illumos-gate Cdiff usr/src/lib/pkcs11/pkcs11_softtoken/common/softSignUtil.c

Print this page

9642 PKCS#11 softtoken should use explicit_bzero
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Alex Wilson <alex.wilson@joyent.com>


*** 20,29 ****
--- 20,30 ----
   */
  /*
   * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
   * Use is subject to license terms.
   * Copyright 2014 Nexenta Systems, Inc.  All rights reserved.
+  * Copyright (c) 2018, Joyent, Inc.
   */
  
  #include <stdlib.h>
  #include <strings.h>
  #include <sys/types.h>
*** 560,592 ****
          case CKM_SHA256_HMAC:
          case CKM_SHA384_HMAC_GENERAL:
          case CKM_SHA384_HMAC:
          case CKM_SHA512_HMAC_GENERAL:
          case CKM_SHA512_HMAC:
!                 if (active_op->context != NULL)
!                         bzero(active_op->context, sizeof (soft_hmac_ctx_t));
                  break;
          case CKM_DES_MAC_GENERAL:
          case CKM_DES_MAC:
                  if (session_p->encrypt.context != NULL) {
                          free(session_p->encrypt.context);
                          session_p->encrypt.context = NULL;
                          session_p->encrypt.flags = 0;
                  }
!                 if (active_op->context != NULL)
!                         bzero(active_op->context, sizeof (soft_des_ctx_t));
                  break;
  
          case CKM_AES_CMAC_GENERAL:
          case CKM_AES_CMAC:
                  if (session_p->encrypt.context != NULL) {
                          free(session_p->encrypt.context);
                          session_p->encrypt.context = NULL;
                          session_p->encrypt.flags = 0;
                  }
!                 if (active_op->context != NULL)
!                         bzero(active_op->context, sizeof (soft_aes_ctx_t));
                  break;
  
          }
  
          if (active_op->context != NULL) {
--- 561,599 ----
          case CKM_SHA256_HMAC:
          case CKM_SHA384_HMAC_GENERAL:
          case CKM_SHA384_HMAC:
          case CKM_SHA512_HMAC_GENERAL:
          case CKM_SHA512_HMAC:
!                 if (active_op->context != NULL) {
!                         explicit_bzero(active_op->context,
!                             sizeof (soft_hmac_ctx_t));
!                 }
                  break;
          case CKM_DES_MAC_GENERAL:
          case CKM_DES_MAC:
                  if (session_p->encrypt.context != NULL) {
                          free(session_p->encrypt.context);
                          session_p->encrypt.context = NULL;
                          session_p->encrypt.flags = 0;
                  }
!                 if (active_op->context != NULL) {
!                         explicit_bzero(active_op->context,
!                             sizeof (soft_des_ctx_t));
!                 }
                  break;
  
          case CKM_AES_CMAC_GENERAL:
          case CKM_AES_CMAC:
                  if (session_p->encrypt.context != NULL) {
                          free(session_p->encrypt.context);
                          session_p->encrypt.context = NULL;
                          session_p->encrypt.flags = 0;
                  }
!                 if (active_op->context != NULL) {
!                         explicit_bzero(active_op->context,
!                             sizeof (soft_aes_ctx_t));
!                 }
                  break;
  
          }
  
          if (active_op->context != NULL) {