Print this page
9642 PKCS#11 softtoken should use explicit_bzero
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Alex Wilson <alex.wilson@joyent.com>
@@ -19,10 +19,11 @@
* CDDL HEADER END
*/
/*
* Copyright 2008 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
+ * Copyright (c) 2018, Joyent, Inc.
*/
#include <pthread.h>
#include <stdlib.h>
#include <string.h>
@@ -295,19 +296,15 @@
}
cleanup:
(void) pthread_mutex_lock(&session_p->session_mutex);
blowfish_ctx = (blowfish_ctx_t *)soft_blowfish_ctx->blowfish_cbc;
- if (blowfish_ctx != NULL) {
- bzero(blowfish_ctx->bc_keysched,
- blowfish_ctx->bc_keysched_len);
- free(soft_blowfish_ctx->blowfish_cbc);
- }
-
- bzero(soft_blowfish_ctx->key_sched, soft_blowfish_ctx->keysched_len);
- free(soft_blowfish_ctx->key_sched);
- free(session_p->encrypt.context);
+ freezero(blowfish_ctx, sizeof (cbc_ctx_t));
+ freezero(soft_blowfish_ctx->key_sched,
+ soft_blowfish_ctx->keysched_len);
+ freezero(session_p->encrypt.context,
+ sizeof (soft_blowfish_ctx_t));
session_p->encrypt.context = NULL;
(void) pthread_mutex_unlock(&session_p->session_mutex);
return (rv);
}
@@ -463,19 +460,15 @@
}
cleanup:
(void) pthread_mutex_lock(&session_p->session_mutex);
blowfish_ctx = (blowfish_ctx_t *)soft_blowfish_ctx->blowfish_cbc;
- if (blowfish_ctx != NULL) {
- bzero(blowfish_ctx->bc_keysched,
- blowfish_ctx->bc_keysched_len);
- free(soft_blowfish_ctx->blowfish_cbc);
- }
-
- bzero(soft_blowfish_ctx->key_sched, soft_blowfish_ctx->keysched_len);
- free(soft_blowfish_ctx->key_sched);
- free(session_p->decrypt.context);
+ free(blowfish_ctx);
+ freezero(soft_blowfish_ctx->key_sched,
+ soft_blowfish_ctx->keysched_len);
+ freezero(session_p->decrypt.context,
+ sizeof (soft_blowfish_ctx_t));
session_p->decrypt.context = NULL;
(void) pthread_mutex_unlock(&session_p->session_mutex);
return (rv);
}