Print this page
9642 PKCS#11 softtoken should use explicit_bzero
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Alex Wilson <alex.wilson@joyent.com>
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSignUtil.c
+++ new/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSignUtil.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
↓ open down ↓ |
14 lines elided |
↑ open up ↑ |
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved.
23 23 * Use is subject to license terms.
24 24 * Copyright 2014 Nexenta Systems, Inc. All rights reserved.
25 + * Copyright (c) 2018, Joyent, Inc.
25 26 */
26 27
27 28 #include <stdlib.h>
28 29 #include <strings.h>
29 30 #include <sys/types.h>
30 31 #include <security/cryptoki.h>
31 32 #include "softObject.h"
32 33 #include "softOps.h"
33 34 #include "softSession.h"
34 35 #include "softMAC.h"
35 36 #include "softRSA.h"
36 37 #include "softDSA.h"
37 38 #include "softEC.h"
38 39 #include "softCrypt.h"
39 40
40 41 /*
41 42 * soft_sign_init()
42 43 *
43 44 * Arguments:
44 45 * session_p: pointer to soft_session_t struct
45 46 * pMechanism: pointer to CK_MECHANISM struct provided by application
46 47 * key_p: pointer to key soft_object_t struct
47 48 *
48 49 * Description:
49 50 * called by C_SignInit(). This function calls the corresponding
50 51 * sign init routine based on the mechanism.
51 52 *
52 53 */
53 54 CK_RV
54 55 soft_sign_init(soft_session_t *session_p, CK_MECHANISM_PTR pMechanism,
55 56 soft_object_t *key_p)
56 57 {
57 58
58 59 switch (pMechanism->mechanism) {
59 60
60 61 case CKM_SSL3_MD5_MAC:
61 62 case CKM_SSL3_SHA1_MAC:
62 63 case CKM_MD5_HMAC_GENERAL:
63 64 case CKM_MD5_HMAC:
64 65 case CKM_SHA_1_HMAC_GENERAL:
65 66 case CKM_SHA_1_HMAC:
66 67 case CKM_SHA256_HMAC_GENERAL:
67 68 case CKM_SHA256_HMAC:
68 69 case CKM_SHA384_HMAC_GENERAL:
69 70 case CKM_SHA384_HMAC:
70 71 case CKM_SHA512_HMAC_GENERAL:
71 72 case CKM_SHA512_HMAC:
72 73
73 74 return (soft_hmac_sign_verify_init_common(session_p,
74 75 pMechanism, key_p, B_TRUE));
75 76
76 77 case CKM_RSA_X_509:
77 78 case CKM_RSA_PKCS:
78 79 case CKM_MD5_RSA_PKCS:
79 80 case CKM_SHA1_RSA_PKCS:
80 81 case CKM_SHA256_RSA_PKCS:
81 82 case CKM_SHA384_RSA_PKCS:
82 83 case CKM_SHA512_RSA_PKCS:
83 84
84 85 return (soft_rsa_sign_verify_init_common(session_p, pMechanism,
85 86 key_p, B_TRUE));
86 87
87 88 case CKM_DSA:
88 89 case CKM_DSA_SHA1:
89 90
90 91 return (soft_dsa_sign_verify_init_common(session_p, pMechanism,
91 92 key_p, B_TRUE));
92 93
93 94 case CKM_ECDSA:
94 95 case CKM_ECDSA_SHA1:
95 96
96 97 return (soft_ecc_sign_verify_init_common(session_p, pMechanism,
97 98 key_p, B_TRUE));
98 99
99 100 case CKM_DES_MAC_GENERAL:
100 101 case CKM_DES_MAC:
101 102
102 103 return (soft_des_sign_verify_init_common(session_p, pMechanism,
103 104 key_p, B_TRUE));
104 105
105 106 case CKM_AES_CMAC_GENERAL:
106 107 case CKM_AES_CMAC:
107 108
108 109 return (soft_aes_sign_verify_init_common(session_p, pMechanism,
109 110 key_p, B_TRUE));
110 111
111 112 default:
112 113 return (CKR_MECHANISM_INVALID);
113 114 }
114 115
115 116 }
116 117
117 118
118 119 /*
119 120 * soft_sign()
120 121 *
121 122 * Arguments:
122 123 * session_p: pointer to soft_session_t struct
123 124 * pData: pointer to the input data to be signed
124 125 * ulDataLen: length of the input data
125 126 * pSignature: pointer to the signature after signing
126 127 * pulSignatureLen: pointer to the length of the signature
127 128 *
128 129 * Description:
129 130 * called by C_Sign(). This function calls the corresponding
130 131 * sign routine based on the mechanism.
