diff options
| author | Jason King <jason.king@joyent.com> | 2018-01-22 19:28:10 +0000 |
|---|---|---|
| committer | Dan McDonald <danmcd@joyent.com> | 2018-08-01 14:38:43 -0400 |
| commit | a8793c7605e0b82f2725537adafca6127cdbd6ce (patch) | |
| tree | 0e8674e5b18f09d0ff1f3345fc745861badb83af /usr/src/lib/pkcs11 | |
| parent | e5c421abb8bd517cb6964747b9ce23066e1a1cef (diff) | |
| download | illumos-joyent-a8793c7605e0b82f2725537adafca6127cdbd6ce.tar.gz | |
9642 PKCS#11 softtoken should use explicit_bzero
Reviewed by: Yuri Pankov <yuripv@yuripv.net>
Reviewed by: Andy Fiddaman <omnios@citrus-it.co.uk>
Reviewed by: Ken Mays <kmays2000@gmail.com>
Reviewed by: Toomas Soome <tsoome@me.com>
Approved by: Dan McDonald <danmcd@joyent.com>
Diffstat (limited to 'usr/src/lib/pkcs11')
21 files changed, 429 insertions, 497 deletions
diff --git a/usr/src/lib/pkcs11/libpkcs11/common/metaAttrManager.c b/usr/src/lib/pkcs11/libpkcs11/common/metaAttrManager.c index d404b567c3..94d9733f9f 100644 --- a/usr/src/lib/pkcs11/libpkcs11/common/metaAttrManager.c +++ b/usr/src/lib/pkcs11/libpkcs11/common/metaAttrManager.c @@ -22,6 +22,7 @@ * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. * Copyright 2012 Milan Jurik. All rights reserved. + * Copyright (c) 2018, Joyent, Inc. */ #include <string.h> @@ -32,7 +33,7 @@ static void find_attribute(CK_ATTRIBUTE_TYPE attrtype, generic_attr_t *attributes, - size_t num_attributes, generic_attr_t **found_attribute); + size_t num_attributes, generic_attr_t **found_attribute); /* * get_master_attributes_by_object @@ -380,7 +381,7 @@ get_master_template_by_type(CK_OBJECT_CLASS class, CK_ULONG subtype, */ CK_RV get_master_attributes_by_type(CK_OBJECT_CLASS class, CK_ULONG subtype, - generic_attr_t **attributes, size_t *num_attributes) + generic_attr_t **attributes, size_t *num_attributes) { CK_RV rv; generic_attr_t *master_template = NULL; @@ -526,7 +527,8 @@ dealloc_attributes(generic_attr_t *attributes, size_t num_attributes) * extra work to just do them all. [Most attributes are just * 1 or 4 bytes] */ - bzero(attr->attribute.pValue, attr->attribute.ulValueLen); + explicit_bzero(attr->attribute.pValue, + attr->attribute.ulValueLen); if (attr->isMalloced) free(attr->attribute.pValue); @@ -544,7 +546,7 @@ dealloc_attributes(generic_attr_t *attributes, size_t num_attributes) */ CK_RV attribute_set_value(CK_ATTRIBUTE *new_attr, - generic_attr_t *attributes, size_t num_attributes) + generic_attr_t *attributes, size_t num_attributes) { generic_attr_t *attr = NULL; @@ -564,13 +566,15 @@ attribute_set_value(CK_ATTRIBUTE *new_attr, /* Existing storage is sufficient to store new value. */ /* bzero() out any data that won't be overwritten. */ - bzero((char *)attr->attribute.pValue + new_attr->ulValueLen, + explicit_bzero((char *)attr->attribute.pValue + + new_attr->ulValueLen, attr->attribute.ulValueLen - new_attr->ulValueLen); } else if (new_attr->ulValueLen <= sizeof (attr->generic_data)) { /* Use generic storage to avoid a malloc. */ - bzero(attr->attribute.pValue, attr->attribute.ulValueLen); + explicit_bzero(attr->attribute.pValue, + attr->attribute.ulValueLen); if (attr->isMalloced) { /* * If app sets a large value (triggering a malloc), @@ -616,7 +620,7 @@ attribute_set_value(CK_ATTRIBUTE *new_attr, */ static void find_attribute(CK_ATTRIBUTE_TYPE attrtype, generic_attr_t *attributes, - size_t num_attributes, generic_attr_t **found_attribute) + size_t num_attributes, generic_attr_t **found_attribute) { generic_attr_t *attr; boolean_t found = B_FALSE; @@ -642,7 +646,7 @@ find_attribute(CK_ATTRIBUTE_TYPE attrtype, generic_attr_t *attributes, */ boolean_t get_template_ulong(CK_ATTRIBUTE_TYPE type, CK_ATTRIBUTE *attributes, - CK_ULONG num_attributes, CK_ULONG *result) + CK_ULONG num_attributes, CK_ULONG *result) { boolean_t found = B_FALSE; CK_ULONG i; @@ -669,7 +673,7 @@ get_template_ulong(CK_ATTRIBUTE_TYPE type, CK_ATTRIBUTE *attributes, */ boolean_t get_template_boolean(CK_ATTRIBUTE_TYPE type, CK_ATTRIBUTE *attributes, - CK_ULONG num_attributes, boolean_t *result) + CK_ULONG num_attributes, boolean_t *result) { boolean_t found = B_FALSE; CK_ULONG i; @@ -706,7 +710,7 @@ get_template_boolean(CK_ATTRIBUTE_TYPE type, CK_ATTRIBUTE *attributes, */ int set_template_boolean(CK_ATTRIBUTE_TYPE type, CK_ATTRIBUTE *attributes, - CK_ULONG num_attributes, boolean_t local, CK_BBOOL *value) + CK_ULONG num_attributes, boolean_t local, CK_BBOOL *value) { int i; diff --git a/usr/src/lib/pkcs11/libpkcs11/common/metaObjectManager.c b/usr/src/lib/pkcs11/libpkcs11/common/metaObjectManager.c index b50b912056..45dfb8c45f 100644 --- a/usr/src/lib/pkcs11/libpkcs11/common/metaObjectManager.c +++ b/usr/src/lib/pkcs11/libpkcs11/common/metaObjectManager.c @@ -20,6 +20,7 @@ */ /* * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2018, Joyent, Inc. */ @@ -596,7 +597,8 @@ meta_object_dealloc(meta_session_t *session, meta_object_t *object, if (object->clone_template) { for (i = 0; i < object->clone_template_size; i++) { - free(((object->clone_template)[i]).pValue); + freezero((object->clone_template)[i].pValue, + (object->clone_template)[i].ulValueLen); } free(object->clone_template); } @@ -617,7 +619,8 @@ meta_object_dealloc(meta_session_t *session, meta_object_t *object, * meta_slot_object_alloc */ CK_RV -meta_slot_object_alloc(slot_object_t **object) { +meta_slot_object_alloc(slot_object_t **object) +{ slot_object_t *new_object; new_object = calloc(1, sizeof (slot_object_t)); @@ -634,7 +637,7 @@ meta_slot_object_alloc(slot_object_t **object) { */ void meta_slot_object_activate(slot_object_t *object, - slot_session_t *creator_session, boolean_t isToken) + slot_session_t *creator_session, boolean_t isToken) { object->creator_session = creator_session; @@ -859,7 +862,8 @@ finish: if (attrs_with_val) { for (i = 0; i < num_attrs; i++) { if (attrs_with_val[i].pValue != NULL) { - free(attrs_with_val[i].pValue); + freezero(attrs_with_val[i].pValue, + attrs_with_val[i].ulValueLen); } } free(attrs_with_val); @@ -1020,8 +1024,8 @@ clone_by_create(meta_object_t *object, slot_object_t *new_clone, */ static CK_RV find_best_match_wrap_mech(wrap_info_t *wrap_info, int num_info, - CK_ULONG src_slotnum, CK_ULONG dst_slotnum, int *first_both_mech, - int *first_src_mech) + CK_ULONG src_slotnum, CK_ULONG dst_slotnum, int *first_both_mech, + int *first_src_mech) { int i; @@ -1491,7 +1495,7 @@ finish: } if (wrappedKey) { - free(wrappedKey); + freezero(wrappedKey, wrappedKeyLen); } if (src_slot_session) { @@ -1513,8 +1517,7 @@ finish: */ CK_RV meta_object_get_clone(meta_object_t *object, - CK_ULONG slot_num, slot_session_t *slot_session, - slot_object_t **clone) + CK_ULONG slot_num, slot_session_t *slot_session, slot_object_t **clone) { CK_RV rv = CKR_OK; slot_object_t *newclone = NULL; diff --git a/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelKeys.c b/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelKeys.c index 530b3fd8a4..1e35f0f5b4 100644 --- a/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelKeys.c +++ b/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelKeys.c @@ -21,6 +21,7 @@ /* * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. + * Copyright 2018, Joyent, Inc. */ #include <strings.h> @@ -343,21 +344,15 @@ key_gen_by_value(CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pTemplate, } new_objp->is_lib_obj = B_TRUE; new_objp->session_handle = (CK_SESSION_HANDLE)session_p; - (void) free(newTemplate); - bzero(key_buf, key_len); - (void) free(key_buf); + free(newTemplate); + freezero(key_buf, key_len); return (CKR_OK); failed_exit: free_attributes(obj_ngk.ngk_in_attributes, &obj_ngk.ngk_in_count); free_attributes(obj_ngk.ngk_out_attributes, &obj_ngk.ngk_out_count); - if (key_buf != NULL) { - bzero(key_buf, key_len); - (void) free(key_buf); - } - if (newTemplate != NULL) { - (void) free(newTemplate); - } + freezero(key_buf, key_len); + free(newTemplate); return (rv); } @@ -1757,7 +1752,7 @@ C_UnwrapKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_MECHANISM_INFO info; uint32_t k_mi_flags; CK_BYTE *clear_key_val = NULL; - CK_ULONG ulDataLen; + CK_ULONG ulDataLen; CK_ATTRIBUTE_PTR newTemplate = NULL; crypto_mech_type_t k_mech_type; crypto_object_unwrap_key_t obj_unwrapkey; diff --git a/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelObjectUtil.c b/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelObjectUtil.c index a8c16f2e60..a10380d3bf 100644 --- a/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelObjectUtil.c +++ b/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelObjectUtil.c @@ -21,6 +21,7 @@ /* * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. + * Copyright (c) 2018, Joyent, Inc. */ #include <stdio.h> @@ -77,8 +78,7 @@ kernel_cleanup_object(kernel_object_t *objp) */ if (objp->class == CKO_SECRET_KEY) { if (OBJ_SEC(objp) != NULL && OBJ_SEC_VALUE(objp) != NULL) { - bzero(OBJ_SEC_VALUE(objp), OBJ_SEC_VALUE_LEN(objp)); - free(OBJ_SEC_VALUE(objp)); + freezero(OBJ_SEC_VALUE(objp), OBJ_SEC_VALUE_LEN(objp)); OBJ_SEC_VALUE(objp) = NULL; OBJ_SEC_VALUE_LEN(objp) = 0; } @@ -206,7 +206,7 @@ kernel_merge_object(kernel_object_t *old_object, kernel_object_t *new_object) */ CK_RV kernel_add_object(CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, - CK_ULONG *objecthandle_p, kernel_session_t *sp) + CK_ULONG *objecthandle_p, kernel_session_t *sp) { CK_RV rv = CKR_OK; kernel_object_t *new_objp = NULL; diff --git a/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelSoftCommon.c b/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelSoftCommon.c index 84af97182a..ba3b7499c2 100644 --- a/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelSoftCommon.c +++ b/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelSoftCommon.c @@ -22,10 +22,9 @@ /* * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. + * Copyright (c) 2018, Joyent, Inc. */ -#pragma ident "%Z%%M% %I% %E% SMI" - #include <pthread.h> #include <errno.h> #include <stdio.h> @@ -234,22 +233,16 @@ free_soft_ctx(void *s, int opflag) return; if (opflag & OP_SIGN) { - if (session_p->sign.context == NULL) - return; - bzero(session_p->sign.context, sizeof (soft_hmac_ctx_t)); - free(session_p->sign.context); + freezero(session_p->sign.context, + sizeof (soft_hmac_ctx_t)); session_p->sign.context = NULL; session_p->sign.flags = 0; } else if (opflag & OP_VERIFY) { - if (session_p->verify.context == NULL) - return; - bzero(session_p->verify.context, sizeof (soft_hmac_ctx_t)); - free(session_p->verify.context); + freezero(session_p->verify.context, + sizeof (soft_hmac_ctx_t)); session_p->verify.context = NULL; session_p->verify.flags = 0; } else { - if (session_p->digest.context == NULL) - return; free(session_p->digest.context); session_p->digest.context = NULL; session_p->digest.flags = 0; diff --git a/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelUtil.c b/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelUtil.c index e6f914e070..b9921e6d18 100644 --- a/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelUtil.c +++ b/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelUtil.c @@ -20,6 +20,7 @@ */ /* * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright 2018, Joyent, Inc. */ #include <stdlib.h> @@ -480,11 +481,8 @@ free_key_attributes(crypto_key_t *key) if (key->ck_format == CRYPTO_KEY_ATTR_LIST && (key->ck_count > 0) && key->ck_attrs != NULL) { for (i = 0; i < key->ck_count; i++) { - if (key->ck_attrs[i].oa_value != NULL) { - bzero(key->ck_attrs[i].oa_value, - key->ck_attrs[i].oa_value_len); - free(key->ck_attrs[i].oa_value); - } + freezero(key->ck_attrs[i].oa_value, + key->ck_attrs[i].oa_value_len); } free(key->ck_attrs); } diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softAESCrypt.