULL) {
-                bzero(blowfish_ctx->bc_keysched,
-                    blowfish_ctx->bc_keysched_len);
-                free(soft_blowfish_ctx->blowfish_cbc);
-        }
-
-        bzero(soft_blowfish_ctx->key_sched, soft_blowfish_ctx->keysched_len);
-        free(soft_blowfish_ctx->key_sched);
-        free(session_p->decrypt.context);
+        free(blowfish_ctx);
+        freezero(soft_blowfish_ctx->key_sched,
+            soft_blowfish_ctx->keysched_len);
+        freezero(session_p->decrypt.context,
+            sizeof (soft_blowfish_ctx_t));
         session_p->decrypt.context = NULL;
         (void) pthread_mutex_unlock(&session_p->session_mutex);
 
         return (rv);
 }