131 132 *
132 133 */
133 134 CK_RV
134 135 soft_sign(soft_session_t *session_p, CK_BYTE_PTR pData,
135 136 CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
136 137 CK_ULONG_PTR pulSignatureLen)
137 138 {
138 139
139 140 CK_MECHANISM_TYPE mechanism = session_p->sign.mech.mechanism;
140 141 CK_RV rv = CKR_OK;
141 142
142 143 switch (mechanism) {
143 144
144 145 case CKM_SSL3_MD5_MAC:
145 146 case CKM_SSL3_SHA1_MAC:
146 147 case CKM_MD5_HMAC_GENERAL:
147 148 case CKM_MD5_HMAC:
148 149 case CKM_SHA_1_HMAC_GENERAL:
149 150 case CKM_SHA_1_HMAC:
150 151 case CKM_SHA256_HMAC_GENERAL:
151 152 case CKM_SHA256_HMAC:
152 153 case CKM_SHA384_HMAC_GENERAL:
153 154 case CKM_SHA384_HMAC:
154 155 case CKM_SHA512_HMAC_GENERAL:
155 156 case CKM_SHA512_HMAC:
156 157 {
157 158 CK_BYTE hmac[SHA512_DIGEST_LENGTH]; /* use the maximum size */
158 159
159 160 if (pSignature != NULL) {
160 161 /* Pass local buffer to avoid overflow. */
161 162 rv = soft_hmac_sign_verify_common(session_p, pData,
162 163 ulDataLen, hmac, pulSignatureLen, B_TRUE);
163 164 } else {
164 165 /* Pass original pSignature, let callee to handle it. */
165 166 rv = soft_hmac_sign_verify_common(session_p, pData,
166 167 ulDataLen, pSignature, pulSignatureLen, B_TRUE);
167 168 }
168 169
169 170 if ((rv == CKR_OK) && (pSignature != NULL))
170 171 (void) memcpy(pSignature, hmac, *pulSignatureLen);
171 172
172 173 return (rv);
173 174 }
174 175 case CKM_DES_MAC_GENERAL:
175 176 case CKM_DES_MAC:
176 177 {
177 178 CK_BYTE signature[DES_BLOCK_LEN]; /* use the maximum size */
178 179
179 180 if (pSignature != NULL) {
180 181 /* Pass local buffer to avoid overflow. */
181 182 rv = soft_des_sign_verify_common(session_p, pData,
182 183 ulDataLen, signature, pulSignatureLen, B_TRUE,
183 184 B_FALSE);
184 185 } else {
185 186 /* Pass NULL, let callee to handle it. */
186 187 rv = soft_des_sign_verify_common(session_p, pData,
187 188 ulDataLen, NULL, pulSignatureLen, B_TRUE, B_FALSE);
188 189 }
189 190
190 191 if ((rv == CKR_OK) && (pSignature != NULL))
191 192 (void) memcpy(pSignature, signature, *pulSignatureLen);
192 193
193 194 return (rv);
194 195 }
195 196 case CKM_AES_CMAC_GENERAL:
196 197 case CKM_AES_CMAC:
197 198 {
198 199 CK_BYTE signature[AES_BLOCK_LEN];
199 200
200 201 if (pSignature != NULL) {
201 202 /* Pass local buffer to avoid overflow. */
202 203 rv = soft_aes_sign_verify_common(session_p, pData,
203 204 ulDataLen, signature, pulSignatureLen, B_TRUE,
204 205 B_FALSE);
205 206 } else {
206 207 /* Pass NULL, let callee handle it. */
207 208 rv = soft_aes_sign_verify_common(session_p, pData,
208 209 ulDataLen, NULL, pulSignatureLen, B_TRUE, B_FALSE);
209 210 }
210 211
211 212 if ((rv == CKR_OK) && (pSignature != NULL))
212 213 (void) memcpy(pSignature, signature, *pulSignatureLen);
213 214
214 215 return (rv);
215 216 }
216 217 case CKM_RSA_X_509:
217 218 case CKM_RSA_PKCS:
218 219
219 220 return (soft_rsa_sign_common(session_p, pData, ulDataLen,
