Print this page
9642 PKCS#11 softtoken should use explicit_bzero
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Alex Wilson <alex.wilson@joyent.com>
@@ -19,10 +19,11 @@
* CDDL HEADER END
*/
/*
* Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, Joyent, Inc.
*/
#include <pthread.h>
#include <stdlib.h>
#include <string.h>
@@ -446,18 +447,13 @@
* operation will be terminated so we need to do some cleanup.
*/
cleanup:
(void) pthread_mutex_lock(&session_p->session_mutex);
des_ctx = (des_ctx_t *)soft_des_ctx->des_cbc;
- if (des_ctx != NULL) {
- bzero(des_ctx->dc_keysched, des_ctx->dc_keysched_len);
- free(soft_des_ctx->des_cbc);
- }
-
- bzero(soft_des_ctx->key_sched, soft_des_ctx->keysched_len);
- free(soft_des_ctx->key_sched);
- free(session_p->encrypt.context);
+ free(des_ctx);
+ freezero(soft_des_ctx->key_sched, soft_des_ctx->keysched_len);
+ freezero(session_p->encrypt.context, sizeof (soft_des_ctx_t));
session_p->encrypt.context = NULL;
(void) pthread_mutex_unlock(&session_p->session_mutex);
return (rv);
}
@@ -775,19 +771,13 @@
* operation will be terminated so we need to do some cleanup.
*/
cleanup:
(void) pthread_mutex_lock(&session_p->session_mutex);
des_ctx = (des_ctx_t *)soft_des_ctx->des_cbc;
- if (des_ctx != NULL) {
- bzero(des_ctx->dc_keysched, des_ctx->dc_keysched_len);
- free(soft_des_ctx->des_cbc);
- }
-
- bzero(soft_des_ctx->key_sched, soft_des_ctx->keysched_len);
- free(soft_des_ctx->key_sched);
- free(session_p->decrypt.context);
- session_p->decrypt.context = NULL;
+ free(des_ctx);
+ freezero(soft_des_ctx->key_sched, soft_des_ctx->keysched_len);
+ freezero(session_p->decrypt.context, sizeof (soft_des_ctx_t));
(void) pthread_mutex_unlock(&session_p->session_mutex);
return (rv);
}