Print this page
9642 PKCS#11 softtoken should use explicit_bzero
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Alex Wilson <alex.wilson@joyent.com>

@@ -20,10 +20,11 @@
  */
 /*
  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  * Copyright 2014 Nexenta Systems, Inc.  All rights reserved.
+ * Copyright (c) 2018, Joyent, Inc.
  */
 
 #include <stdlib.h>
 #include <strings.h>
 #include <sys/types.h>

@@ -560,33 +561,39 @@
         case CKM_SHA256_HMAC:
         case CKM_SHA384_HMAC_GENERAL:
         case CKM_SHA384_HMAC:
         case CKM_SHA512_HMAC_GENERAL:
         case CKM_SHA512_HMAC:
-                if (active_op->context != NULL)
-                        bzero(active_op->context, sizeof (soft_hmac_ctx_t));
+                if (active_op->context != NULL) {
+                        explicit_bzero(active_op->context,
+                            sizeof (soft_hmac_ctx_t));
+                }
                 break;
         case CKM_DES_MAC_GENERAL:
         case CKM_DES_MAC:
                 if (session_p->encrypt.context != NULL) {
                         free(session_p->encrypt.context);
                         session_p->encrypt.context = NULL;
                         session_p->encrypt.flags = 0;
                 }
-                if (active_op->context != NULL)
-                        bzero(active_op->context, sizeof (soft_des_ctx_t));
+                if (active_op->context != NULL) {
+                        explicit_bzero(active_op->context,
+                            sizeof (soft_des_ctx_t));
+                }
                 break;
 
         case CKM_AES_CMAC_GENERAL:
         case CKM_AES_CMAC:
                 if (session_p->encrypt.context != NULL) {
                         free(session_p->encrypt.context);
                         session_p->encrypt.context = NULL;
                         session_p->encrypt.flags = 0;
                 }
-                if (active_op->context != NULL)
-                        bzero(active_op->context, sizeof (soft_aes_ctx_t));
+                if (active_op->context != NULL) {
+                        explicit_bzero(active_op->context,
+                            sizeof (soft_aes_ctx_t));
+                }
                 break;
 
         }
 
         if (active_op->context != NULL) {