220 221 pSignature, pulSignatureLen, mechanism));
221 222
222 223 case CKM_MD5_RSA_PKCS:
223 224 case CKM_SHA1_RSA_PKCS:
224 225 case CKM_SHA256_RSA_PKCS:
225 226 case CKM_SHA384_RSA_PKCS:
226 227 case CKM_SHA512_RSA_PKCS:
227 228
228 229 return (soft_rsa_digest_sign_common(session_p, pData, ulDataLen,
229 230 pSignature, pulSignatureLen, mechanism, B_FALSE));
230 231
231 232 case CKM_DSA:
232 233
233 234 return (soft_dsa_sign(session_p, pData, ulDataLen,
234 235 pSignature, pulSignatureLen));
235 236
236 237 case CKM_DSA_SHA1:
237 238
238 239 return (soft_dsa_digest_sign_common(session_p, pData, ulDataLen,
239 240 pSignature, pulSignatureLen, B_FALSE));
240 241
241 242 case CKM_ECDSA:
242 243
243 244 return (soft_ecc_sign(session_p, pData, ulDataLen,
244 245 pSignature, pulSignatureLen));
245 246
246 247 case CKM_ECDSA_SHA1:
247 248
248 249 return (soft_ecc_digest_sign_common(session_p, pData, ulDataLen,
249 250 pSignature, pulSignatureLen, B_FALSE));
250 251
251 252 default:
252 253 return (CKR_MECHANISM_INVALID);
253 254 }
254 255 }
255 256
256 257
257 258 /*
258 259 * soft_sign_update()
259 260 *
260 261 * Arguments:
261 262 * session_p: pointer to soft_session_t struct
262 263 * pPart: pointer to the input data to be signed
263 264 * ulPartLen: length of the input data
264 265 *
265 266 * Description:
266 267 * called by C_SignUpdate(). This function calls the corresponding
267 268 * sign update routine based on the mechanism.
268 269 *
269 270 */
270 271 CK_RV
271 272 soft_sign_update(soft_session_t *session_p, CK_BYTE_PTR pPart,
272 273 CK_ULONG ulPartLen)
273 274 {
274 275 CK_MECHANISM_TYPE mechanism = session_p->sign.mech.mechanism;
275 276
276 277 switch (mechanism) {
277 278
278 279 case CKM_SSL3_MD5_MAC:
279 280 case CKM_SSL3_SHA1_MAC:
280 281 case CKM_MD5_HMAC_GENERAL:
281 282 case CKM_MD5_HMAC:
282 283 case CKM_SHA_1_HMAC_GENERAL:
283 284 case CKM_SHA_1_HMAC:
284 285 case CKM_SHA256_HMAC_GENERAL:
285 286 case CKM_SHA256_HMAC:
286 287 case CKM_SHA384_HMAC_GENERAL:
287 288 case CKM_SHA384_HMAC:
288 289 case CKM_SHA512_HMAC_GENERAL:
289 290 case CKM_SHA512_HMAC:
290 291
291 292 return (soft_hmac_sign_verify_update(session_p, pPart,
292 293 ulPartLen, B_TRUE));
293 294
294 295 case CKM_DES_MAC_GENERAL:
295 296 case CKM_DES_MAC:
296 297
297 298 return (soft_des_mac_sign_verify_update(session_p, pPart,
298 299 ulPartLen));
299 300
300 301 case CKM_AES_CMAC_GENERAL:
301 302 case CKM_AES_CMAC:
302 303
303 304 return (soft_aes_mac_sign_verify_update(session_p, pPart,
304 305 ulPartLen));
305 306
306 307 case CKM_MD5_RSA_PKCS:
307 308 case CKM_SHA1_RSA_PKCS:
308 309 case CKM_SHA256_RSA_PKCS:
309 310 case CKM_SHA384_RSA_PKCS:
310 311 case CKM_SHA512_RSA_PKCS:
311 312 /*
312 313 * The MD5/SHA1 digest value is accumulated in the context
313 314 * of the multiple-part digesting operation. In the final
314 315 * operation, the digest is encoded and then perform RSA
315 316 * signing.