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softAESCrypt.c index bc8edcdc4c..fd27206e75 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softAESCrypt.c +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softAESCrypt.c @@ -22,6 +22,7 @@ /* * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. * Copyright 2014 Nexenta Systems, Inc. All rights reserved. + * Copyright (c) 2018, Joyent, Inc. */ #include <pthread.h> @@ -488,14 +489,21 @@ encrypt_failed: cleanup: (void) pthread_mutex_lock(&session_p->session_mutex); aes_ctx = (aes_ctx_t *)soft_aes_ctx->aes_cbc; - if (aes_ctx != NULL) { - bzero(aes_ctx->ac_keysched, aes_ctx->ac_keysched_len); - free(soft_aes_ctx->aes_cbc); + switch (mechanism) { + case CKM_AES_ECB: + freezero(aes_ctx, sizeof (ecb_ctx_t)); + break; + case CKM_AES_CMAC: + case CKM_AES_CBC: + case CKM_AES_CBC_PAD: + freezero(aes_ctx, sizeof (cbc_ctx_t)); + break; + case CKM_AES_CTR: + freezero(aes_ctx, sizeof (ctr_ctx_t)); + break; } - - bzero(soft_aes_ctx->key_sched, soft_aes_ctx->keysched_len); - free(soft_aes_ctx->key_sched); - free(session_p->encrypt.context); + freezero(soft_aes_ctx->key_sched, soft_aes_ctx->keysched_len); + freezero(session_p->encrypt.context, sizeof (soft_aes_ctx_t)); session_p->encrypt.context = NULL; (void) pthread_mutex_unlock(&session_p->session_mutex); @@ -851,14 +859,9 @@ decrypt_failed: cleanup: (void) pthread_mutex_lock(&session_p->session_mutex); aes_ctx = (aes_ctx_t *)soft_aes_ctx->aes_cbc; - if (aes_ctx != NULL) { - bzero(aes_ctx->ac_keysched, aes_ctx->ac_keysched_len); - free(soft_aes_ctx->aes_cbc); - } - - bzero(soft_aes_ctx->key_sched, soft_aes_ctx->keysched_len); - free(soft_aes_ctx->key_sched); - free(session_p->decrypt.context); + free(aes_ctx); + freezero(soft_aes_ctx->key_sched, soft_aes_ctx->keysched_len); + freezero(session_p->decrypt.context, sizeof (soft_aes_ctx_t)); session_p->decrypt.context = NULL; (void) pthread_mutex_unlock(&session_p->session_mutex); diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softASN1.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softASN1.c index 4e5f5ddca4..7fb3c7a6a4 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softASN1.c +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softASN1.c @@ -22,6 +22,7 @@ /* * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved. * Copyright 2012 Milan Jurik. All rights reserved. + * Copyright (c) 2018, Joyent. Inc. */ #include <stdlib.h> @@ -49,7 +50,7 @@ static uchar_t DH942_OID[] = { 0x2A, 0x86, 0x48, 0xCE, 0x3E, 0x01 }; -#define MAX_DSA_KEY MAX_DSA_KEY_LEN /* bytes in DSA key */ +#define MAX_DSA_KEY MAX_DSA_KEY_LEN /* bytes in DSA key */ static uchar_t DSA_OID[] = { /* DSA algorithm OID: 1 . 2 . 840 . 10040 . 4 . 1 */ 0x2A, 0x86, 0x48, 0xCE, 0x38, 0x04, 0x01 @@ -87,7 +88,7 @@ pad_bigint_attr(biginteger_t *src, biginteger_t *dst) * clear out potentially sensitive data before that happens. */ if (dst->big_value != NULL) - (void) memset(dst->big_value, 0x0, dst->big_value_len); + explicit_bzero(dst->big_value, dst->big_value_len); padding = (src->big_value[0] < 0x80) ? 0 : 1; dst->big_value_len = src->big_value_len + padding; @@ -338,10 +339,7 @@ rsa_pri_to_asn1(soft_object_t *objp, uchar_t *buf, ulong_t *buf_len) cleanup_rsapri2asn: - if (tmp_pad.big_value != NULL) { - (void) memset(tmp_pad.big_value, 0x0, tmp_pad.big_value_len); - free(tmp_pad.big_value); - } + freezero(tmp_pad.big_value, tmp_pad.big_value_len); if (key_asn != NULLBER) ber_free(key_asn, 1); @@ -527,10 +525,7 @@ dsa_pri_to_asn1(soft_object_t *objp, uchar_t *buf, ulong_t *buf_len) cleanup_dsapri2asn: - if (tmp_pad.big_value != NULL) { - (void) memset(tmp_pad.big_value, 0x0, tmp_pad.big_value_len); - free(tmp_pad.big_value); - } + freezero(tmp_pad.big_value, tmp_pad.big_value_len); if (key_asn != NULLBER) ber_free(key_asn, 1); @@ -701,10 +696,7 @@ dh_pri_to_asn1(soft_object_t *objp, uchar_t *buf, ulong_t *buf_len) cleanup_dhpri2asn: - if (tmp_pad.big_value != NULL) { - (void) memset(tmp_pad.big_value, 0x0, tmp_pad.big_value_len); - free(tmp_pad.big_value); - } + freezero(tmp_pad.big_value, tmp_pad.big_value_len); if (key_asn != NULLBER) ber_free(key_asn, 1); @@ -893,10 +885,7 @@ x942_dh_pri_to_asn1(soft_object_t *objp, uchar_t *buf, ulong_t *buf_len) cleanup_x942dhpri2asn: - if (tmp_pad.big_value != NULL) { - (void) memset(tmp_pad.big_value, 0x0, tmp_pad.big_value_len); - free(tmp_pad.big_value); - } + freezero(tmp_pad.big_value, tmp_pad.big_value_len); if (key_asn != NULLBER) ber_free(key_asn, 1); @@ -1240,11 +1229,7 @@ error_asn2rsapri: cleanup_asn2rsapri: - if (tmp_nopad.big_value != NULL) { - (void) memset(tmp_nopad.big_value, 0x0, - tmp_nopad.big_value_len); - free(tmp_nopad.big_value); - } + freezero(tmp_nopad.big_value, tmp_nopad.big_value_len); if (p8obj_asn != NULLBER) ber_free(p8obj_asn, 1); @@ -1448,11 +1433,7 @@ error_asn2dsapri: cleanup_asn2dsapri: - if (tmp_nopad.big_value != NULL) { - (void) memset(tmp_nopad.big_value, 0x0, - tmp_nopad.big_value_len); - free(tmp_nopad.big_value); - } + freezero(tmp_nopad.big_value, tmp_nopad.big_value_len); if (p8obj_asn != NULLBER) ber_free(p8obj_asn, 1); @@ -1632,11 +1613,7 @@ error_asn2dhpri: cleanup_asn2dhpri: - if (tmp_nopad.big_value != NULL) { - (void) memset(tmp_nopad.big_value, 0x0, - tmp_nopad.big_value_len); - free(tmp_nopad.big_value); - } + freezero(tmp_nopad.big_value, tmp_nopad.big_value_len); if (p8obj_asn != NULLBER) ber_free(p8obj_asn, 1); @@ -1840,11 +1817,7 @@ error_asn2x942dhpri: cleanup_asn2x942dhpri: - if (tmp_nopad.big_value != NULL) { - (void) memset(tmp_nopad.big_value, 0x0, - tmp_nopad.big_value_len); - free(tmp_nopad.big_value); - } + freezero(tmp_nopad.big_value, tmp_nopad.big_value_len); if (p8obj_asn != NULLBER) ber_free(p8obj_asn, 1); @@ -1864,7 +1837,7 @@ cleanup_asn2x942dhpri: CK_RV soft_asn1_to_object(soft_object_t *objp, uchar_t *buf, ulong_t buf_len) { - CK_RV rv = CKR_OK; + CK_RV rv = CKR_OK; CK_OBJECT_CLASS class = objp->class; CK_KEY_TYPE keytype = objp->key_type; private_key_obj_t *pvk; diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softAttributeUtil.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softAttributeUtil.c index d6e77c8016..7c81043e43 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softAttributeUtil.c +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softAttributeUtil.c @@ -22,6 +22,7 @@ * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. * Copyright 2012 Milan Jurik. All rights reserved. + * Copyright (c) 2018, Joyent, Inc. */ #include <stdlib.h> @@ -263,7 +264,7 @@ soft_lookup_attr(CK_ATTRIBUTE_TYPE type) */ CK_RV soft_validate_attr(CK_ATTRIBUTE_PTR template, CK_ULONG ulAttrNum, - CK_OBJECT_CLASS *class) + CK_OBJECT_CLASS *class) { CK_ULONG i; @@ -322,11 +323,8 @@ soft_validate_attr(CK_ATTRIBUTE_PTR template, CK_ULONG ulAttrNum, static void cleanup_cert_attr(cert_attr_t *attr) { - if (attr) { - if (attr->value) { - (void) memset(attr->value, 0, attr->length); - free(attr->value); - } + if (attr != NULL) { + freezero(attr->value, attr->length); attr->value = NULL; attr->length = 0; } @@ -345,8 +343,7 @@ copy_cert_attr(cert_attr_t *src_attr, cert_attr_t **dest_attr) /* free memory if its already allocated */ if (*dest_attr != NULL) { - if ((*dest_attr)->value != (CK_BYTE *)NULL) - free((*dest_attr)->value); + cleanup_cert_attr(*dest_attr); } else { *dest_attr = malloc(sizeof (cert_attr_t)); if (*dest_attr == NULL) @@ -421,14 +418,16 @@ soft_cleanup_extra_attr(soft_object_t *object_p) extra_attr = object_p->extra_attrlistp; while (extra_attr) { tmp = extra_attr->next; - if (extra_attr->attr.pValue) + if (extra_attr->attr.pValue != NULL) { /* * All extra attributes in the extra attribute * list have pValue points to the value of the * attribute (with simple byte array type). * Free the storage for the value of the attribute. */ - free(extra_attr->attr.pValue); + freezero(extra_attr->attr.pValue, + extra_attr->attr.ulValueLen); + } /* Free the storage for the attribute_info struct. */ free(extra_attr); @@ -488,7 +487,7 @@ soft_add_extra_attr(CK_ATTRIBUTE_PTR template, soft_object_t *object_p) CK_RV soft_copy_certificate(certificate_obj_t *oldcert, certificate_obj_t **newcert, - CK_CERTIFICATE_TYPE type) + CK_CERTIFICATE_TYPE type) { CK_RV rv = CKR_OK; certificate_obj_t *cert; @@ -642,7 +641,7 @@ get_extra_attr_from_object(soft_object_t *object_p, CK_ATTRIBUTE_PTR template) */ CK_RV set_extra_attr_to_object(soft_object_t *object_p, CK_ATTRIBUTE_TYPE type, - CK_ATTRIBUTE_PTR template) + CK_ATTRIBUTE_PTR template) { CK_ATTRIBUTE_INFO_PTR extra_attr; @@ -672,9 +671,11 @@ set_extra_attr_to_object(soft_object_t *object_p, CK_ATTRIBUTE_TYPE type, (template->ulValueLen > 0)) { if (template->ulValueLen > extra_attr->attr.ulValueLen) { /* The old buffer is too small to hold the new value. */ - if (extra_attr->attr.pValue != NULL) + if (extra_attr->attr.pValue != NULL) { /* Free storage for the old attribute value. */ - free(extra_attr->attr.pValue); + freezero(extra_attr->attr.pValue, + extra_attr->attr.ulValueLen); + } /* Allocate storage for the new attribute value. */ extra_attr->attr.pValue = malloc(template->ulValueLen); @@ -766,7 +767,7 @@ get_bigint_attr_from_object(biginteger_t *big, CK_ATTRIBUTE_PTR template) */ CK_RV get_bool_attr_from_object(soft_object_t *object_p, CK_ULONG bool_flag, - CK_ATTRIBUTE_PTR template) + CK_ATTRIBUTE_PTR template) { if (template->pValue == NULL) { @@ -802,7 +803,7 @@ get_bool_attr_from_object(soft_object_t *object_p, CK_ULONG bool_flag, */ CK_RV set_bool_attr_to_object(soft_object_t *object_p, CK_ULONG bool_flag, - CK_ATTRIBUTE_PTR template) + CK_ATTRIBUTE_PTR template) { if (*(CK_BBOOL *)template->pValue) @@ -930,11 +931,7 @@ get_cert_attr_from_template(cert_attr_t **dest, CK_ATTRIBUTE_PTR src) * existing value and release the memory. */ if (*dest != NULL) { - if ((*dest)->value != NULL) { - (void) memset((*dest)->value, 0, - (*dest)->length); - free((*dest)->value); - } + cleanup_cert_attr(*dest); } else { *dest = malloc(sizeof (cert_attr_t)); if (*dest == NULL) { @@ -987,12 +984,9 @@ get_cert_attr_from_object(cert_attr_t *src, CK_ATTRIBUTE_PTR template) void string_attr_cleanup(CK_ATTRIBUTE_PTR template) { - - if (template->pValue) { - free(template->pValue); - template->pValue = NULL; - template->ulValueLen = 0; - } + freezero(template->pValue, template->ulValueLen); + template->pValue = NULL; + template->ulValueLen = 0; } /* @@ -1006,12 +1000,9 @@ bigint_attr_cleanup(biginteger_t *big) if (big == NULL) return; - if (big->big_value) { - (void) memset(big->big_value, 0, big->big_value_len); - free(big->big_value); - big->big_value = NULL; - big->big_value_len = 0; - } + freezero(big->big_value, big->big_value_len); + big->big_value = NULL; + big->big_value_len = 0; } @@ -1151,16 +1142,14 @@ soft_cleanup_object_bigint_attrs(soft_object_t *object_p) /* cleanup key data area */ if (OBJ_SEC_VALUE(object_p) != NULL && OBJ_SEC_VALUE_LEN(object_p) > 0) { - (void) memset(OBJ_SEC_VALUE(object_p), 0, + freezero(OBJ_SEC_VALUE(object_p), OBJ_SEC_VALUE_LEN(object_p)); - free(OBJ_SEC_VALUE(object_p)); } /* cleanup key schedule data area */ if (OBJ_KEY_SCHED(object_p) != NULL && OBJ_KEY_SCHED_LEN(object_p) > 0) { - (void) memset(OBJ_KEY_SCHED(object_p), 0, + freezero(OBJ_KEY_SCHED(object_p), OBJ_KEY_SCHED_LEN(object_p)); - free(OBJ_KEY_SCHED(object_p)); } /* Release Secret Key Object struct. */ @@ -1282,13 +1271,13 @@ soft_parse_common_attrs(CK_ATTRIBUTE_PTR template, uchar_t *object_type) */ CK_RV soft_build_public_key_object(CK_ATTRIBUTE_PTR template, CK_ULONG ulAttrNum, - soft_object_t *new_object, CK_ULONG mode, CK_KEY_TYPE key_type) + soft_object_t *new_object, CK_ULONG mode, CK_KEY_TYPE key_type) { ulong_t i; CK_KEY_TYPE keytype = (CK_KEY_TYPE)~0UL; uint64_t attr_mask = PUBLIC_KEY_DEFAULT; - CK_RV rv = CKR_OK; + CK_RV rv = CKR_OK; int isLabel = 0; /* Must set flags */ int isModulus = 0; @@ -1848,12 +1837,12 @@ fail_cleanup: */ CK_RV soft_build_private_key_object(CK_ATTRIBUTE_PTR template, CK_ULONG ulAttrNum, - soft_object_t *new_object, CK_ULONG mode, CK_KEY_TYPE key_type) + soft_object_t *new_object, CK_ULONG mode, CK_KEY_TYPE key_type) { ulong_t i; CK_KEY_TYPE keytype = (CK_KEY_TYPE)~0UL; uint64_t attr_mask = PRIVATE_KEY_DEFAULT; - CK_RV rv = CKR_OK; + CK_RV rv = CKR_OK; int isLabel = 0; int isECParam = 0; /* Must set flags unless mode == SOFT_UNWRAP_KEY */ @@ -2516,14 +2505,14 @@ fail_cleanup: */ CK_RV soft_build_secret_key_object(CK_ATTRIBUTE_PTR template, CK_ULONG ulAttrNum, - soft_object_t *new_object, CK_ULONG mode, CK_ULONG key_len, - CK_KEY_TYPE key_type) + soft_object_t *new_object, CK_ULONG mode, CK_ULONG key_len, + CK_KEY_TYPE key_type) { ulong_t i; CK_KEY_TYPE keytype = (CK_KEY_TYPE)~0UL; uint64_t attr_mask = SECRET_KEY_DEFAULT; - CK_RV rv = CKR_OK; + CK_RV rv = CKR_OK; int isLabel = 0; /* Must set flags if mode != SOFT_UNWRAP_KEY, else must not set */ int isValue = 0; @@ -3171,12 +3160,12 @@ fail_cleanup: */ CK_RV soft_build_domain_parameters_object(CK_ATTRIBUTE_PTR template, - CK_ULONG ulAttrNum, soft_object_t *new_object) + CK_ULONG ulAttrNum, soft_object_t *new_object) { ulong_t i; CK_KEY_TYPE keytype = (CK_KEY_TYPE)~0UL; - CK_RV rv = CKR_OK; + CK_RV rv = CKR_OK; int isLabel = 0; /* Must set flags */ int isPrime = 0; @@ -3397,11 +3386,11 @@ fail_cleanup: */ static CK_RV soft_build_certificate_object(CK_ATTRIBUTE_PTR template, - CK_ULONG ulAttrNum, soft_object_t *new_object, - CK_CERTIFICATE_TYPE cert_type) + CK_ULONG ulAttrNum, soft_object_t *new_object, + CK_CERTIFICATE_TYPE cert_type) { uint64_t attr_mask = 0; - CK_RV rv = CKR_OK; + CK_RV rv = CKR_OK; CK_ULONG i; int owner_set = 0; int value_set = 0; @@ -3592,11 +3581,11 @@ fail_cleanup: */ CK_RV soft_build_object(CK_ATTRIBUTE_PTR template, CK_ULONG ulAttrNum, - soft_object_t *new_object) + soft_object_t *new_object) { CK_OBJECT_CLASS class = (CK_OBJECT_CLASS)~0UL; - CK_RV rv = CKR_OK; + CK_RV rv = CKR_OK; if (template == NULL) { return (CKR_ARGUMENTS_BAD); @@ -3660,11 +3649,11 @@ soft_build_object(CK_ATTRIBUTE_PTR template, CK_ULONG ulAttrNum, */ CK_RV soft_build_key(CK_ATTRIBUTE_PTR template, CK_ULONG ulAttrNum, - soft_object_t *new_object, CK_OBJECT_CLASS class, CK_KEY_TYPE key_type, - CK_ULONG key_len, CK_ULONG mode) + soft_object_t *new_object, CK_OBJECT_CLASS class, CK_KEY_TYPE key_type, + CK_ULONG key_len, CK_ULONG mode) { - CK_RV rv = CKR_OK; + CK_RV rv = CKR_OK; CK_OBJECT_CLASS temp_class = (CK_OBJECT_CLASS)~0UL; /* Validate the attribute type in the template. */ @@ -3863,7 +3852,7 @@ soft_get_common_key_attrs(soft_object_t *object_p, CK_ATTRIBUTE_PTR template) */ CK_RV soft_get_public_key_attribute(soft_object_t *object_p, - CK_ATTRIBUTE_PTR template) + CK_ATTRIBUTE_PTR template) { CK_RV rv = CKR_OK; @@ -4036,7 +4025,7 @@ soft_get_public_key_attribute(soft_object_t *object_p, */ CK_RV soft_get_private_key_attribute(soft_object_t *object_p, - CK_ATTRIBUTE_PTR template) + CK_ATTRIBUTE_PTR template) { CK_RV rv = CKR_OK; @@ -4306,7 +4295,7 @@ soft_get_private_key_attribute(soft_object_t *object_p, */ CK_RV soft_get_secret_key_attribute(soft_object_t *object_p, - CK_ATTRIBUTE_PTR template) + CK_ATTRIBUTE_PTR template) { CK_RV rv = CKR_OK; @@ -4420,7 +4409,7 @@ soft_get_secret_key_attribute(soft_object_t *object_p, */ CK_RV soft_get_domain_parameters_attribute(soft_object_t *object_p, - CK_ATTRIBUTE_PTR template) + CK_ATTRIBUTE_PTR template) { CK_RV rv = CKR_OK; @@ -4538,7 +4527,7 @@ soft_get_domain_parameters_attribute(soft_object_t *object_p, */ CK_RV soft_get_certificate_attribute(soft_object_t *object_p, - CK_ATTRIBUTE_PTR template) + CK_ATTRIBUTE_PTR template) { CK_CERTIFICATE_TYPE certtype = object_p->cert_type; cert_attr_t src; @@ -4593,7 +4582,7 @@ soft_get_certificate_attribute(soft_object_t *object_p, CK_RV soft_set_certificate_attribute(soft_object_t *object_p, - CK_ATTRIBUTE_PTR template, boolean_t copy) + CK_ATTRIBUTE_PTR template, boolean_t copy) { CK_CERTIFICATE_TYPE certtype = object_p->cert_type; @@ -4693,7 +4682,7 @@ soft_get_attribute(soft_object_t *object_p, CK_ATTRIBUTE_PTR template) CK_RV soft_set_common_storage_attribute(soft_object_t *object_p, - CK_ATTRIBUTE_PTR template, boolean_t copy) + CK_ATTRIBUTE_PTR template, boolean_t copy) { CK_RV rv = CKR_OK; @@ -4769,7 +4758,7 @@ soft_set_common_storage_attribute(soft_object_t *object_p, */ CK_RV soft_set_common_key_attribute(soft_object_t *object_p, - CK_ATTRIBUTE_PTR template, boolean_t copy) + CK_ATTRIBUTE_PTR template, boolean_t copy) { switch (template->type) { @@ -4820,7 +4809,7 @@ soft_set_common_key_attribute(soft_object_t *object_p, */ CK_RV soft_set_public_key_attribute(soft_object_t *object_p, - CK_ATTRIBUTE_PTR template, boolean_t copy) + CK_ATTRIBUTE_PTR template, boolean_t copy) { CK_KEY_TYPE keytype = object_p->key_type; @@ -4892,7 +4881,7 @@ soft_set_public_key_attribute(soft_object_t *object_p, */ CK_RV soft_set_private_key_attribute(soft_object_t *object_p, - CK_ATTRIBUTE_PTR template, boolean_t copy) + CK_ATTRIBUTE_PTR template, boolean_t copy) { CK_KEY_TYPE keytype = object_p->key_type; @@ -5000,7 +4989,7 @@ soft_set_private_key_attribute(soft_object_t *object_p, */ CK_RV soft_set_secret_key_attribute(soft_object_t *object_p, - CK_ATTRIBUTE_PTR template, boolean_t copy) + CK_ATTRIBUTE_PTR template, boolean_t copy) { CK_KEY_TYPE keytype = object_p->key_type; @@ -6319,7 +6308,7 @@ soft_copy_secret_key_attr(secret_key_obj_t *old_secret_key_obj_p, (void) memcpy(sk, old_secret_key_obj_p, sizeof (secret_key_obj_t)); /* copy the secret key value */ - sk->sk_value = malloc((sizeof (CK_BYTE) * sk->sk_value_len)); + sk->sk_value = malloc(sk->sk_value_len); if (sk->sk_value == NULL) { free(sk); return (CKR_HOST_MEMORY); @@ -6334,6 +6323,7 @@ soft_copy_secret_key_attr(secret_key_obj_t *old_secret_key_obj_p, old_secret_key_obj_p->keysched_len > 0) { sk->key_sched = malloc(old_secret_key_obj_p->keysched_len); if (sk->key_sched == NULL) { + freezero(sk->sk_value, sk->sk_value_len); free(sk); return (CKR_HOST_MEMORY); } diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softBlowfishCrypt.