illumos-gate Cdiff usr/src/lib/pkcs11/pkcs11_softtoken/common/softDESCrypt.c

Print this page

9642 PKCS#11 softtoken should use explicit_bzero
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Alex Wilson <alex.wilson@joyent.com>


*** 19,28 ****
--- 19,29 ----
   * CDDL HEADER END
   */
  
  /*
   * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+  * Copyright (c) 2018, Joyent, Inc.
   */
  
  #include <pthread.h>
  #include <stdlib.h>
  #include <string.h>
*** 446,463 ****
           * operation will be terminated so we need to do some cleanup.
           */
  cleanup:
          (void) pthread_mutex_lock(&session_p->session_mutex);
          des_ctx = (des_ctx_t *)soft_des_ctx->des_cbc;
!         if (des_ctx != NULL) {
!                 bzero(des_ctx->dc_keysched, des_ctx->dc_keysched_len);
!                 free(soft_des_ctx->des_cbc);
!         }
! 
!         bzero(soft_des_ctx->key_sched, soft_des_ctx->keysched_len);
!         free(soft_des_ctx->key_sched);
!         free(session_p->encrypt.context);
          session_p->encrypt.context = NULL;
          (void) pthread_mutex_unlock(&session_p->session_mutex);
  
          return (rv);
  }
--- 447,459 ----
           * operation will be terminated so we need to do some cleanup.
           */
  cleanup:
          (void) pthread_mutex_lock(&session_p->session_mutex);
          des_ctx = (des_ctx_t *)soft_des_ctx->des_cbc;
!         free(des_ctx);
!         freezero(soft_des_ctx->key_sched, soft_des_ctx->keysched_len);
!         freezero(session_p->encrypt.context, sizeof (soft_des_ctx_t));
          session_p->encrypt.context = NULL;
          (void) pthread_mutex_unlock(&session_p->session_mutex);
  
          return (rv);
  }
*** 775,793 ****
           * operation will be terminated so we need to do some cleanup.
           */
  cleanup:
          (void) pthread_mutex_lock(&session_p->session_mutex);
          des_ctx = (des_ctx_t *)soft_des_ctx->des_cbc;
!         if (des_ctx != NULL) {
!                 bzero(des_ctx->dc_keysched, des_ctx->dc_keysched_len);
!                 free(soft_des_ctx->des_cbc);
!         }
! 
!         bzero(soft_des_ctx->key_sched, soft_des_ctx->keysched_len);
!         free(soft_des_ctx->key_sched);
!         free(session_p->decrypt.context);
!         session_p->decrypt.context = NULL;
          (void) pthread_mutex_unlock(&session_p->session_mutex);
  
          return (rv);
  }
  
--- 771,783 ----
           * operation will be terminated so we need to do some cleanup.
           */
  cleanup:
          (void) pthread_mutex_lock(&session_p->session_mutex);
          des_ctx = (des_ctx_t *)soft_des_ctx->des_cbc;
!         free(des_ctx);
!         freezero(soft_des_ctx->key_sched, soft_des_ctx->keysched_len);
!         freezero(session_p->decrypt.context, sizeof (soft_des_ctx_t));
          (void) pthread_mutex_unlock(&session_p->session_mutex);
  
          return (rv);
  }