Print this page
9642 PKCS#11 softtoken should use explicit_bzero
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Alex Wilson <alex.wilson@joyent.com>
@@ -20,10 +20,11 @@
*/
/*
* Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
* Copyright 2014 Nexenta Systems, Inc. All rights reserved.
+ * Copyright (c) 2018, Joyent, Inc.
*/
#include <stdlib.h>
#include <strings.h>
#include <sys/types.h>
@@ -560,33 +561,39 @@
case CKM_SHA256_HMAC:
case CKM_SHA384_HMAC_GENERAL:
case CKM_SHA384_HMAC:
case CKM_SHA512_HMAC_GENERAL:
case CKM_SHA512_HMAC:
- if (active_op->context != NULL)
- bzero(active_op->context, sizeof (soft_hmac_ctx_t));
+ if (active_op->context != NULL) {
+ explicit_bzero(active_op->context,
+ sizeof (soft_hmac_ctx_t));
+ }
break;
case CKM_DES_MAC_GENERAL:
case CKM_DES_MAC:
if (session_p->encrypt.context != NULL) {
free(session_p->encrypt.context);
session_p->encrypt.context = NULL;
session_p->encrypt.flags = 0;
}
- if (active_op->context != NULL)
- bzero(active_op->context, sizeof (soft_des_ctx_t));
+ if (active_op->context != NULL) {
+ explicit_bzero(active_op->context,
+ sizeof (soft_des_ctx_t));
+ }
break;
case CKM_AES_CMAC_GENERAL:
case CKM_AES_CMAC:
if (session_p->encrypt.context != NULL) {
free(session_p->encrypt.context);
session_p->encrypt.context = NULL;
session_p->encrypt.flags = 0;
}
- if (active_op->context != NULL)
- bzero(active_op->context, sizeof (soft_aes_ctx_t));
+ if (active_op->context != NULL) {
+ explicit_bzero(active_op->context,
+ sizeof (soft_aes_ctx_t));
+ }
break;
}
if (active_op->context != NULL) {