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softBlowfishCrypt.c index 9abbce2592..82fbc54e0e 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softBlowfishCrypt.c +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softBlowfishCrypt.c @@ -21,6 +21,7 @@ /* * Copyright 2008 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. + * Copyright (c) 2018, Joyent, Inc. */ #include <pthread.h> @@ -36,8 +37,8 @@ CK_RV soft_blowfish_crypt_init_common(soft_session_t *session_p, - CK_MECHANISM_PTR pMechanism, soft_object_t *key_p, boolean_t encrypt) { - + CK_MECHANISM_PTR pMechanism, soft_object_t *key_p, boolean_t encrypt) +{ size_t size; soft_blowfish_ctx_t *soft_blowfish_ctx; @@ -140,8 +141,8 @@ soft_blowfish_crypt_init_common(soft_session_t *session_p, CK_RV soft_blowfish_encrypt_common(soft_session_t *session_p, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pEncrypted, CK_ULONG_PTR pulEncryptedLen, - boolean_t update) { - + boolean_t update) +{ int rc = 0; CK_RV rv = CKR_OK; soft_blowfish_ctx_t *soft_blowfish_ctx = @@ -271,8 +272,8 @@ soft_blowfish_encrypt_common(soft_session_t *session_p, CK_BYTE_PTR pData, /* Encrypt multiple blocks of data. */ rc = blowfish_encrypt_contiguous_blocks( - (blowfish_ctx_t *)soft_blowfish_ctx->blowfish_cbc, - (char *)in_buf, out_len, &out); + (blowfish_ctx_t *)soft_blowfish_ctx->blowfish_cbc, + (char *)in_buf, out_len, &out); if (rc == 0) { *pulEncryptedLen = out_len; @@ -297,15 +298,11 @@ soft_blowfish_encrypt_common(soft_session_t *session_p, CK_BYTE_PTR pData, cleanup: (void) pthread_mutex_lock(&session_p->session_mutex); blowfish_ctx = (blowfish_ctx_t *)soft_blowfish_ctx->blowfish_cbc; - if (blowfish_ctx != NULL) { - bzero(blowfish_ctx->bc_keysched, - blowfish_ctx->bc_keysched_len); - free(soft_blowfish_ctx->blowfish_cbc); - } - - bzero(soft_blowfish_ctx->key_sched, soft_blowfish_ctx->keysched_len); - free(soft_blowfish_ctx->key_sched); - free(session_p->encrypt.context); + freezero(blowfish_ctx, sizeof (cbc_ctx_t)); + freezero(soft_blowfish_ctx->key_sched, + soft_blowfish_ctx->keysched_len); + freezero(session_p->encrypt.context, + sizeof (soft_blowfish_ctx_t)); session_p->encrypt.context = NULL; (void) pthread_mutex_unlock(&session_p->session_mutex); @@ -316,8 +313,8 @@ cleanup: CK_RV soft_blowfish_decrypt_common(soft_session_t *session_p, CK_BYTE_PTR pEncrypted, CK_ULONG ulEncryptedLen, CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen, - boolean_t update) { - + boolean_t update) +{ int rc = 0; CK_RV rv = CKR_OK; soft_blowfish_ctx_t *soft_blowfish_ctx = @@ -438,8 +435,8 @@ soft_blowfish_decrypt_common(soft_session_t *session_p, CK_BYTE_PTR pEncrypted, /* Decrypt multiple blocks of data. */ rc = blowfish_decrypt_contiguous_blocks( - (blowfish_ctx_t *)soft_blowfish_ctx->blowfish_cbc, - (char *)in_buf, out_len, &out); + (blowfish_ctx_t *)soft_blowfish_ctx->blowfish_cbc, + (char *)in_buf, out_len, &out); if (rc == 0) { *pulDataLen = out_len; @@ -465,15 +462,11 @@ soft_blowfish_decrypt_common(soft_session_t *session_p, CK_BYTE_PTR pEncrypted, cleanup: (void) pthread_mutex_lock(&session_p->session_mutex); blowfish_ctx = (blowfish_ctx_t *)soft_blowfish_ctx->blowfish_cbc; - if (blowfish_ctx != NULL) { - bzero(blowfish_ctx->bc_keysched, - blowfish_ctx->bc_keysched_len); - free(soft_blowfish_ctx->blowfish_cbc); - } - - bzero(soft_blowfish_ctx->key_sched, soft_blowfish_ctx->keysched_len); - free(soft_blowfish_ctx->key_sched); - free(session_p->decrypt.context); + free(blowfish_ctx); + freezero(soft_blowfish_ctx->key_sched, + soft_blowfish_ctx->keysched_len); + freezero(session_p->decrypt.context, + sizeof (soft_blowfish_ctx_t)); session_p->decrypt.context = NULL; (void) pthread_mutex_unlock(&session_p->session_mutex); diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDESCrypt.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDESCrypt.c index 8159e93624..c6c8472f61 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDESCrypt.c +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDESCrypt.c @@ -21,6 +21,7 @@ /* * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2018, Joyent, Inc. */ #include <pthread.h> @@ -448,14 +449,9 @@ encrypt_failed: cleanup: (void) pthread_mutex_lock(&session_p->session_mutex); des_ctx = (des_ctx_t *)soft_des_ctx->des_cbc; - if (des_ctx != NULL) { - bzero(des_ctx->dc_keysched, des_ctx->dc_keysched_len); - free(soft_des_ctx->des_cbc); - } - - bzero(soft_des_ctx->key_sched, soft_des_ctx->keysched_len); - free(soft_des_ctx->key_sched); - free(session_p->encrypt.context); + free(des_ctx); + freezero(soft_des_ctx->key_sched, soft_des_ctx->keysched_len); + freezero(session_p->encrypt.context, sizeof (soft_des_ctx_t)); session_p->encrypt.context = NULL; (void) pthread_mutex_unlock(&session_p->session_mutex); @@ -777,15 +773,9 @@ decrypt_failed: cleanup: (void) pthread_mutex_lock(&session_p->session_mutex); des_ctx = (des_ctx_t *)soft_des_ctx->des_cbc; - if (des_ctx != NULL) { - bzero(des_ctx->dc_keysched, des_ctx->dc_keysched_len); - free(soft_des_ctx->des_cbc); - } - - bzero(soft_des_ctx->key_sched, soft_des_ctx->keysched_len); - free(soft_des_ctx->key_sched); - free(session_p->decrypt.context); - session_p->decrypt.context = NULL; + free(des_ctx); + freezero(soft_des_ctx->key_sched, soft_des_ctx->keysched_len); + freezero(session_p->decrypt.context, sizeof (soft_des_ctx_t)); (void) pthread_mutex_unlock(&session_p->session_mutex); return (rv); @@ -826,7 +816,7 @@ des_cbc_ctx_init(void *key_sched, size_t size, uint8_t *ivec, CK_KEY_TYPE type) */ CK_RV soft_des_sign_verify_init_common(soft_session_t *session_p, - CK_MECHANISM_PTR pMechanism, soft_object_t *key_p, boolean_t sign_op) + CK_MECHANISM_PTR pMechanism, soft_object_t *key_p, boolean_t sign_op) { soft_des_ctx_t *soft_des_ctx; CK_MECHANISM encrypt_mech; @@ -912,8 +902,8 @@ soft_des_sign_verify_init_common(soft_session_t *session_p, */ CK_RV soft_des_sign_verify_common(soft_session_t *session_p, CK_BYTE_PTR pData, - CK_ULONG ulDataLen, CK_BYTE_PTR pSigned, CK_ULONG_PTR pulSignedLen, - boolean_t sign_op, boolean_t Final) + CK_ULONG ulDataLen, CK_BYTE_PTR pSigned, CK_ULONG_PTR pulSignedLen, + boolean_t sign_op, boolean_t Final) { soft_des_ctx_t *soft_des_ctx_sign_verify; soft_des_ctx_t *soft_des_ctx_encrypt; @@ -1060,7 +1050,7 @@ clean_exit: */ CK_RV soft_des_mac_sign_verify_update(soft_session_t *session_p, CK_BYTE_PTR pPart, - CK_ULONG ulPartLen) + CK_ULONG ulPartLen) { /* * The DES MAC is calculated by taking the specified number of diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDecryptUtil.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDecryptUtil.c index 355c3b5bdd..27b8edf894 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDecryptUtil.c +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDecryptUtil.c @@ -21,6 +21,7 @@ /* * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2018, Joyent, Inc. */ #include <pthread.h> @@ -151,10 +152,10 @@ cbc_common: soft_des_ctx->ivec, key_p->key_type); if (soft_des_ctx->des_cbc == NULL) { - bzero(soft_des_ctx->key_sched, + freezero(soft_des_ctx->key_sched, soft_des_ctx->keysched_len); - free(soft_des_ctx->key_sched); - free(session_p->decrypt.context); + freezero(session_p->decrypt.context, + sizeof (soft_des_ctx_t)); session_p->decrypt.context = NULL; (void) pthread_mutex_unlock(&session_p->session_mutex); return (CKR_HOST_MEMORY); @@ -207,10 +208,10 @@ cbc_common: soft_aes_ctx->ivec); if (soft_aes_ctx->aes_cbc == NULL) { - bzero(soft_aes_ctx->key_sched, + freezero(soft_aes_ctx->key_sched, soft_aes_ctx->keysched_len); - free(soft_aes_ctx->key_sched); - free(session_p->decrypt.context); + freezero(session_p->decrypt.context, + sizeof (soft_aes_ctx_t)); session_p->decrypt.context = NULL; (void) pthread_mutex_unlock(&session_p->session_mutex); return (CKR_HOST_MEMORY); @@ -247,10 +248,10 @@ cbc_common: pMechanism->pParameter); if (soft_aes_ctx->aes_cbc == NULL) { - bzero(soft_aes_ctx->key_sched, + freezero(soft_aes_ctx->key_sched, soft_aes_ctx->keysched_len); - free(soft_aes_ctx->key_sched); - free(session_p->decrypt.context); + freezero(session_p->decrypt.context, + sizeof (soft_aes_ctx_t)); session_p->decrypt.context = NULL; rv = CKR_HOST_MEMORY; } @@ -292,10 +293,11 @@ cbc_common: soft_blowfish_ctx->ivec); if (soft_blowfish_ctx->blowfish_cbc == NULL) { - bzero(soft_blowfish_ctx->key_sched, + freezero(soft_blowfish_ctx->key_sched, soft_blowfish_ctx->keysched_len); - free(soft_blowfish_ctx->key_sched); - free(session_p->decrypt.context = NULL); + freezero(session_p->decrypt.context, + sizeof (soft_blowfish_ctx_t)); + session_p->decrypt.context = NULL; (void) pthread_mutex_unlock(&session_p->session_mutex); return (CKR_HOST_MEMORY); } @@ -471,8 +473,7 @@ soft_decrypt(soft_session_t *session_p, CK_BYTE_PTR pEncryptedData, */ CK_RV soft_decrypt_update(soft_session_t *session_p, CK_BYTE_PTR pEncryptedPart, - CK_ULONG ulEncryptedPartLen, CK_BYTE_PTR pPart, - CK_ULONG_PTR pulPartLen) + CK_ULONG ulEncryptedPartLen, CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen) { CK_MECHANISM_TYPE mechanism = session_p->decrypt.mech.mechanism; @@ -520,7 +521,7 @@ soft_decrypt_update(soft_session_t *session_p, CK_BYTE_PTR pEncryptedPart, */ CK_RV soft_decrypt_final(soft_session_t *session_p, CK_BYTE_PTR pLastPart, - CK_ULONG_PTR pulLastPartLen) + CK_ULONG_PTR pulLastPartLen) { CK_MECHANISM_TYPE mechanism = session_p->decrypt.mech.mechanism; @@ -554,9 +555,8 @@ soft_decrypt_final(soft_session_t *session_p, CK_BYTE_PTR pLastPart, rv = CKR_ENCRYPTED_DATA_LEN_RANGE; /* Cleanup memory space. */ free(soft_des_ctx->des_cbc); - bzero(soft_des_ctx->key_sched, + freezero(soft_des_ctx->key_sched, soft_des_ctx->keysched_len); - free(soft_des_ctx->key_sched); goto clean1; } @@ -608,9 +608,8 @@ soft_decrypt_final(soft_session_t *session_p, CK_BYTE_PTR pLastPart, /* Cleanup memory space. */ free(soft_des_ctx->des_cbc); - bzero(soft_des_ctx->key_sched, + freezero(soft_des_ctx->key_sched, soft_des_ctx->keysched_len); - free(soft_des_ctx->key_sched); } @@ -641,8 +640,8 @@ soft_decrypt_final(soft_session_t *session_p, CK_BYTE_PTR pLastPart, /* Cleanup memory space. */ free(soft_des_ctx->des_cbc); - bzero(soft_des_ctx->key_sched, soft_des_ctx->keysched_len); - free(soft_des_ctx->key_sched); + freezero(soft_des_ctx->key_sched, + soft_des_ctx->keysched_len); break; } @@ -663,9 +662,8 @@ soft_decrypt_final(soft_session_t *session_p, CK_BYTE_PTR pLastPart, rv = CKR_ENCRYPTED_DATA_LEN_RANGE; /* Cleanup memory space. */ free(soft_aes_ctx->aes_cbc); - bzero(soft_aes_ctx->key_sched, + freezero(soft_aes_ctx->key_sched, soft_aes_ctx->keysched_len); - free(soft_aes_ctx->key_sched); goto clean1; } @@ -717,9 +715,8 @@ soft_decrypt_final(soft_session_t *session_p, CK_BYTE_PTR pLastPart, /* Cleanup memory space. */ free(soft_aes_ctx->aes_cbc); - bzero(soft_aes_ctx->key_sched, + freezero(soft_aes_ctx->key_sched, soft_aes_ctx->keysched_len); - free(soft_aes_ctx->key_sched); } @@ -747,8 +744,8 @@ soft_decrypt_final(soft_session_t *session_p, CK_BYTE_PTR pLastPart, /* Cleanup memory space. */ free(soft_aes_ctx->aes_cbc); - bzero(soft_aes_ctx->key_sched, soft_aes_ctx->keysched_len); - free(soft_aes_ctx->key_sched); + freezero(soft_aes_ctx->key_sched, + soft_aes_ctx->keysched_len); break; } @@ -784,8 +781,8 @@ soft_decrypt_final(soft_session_t *session_p, CK_BYTE_PTR pLastPart, /* Cleanup memory space. */ free(ctr_ctx); - bzero(soft_aes_ctx->key_sched, soft_aes_ctx->keysched_len); - free(soft_aes_ctx->key_sched); + freezero(soft_aes_ctx->key_sched, + soft_aes_ctx->keysched_len); break; } @@ -805,9 +802,8 @@ soft_decrypt_final(soft_session_t *session_p, CK_BYTE_PTR pLastPart, } free(soft_blowfish_ctx->blowfish_cbc); - bzero(soft_blowfish_ctx->key_sched, + freezero(soft_blowfish_ctx->key_sched, soft_blowfish_ctx->keysched_len); - free(soft_blowfish_ctx->key_sched); break; } @@ -815,7 +811,7 @@ soft_decrypt_final(soft_session_t *session_p, CK_BYTE_PTR pLastPart, case CKM_RC4: { ARCFour_key *key = (ARCFour_key *)session_p->decrypt.context; - bzero(key, sizeof (*key)); + explicit_bzero(key, sizeof (*key)); *pulLastPartLen = 0; break; } diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDigestUtil.