Securely dispose of pin copy
This commit is contained in:
@@ -13,6 +13,7 @@ static CK_RV COMMON_token_login(ykpiv_state *state, CK_USER_TYPE user, CK_UTF8CH
|
|||||||
unsigned char key[24];
|
unsigned char key[24];
|
||||||
size_t key_len = sizeof(key);
|
size_t key_len = sizeof(key);
|
||||||
unsigned char *term_pin;
|
unsigned char *term_pin;
|
||||||
|
ykpiv_rc res;
|
||||||
|
|
||||||
if (user == CKU_USER) {
|
if (user == CKU_USER) {
|
||||||
// add null termination for the pin
|
// add null termination for the pin
|
||||||
@@ -23,12 +24,15 @@ static CK_RV COMMON_token_login(ykpiv_state *state, CK_USER_TYPE user, CK_UTF8CH
|
|||||||
memcpy(term_pin, pin, pin_len);
|
memcpy(term_pin, pin, pin_len);
|
||||||
term_pin[pin_len] = 0;
|
term_pin[pin_len] = 0;
|
||||||
|
|
||||||
if (ykpiv_verify(state, (char *)term_pin, &tries) != YKPIV_OK) {
|
res = ykpiv_verify(state, (char *)term_pin, &tries);
|
||||||
|
|
||||||
|
OPENSSL_cleanse(term_pin, pin_len);
|
||||||
free(term_pin);
|
free(term_pin);
|
||||||
|
|
||||||
|
if (res != YKPIV_OK) {
|
||||||
DBG("Failed to login");
|
DBG("Failed to login");
|
||||||
return CKR_PIN_INCORRECT;
|
return CKR_PIN_INCORRECT;
|
||||||
}
|
}
|
||||||
free(term_pin);
|
|
||||||
}
|
}
|
||||||
else if (user == CKU_SO) {
|
else if (user == CKU_SO) {
|
||||||
if(ykpiv_hex_decode((char *)pin, pin_len, key, &key_len) != YKPIV_OK) {
|
if(ykpiv_hex_decode((char *)pin, pin_len, key, &key_len) != YKPIV_OK) {
|
||||||
|
|||||||
Reference in New Issue
Block a user