9642 PKCS#11 softtoken should use explicit_bzero

Reviewed by: Yuri Pankov <yuripv@yuripv.net>
Reviewed by: Andy Fiddaman <omnios@citrus-it.co.uk>
Reviewed by: Ken Mays <kmays2000@gmail.com>
Reviewed by: Toomas Soome <tsoome@me.com>
Approved by: Dan McDonald <danmcd@joyent.com>

1 files changed, 3 insertions, 3 deletions

diff --git a/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelObjectUtil.c b/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelObjectUtil.c
index a8c16f2e60..a10380d3bf 100644
--- a/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelObjectUtil.c
+++ b/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelObjectUtil.c
@@ -21,6 +21,7 @@
 /*
  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
+ * Copyright (c) 2018, Joyent, Inc.
  */
 
 #include <stdio.h>
@@ -77,8 +78,7 @@ kernel_cleanup_object(kernel_object_t *objp)
 	 */
 	if (objp->class == CKO_SECRET_KEY) {
 		if (OBJ_SEC(objp) != NULL && OBJ_SEC_VALUE(objp) != NULL) {
-			bzero(OBJ_SEC_VALUE(objp), OBJ_SEC_VALUE_LEN(objp));
-			free(OBJ_SEC_VALUE(objp));
+			freezero(OBJ_SEC_VALUE(objp), OBJ_SEC_VALUE_LEN(objp));
 			OBJ_SEC_VALUE(objp) = NULL;
 			OBJ_SEC_VALUE_LEN(objp) = 0;
 		}
@@ -206,7 +206,7 @@ kernel_merge_object(kernel_object_t *old_object, kernel_object_t *new_object)
  */
 CK_RV
 kernel_add_object(CK_ATTRIBUTE_PTR pTemplate,  CK_ULONG ulCount,
-	CK_ULONG *objecthandle_p, kernel_session_t *sp)
+    CK_ULONG *objecthandle_p, kernel_session_t *sp)
 {
 	CK_RV rv = CKR_OK;
 	kernel_object_t *new_objp = NULL;