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDigestUtil.c index f1f685ed40..8bf2eca6c6 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDigestUtil.c +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDigestUtil.c @@ -21,6 +21,7 @@ /* * Copyright 2008 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. + * Copyright (c) 2018, Joyent, Inc. */ #include <strings.h> @@ -46,7 +47,7 @@ * * Description: * called by C_DigestInit(). This function allocates space for - * context, then calls the corresponding software provided digest + * context, then calls the corresponding software provided digest * init routine based on the mechanism. * * Returns: @@ -166,7 +167,7 @@ soft_digest_init(soft_session_t *session_p, CK_MECHANISM_PTR pMechanism) */ CK_RV soft_digest_common(soft_session_t *session_p, CK_BYTE_PTR pData, - CK_ULONG ulDataLen, CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen) + CK_ULONG ulDataLen, CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen) { CK_ULONG digestLen = 0; @@ -302,7 +303,7 @@ soft_digest_common(soft_session_t *session_p, CK_BYTE_PTR pData, /* Paranoia on behalf of C_DigestKey callers: bzero the context */ if (session_p->digest.flags & CRYPTO_KEY_DIGESTED) { - bzero(session_p->digest.context, len); + explicit_bzero(session_p->digest.context, len); session_p->digest.flags &= ~CRYPTO_KEY_DIGESTED; } *pulDigestLen = digestLen; @@ -333,7 +334,7 @@ soft_digest_common(soft_session_t *session_p, CK_BYTE_PTR pData, */ CK_RV soft_digest(soft_session_t *session_p, CK_BYTE_PTR pData, CK_ULONG ulDataLen, - CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen) + CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen) { return (soft_digest_common(session_p, pData, ulDataLen, @@ -359,7 +360,7 @@ soft_digest(soft_session_t *session_p, CK_BYTE_PTR pData, CK_ULONG ulDataLen, */ CK_RV soft_digest_update(soft_session_t *session_p, CK_BYTE_PTR pPart, - CK_ULONG ulPartLen) + CK_ULONG ulPartLen) { switch (session_p->digest.mech.mechanism) { @@ -417,7 +418,7 @@ soft_digest_update(soft_session_t *session_p, CK_BYTE_PTR pPart, */ CK_RV soft_digest_final(soft_session_t *session_p, CK_BYTE_PTR pDigest, - CK_ULONG_PTR pulDigestLen) + CK_ULONG_PTR pulDigestLen) { return (soft_digest_common(session_p, NULL, 0, @@ -433,8 +434,8 @@ soft_digest_final(soft_session_t *session_p, CK_BYTE_PTR pDigest, * its mutex taken. */ CK_RV -soft_digest_init_internal(soft_session_t *session_p, CK_MECHANISM_PTR - pMechanism) +soft_digest_init_internal(soft_session_t *session_p, + CK_MECHANISM_PTR pMechanism) { CK_RV rv; diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softEncryptUtil.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softEncryptUtil.c index aebacaa868..fb7da5af3b 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softEncryptUtil.c +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softEncryptUtil.c @@ -22,6 +22,7 @@ /* * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. * Copyright 2015 Nexenta Systems, Inc. All rights reserved. + * Copyright (c) 2018, Joyent, Inc. */ #include <pthread.h> @@ -175,10 +176,10 @@ cbc_common: soft_des_ctx->ivec, key_p->key_type); if (soft_des_ctx->des_cbc == NULL) { - bzero(soft_des_ctx->key_sched, + freezero(soft_des_ctx->key_sched, soft_des_ctx->keysched_len); - free(soft_des_ctx->key_sched); - free(session_p->encrypt.context); + freezero(session_p->encrypt.context, + sizeof (soft_des_ctx_t)); session_p->encrypt.context = NULL; rv = CKR_HOST_MEMORY; } @@ -239,10 +240,10 @@ cbc_common: soft_aes_ctx->ivec); } if (soft_aes_ctx->aes_cbc == NULL) { - bzero(soft_aes_ctx->key_sched, + freezero(soft_aes_ctx->key_sched, soft_aes_ctx->keysched_len); - free(soft_aes_ctx->key_sched); - free(session_p->encrypt.context); + freezero(session_p->encrypt.context, + sizeof (soft_aes_ctx_t)); session_p->encrypt.context = NULL; rv = CKR_HOST_MEMORY; } @@ -278,10 +279,10 @@ cbc_common: pMechanism->pParameter); if (soft_aes_ctx->aes_cbc == NULL) { - bzero(soft_aes_ctx->key_sched, + freezero(soft_aes_ctx->key_sched, soft_aes_ctx->keysched_len); - free(soft_aes_ctx->key_sched); - free(session_p->encrypt.context); + freezero(session_p->encrypt.context, + sizeof (soft_aes_ctx_t)); session_p->encrypt.context = NULL; rv = CKR_HOST_MEMORY; } @@ -341,10 +342,10 @@ cbc_common: soft_blowfish_ctx->ivec); if (soft_blowfish_ctx->blowfish_cbc == NULL) { - bzero(soft_blowfish_ctx->key_sched, + freezero(soft_blowfish_ctx->key_sched, soft_blowfish_ctx->keysched_len); - free(soft_blowfish_ctx->key_sched); - free(session_p->encrypt.context); + freezero(session_p->encrypt.context, + sizeof (soft_blowfish_ctx_t)); session_p->encrypt.context = NULL; rv = CKR_HOST_MEMORY; } @@ -628,9 +629,8 @@ soft_encrypt_final(soft_session_t *session_p, CK_BYTE_PTR pLastEncryptedPart, /* Cleanup memory space. */ free(soft_des_ctx->des_cbc); - bzero(soft_des_ctx->key_sched, + freezero(soft_des_ctx->key_sched, soft_des_ctx->keysched_len); - free(soft_des_ctx->key_sched); } break; @@ -659,8 +659,8 @@ soft_encrypt_final(soft_session_t *session_p, CK_BYTE_PTR pLastEncryptedPart, /* Cleanup memory space. */ free(soft_des_ctx->des_cbc); - bzero(soft_des_ctx->key_sched, soft_des_ctx->keysched_len); - free(soft_des_ctx->key_sched); + freezero(soft_des_ctx->key_sched, + soft_des_ctx->keysched_len); break; } @@ -723,9 +723,8 @@ soft_encrypt_final(soft_session_t *session_p, CK_BYTE_PTR pLastEncryptedPart, /* Cleanup memory space. */ free(soft_aes_ctx->aes_cbc); - bzero(soft_aes_ctx->key_sched, + freezero(soft_aes_ctx->key_sched, soft_aes_ctx->keysched_len); - free(soft_aes_ctx->key_sched); } break; @@ -763,9 +762,8 @@ soft_encrypt_final(soft_session_t *session_p, CK_BYTE_PTR pLastEncryptedPart, /* Cleanup memory space. */ free(soft_aes_ctx->aes_cbc); - bzero(soft_aes_ctx->key_sched, + freezero(soft_aes_ctx->key_sched, soft_aes_ctx->keysched_len); - free(soft_aes_ctx->key_sched); } break; @@ -791,8 +789,8 @@ soft_encrypt_final(soft_session_t *session_p, CK_BYTE_PTR pLastEncryptedPart, /* Cleanup memory space. */ free(soft_aes_ctx->aes_cbc); - bzero(soft_aes_ctx->key_sched, soft_aes_ctx->keysched_len); - free(soft_aes_ctx->key_sched); + freezero(soft_aes_ctx->key_sched, + soft_aes_ctx->keysched_len); break; } @@ -827,8 +825,8 @@ soft_encrypt_final(soft_session_t *session_p, CK_BYTE_PTR pLastEncryptedPart, /* Cleanup memory space. */ free(ctr_ctx); - bzero(soft_aes_ctx->key_sched, soft_aes_ctx->keysched_len); - free(soft_aes_ctx->key_sched); + freezero(soft_aes_ctx->key_sched, + soft_aes_ctx->keysched_len); break; } @@ -852,9 +850,8 @@ soft_encrypt_final(soft_session_t *session_p, CK_BYTE_PTR pLastEncryptedPart, } free(soft_blowfish_ctx->blowfish_cbc); - bzero(soft_blowfish_ctx->key_sched, + freezero(soft_blowfish_ctx->key_sched, soft_blowfish_ctx->keysched_len); - free(soft_blowfish_ctx->key_sched); break; } @@ -865,7 +862,7 @@ soft_encrypt_final(soft_session_t *session_p, CK_BYTE_PTR pLastEncryptedPart, *pulLastEncryptedPartLen = 0; if (pLastEncryptedPart == NULL) goto clean1; - bzero(key, sizeof (*key)); + explicit_bzero(key, sizeof (*key)); break; } default: @@ -921,13 +918,12 @@ soft_crypt_cleanup(soft_session_t *session_p, boolean_t encrypt, if (soft_des_ctx != NULL) { des_ctx = (des_ctx_t *)soft_des_ctx->des_cbc; if (des_ctx != NULL) { - bzero(des_ctx->dc_keysched, + explicit_bzero(des_ctx->dc_keysched, des_ctx->dc_keysched_len); free(soft_des_ctx->des_cbc); } - bzero(soft_des_ctx->key_sched, + freezero(soft_des_ctx->key_sched, soft_des_ctx->keysched_len); - free(soft_des_ctx->key_sched); } break; } @@ -944,13 +940,12 @@ soft_crypt_cleanup(soft_session_t *session_p, boolean_t encrypt, if (soft_aes_ctx != NULL) { aes_ctx = (aes_ctx_t *)soft_aes_ctx->aes_cbc; if (aes_ctx != NULL) { - bzero(aes_ctx->ac_keysched, + explicit_bzero(aes_ctx->ac_keysched, aes_ctx->ac_keysched_len); free(soft_aes_ctx->aes_cbc); } - bzero(soft_aes_ctx->key_sched, + freezero(soft_aes_ctx->key_sched, soft_aes_ctx->keysched_len); - free(soft_aes_ctx->key_sched); } break; } @@ -965,14 +960,13 @@ soft_crypt_cleanup(soft_session_t *session_p, boolean_t encrypt, blowfish_ctx = (blowfish_ctx_t *)soft_blowfish_ctx->blowfish_cbc; if (blowfish_ctx != NULL) { - bzero(blowfish_ctx->bc_keysched, + explicit_bzero(blowfish_ctx->bc_keysched, blowfish_ctx->bc_keysched_len); free(soft_blowfish_ctx->blowfish_cbc); } - bzero(soft_blowfish_ctx->key_sched, + freezero(soft_blowfish_ctx->key_sched, soft_blowfish_ctx->keysched_len); - free(soft_blowfish_ctx->key_sched); } break; } @@ -982,7 +976,7 @@ soft_crypt_cleanup(soft_session_t *session_p, boolean_t encrypt, ARCFour_key *key = (ARCFour_key *)active_op->context; if (key != NULL) - bzero(key, sizeof (*key)); + explicit_bzero(key, sizeof (*key)); break; } diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softKeysUtil.