316 317 */
317 318 case CKM_DSA_SHA1:
318 319 case CKM_ECDSA_SHA1:
319 320
320 321 return (soft_digest_update(session_p, pPart, ulPartLen));
321 322
322 323 default:
323 324 /* PKCS11: The mechanism only supports single-part operation. */
324 325 return (CKR_MECHANISM_INVALID);
325 326 }
326 327 }
327 328
328 329
329 330 /*
330 331 * soft_sign_final()
331 332 *
332 333 * Arguments:
333 334 * session_p: pointer to soft_session_t struct
334 335 * pSignature: pointer to the signature after signing
335 336 * pulSignatureLen: pointer to the length of the signature
336 337 *
337 338 * Description:
338 339 * called by C_SignFinal(). This function calls the corresponding
339 340 * sign final routine based on the mechanism.
340 341 *
341 342 */
342 343 CK_RV
343 344 soft_sign_final(soft_session_t *session_p, CK_BYTE_PTR pSignature,
344 345 CK_ULONG_PTR pulSignatureLen)
345 346 {
346 347
347 348 CK_MECHANISM_TYPE mechanism = session_p->sign.mech.mechanism;
348 349 CK_RV rv = CKR_OK;
349 350
350 351 switch (mechanism) {
351 352
352 353 case CKM_SSL3_MD5_MAC:
353 354 case CKM_SSL3_SHA1_MAC:
354 355 case CKM_MD5_HMAC_GENERAL:
355 356 case CKM_MD5_HMAC:
356 357 case CKM_SHA_1_HMAC_GENERAL:
357 358 case CKM_SHA_1_HMAC:
358 359 case CKM_SHA256_HMAC_GENERAL:
359 360 case CKM_SHA256_HMAC:
360 361 case CKM_SHA384_HMAC_GENERAL:
361 362 case CKM_SHA384_HMAC:
362 363 case CKM_SHA512_HMAC_GENERAL:
363 364 case CKM_SHA512_HMAC:
364 365 {
365 366 CK_BYTE hmac[SHA512_DIGEST_LENGTH]; /* use the maximum size */
366 367
367 368 if (pSignature != NULL) {
368 369 /* Pass local buffer to avoid overflow */
369 370 rv = soft_hmac_sign_verify_common(session_p, NULL,
370 371 0, hmac, pulSignatureLen, B_TRUE);
371 372 } else {
372 373 /* Pass original pSignature, let callee to handle it. */
373 374 rv = soft_hmac_sign_verify_common(session_p, NULL,
374 375 0, pSignature, pulSignatureLen, B_TRUE);
375 376 }
376 377
377 378 if ((rv == CKR_OK) && (pSignature != NULL))
378 379 (void) memcpy(pSignature, hmac, *pulSignatureLen);
379 380
380 381 return (rv);
381 382 }
382 383 case CKM_DES_MAC_GENERAL:
383 384 case CKM_DES_MAC:
384 385 {
385 386 CK_BYTE signature[DES_BLOCK_LEN]; /* use the maximum size */
386 387
387 388 if (pSignature != NULL) {
388 389 /* Pass local buffer to avoid overflow. */
389 390 rv = soft_des_sign_verify_common(session_p, NULL, 0,
390 391 signature, pulSignatureLen, B_TRUE, B_TRUE);
391 392 } else {
392 393 /* Pass NULL, let callee to handle it. */
393 394 rv = soft_des_sign_verify_common(session_p, NULL, 0,
394 395 NULL, pulSignatureLen, B_TRUE, B_TRUE);
395 396 }
396 397
397 398 if ((rv == CKR_OK) && (pSignature != NULL))
398 399 (void) memcpy(pSignature, signature, *pulSignatureLen);
399 400
400 401 return (rv);
401 402 }
