From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by dpdk.space (Postfix) with ESMTP id 03963A045E for ; Fri, 31 May 2019 09:00:07 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id C45D5375B; Fri, 31 May 2019 09:00:06 +0200 (CEST) Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by dpdk.org (Postfix) with ESMTP id 897522C55 for ; Fri, 31 May 2019 09:00:05 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 31 May 2019 00:00:04 -0700 X-ExtLoop1: 1 Received: from akusztax-mobl.ger.corp.intel.com ([10.104.14.178]) by orsmga001.jf.intel.com with ESMTP; 31 May 2019 00:00:02 -0700 From: Arek Kusztal To: dev@dpdk.org Cc: akhil.goyal@nxp.com, fiona.trahe@intel.com, declan.doherty@intel.com, Arek Kusztal Date: Fri, 31 May 2019 08:59:27 +0200 Message-Id: <20190531065928.3420-1-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.19.1.windows.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-dev] [PATCH] crypto/openssl: fix inproper freeing of asymmetric crypto keys in rsa X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" In case big number need to be freed, data it contains should be cleared before especially if it is critical data like private keys. Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations") Signed-off-by: Arek Kusztal --- config/common_base | 4 ++-- drivers/crypto/openssl/rte_openssl_pmd_ops.c | 16 ++++++++-------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/config/common_base b/config/common_base index 6b96e0e..a3d8e17 100644 --- a/config/common_base +++ b/config/common_base @@ -573,7 +573,7 @@ CONFIG_RTE_LIBRTE_PMD_OCTEONTX_CRYPTO=y # CONFIG_RTE_LIBRTE_PMD_QAT=y CONFIG_RTE_LIBRTE_PMD_QAT_SYM=n -CONFIG_RTE_LIBRTE_PMD_QAT_ASYM=n +CONFIG_RTE_LIBRTE_PMD_QAT_ASYM=y # # Max. number of QuickAssist devices, which can be detected and attached # @@ -597,7 +597,7 @@ CONFIG_RTE_LIBRTE_PMD_AESNI_MB=n # # Compile PMD for Software backed device # -CONFIG_RTE_LIBRTE_PMD_OPENSSL=n +CONFIG_RTE_LIBRTE_PMD_OPENSSL=y # # Compile PMD for AESNI GCM device diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c index 40217cf..a307c91 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c @@ -912,14 +912,14 @@ static int openssl_set_asym_session_parameters( asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_RSA; break; err_rsa: - BN_free(n); - BN_free(e); - BN_free(d); - BN_free(p); - BN_free(q); - BN_free(dmp1); - BN_free(dmq1); - BN_free(iqmp); + BN_clear_free(n); + BN_clear_free(e); + BN_clear_free(d); + BN_clear_free(p); + BN_clear_free(q); + BN_clear_free(dmp1); + BN_clear_free(dmq1); + BN_clear_free(iqmp); return -1; } -- 2.1.0