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softKeysUtil.c index a48ade7224..cb06623498 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softKeysUtil.c +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softKeysUtil.c @@ -21,6 +21,7 @@ /* * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. + * Copyright (c) 2018, Joyent, Inc. */ #include <pthread.h> @@ -609,8 +610,7 @@ soft_key_derive_check_length(soft_object_t *secret_key, CK_ULONG max_keylen) static CK_RV soft_pkcs12_pbe(soft_session_t *session_p, - CK_MECHANISM_PTR pMechanism, - soft_object_t *derived_key) + CK_MECHANISM_PTR pMechanism, soft_object_t *derived_key) { CK_RV rv = CKR_OK; CK_PBE_PARAMS *params = pMechanism->pParameter; @@ -822,26 +822,11 @@ digest_done: (void) memcpy(keybuf, A, keysize); cleanup: - if (A) { - bzero(A, Alen); - free(A); - } - if (Ai) { - bzero(Ai, AiLen); - free(Ai); - } - if (B) { - bzero(B, Blen); - free(B); - } - if (D) { - bzero(D, Dlen); - free(D); - } - if (I) { - bzero(I, Ilen); - free(I); - } + freezero(A, Alen); + freezero(Ai, AiLen); + freezero(B, Blen); + freezero(D, Dlen); + freezero(I, Ilen); return (rv); } @@ -1165,11 +1150,9 @@ soft_derive_enforce_flags(soft_object_t *basekey, soft_object_t *newkey) * Currently, PRF is always SHA_1_HMAC. */ static CK_RV -do_prf(soft_session_t *session_p, - CK_PKCS5_PBKD2_PARAMS_PTR params, - soft_object_t *hmac_key, - CK_BYTE *newsalt, CK_ULONG saltlen, - CK_BYTE *blockdata, CK_ULONG blocklen) +do_prf(soft_session_t *session_p, CK_PKCS5_PBKD2_PARAMS_PTR params, + soft_object_t *hmac_key, CK_BYTE *newsalt, CK_ULONG saltlen, + CK_BYTE *blockdata, CK_ULONG blocklen) { CK_RV rv = CKR_OK; CK_MECHANISM digest_mech = {CKM_SHA_1_HMAC, NULL, 0}; @@ -1249,7 +1232,7 @@ cleanup: static CK_RV soft_create_hmac_key(soft_session_t *session_p, CK_BYTE *passwd, - CK_ULONG passwd_len, CK_OBJECT_HANDLE_PTR phKey) + CK_ULONG passwd_len, CK_OBJECT_HANDLE_PTR phKey) { CK_RV rv = CKR_OK; CK_OBJECT_CLASS keyclass = CKO_SECRET_KEY; @@ -1293,8 +1276,7 @@ soft_create_hmac_key(soft_session_t *session_p, CK_BYTE *passwd, CK_RV soft_generate_pkcs5_pbkdf2_key(soft_session_t *session_p, - CK_MECHANISM_PTR pMechanism, - soft_object_t *secret_key) + CK_MECHANISM_PTR pMechanism, soft_object_t *secret_key) { CK_RV rv = CKR_OK; CK_PKCS5_PBKD2_PARAMS *params = @@ -1400,15 +1382,15 @@ soft_generate_pkcs5_pbkdf2_key(soft_session_t *session_p, keydata += hLen; } (void) soft_delete_object(session_p, hmac_key, B_FALSE, B_FALSE); - free(salt); + freezero(salt, params->ulSaltSourceDataLen); return (rv); } CK_RV soft_wrapkey(soft_session_t *session_p, CK_MECHANISM_PTR pMechanism, - soft_object_t *wrappingKey_p, soft_object_t *hkey_p, - CK_BYTE_PTR pWrappedKey, CK_ULONG_PTR pulWrappedKeyLen) + soft_object_t *wrappingKey_p, soft_object_t *hkey_p, + CK_BYTE_PTR pWrappedKey, CK_ULONG_PTR pulWrappedKeyLen) { CK_RV rv = CKR_OK; CK_ULONG plain_len = 0; @@ -1535,14 +1517,12 @@ soft_wrapkey(soft_session_t *session_p, CK_MECHANISM_PTR pMechanism, cleanup_wrap: if (padded_data != NULL && padded_len != plain_len) { /* Clear buffer before returning to memory pool. */ - (void) memset(padded_data, 0x0, padded_len); - free(padded_data); + freezero(padded_data, padded_len); } if ((hkey_p->class != CKO_SECRET_KEY) && (plain_data != NULL)) { /* Clear buffer before returning to memory pool. */ - (void) memset(plain_data, 0x0, plain_len); - free(plain_data); + freezero(plain_data, plain_len); } return (rv); @@ -1555,7 +1535,7 @@ cleanup_wrap: */ static CK_RV soft_unwrap_secret_len_check(CK_KEY_TYPE keytype, CK_MECHANISM_TYPE mechtype, - CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount) + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount) { CK_ULONG i; boolean_t isValueLen = B_FALSE; @@ -1628,10 +1608,9 @@ soft_unwrap_secret_len_check(CK_KEY_TYPE keytype, CK_MECHANISM_TYPE mechtype, CK_RV soft_unwrapkey(soft_session_t *session_p, CK_MECHANISM_PTR pMechanism, - soft_object_t *unwrappingkey_p, - CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen, - CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, - CK_OBJECT_HANDLE_PTR phKey) + soft_object_t *unwrappingkey_p, CK_BYTE_PTR pWrappedKey, + CK_ULONG ulWrappedKeyLen, CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey) { CK_RV rv = CKR_OK; CK_OBJECT_CLASS new_obj_class = ~0UL; @@ -1822,8 +1801,7 @@ soft_unwrapkey(soft_session_t *session_p, CK_MECHANISM_PTR pMechanism, if (new_objp->class != CKO_SECRET_KEY) { /* Clear buffer before returning to memory pool. */ - (void) memset(plain_data, 0x0, plain_len); - free(plain_data); + freezero(plain_data, plain_len); } *phKey = (CK_OBJECT_HANDLE)new_objp; @@ -1834,8 +1812,7 @@ cleanup_unwrap: /* The decrypted private key buffer must be freed explicitly. */ if ((new_objp->class != CKO_SECRET_KEY) && (plain_data != NULL)) { /* Clear buffer before returning to memory pool. */ - (void) memset(plain_data, 0x0, plain_len); - free(plain_data); + freezero(plain_data, plain_len); } /* sck and new_objp are indirectly free()d inside these functions */ diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softKeystore.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softKeystore.c index cab06ce41d..be5b05aeeb 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softKeystore.c +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softKeystore.c @@ -20,6 +20,7 @@ */ /* * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright 2018, Joyent, Inc. */ #include <crypt.h> @@ -98,8 +99,11 @@ soft_gen_hashed_pin(CK_UTF8CHAR_PTR pPin, char **result, char **salt) } if ((*result = crypt((char *)pPin, *salt)) == NULL) { - if (new_salt) - free(*salt); + if (new_salt) { + size_t saltlen = strlen(*salt) + 1; + + freezero(*salt, saltlen); + } return (-1); } @@ -119,6 +123,7 @@ soft_verify_pin(CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen) uchar_t *tmp_pin = NULL; boolean_t pin_initialized = B_FALSE; CK_RV rv = CKR_OK; + size_t len = 0; /* * Check to see if keystore is initialized. @@ -189,13 +194,18 @@ soft_verify_pin(CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen) } cleanup: - if (salt) - free(salt); - if (tmp_pin) - free(tmp_pin); - if (ks_cryptpin) - free(ks_cryptpin); - + if (salt) { + len = strlen(salt) + 1; + freezero(salt, len); + } + if (tmp_pin) { + len = strlen((char *)tmp_pin) + 1; + freezero(tmp_pin, len); + } + if (ks_cryptpin) { + len = strlen(ks_cryptpin) + 1; + freezero(ks_cryptpin, len); + } return (rv); } @@ -213,6 +223,7 @@ soft_setpin(CK_UTF8CHAR_PTR pOldPin, CK_ULONG ulOldPinLen, boolean_t pin_initialized = B_FALSE; uchar_t *tmp_old_pin = NULL, *tmp_new_pin = NULL; CK_RV rv = CKR_OK; + size_t len = 0; /* * Check to see if keystore is initialized. @@ -290,14 +301,22 @@ soft_setpin(CK_UTF8CHAR_PTR pOldPin, CK_ULONG ulOldPinLen, } cleanup: - if (salt) - free(salt); - if (ks_cryptpin) - free(ks_cryptpin); - if (tmp_old_pin) - free(tmp_old_pin); - if (tmp_new_pin) - free(tmp_new_pin); + if (salt) { + len = strlen(salt) + 1; + freezero(salt, len); + } + if (ks_cryptpin) { + len = strlen(ks_cryptpin) + 1; + freezero(ks_cryptpin, len); + } + if (tmp_old_pin) { + len = strlen((char *)tmp_old_pin) + 1; + freezero(tmp_old_pin, len); + } + if (tmp_new_pin) { + len = strlen((char *)tmp_new_pin) + 1; + freezero(tmp_new_pin, len); + } return (rv); } @@ -475,9 +494,7 @@ soft_keystore_unpack_obj(soft_object_t *obj, ks_obj_t *ks_obj) } rv = soft_add_extra_attr(&template, obj); - if (template.pValue) { - free(template.pValue); - } + freezero(template.pValue, template.ulValueLen); if (rv != CKR_OK) { return (rv); @@ -543,7 +560,7 @@ soft_unpack_obj_attribute(uchar_t *buf, biginteger_t *key_dest, rv = get_bigint_attr_from_template(key_dest, &template); } - free(template.pValue); + freezero(template.pValue, template.ulValueLen); if (rv != CKR_OK) { return (rv); } @@ -1342,7 +1359,7 @@ soft_unpack_object(soft_object_t *objp, uchar_t *buf) biginteger_t expo1; biginteger_t expo2; biginteger_t coef; - CK_RV rv = CKR_OK; + CK_RV rv = CKR_OK; ulong_t offset = 0; uint64_t tmp_val; @@ -1857,25 +1874,15 @@ soft_put_object_to_keystore(soft_object_t *objp) return (rv); (void) pthread_mutex_lock(&soft_slot.slot_mutex); - if (objp->object_type == TOKEN_PUBLIC) { - if ((soft_keystore_put_new_obj(buf, len, B_TRUE, - B_FALSE, &objp->ks_handle)) == -1) { - (void) pthread_mutex_unlock(&soft_slot.slot_mutex); - free(buf); - return (CKR_FUNCTION_FAILED); - } - } else { - if ((soft_keystore_put_new_obj(buf, len, B_FALSE, - B_FALSE, &objp->ks_handle)) == -1) { - (void) pthread_mutex_unlock(&soft_slot.slot_mutex); - free(buf); - return (CKR_FUNCTION_FAILED); - } + if (soft_keystore_put_new_obj(buf, len, + !!(objp->object_type == TOKEN_PUBLIC), B_FALSE, + &objp->ks_handle) == -1) { + rv = CKR_FUNCTION_FAILED; } (void) pthread_mutex_unlock(&soft_slot.slot_mutex); - free(buf); - return (CKR_OK); + freezero(buf, len); + return (rv); } /* @@ -1897,11 +1904,11 @@ soft_modify_object_to_keystore(soft_object_t *objp) /* B_TRUE: caller has held a writelock on the keystore */ if (soft_keystore_modify_obj(&objp->ks_handle, buf, len, B_TRUE) < 0) { - return (CKR_FUNCTION_FAILED); + rv = CKR_FUNCTION_FAILED; } - free(buf); - return (CKR_OK); + freezero(buf, len); + return (rv); } @@ -1942,8 +1949,7 @@ soft_get_token_objects_from_keystore(ks_search_type_t type) /* Free the ks_obj list */ ks_obj_next = ks_obj->next; - if (ks_obj->buf) - free(ks_obj->buf); + freezero(ks_obj->buf, ks_obj->size); free(ks_obj); ks_obj = ks_obj_next; } @@ -1953,7 +1959,7 @@ soft_get_token_objects_from_keystore(ks_search_type_t type) cleanup: while (ks_obj) { ks_obj_next = ks_obj->next; - free(ks_obj->buf); + freezero(ks_obj->buf, ks_obj->size); free(ks_obj); ks_obj = ks_obj_next; } @@ -2258,7 +2264,7 @@ soft_destroy_token_session(void) */ CK_RV soft_keystore_crypt(soft_object_t *key_p, uchar_t *ivec, boolean_t encrypt, - CK_BYTE_PTR in, CK_ULONG in_len, CK_BYTE_PTR out, CK_ULONG_PTR out_len) + CK_BYTE_PTR in, CK_ULONG in_len, CK_BYTE_PTR out, CK_ULONG_PTR out_len) { CK_MECHANISM mech; soft_aes_ctx_t *soft_aes_ctx; @@ -2304,9 +2310,8 @@ soft_keystore_crypt(soft_object_t *key_p, uchar_t *ivec, boolean_t encrypt, soft_aes_ctx->ivec); if (soft_aes_ctx->aes_cbc == NULL) { - bzero(soft_aes_ctx->key_sched, + freezero(soft_aes_ctx->key_sched, soft_aes_ctx->keysched_len); - free(soft_aes_ctx->key_sched); if (encrypt) { free(token_session.encrypt.context); token_session.encrypt.context = NULL; @@ -2371,7 +2376,7 @@ soft_keystore_crypt(soft_object_t *key_p, uchar_t *ivec, boolean_t encrypt, */ CK_RV soft_keystore_hmac(soft_object_t *key_p, boolean_t sign, - CK_BYTE_PTR in, CK_ULONG in_len, CK_BYTE_PTR out, CK_ULONG_PTR out_len) + CK_BYTE_PTR in, CK_ULONG in_len, CK_BYTE_PTR out, CK_ULONG_PTR out_len) { CK_MECHANISM mech; CK_RV rv; diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softKeystoreUtil.