402 403 case CKM_AES_CMAC_GENERAL:
403 404 case CKM_AES_CMAC:
404 405 {
405 406 CK_BYTE signature[AES_BLOCK_LEN]; /* use the maximum size */
406 407
407 408 if (pSignature != NULL) {
408 409 /* Pass local buffer to avoid overflow. */
409 410 rv = soft_aes_sign_verify_common(session_p, NULL, 0,
410 411 signature, pulSignatureLen, B_TRUE, B_TRUE);
411 412 } else {
412 413 /* Pass NULL, let callee handle it. */
413 414 rv = soft_aes_sign_verify_common(session_p, NULL, 0,
414 415 NULL, pulSignatureLen, B_TRUE, B_TRUE);
415 416 }
416 417
417 418 if ((rv == CKR_OK) && (pSignature != NULL))
418 419 (void) memcpy(pSignature, signature, *pulSignatureLen);
419 420
420 421 return (rv);
421 422 }
422 423 case CKM_MD5_RSA_PKCS:
423 424 case CKM_SHA1_RSA_PKCS:
424 425 case CKM_SHA256_RSA_PKCS:
425 426 case CKM_SHA384_RSA_PKCS:
426 427 case CKM_SHA512_RSA_PKCS:
427 428
428 429 return (soft_rsa_digest_sign_common(session_p, NULL, 0,
429 430 pSignature, pulSignatureLen, mechanism, B_TRUE));
430 431
431 432 case CKM_DSA_SHA1:
432 433
433 434 return (soft_dsa_digest_sign_common(session_p, NULL, 0,
434 435 pSignature, pulSignatureLen, B_TRUE));
435 436
436 437 case CKM_ECDSA_SHA1:
437 438
438 439 return (soft_ecc_digest_sign_common(session_p, NULL, 0,
439 440 pSignature, pulSignatureLen, B_TRUE));
440 441
441 442 default:
442 443 /* PKCS11: The mechanism only supports single-part operation. */
443 444 return (CKR_MECHANISM_INVALID);
444 445 }
445 446 }
446 447
447 448
448 449 CK_RV
449 450 soft_sign_recover_init(soft_session_t *session_p, CK_MECHANISM_PTR pMechanism,
450 451 soft_object_t *key_p)
451 452 {
452 453
453 454 switch (pMechanism->mechanism) {
454 455
455 456 case CKM_RSA_X_509:
456 457 case CKM_RSA_PKCS:
457 458
458 459 return (soft_rsa_sign_verify_init_common(session_p, pMechanism,
459 460 key_p, B_TRUE));
460 461
461 462 default:
462 463 return (CKR_MECHANISM_INVALID);
463 464 }
464 465 }
465 466
466 467
467 468 CK_RV
468 469 soft_sign_recover(soft_session_t *session_p, CK_BYTE_PTR pData,
469 470 CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
470 471 CK_ULONG_PTR pulSignatureLen)
471 472 {
472 473
473 474 CK_MECHANISM_TYPE mechanism = session_p->sign.mech.mechanism;
474 475
475 476 switch (mechanism) {
476 477
477 478 case CKM_RSA_X_509:
478 479 case CKM_RSA_PKCS:
479 480
480 481 return (soft_rsa_sign_common(session_p, pData, ulDataLen,
481 482 pSignature, pulSignatureLen, mechanism));
482 483
483 484 default:
484 485 return (CKR_MECHANISM_INVALID);
485 486 }
486 487 }
487 488
488 489 /*
489 490 * This function frees the allocated active crypto context.
490 491 * It is only called by the first tier of sign/verify routines
491 492 * and the caller of this function may or may not hold the session mutex.
