Print this page
9642 PKCS#11 softtoken should use explicit_bzero
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Alex Wilson <alex.wilson@joyent.com>

Split Close
Expand all
Collapse all
          --- old/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSlotToken.c
          +++ new/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSlotToken.c
↓ open down ↓ 13 lines elided ↑ open up ↑
  14   14   * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15   15   * If applicable, add the following below this CDDL HEADER, with the
  16   16   * fields enclosed by brackets "[]" replaced with your own identifying
  17   17   * information: Portions Copyright [yyyy] [name of copyright owner]
  18   18   *
  19   19   * CDDL HEADER END
  20   20   */
  21   21  
  22   22  /*
  23   23   * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
       24 + * Copyright 2018, Joyent, Inc.
  24   25   */
  25   26  
  26   27  #include <strings.h>
  27   28  #include <cryptoutil.h>
  28   29  #include <security/cryptoki.h>
  29   30  #include <sys/crypto/common.h>
  30   31  #include <arcfour.h>
  31   32  #include "softGlobal.h"
  32   33  #include "softSession.h"
  33   34  #include <aes_impl.h>
↓ open down ↓ 296 lines elided ↑ open up ↑
 330  331           */
 331  332          pInfo->flags = SOFT_TOKEN_FLAGS;
 332  333          if (soft_slot.keystore_load_status == KEYSTORE_UNAVAILABLE) {
 333  334                  pInfo->flags |= CKF_WRITE_PROTECTED;
 334  335          } else {
 335  336                  if ((soft_keystore_pin_initialized(&pin_initialized,
 336  337                      &ks_cryptpin, B_FALSE) == CKR_OK) && !pin_initialized)
 337  338                          pInfo->flags |= CKF_USER_PIN_TO_BE_CHANGED;
 338  339          }
 339  340  
 340      -        if (ks_cryptpin)
 341      -                free(ks_cryptpin);
      341 +        if (ks_cryptpin != NULL) {
      342 +                size_t cplen = strlen(ks_cryptpin) + 1;
 342  343  
      344 +                freezero(ks_cryptpin, cplen);
      345 +        }
      346 +
 343  347          /* Provide information about a token in the provided buffer */
 344  348          (void) strncpy((char *)pInfo->label, SOFT_TOKEN_LABEL, 32);
 345  349          (void) strncpy((char *)pInfo->manufacturerID, SOFT_MANUFACTURER_ID, 32);
 346  350          (void) strncpy((char *)pInfo->model, TOKEN_MODEL, 16);
 347  351          (void) strncpy((char *)pInfo->serialNumber, SOFT_TOKEN_SERIAL, 16);
 348  352  
 349  353          pInfo->ulMaxSessionCount = CK_EFFECTIVELY_INFINITE;
 350  354          pInfo->ulSessionCount = soft_session_cnt;
 351  355          pInfo->ulMaxRwSessionCount = CK_EFFECTIVELY_INFINITE;
 352  356          pInfo->ulRwSessionCount = soft_session_rw_cnt;
↓ open down ↓ 186 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX