9642 PKCS#11 softtoken should use explicit_bzero
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Alex Wilson <alex.wilson@joyent.com>

*** 19,28 ****
--- 19,29 ----
   * CDDL HEADER END
   */
  
  /*
   * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+  * Copyright 2018, Joyent, Inc.
   */
  
  #include <strings.h>
  #include <cryptoutil.h>
  #include <security/cryptoki.h>
*** 335,347 ****
                  if ((soft_keystore_pin_initialized(&pin_initialized,
                      &ks_cryptpin, B_FALSE) == CKR_OK) && !pin_initialized)
                          pInfo->flags |= CKF_USER_PIN_TO_BE_CHANGED;
          }
  
!         if (ks_cryptpin)
!                 free(ks_cryptpin);
  
          /* Provide information about a token in the provided buffer */
          (void) strncpy((char *)pInfo->label, SOFT_TOKEN_LABEL, 32);
          (void) strncpy((char *)pInfo->manufacturerID, SOFT_MANUFACTURER_ID, 32);
          (void) strncpy((char *)pInfo->model, TOKEN_MODEL, 16);
          (void) strncpy((char *)pInfo->serialNumber, SOFT_TOKEN_SERIAL, 16);
--- 336,351 ----
                  if ((soft_keystore_pin_initialized(&pin_initialized,
                      &ks_cryptpin, B_FALSE) == CKR_OK) && !pin_initialized)
                          pInfo->flags |= CKF_USER_PIN_TO_BE_CHANGED;
          }
  
!         if (ks_cryptpin != NULL) {
!                 size_t cplen = strlen(ks_cryptpin) + 1;
  
+                 freezero(ks_cryptpin, cplen);
+         }
+ 
          /* Provide information about a token in the provided buffer */
          (void) strncpy((char *)pInfo->label, SOFT_TOKEN_LABEL, 32);
          (void) strncpy((char *)pInfo->manufacturerID, SOFT_MANUFACTURER_ID, 32);
          (void) strncpy((char *)pInfo->model, TOKEN_MODEL, 16);
          (void) strncpy((char *)pInfo->serialNumber, SOFT_TOKEN_SERIAL, 16);