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softKeystoreUtil.c index 0ebfa871e9..a9505562f2 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softKeystoreUtil.c +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softKeystoreUtil.c @@ -20,6 +20,7 @@ */ /* * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright 2018, Joyent, Inc. */ /* @@ -470,8 +471,7 @@ create_keystore() (void) lock_file(fd, B_FALSE, B_FALSE); (void) close(fd); - if (hashed_pin_salt) - free(hashed_pin_salt); + freezero(hashed_pin_salt, hashed_pin_salt_len); return (0); cleanup: @@ -520,8 +520,8 @@ is_inode_same(int fd, char *fname, boolean_t *same) } static int -acquire_file_lock(int *fd, char *fname, mode_t mode) { - +acquire_file_lock(int *fd, char *fname, mode_t mode) +{ boolean_t read_lock = B_TRUE, same_inode; if ((mode == O_RDWR) || (mode == O_WRONLY)) { @@ -892,7 +892,7 @@ get_hashed_pin(int fd, char **hashed_pin) if ((readn_nointr(fd, *hashed_pin, hashed_pin_size)) != (ssize_t)hashed_pin_size) { - free(*hashed_pin); + freezero(*hashed_pin, hashed_pin_size + 1); *hashed_pin = NULL; return (CKR_FUNCTION_FAILED); } @@ -929,8 +929,8 @@ soft_keystore_readlock(boolean_t set_lock) * FUNCTION: soft_keystore_writelock * * ARGUMENTS: - * set_lock: TRUE to set writelock on the keystore description file - * FALSE to remove write lock on keystore description file. + * set_lock: TRUE to set writelock on the keystore description file + * FALSE to remove write lock on keystore description file. * * RETURN VALUE: * @@ -954,7 +954,7 @@ soft_keystore_writelock(boolean_t set_lock) * ARGUMENTS: * * ks_handle: handle of the keystore object file to be accessed. - * read_lock: TRUE to set readlock on the keystore object file, + * read_lock: TRUE to set readlock on the keystore object file, * FALSE to set writelock on keystore object file. * * RETURN VALUE: @@ -1243,8 +1243,8 @@ read_obj_data(int old_fd, char **buf, ssize_t *bytes_read) */ static int reencrypt_obj(soft_object_t *new_enc_key, soft_object_t *new_hmac_key, - char *orig_obj_name, char *new_obj_name) { - + char *orig_obj_name, char *new_obj_name) +{ int old_fd, new_fd, version, ret_val = -1; CK_BYTE iv[OBJ_IV_SIZE], old_iv[OBJ_IV_SIZE]; ssize_t nread; @@ -1320,76 +1320,75 @@ reencrypt_obj(soft_object_t *new_enc_key, soft_object_t *new_hmac_key, decrypted_len = 0; if (soft_keystore_crypt(enc_key, old_iv, B_FALSE, buf, nread, NULL, &decrypted_len) != CKR_OK) { - free(buf); + freezero(buf, nread); goto cleanup; } decrypted_buf = malloc(decrypted_len); if (decrypted_buf == NULL) { - free(buf); + freezero(buf, nread); goto cleanup; } if (soft_keystore_crypt(enc_key, old_iv, B_FALSE, buf, nread, decrypted_buf, &decrypted_len) != CKR_OK) { - free(buf); - free(decrypted_buf); - goto cleanup; + freezero(buf, nread); + freezero(decrypted_buf, decrypted_len); } - free(buf); + freezero(buf, nread); /* re-encrypt with new key */ encrypted_len = 0; if (soft_keystore_crypt(new_enc_key, iv, B_TRUE, decrypted_buf, decrypted_len, NULL, &encrypted_len) != CKR_OK) { - free(decrypted_buf); + freezero(decrypted_buf, decrypted_len); goto cleanup; } buf = malloc(encrypted_len); if (buf == NULL) { - free(decrypted_buf); + freezero(decrypted_buf, decrypted_len); goto cleanup; } if (soft_keystore_crypt(new_enc_key, iv, B_TRUE, decrypted_buf, decrypted_len, buf, &encrypted_len) != CKR_OK) { - free(buf); - free(decrypted_buf); + freezero(buf, encrypted_len); + freezero(buf, decrypted_len); goto cleanup; } - free(decrypted_buf); + freezero(decrypted_buf, decrypted_len); /* calculate hmac on re-encrypted data using new hmac key */ hmac_len = OBJ_HMAC_SIZE; if (soft_keystore_hmac(new_hmac_key, B_TRUE, buf, encrypted_len, hmac, &hmac_len) != CKR_OK) { - free(buf); + freezero(buf, encrypted_len); goto cleanup; } /* just for sanity check */ if (hmac_len != OBJ_HMAC_SIZE) { - free(buf); + freezero(buf, encrypted_len); goto cleanup; } /* write new hmac */ if (writen_nointr(new_fd, (char *)hmac, OBJ_HMAC_SIZE) != OBJ_HMAC_SIZE) { - free(buf); + freezero(buf, encrypted_len); goto cleanup; } /* write re-encrypted buffer to temp file */ if (writen_nointr(new_fd, (void *)buf, encrypted_len) != encrypted_len) { - free(buf); + freezero(buf, encrypted_len); goto cleanup; } - free(buf); + freezero(buf, encrypted_len); ret_val = 0; cleanup: @@ -1547,11 +1546,12 @@ soft_keystore_setpin(uchar_t *oldpin, uchar_t *newpin, boolean_t lock_held) } if (writen_nointr(tmp_ks_fd, (void *)new_crypt_salt, KS_KEY_SALT_SIZE) != KS_KEY_SALT_SIZE) { - free(new_crypt_salt); + freezero(new_crypt_salt, + KS_KEY_SALT_SIZE); (void) soft_cleanup_object(new_crypt_key); goto cleanup; } - free(new_crypt_salt); + freezero(new_crypt_salt, KS_KEY_SALT_SIZE); if (soft_gen_hmac_key(newpin, &new_hmac_key, &new_hmac_salt) != CKR_OK) { @@ -1560,10 +1560,11 @@ soft_keystore_setpin(uchar_t *oldpin, uchar_t *newpin, boolean_t lock_held) } if (writen_nointr(tmp_ks_fd, (void *)new_hmac_salt, KS_HMAC_SALT_SIZE) != KS_HMAC_SALT_SIZE) { - free(new_hmac_salt); + freezero(new_hmac_salt, + KS_HMAC_SALT_SIZE); goto cleanup3; } - free(new_hmac_salt); + freezero(new_hmac_salt, KS_HMAC_SALT_SIZE); } else { if (soft_gen_crypt_key(newpin, &new_crypt_key, (CK_BYTE **)&crypt_salt) != CKR_OK) { @@ -1612,13 +1613,15 @@ soft_keystore_setpin(uchar_t *oldpin, uchar_t *newpin, boolean_t lock_held) if ((readn_nointr(fd, hashed_pin_salt, hashed_pin_salt_length)) != (ssize_t)hashed_pin_salt_length) { - free(hashed_pin_salt); + freezero(hashed_pin_salt, + hashed_pin_salt_length + 1); goto cleanup3; } if ((writen_nointr(tmp_ks_fd, hashed_pin_salt, hashed_pin_salt_length)) != (ssize_t)hashed_pin_salt_length) { - free(hashed_pin_salt); + freezero(hashed_pin_salt, + hashed_pin_salt_length + 1); goto cleanup3; } @@ -1627,11 +1630,12 @@ soft_keystore_setpin(uchar_t *oldpin, uchar_t *newpin, boolean_t lock_held) /* old hashed pin length and value can be ignored, generate new one */ if (soft_gen_hashed_pin(newpin, &new_hashed_pin, &hashed_pin_salt) < 0) { - free(hashed_pin_salt); + freezero(hashed_pin_salt, + hashed_pin_salt_length + 1); goto cleanup3; } - free(hashed_pin_salt); + freezero(hashed_pin_salt, hashed_pin_salt_length + 1); if (new_hashed_pin == NULL) { goto cleanup3; @@ -1763,12 +1767,8 @@ cleanup: ret_val = 1; } } - if (crypt_salt != NULL) { - free(crypt_salt); - } - if (hmac_salt != NULL) { - free(hmac_salt); - } + freezero(crypt_salt, KS_KEY_SALT_SIZE); + freezero(hmac_salt, KS_HMAC_SALT_SIZE); (void) close(fd); (void) close(tmp_ks_fd); if (ret_val != 0) { @@ -1855,17 +1855,13 @@ cleanup: /* unlock the file */ (void) lock_file(fd, B_TRUE, B_FALSE); (void) close(fd); - if (crypt_salt != NULL) { - free(crypt_salt); - } - if (hmac_salt != NULL) { - free(hmac_salt); - } + freezero(crypt_salt, KS_KEY_SALT_SIZE); + freezero(hmac_salt, KS_HMAC_SALT_SIZE); return (ret_val); } /* - * FUNCTION: soft_keystore_get_objs + * FUNCTION: soft_keystore_get_objs * * ARGUMENTS: * @@ -1980,7 +1976,7 @@ cleanup: tmp = *result_obj_list; while (tmp) { *result_obj_list = tmp->next; - free(tmp->buf); + freezero(tmp->buf, tmp->size); free(tmp); tmp = *result_obj_list; } @@ -2087,7 +2083,7 @@ soft_keystore_get_single_obj(ks_obj_handle_t *ks_handle, hmac_size = OBJ_HMAC_SIZE; if (soft_keystore_hmac(hmac_key, B_FALSE, buf, nread, obj_hmac, &hmac_size) != CKR_OK) { - free(buf); + freezero(buf, nread); rv = CKR_FUNCTION_FAILED; goto cleanup; } @@ -2095,22 +2091,22 @@ soft_keystore_get_single_obj(ks_obj_handle_t *ks_handle, /* decrypt object */ if (soft_keystore_crypt(enc_key, iv, B_FALSE, buf, nread, NULL, &out_len) != CKR_OK) { - free(buf); + freezero(buf, nread); rv = CKR_FUNCTION_FAILED; goto cleanup; } decrypted_buf = malloc(sizeof (uchar_t) * out_len); if (decrypted_buf == NULL) { - free(buf); + freezero(buf, nread); rv = CKR_HOST_MEMORY; goto cleanup; } if (soft_keystore_crypt(enc_key, iv, B_FALSE, buf, nread, decrypted_buf, &out_len) != CKR_OK) { - free(decrypted_buf); - free(buf); + freezero(buf, nread); + freezero(decrypted_buf, out_len); rv = CKR_FUNCTION_FAILED; goto cleanup; } @@ -2126,14 +2122,14 @@ soft_keystore_get_single_obj(ks_obj_handle_t *ks_handle, */ obj->buf = malloc(sizeof (uchar_t) * (out_len - MAXPATHLEN)); if (obj->buf == NULL) { - free(decrypted_buf); - free(buf); + freezero(buf, nread); + freezero(decrypted_buf, out_len); rv = CKR_HOST_MEMORY; goto cleanup; } (void) memcpy(obj->buf, decrypted_buf + MAXPATHLEN, obj->size); - free(decrypted_buf); - free(buf); + freezero(buf, nread); + freezero(decrypted_buf, out_len); *return_obj = obj; } @@ -2155,7 +2151,7 @@ cleanup: /* - * FUNCTION: soft_keystore_put_new_obj + * FUNCTION: soft_keystore_put_new_obj * * ARGUMENTS: * buf: buffer containing un-encrypted data @@ -2336,53 +2332,53 @@ soft_keystore_put_new_obj(uchar_t *buf, size_t len, boolean_t public, if (soft_keystore_crypt(enc_key, iv, B_TRUE, prepared_buf, prepared_len, NULL, &out_len) != CKR_OK) { - free(prepared_buf); + freezero(prepared_buf, prepared_len); goto cleanup2; } encrypted_buf = malloc(out_len * sizeof (char)); if (encrypted_buf == NULL) { - free(prepared_buf); + freezero(prepared_buf, prepared_len); goto cleanup2; } if (soft_keystore_crypt(enc_key, iv, B_TRUE, prepared_buf, prepared_len, encrypted_buf, &out_len) != CKR_OK) { - free(encrypted_buf); - free(prepared_buf); + freezero(encrypted_buf, out_len); + freezero(prepared_buf, prepared_len); goto cleanup2; } - free(prepared_buf); + freezero(prepared_buf, prepared_len); /* calculate HMAC of encrypted object */ hmac_size = OBJ_HMAC_SIZE; if (soft_keystore_hmac(hmac_key, B_TRUE, encrypted_buf, out_len, obj_hmac, &hmac_size) != CKR_OK) { - free(encrypted_buf); + freezero(encrypted_buf, out_len); goto cleanup2; } if (hmac_size != OBJ_HMAC_SIZE) { - free(encrypted_buf); + freezero(encrypted_buf, out_len); goto cleanup2; } /* write hmac */ if (writen_nointr(obj_fd, (void *)obj_hmac, sizeof (obj_hmac)) != sizeof (obj_hmac)) { - free(encrypted_buf); + freezero(encrypted_buf, out_len); goto cleanup2; } /* write encrypted object */ if (writen_nointr(obj_fd, (void *)encrypted_buf, out_len) != out_len) { - free(encrypted_buf); + freezero(encrypted_buf, out_len); goto cleanup2; } - free(encrypted_buf); + freezero(encrypted_buf, out_len); } @@ -2421,6 +2417,8 @@ soft_keystore_put_new_obj(uchar_t *buf, size_t len, boolean_t public, } } (void) close(fd); + explicit_bzero(obj_hmac, sizeof (obj_hmac)); + explicit_bzero(iv, sizeof (iv)); return (0); cleanup2: @@ -2438,6 +2436,8 @@ cleanup: } (void) close(fd); + explicit_bzero(obj_hmac, sizeof (obj_hmac)); + explicit_bzero(iv, sizeof (iv)); return (-1); } @@ -2591,44 +2591,44 @@ soft_keystore_modify_obj(ks_obj_handle_t *ks_handle, uchar_t *buf, encrypted_buf = malloc(out_len * sizeof (char)); if (encrypted_buf == NULL) { - free(prepared_buf); + freezero(prepared_buf, prepared_len); goto cleanup2; } if (soft_keystore_crypt(enc_key, iv, B_TRUE, prepared_buf, prepared_len, encrypted_buf, &out_len) != CKR_OK) { - free(encrypted_buf); - free(prepared_buf); + freezero(prepared_buf, prepared_len); + freezero(encrypted_buf, out_len); goto cleanup2; } - free(prepared_buf); + freezero(prepared_buf, prepared_len); /* calculate hmac on encrypted buf */ hmac_size = OBJ_HMAC_SIZE; if (soft_keystore_hmac(hmac_key, B_TRUE, encrypted_buf, out_len, obj_hmac, &hmac_size) != CKR_OK) { - free(encrypted_buf); + freezero(encrypted_buf, out_len); goto cleanup2; } if (hmac_size != OBJ_HMAC_SIZE) { - free(encrypted_buf); + freezero(encrypted_buf, out_len); goto cleanup2; } if (writen_nointr(tmp_fd, (char *)obj_hmac, OBJ_HMAC_SIZE) != OBJ_HMAC_SIZE) { - free(encrypted_buf); + freezero(encrypted_buf, out_len); goto cleanup2; } if (writen_nointr(tmp_fd, (void *)encrypted_buf, out_len) != out_len) { - free(encrypted_buf); + freezero(encrypted_buf, out_len); goto cleanup2; } - free(encrypted_buf); + freezero(encrypted_buf, out_len); } (void) close(tmp_fd); @@ -2665,6 +2665,8 @@ soft_keystore_modify_obj(ks_obj_handle_t *ks_handle, uchar_t *buf, (void) close(fd); + explicit_bzero(iv, sizeof (iv)); + explicit_bzero(obj_hmac, sizeof (obj_hmac)); return (0); /* All operations completed successfully */ cleanup2: @@ -2679,6 +2681,8 @@ cleanup: (void) lock_file(ks_fd, B_FALSE, B_FALSE); (void) close(ks_fd); (void) remove(tmp_ks_name); + explicit_bzero(iv, sizeof (iv)); + explicit_bzero(obj_hmac, sizeof (obj_hmac)); return (-1); } @@ -2803,7 +2807,7 @@ soft_keystore_get_pin_salt(char **salt) if ((readn_nointr(fd, *salt, hashed_pin_salt_size)) != (ssize_t)hashed_pin_salt_size) { - free(*salt); + freezero(*salt, hashed_pin_salt_size + 1); goto cleanup; } (*salt)[hashed_pin_salt_size] = '\0'; diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softMAC.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softMAC.c index b5930bf89e..ff452fe6f9 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softMAC.c +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softMAC.c @@ -22,10 +22,9 @@ /* * Copyright 2005 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. + * Copyright (c) 2018, Joyent, Inc. */ -#pragma ident "%Z%%M% %I% %E% SMI" - #include <pthread.h> #include <sys/md5.h> #include <sys/sha1.h> @@ -109,7 +108,7 @@ soft_hmac_sign_verify_init_common(soft_session_t *session_p, if ((pMechanism->ulParameterLen != sizeof (CK_MAC_GENERAL_PARAMS)) && (*(CK_MAC_GENERAL_PARAMS *)pMechanism->pParameter > - MD5_HASH_SIZE)) { + MD5_HASH_SIZE)) { free(hmac_ctx); return (CKR_MECHANISM_PARAM_INVALID); } @@ -122,7 +121,7 @@ soft_hmac_sign_verify_init_common(soft_session_t *session_p, if ((pMechanism->ulParameterLen != sizeof (CK_MAC_GENERAL_PARAMS)) && (*(CK_MAC_GENERAL_PARAMS *)pMechanism->pParameter > - SHA1_HASH_SIZE)) { + SHA1_HASH_SIZE)) { free(hmac_ctx); return (CKR_MECHANISM_PARAM_INVALID); } @@ -134,7 +133,7 @@ soft_hmac_sign_verify_init_common(soft_session_t *session_p, if ((pMechanism->ulParameterLen != sizeof (CK_MAC_GENERAL_PARAMS)) && (*(CK_MAC_GENERAL_PARAMS *)pMechanism->pParameter > - SHA256_DIGEST_LENGTH)) { + SHA256_DIGEST_LENGTH)) { free(hmac_ctx); return (CKR_MECHANISM_PARAM_INVALID); } @@ -147,7 +146,7 @@ soft_hmac_sign_verify_init_common(soft_session_t *session_p, if ((pMechanism->ulParameterLen != sizeof (CK_MAC_GENERAL_PARAMS)) && (*(CK_MAC_GENERAL_PARAMS *)pMechanism->pParameter > - SHA512_DIGEST_LENGTH)) { + SHA512_DIGEST_LENGTH)) { free(hmac_ctx); return (CKR_MECHANISM_PARAM_INVALID); } @@ -562,12 +561,10 @@ clean_exit: (void) pthread_mutex_lock(&session_p->session_mutex); if (sign_op) { - bzero(session_p->sign.context, sizeof (soft_hmac_ctx_t)); - free(session_p->sign.context); + freezero(session_p->sign.context, sizeof (soft_hmac_ctx_t)); session_p->sign.context = NULL; } else { - bzero(session_p->verify.context, sizeof (soft_hmac_ctx_t)); - free(session_p->verify.context); + freezero(session_p->verify.context, sizeof (soft_hmac_ctx_t)); session_p->verify.context = NULL; } @@ -582,7 +579,7 @@ clean_exit: */ CK_RV soft_hmac_sign_verify_update(soft_session_t *session_p, CK_BYTE_PTR pPart, - CK_ULONG ulPartLen, boolean_t sign_op) + CK_ULONG ulPartLen, boolean_t sign_op) { soft_hmac_ctx_t *hmac_ctx; diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSSL.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSSL.c index fb28932fd0..f836ddc009 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSSL.c +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSSL.c @@ -21,6 +21,7 @@ /* * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. + * Copyright 2018, Joyent, Inc. */ #include <fcntl.h> @@ -584,7 +585,7 @@ out: * . mech_p: key derivation mechanism. the mechanism parameter carries the * client and mastter random from the Hello handshake messages, * the specification of the key and IV sizes, and the location - * for the resulting keys and IVs. + * for the resulting keys and IVs. * . basekey_p: The master secret key. * . pTemplate & ulAttributeCount: Any extra attributes for the key to be * created. @@ -595,13 +596,13 @@ out: * and server random. * First a keyblock is generated usining the following formula: * key_block = - * MD5(master_secret + SHA(`A' + master_secret + + * MD5(master_secret + SHA(`A' + master_secret + * ServerHello.random + * ClientHello.random)) + - * MD5(master_secret + SHA(`BB' + master_secret + + * MD5(master_secret + SHA(`BB' + master_secret + * ServerHello.random + * ClientHello.random)) + - * MD5(master_secret + SHA(`CCC' + master_secret + + * MD5(master_secret + SHA(`CCC' + master_secret + * ServerHello.random + * ClientHello.random)) + [...]; * @@ -865,12 +866,15 @@ soft_ssl_key_and_mac_derive(soft_session_t *sp, CK_MECHANISM_PTR mech, #ifdef __sparcv9 /* LINTED */ soft_ssl_weaken_key(mech, kb, (uint_t)secret_key_bytes, + random_data->pClientRandom, ClientRandomLen, + random_data->pServerRandom, ServerRandomLen, + export_keys, B_TRUE); #else /* __sparcv9 */ soft_ssl_weaken_key(mech, kb, secret_key_bytes, -#endif /* __sparcv9 */ random_data->pClientRandom, ClientRandomLen, random_data->pServerRandom, ServerRandomLen, export_keys, B_TRUE); +#endif /* __sparcv9 */ new_tmpl[n].pValue = export_keys; new_tmpl[n].ulValueLen = MD5_HASH_SIZE; } else { @@ -896,12 +900,15 @@ soft_ssl_key_and_mac_derive(soft_session_t *sp, CK_MECHANISM_PTR mech, #ifdef __sparcv9 /* LINTED */ soft_ssl_weaken_key(mech, kb, (uint_t)secret_key_bytes, + random_data->pServerRandom, ServerRandomLen, + random_data->pClientRandom, ClientRandomLen, + export_keys + MD5_HASH_SIZE, B_FALSE); #else /* __sparcv9 */ soft_ssl_weaken_key(mech, kb, secret_key_bytes, -#endif /* __sparcv9 */ random_data->pServerRandom, ServerRandomLen, random_data->pClientRandom, ClientRandomLen, export_keys + MD5_HASH_SIZE, B_FALSE); +#endif /* __sparcv9 */ new_tmpl[n].pValue = export_keys + MD5_HASH_SIZE; } else new_tmpl[n].pValue = kb; @@ -925,8 +932,7 @@ soft_ssl_key_and_mac_derive(soft_session_t *sp, CK_MECHANISM_PTR mech, if (new_tmpl_allocated) free(new_tmpl); - if (export_keys != NULL) - free(export_keys); + freezero(export_keys, 2 * MD5_HASH_SIZE); return (rv); @@ -955,8 +961,7 @@ out_err: if (new_tmpl_allocated) free(new_tmpl); - if (export_keys != NULL) - free(export_keys); + freezero(export_keys, 2 * MD5_HASH_SIZE); return (rv); } diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSignUtil.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSignUtil.c index f8824df2dd..ccf746dc40 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSignUtil.c +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSignUtil.c @@ -22,6 +22,7 @@ * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. * Copyright 2014 Nexenta Systems, Inc. All rights reserved. + * Copyright (c) 2018, Joyent, Inc. */ #include <stdlib.h> @@ -562,8 +563,10 @@ soft_sign_verify_cleanup(soft_session_t *session_p, boolean_t sign, case CKM_SHA384_HMAC: case CKM_SHA512_HMAC_GENERAL: case CKM_SHA512_HMAC: - if (active_op->context != NULL) - bzero(active_op->context, sizeof (soft_hmac_ctx_t)); + if (active_op->context != NULL) { + explicit_bzero(active_op->context, + sizeof (soft_hmac_ctx_t)); + } break; case CKM_DES_MAC_GENERAL: case CKM_DES_MAC: @@ -572,8 +575,10 @@ soft_sign_verify_cleanup(soft_session_t *session_p, boolean_t sign, session_p->encrypt.context = NULL; session_p->encrypt.flags = 0; } - if (active_op->context != NULL) - bzero(active_op->context, sizeof (soft_des_ctx_t)); + if (active_op->context != NULL) { + explicit_bzero(active_op->context, + sizeof (soft_des_ctx_t)); + } break; case CKM_AES_CMAC_GENERAL: @@ -583,8 +588,10 @@ soft_sign_verify_cleanup(soft_session_t *session_p, boolean_t sign, session_p->encrypt.context = NULL; session_p->encrypt.flags = 0; } - if (active_op->context != NULL) - bzero(active_op->context, sizeof (soft_aes_ctx_t)); + if (active_op->context != NULL) { + explicit_bzero(active_op->context, + sizeof (soft_aes_ctx_t)); + } break; } diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSlotToken.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSlotToken.c index 602b72486e..c8c3753f63 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSlotToken.c +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softSlotToken.c @@ -21,6 +21,7 @@ /* * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright 2018, Joyent, Inc. */ #include <strings.h> @@ -337,8 +338,11 @@ C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo) pInfo->flags |= CKF_USER_PIN_TO_BE_CHANGED; } - if (ks_cryptpin) - free(ks_cryptpin); + if (ks_cryptpin != NULL) { + size_t cplen = strlen(ks_cryptpin) + 1; + + freezero(ks_cryptpin, cplen); + } /* Provide information about a token in the provided buffer */ (void) strncpy((char *)pInfo->label, SOFT_TOKEN_LABEL, 32); |