[pkg-opensc-commit] [engine-pkcs11] 123/152: Free PIN storage where needed

[Eric Dorland]

This is an automated email from the git hooks/post-receive script.

eric pushed a commit to branch master
in repository engine-pkcs11.

commit 2f1a9a80d63005352439f37460382316a3f30321
Author: Petr Písař <petr.pisar at atlas.cz>
Date:   Sun Aug 18 15:13:21 2013 +0200

    Free PIN storage where needed
---
 src/engine_pkcs11.c | 30 ++++++++++++++++++++----------
 1 file changed, 20 insertions(+), 10 deletions(-)

diff --git a/src/engine_pkcs11.c b/src/engine_pkcs11.c
index 78063c3..624beac 100644
--- a/src/engine_pkcs11.c
+++ b/src/engine_pkcs11.c
@@ -68,6 +68,17 @@ int set_module(const char *modulename)
 	return 1;
 }
 
+/* Free PIN storage in secure way. */
+static void zero_pin(void)
+{
+	if (pin != NULL) {
+		OPENSSL_cleanse(pin, pin_length);
+		free(pin);
+		pin = NULL;
+		pin_length = 0;
+	}
+}
+
 /**
  * Set the PIN used for login. A copy of the PIN shall be made.
  *
@@ -91,6 +102,7 @@ int set_pin(const char *_pin)
 
 	/* Copy the PIN. If the string cannot be copied, NULL
 	   shall be returned and errno shall be set. */
+	zero_pin();
 	pin = strdup(_pin);
 	if (pin != NULL)
 		pin_length = strlen(pin);
@@ -117,6 +129,7 @@ static int get_pin(UI_METHOD * ui_method, void *callback_data)
 
 	/* pin in the call back data, copy and use */
 	if (mycb != NULL && mycb->password) {
+		zero_pin();
 		pin = (char *)calloc(MAX_PIN_LENGTH, sizeof(char));
 		if (!pin)
 			return 0;
@@ -132,6 +145,11 @@ static int get_pin(UI_METHOD * ui_method, void *callback_data)
 	if (callback_data != NULL)
 		UI_set_app_data(ui, callback_data);
 
+	zero_pin();
+	pin = (char *)calloc(MAX_PIN_LENGTH, sizeof(char));
+	if (!pin)
+		return 0;
+	pin_length = MAX_PIN_LENGTH;
 	if (!UI_add_input_string
 	    (ui, "PKCS#11 token PIN: ", 0, pin, 1, MAX_PIN_LENGTH)) {
 		fprintf(stderr, "UI_add_input_string failed\n");
@@ -153,16 +171,6 @@ int set_init_args(const char *init_args_orig)
 	return 1;
 }
 
-static void zero_pin(void)
-{
-	if (pin != NULL) {
-		OPENSSL_cleanse(pin, pin_length);
-		free(pin);
-		pin = NULL;
-		pin_length = 0;
-	}
-}
-
 int pkcs11_finish(ENGINE * engine)
 {
 	if (ctx) {
@@ -538,6 +546,7 @@ static X509 *pkcs11_load_cert(ENGINE * e, const char *s_slot_cert_id)
 					     cert_id, &cert_id_len,
 					     tmp_pin, &tmp_pin_len, &cert_label);
 			if (n && tmp_pin_len > 0 && tmp_pin[0] != 0) {
+				zero_pin();
 				pin = calloc(MAX_PIN_LENGTH, sizeof(char));
 				if (pin != NULL) {
 					memcpy(pin, tmp_pin, tmp_pin_len);
@@ -807,6 +816,7 @@ static EVP_PKEY *pkcs11_load_key(ENGINE * e, const char *s_slot_key_id,
 					     tmp_pin, &tmp_pin_len, &key_label);
 
 			if (n && tmp_pin_len > 0 && tmp_pin[0] != 0) {
+				zero_pin();
 				pin = calloc(MAX_PIN_LENGTH, sizeof(char));
 				if (pin != NULL) {
 					memcpy(pin, tmp_pin, tmp_pin_len);

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/engine-pkcs11.git