From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by dpdk.space (Postfix) with ESMTP id B35ADA00E6 for ; Tue, 16 Apr 2019 16:37:41 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id A46961B4D3; Tue, 16 Apr 2019 16:37:41 +0200 (CEST) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by dpdk.org (Postfix) with ESMTP id C4E521B4D3 for ; Tue, 16 Apr 2019 16:37:39 +0200 (CEST) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4AB893003EEA; Tue, 16 Apr 2019 14:37:38 +0000 (UTC) Received: from rh.redhat.com (ovpn-117-214.ams2.redhat.com [10.36.117.214]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9AB061001E92; Tue, 16 Apr 2019 14:37:36 +0000 (UTC) From: Kevin Traynor To: Arek Kusztal Cc: Fiona Trahe , Shally Verma , Akhil Goyal , dpdk stable Date: Tue, 16 Apr 2019 15:36:21 +0100 Message-Id: <20190416143719.21601-3-ktraynor@redhat.com> In-Reply-To: <20190416143719.21601-1-ktraynor@redhat.com> References: <20190416143719.21601-1-ktraynor@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.46]); Tue, 16 Apr 2019 14:37:39 +0000 (UTC) Subject: [dpdk-stable] patch 'crypto/openssl: fix big numbers after computations' has been queued to LTS release 18.11.2 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" Hi, FYI, your patch has been queued to LTS release 18.11.2 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 04/24/19. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Thanks. Kevin Traynor --- >From 0af95c7eef36b836fde38499e48436284abb2552 Mon Sep 17 00:00:00 2001 From: Arek Kusztal Date: Thu, 7 Feb 2019 11:54:39 +0100 Subject: [PATCH] crypto/openssl: fix big numbers after computations [ upstream commit 990b180290203c32b8df9e1179f989270354cd13 ] After performing mod exp and mod inv big numbers (BIGNUM) should be cleared as data already is copied into op fields and this BNs would very likely contain private information for unspecified amount of time (duration of the session). Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations") Signed-off-by: Arek Kusztal Acked-by: Fiona Trahe Acked-by: Shally Verma Acked-by: Akhil Goyal --- drivers/crypto/openssl/rte_openssl_pmd.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index 11ea0d190..ece512563 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -1800,4 +1800,7 @@ process_openssl_modinv_op(struct rte_crypto_op *cop, } + BN_clear(res); + BN_clear(base); + return 0; } @@ -1832,4 +1835,7 @@ process_openssl_modexp_op(struct rte_crypto_op *cop, } + BN_clear(res); + BN_clear(base); + return 0; } -- 2.20.1 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2019-04-16 15:34:25.354611866 +0100 +++ 0003-crypto-openssl-fix-big-numbers-after-computations.patch 2019-04-16 15:34:25.105181614 +0100 @@ -1,15 +1,16 @@ -From 990b180290203c32b8df9e1179f989270354cd13 Mon Sep 17 00:00:00 2001 +From 0af95c7eef36b836fde38499e48436284abb2552 Mon Sep 17 00:00:00 2001 From: Arek Kusztal Date: Thu, 7 Feb 2019 11:54:39 +0100 Subject: [PATCH] crypto/openssl: fix big numbers after computations +[ upstream commit 990b180290203c32b8df9e1179f989270354cd13 ] + After performing mod exp and mod inv big numbers (BIGNUM) should be cleared as data already is copied into op fields and this BNs would very likely contain private information for unspecified amount of time (duration of the session). Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations") -Cc: stable@dpdk.org Signed-off-by: Arek Kusztal Acked-by: Fiona Trahe @@ -20,10 +21,10 @@ 1 file changed, 6 insertions(+) diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c -index ea5aac69e..4ecc3c414 100644 +index 11ea0d190..ece512563 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c -@@ -1796,4 +1796,7 @@ process_openssl_modinv_op(struct rte_crypto_op *cop, +@@ -1800,4 +1800,7 @@ process_openssl_modinv_op(struct rte_crypto_op *cop, } + BN_clear(res); @@ -31,7 +32,7 @@ + return 0; } -@@ -1826,4 +1829,7 @@ process_openssl_modexp_op(struct rte_crypto_op *cop, +@@ -1832,4 +1835,7 @@ process_openssl_modexp_op(struct rte_crypto_op *cop, } + BN_clear(res);