From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id DEE0C43279; Fri, 3 Nov 2023 11:18:22 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id CC5D240A7A; Fri, 3 Nov 2023 11:18:22 +0100 (CET) Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.10]) by mails.dpdk.org (Postfix) with ESMTP id 76F03402CB for ; Fri, 3 Nov 2023 11:18:21 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1699006702; x=1730542702; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=SlU2iaiz4ySn799K0cnQz3vCGWuMNe9xlxPS/EDIz6s=; b=nbcKYo+7aR1nENAvHmtFiycbDqVl1baSPEEhCIn/obw9afEf0Wia86op McS1aGa3cm7ufXNpAWbaLLqxvdzGGw39U2pSPuHWx/IrFGNS1r/C6Bpzg AyoRyRIzRKsjrQg5rIp6Zx06vnXfR4ORgL9GoDD7sPRPmwrJMZxJvjEMZ Z0lKcJYFrhQvL/QyIcV1ye5hYXEregM5bFbjRbHdUyhMfbBoYxB7JzAMj H0BwPRp2q0D52Prol9cP5E+O4HDdU2zstU9yIhw8kT6LLFvoT6pmTZ552 5M7BLNV/cya4pujzBKsi8YQ5THbdsJUtre0kkj/pHnxSFB7qMTWcG1MPF Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10882"; a="1854879" X-IronPort-AV: E=Sophos;i="6.03,273,1694761200"; d="scan'208";a="1854879" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orvoesa102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Nov 2023 03:18:21 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10882"; a="852231730" X-IronPort-AV: E=Sophos;i="6.03,273,1694761200"; d="scan'208";a="852231730" Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81]) by FMSMGA003.fm.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 03 Nov 2023 03:18:19 -0700 Received: from fmsmsx603.amr.corp.intel.com (10.18.126.83) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Fri, 3 Nov 2023 03:18:19 -0700 Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34 via Frontend Transport; Fri, 3 Nov 2023 03:18:19 -0700 Received: from NAM02-BN1-obe.outbound.protection.outlook.com (104.47.51.40) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.34; Fri, 3 Nov 2023 03:18:18 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XCyseIdRI6NyxQ6Y+OJMTCu+71J4WoHP1MgVivh4nTdizVnj9YeF2LQGuhIFvYoxTW7IVOcOcr4bbaxTu/fyTigBeMfBVLwpKWa84VWhoIY7qfsoQC/esG/FwGznd/8ZbQgRYFopx3wMWYppAsVEl5sz+y/OFfz+kRz/08J/Dvdkw5gzbvzRHrTeL+FLqFBzQ9Puf2ewoPcZjUwkcYB1KTcPfZqbN6tOtVMuCpnpkQam2RVDa861UfjXFseb60QSJcaovepcwOpROj0pprEYvjkh0GH7yMcMyt6RKC5pNp/pPT2nhcD7tjE6IVfRH06e85aLnn0ElhJjb9T91OwOWA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=lxup6TkGV3AcxV+rx1XbjjwVTgfA8OpSu6H1ToZnhFw=; b=Ka6ea6PTpTNmFITLAEuynXRYUc+B6oT6ciKuX704EFc3OREkCrobb6XxfJFeuxqTNe+CAiaZw1bxMAtMLClinXBz7Qtwe7XyayczJvnBlXFDZDBOW7TG1w2u5XuR4uTrt0h9QtGgvSB/dP7vHx55wN6orPrfHRsaHq3ZhVMxz1PBV6bwIp+XiL+vo3oyWOofr449oAp935K9jJDCxwFCRanEOUeT5OJ5Bu6BmblJjzpjaoIMxh2Jkwf1kpOdAzmLEL62dNbPg0IxxfyID3oi8XkPyDRIZhMljyFABEmw7inCLs79Mayh+gnp8lp4ynKLaYGWAxg8UIJMJfRCFC5PCA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from SN7PR11MB7639.namprd11.prod.outlook.com (2603:10b6:806:32a::14) by SN7PR11MB6557.namprd11.prod.outlook.com (2603:10b6:806:26f::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6954.21; Fri, 3 Nov 2023 10:18:11 +0000 Received: from SN7PR11MB7639.namprd11.prod.outlook.com ([fe80::809d:52ab:dc3b:8a10]) by SN7PR11MB7639.namprd11.prod.outlook.com ([fe80::809d:52ab:dc3b:8a10%6]) with mapi id 15.20.6954.021; Fri, 3 Nov 2023 10:18:11 +0000 From: "Power, Ciara" To: Gowrishankar Muthukrishnan , "dev@dpdk.org" CC: "anoobj@marvell.com" , Akhil Goyal , "Ji, Kai" Subject: RE: [PATCH v2] crypto/openssl: fix memory leaks in asym ops Thread-Topic: [PATCH v2] crypto/openssl: fix memory leaks in asym ops Thread-Index: AQHaDd3Hs0lNfRylrkOWRZO52yg3JbBoYlpA Date: Fri, 3 Nov 2023 10:18:11 +0000 Message-ID: References: <20230919130412.284-1-gmuthukrishn@marvell.com> <83522013646bcd96b2420b3f69b74255981b3a20.1698913776.git.gmuthukrishn@marvell.com> In-Reply-To: <83522013646bcd96b2420b3f69b74255981b3a20.1698913776.git.gmuthukrishn@marvell.com> Accept-Language: en-IE, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: SN7PR11MB7639:EE_|SN7PR11MB6557:EE_ x-ms-office365-filtering-correlation-id: a5420068-d2f6-41a4-1494-08dbdc562ea7 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: GHAlfvl+Hcru1BijB8gAa39LnXeFVvWjlJClJbldX72Azab5SDdqUEO+M3P4XCs5d8OwTjr4pzP1u0qSz088MoLWuMo7Fqs26ONvfNINH6PCNMBzGM6j0AHglCW/D+d2DkQNM57ab3NaQ8kVuU39O3E2Jj0o/1inJj2PNviVWXc2N4sT+xweE1kPYwkRcY3hF99o1HB+9wdghEYaYOGqLRjMgKc2mEUNMeOvaXH7REMc3lKl7mD0tvdCome8o5BGh+ggOObYENQz/lWrW9vLn+ZsoqvKHHcHtkMPcQMCapjccp36gk8tR4lG3APvKHtNYjAiJY+V77jQl72eprBeCLQ+8MpWz19vbHNUc6fYMSfh5Sv70wbsyFy7n66jgHPKKl6xD7YT88+BLu7hMVv09QhWlJJUh6oUEuKcXfILQ5KVTMM8VGUHMhnf1haeGO/VihIfRrK57TwVf0Ud7VNd8azYkKnDOuxWCvRsxIseTxV6Vy2tDpjh1LLRpW6x8rtG3Ay5lHzY2WI8IFhMKN7/cdsXAs73S5fM2uzc85w6MvqoVfaxDUN3h5PjXfcK/G/juB+3xVAuuR8DaiVC8OoTrd2u9HGqDzV07UsdHIqFeXP42d6YnxHeKIEHO5Cq0M2y x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SN7PR11MB7639.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(366004)(396003)(39860400002)(136003)(376002)(346002)(230922051799003)(186009)(451199024)(1800799009)(64100799003)(64756008)(26005)(107886003)(38100700002)(54906003)(110136005)(66476007)(316002)(66556008)(66946007)(76116006)(5660300002)(66446008)(8676002)(4326008)(52536014)(8936002)(2906002)(41300700001)(71200400001)(9686003)(478600001)(53546011)(6506007)(7696005)(33656002)(122000001)(82960400001)(86362001)(38070700009)(83380400001)(55016003); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?UoLUFMY4A8ztvG2nIAfEErWKmlyD/bNzzeYZnECLCqyprEUYtO7mzcBze7cB?= =?us-ascii?Q?jf9gOvCvPm2doHWok87jBQ31YwROjTq3YqRGwvTR6pcJ433UzdpIEFBUU4MM?= =?us-ascii?Q?AqxHTKyxZz5LeMJ+Z3nX3xa9O187eScKa2kRpmLknWC2nFOsAJS+exLhaZdK?= =?us-ascii?Q?BXW42Z9MfjfNlq5zhWDT11ayOw51Q2Q02D9Gc4jBiI6i/Ju2N4xhxaSNMe2d?= =?us-ascii?Q?IMgrDDvcCbOKaj7LUxdL0th9zdg2I33Qb4GxR0oxYP7X8JXCrK6enAmiQPDv?= =?us-ascii?Q?lgF1PB+PloqaCJVfDd4QZztzvZbvKTU3mwRgrWF/kWpqZ8rSqZEpDOvUZNzJ?= =?us-ascii?Q?Q2qlZeGSP3RlV9o02C5HE4yd39/vsTy2Tj+/VqRloYlVuxCEMiyF5TpESsXH?= =?us-ascii?Q?VpCBpDR5qJ3wAuNg8qpBKGVPFzJ9eVHGWkdVdPp4kZjnOintZAwYPZQhW+WZ?= =?us-ascii?Q?oKWwky+uQFP+kH6Iy30p16fx0FM8RhjNqbbeLgu9/4diV4osRNSU1alML2WF?= =?us-ascii?Q?Arj8Clww0+dTozHG1/MCqXi+L+EqX1+BtY/06IN9apMk48rFewORZ6RdhkK2?= =?us-ascii?Q?7e28kLQiNZBGSJqvEQ7nyHHc9XmxyKzTUnqca7D3gwD6bxkruUKkK9k31cT2?= =?us-ascii?Q?4MT09hh8voDQYkgdMAlrjpJ2ThkobNtii02/frHq/1eYUcKo214oHHAKNBZi?= =?us-ascii?Q?SpNCm4GV9MqjwG/yJh5Dwl6zgFtAixWnDryMABiF72dddnb8S861y3lIRwwg?= =?us-ascii?Q?CE00f2MmjkBBas3rvZu5ZvNWmc4kc8eOeyrQHSdEO583noBm3DXvF7GpJPZ6?= =?us-ascii?Q?3kh3uBwf5kflpvPXduaujqd2bT81VweIi2xpETa8/hEnTf4j6TjtpgLr/avr?= =?us-ascii?Q?RHP35Q699TMeWvmAPIC6HKGluR2+43XnCWN6FKasi33YgrmTJdtb5vDPElgv?= =?us-ascii?Q?sUaCPH8lOFwbOLH9qhY4uBfiyGVFCD5Ysoo784K/cNFy35WEnVx3DIOaad83?= =?us-ascii?Q?OqgmwLHVqb1oprpg6eTa5OSNEOzNzt+8g1w4SNoxMiKPLk/DGqarpfX5MPrW?= =?us-ascii?Q?SFacipar0ZzOe0z41pejW3xRuesWRr/KXrGJ47BLBDFqjHmhqiAc3Rn0XwIm?= =?us-ascii?Q?nrdT+LBLsBah2IeN7gDyRibVLTeD25VwojygXongu7cyrs9PJXmhd8G8aKWN?= =?us-ascii?Q?k5zdT47rzMI99YbTkKIJMCYNaj+pMPQ/Y6mMIMuLOyj9GpUVLEOL9Pbk4iPf?= =?us-ascii?Q?ZMDR7nEYRHT/YUTK+1mNdPbYNvzNhhFI5fYE5WZUwoa1sm1ayMYX8zOU8/9W?= =?us-ascii?Q?0cqZ8Ol01ewI6wilcBC8WbSFbAKYjQ/E1n+dByTZIO4dfHmwPWgaNSdwk2eD?= =?us-ascii?Q?zkOCFXG0hWRW55uLvY6Uo8sfKuFHoev8mbM/WAcGQU0sds7g4H1m1fGNp390?= =?us-ascii?Q?vQckc04QIv5jKXe7HrNWK34A84Ihy55OuiqbUsPMnsWKKZ9WmmiPPtNsN7kv?= =?us-ascii?Q?RIitNTtq9sMLXHiDKhH3XuEE5Y/VacJr/gIgLlsZw6nJBTG+Osr/omTI1zvp?= =?us-ascii?Q?/b4y6rsxpQ5HxYSBYI9DXgx1twBkzrYJX1BygOKc?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SN7PR11MB7639.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: a5420068-d2f6-41a4-1494-08dbdc562ea7 X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Nov 2023 10:18:11.0781 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: q0OPay8njojX2jS2ji8IYJqb8HLo0m0+lmPo1it7FjmFmiUj2qARIUI0994pzM3m73VwChWRqarofGTbIyZf6A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR11MB6557 X-OriginatorOrg: intel.com X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Hi Gowrishankar, > -----Original Message----- > From: Gowrishankar Muthukrishnan > Sent: Thursday, November 2, 2023 10:04 AM > To: dev@dpdk.org > Cc: anoobj@marvell.com; Akhil Goyal ; Ji, Kai > ; Power, Ciara ; Gowrishankar > Muthukrishnan > Subject: [PATCH v2] crypto/openssl: fix memory leaks in asym ops >=20 > Fix memory leaks in Asymmetric ops, as reported by valgrind. >=20 > Signed-off-by: Gowrishankar Muthukrishnan > --- > v2: > - added more fixes. > --- > drivers/crypto/openssl/rte_openssl_pmd.c | 38 ++++++++++++++------ > drivers/crypto/openssl/rte_openssl_pmd_ops.c | 15 ++++++-- > 2 files changed, 39 insertions(+), 14 deletions(-) >=20 > case RTE_CRYPTO_ASYM_OP_VERIFY: > { > - unsigned char signbuf[128] =3D {0}; > BIGNUM *r =3D NULL, *s =3D NULL; > - EVP_MD_CTX *md_ctx =3D NULL; > - ECDSA_SIG *ec_sign; > - EVP_MD *check_md; > + unsigned char *signbuf; > size_t signlen; >=20 > kctx =3D EVP_PKEY_CTX_new_from_name(NULL, "SM2", > NULL); @@ -2857,13 +2862,18 @@ process_openssl_sm2_op_evp(struct > rte_crypto_op *cop, > r =3D NULL; > s =3D NULL; >=20 > - signlen =3D i2d_ECDSA_SIG(ec_sign, (unsigned char > **)&signbuf); > - if (signlen <=3D 0) > + signlen =3D i2d_ECDSA_SIG(ec_sign, 0); > + signbuf =3D rte_malloc(NULL, signlen, 0); > + signlen =3D i2d_ECDSA_SIG(ec_sign, &signbuf); > + if (signlen <=3D 0) { > + rte_free(signbuf); > goto err_sm2; > + } >=20 > if (!EVP_DigestVerifyFinal(md_ctx, signbuf, signlen)) > goto err_sm2; >=20 > + rte_free(signbuf); I am seeing some issues with this line: =3D=3D1788670=3D=3DERROR: AddressSanitizer: heap-buffer-overflow on address= 0x7f78bfe4d337 at pc 0x55bd318866c2 bp 0x7ffc91e02420 sp 0x7ffc91e02410 READ of size 1 at 0x7f78bfe4d337 thread T0 #0 0x55bd318866c1 in malloc_elem_from_data ../lib/eal/common/malloc_ele= m.h:315 #1 0x55bd31886bc7 in mem_free ../lib/eal/common/rte_malloc.c:37 #2 0x55bd31886c6c in rte_free ../lib/eal/common/rte_malloc.c:44 #3 0x55bd37795665 in process_openssl_sm2_op_evp ../drivers/crypto/opens= sl/rte_openssl_pmd.c:2890 #4 0x55bd37795c7b in process_asym_op ../drivers/crypto/openssl/rte_open= ssl_pmd.c:3088 #5 0x55bd377ac886 in openssl_pmd_enqueue_burst ../drivers/crypto/openss= l/rte_openssl_pmd.c:3213 #6 0x55bd3011788a in rte_cryptodev_enqueue_burst ../lib/cryptodev/rte_c= ryptodev.h:2038 #7 0x55bd30125331 in test_sm2_sign ../app/test/test_cryptodev_asym.c:19= 76 Address 0x7f78bfe4d337 is a wild pointer. SUMMARY: AddressSanitizer: heap-buffer-overflow ../lib/eal/common/malloc_el= em.h:315 in malloc_elem_from_data > BN_free(r); > BN_free(s); > ECDSA_SIG_free(ec_sign); > @@ -2880,6 +2890,12 @@ process_openssl_sm2_op_evp(struct > rte_crypto_op *cop, > ret =3D 0; > cop->status =3D RTE_CRYPTO_OP_STATUS_SUCCESS; > err_sm2: > + if (check_md) > + EVP_MD_free(check_md); > + > + if (md_ctx) > + EVP_MD_CTX_free(md_ctx); > + > if (kctx) > EVP_PKEY_CTX_free(kctx); >=20 > diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c > b/drivers/crypto/openssl/rte_openssl_pmd_ops.c > index 2862c294a9..98450f36cf 100644 > --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c > +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c > @@ -958,9 +958,11 @@ static int openssl_set_asym_session_parameters( > rsa_ctx =3D EVP_PKEY_CTX_new(pkey, NULL); > asym_session->xfrm_type =3D > RTE_CRYPTO_ASYM_XFORM_RSA; > asym_session->u.r.ctx =3D rsa_ctx; > + EVP_PKEY_free(pkey); > EVP_PKEY_CTX_free(key_ctx); > + OSSL_PARAM_BLD_free(param_bld); > OSSL_PARAM_free(params); > - break; > + ret =3D 0; > #else > RSA *rsa =3D RSA_new(); > if (rsa =3D=3D NULL) > @@ -1030,7 +1032,7 @@ static int openssl_set_asym_session_parameters( > } > asym_session->u.r.rsa =3D rsa; > asym_session->xfrm_type =3D > RTE_CRYPTO_ASYM_XFORM_RSA; > - break; > + ret =3D 0; > #endif > err_rsa: > BN_clear_free(n); > @@ -1042,7 +1044,7 @@ static int openssl_set_asym_session_parameters( > BN_clear_free(dmq1); > BN_clear_free(iqmp); >=20 > - return -1; > + return ret; > } > case RTE_CRYPTO_ASYM_XFORM_MODEX: > { > @@ -1228,6 +1230,7 @@ static int openssl_set_asym_session_parameters( > } > asym_session->xfrm_type =3D > RTE_CRYPTO_ASYM_XFORM_DSA; > asym_session->u.s.param_bld =3D param_bld; > + BN_free(pub_key); This pub_key doesn't seem to be used in this " case RTE_CRYPTO_ASYM_XFORM_D= SA:" Could we just remove it completely? In addition to the fixes here, I have more ASAN fixes that showed up for me= . Will send that patch, and all issues should then be fixed between our two p= atches. Thanks, Ciara