492 493 */
493 494 void
494 495 soft_sign_verify_cleanup(soft_session_t *session_p, boolean_t sign,
495 496 boolean_t lock_held)
496 497 {
497 498
498 499 crypto_active_op_t *active_op;
499 500 boolean_t lock_true = B_TRUE;
500 501
501 502 if (!lock_held)
502 503 (void) pthread_mutex_lock(&session_p->session_mutex);
503 504
504 505 active_op = (sign) ? &(session_p->sign) : &(session_p->verify);
505 506
506 507 switch (active_op->mech.mechanism) {
507 508
508 509 case CKM_MD5_RSA_PKCS:
509 510 case CKM_SHA1_RSA_PKCS:
510 511 case CKM_SHA256_RSA_PKCS:
511 512 case CKM_SHA384_RSA_PKCS:
512 513 case CKM_SHA512_RSA_PKCS:
513 514 if (session_p->digest.context != NULL) {
514 515 free(session_p->digest.context);
515 516 session_p->digest.context = NULL;
516 517 session_p->digest.flags = 0;
517 518 }
518 519 /* FALLTHRU */
519 520
520 521 case CKM_RSA_PKCS:
521 522 case CKM_RSA_X_509:
522 523 {
523 524 soft_rsa_ctx_t *rsa_ctx =
524 525 (soft_rsa_ctx_t *)active_op->context;
525 526
526 527 if (rsa_ctx != NULL && rsa_ctx->key != NULL) {
527 528 soft_cleanup_object(rsa_ctx->key);
528 529 free(rsa_ctx->key);
529 530 }
530 531 break;
531 532
532 533 }
533 534 case CKM_DSA_SHA1:
534 535 if (session_p->digest.context != NULL) {
535 536 free(session_p->digest.context);
536 537 session_p->digest.context = NULL;
537 538 session_p->digest.flags = 0;
538 539 }
539 540
540 541 /* FALLTHRU */
541 542 case CKM_DSA:
542 543 {
543 544 soft_dsa_ctx_t *dsa_ctx =
544 545 (soft_dsa_ctx_t *)active_op->context;
545 546
546 547 if (dsa_ctx != NULL && dsa_ctx->key != NULL) {
547 548 soft_cleanup_object(dsa_ctx->key);
548 549 free(dsa_ctx->key);
549 550 }
550 551 break;
551 552
552 553 }
553 554 case CKM_SSL3_MD5_MAC:
554 555 case CKM_SSL3_SHA1_MAC:
|
↓ open down ↓ |
520 lines elided |
↑ open up ↑ |
555 556 case CKM_MD5_HMAC_GENERAL:
556 557 case CKM_MD5_HMAC:
557 558 case CKM_SHA_1_HMAC_GENERAL:
558 559 case CKM_SHA_1_HMAC:
559 560 case CKM_SHA256_HMAC_GENERAL:
560 561 case CKM_SHA256_HMAC:
561 562 case CKM_SHA384_HMAC_GENERAL:
562 563 case CKM_SHA384_HMAC:
563 564 case CKM_SHA512_HMAC_GENERAL:
564 565 case CKM_SHA512_HMAC:
565 - if (active_op->context != NULL)
566 - bzero(active_op->context, sizeof (soft_hmac_ctx_t));
566 + if (active_op->context != NULL) {
567 + explicit_bzero(active_op->context,
568 + sizeof (soft_hmac_ctx_t));
569 + }
567 570 break;
568 571 case CKM_DES_MAC_GENERAL:
569 572 case CKM_DES_MAC:
570 573 if (session_p->encrypt.context != NULL) {
571 574 free(session_p->encrypt.context);
572 575 session_p->encrypt.context = NULL;
573 576 session_p->encrypt.flags = 0;
574 577 }
575 - if (active_op->context != NULL)
576 - bzero(active_op->context, sizeof (soft_des_ctx_t));
578 + if (active_op->context != NULL) {
579 + explicit_bzero(active_op->context,
580 + sizeof (soft_des_ctx_t));
581 + }
577 582 break;
578 583
579 584 case CKM_AES_CMAC_GENERAL:
580 585 case CKM_AES_CMAC:
581 586 if (session_p->encrypt.context != NULL) {
582 587 free(session_p->encrypt.context);
583 588 session_p->encrypt.context = NULL;
584 589 session_p->encrypt.flags = 0;
585 590 }
586 - if (active_op->context != NULL)
587 - bzero(active_op->context, sizeof (soft_aes_ctx_t));
591 + if (active_op->context != NULL) {
592 + explicit_bzero(active_op->context,
593 + sizeof (soft_aes_ctx_t));
594 + }
588 595 break;
589 596
590 597 }
591 598
592 599 if (active_op->context != NULL) {
593 600 free(active_op->context);
594 601 active_op->context = NULL;
595 602 }
596 603
597 604 active_op->flags = 0;
598 605
599 606 if (!lock_held)
600 607 SES_REFRELE(session_p, lock_true);
601 608 }
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX