From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 44BC24297D
	for <public@inbox.dpdk.org>; Tue, 18 Apr 2023 16:26:52 +0200 (CEST)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 3FC0842BC9;
	Tue, 18 Apr 2023 16:26:52 +0200 (CEST)
Received: from mail-wm1-f50.google.com (mail-wm1-f50.google.com
 [209.85.128.50]) by mails.dpdk.org (Postfix) with ESMTP id 8849042BC9
 for <stable@dpdk.org>; Tue, 18 Apr 2023 16:26:50 +0200 (CEST)
Received: by mail-wm1-f50.google.com with SMTP id
 iw7-20020a05600c54c700b003f16fce55b5so4071970wmb.0
 for <stable@dpdk.org>; Tue, 18 Apr 2023 07:26:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=6wind.com; s=google; t=1681828010; x=1684420010;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:from:to:cc:subject:date:message-id:reply-to;
 bh=4dfLmsPm2ktn5e7XN7vJsDrgDeyuHWn9n2hrzM9RxqY=;
 b=HyHAMmSVfyYsaydUIxKR0a0AiSEfo7Uqj7ubJlg9Of7yoN7mus/Ho55BUwQWidSu2i
 nW8bJ/vf+cvn6KtrZBjPSlSAvRUW1V4tBtWFI5XPfK8Sm6jZZoXqWbtR5Ewxw5Y2k66V
 TMwAKdEC5lo/2z9D5S9BhRxL0zHjNiXMxyft4ubRaQOKfYczKMHa/wc2Nb6875X6lerY
 T0JVBwIh57niFctH0og83tmY5QcvJQRpQzln6AT525UV3L7vjpvCe3Pf9W9tlWUIjTLM
 h8g+2rRVIA0rB/nMB+ZPKltDC3W+/MXs7XLqbbd59PuKBQOITdYnRln1e2zU7vXioaxP
 5UjQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20221208; t=1681828010; x=1684420010;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
 :reply-to;
 bh=4dfLmsPm2ktn5e7XN7vJsDrgDeyuHWn9n2hrzM9RxqY=;
 b=R7If1r7IBYxQKRr8eRqvJP5xinWLK2xJDeJ6kTqb/ros4IwR7oXZvytkuiF3xw2MZd
 4iY2H4MxBvNz/QVbXwBs62Ntnqvp4pJTRHaXDffcYZZ8P6QAuQtG9U3EJorFLqyxhlF6
 4u8Lv/BkMtSCqNp04WWfKzW6EVmtkboKAVITmgAXt7O1L675JBHu8UpA7qHp0QHd6/vE
 tYb2mrJAWRVbZpJ+HbA892SmdhSLS+Cw6Ha/lPlT5ip8myCpX3PmNNbsNFBE4AKDkITq
 X06OrLhsqqT3K57rBDTdbft7ALcQ0S0M4PB42jXu7q0pxvnfY4lDIGkJQEcDRwEDBXss
 0bTA==
X-Gm-Message-State: AAQBX9d0zc5xSAQFl/dHMmUT3/l1LIgo6KZw0O8vn3WIML59gFIXE4GH
 OLpfkJDhA9p9RNdiSmWq5NtMRg==
X-Google-Smtp-Source: AKy350aYD2SFQh35MjL5Q2Z9zdUwgJ+t588sKOMUfLjFmU7yLGPu+yJdFIj8W6RptqY+nVTSDD9ytQ==
X-Received: by 2002:a7b:cc88:0:b0:3ee:5c8:c3d8 with SMTP id
 p8-20020a7bcc88000000b003ee05c8c3d8mr14147819wma.34.1681828010201; 
 Tue, 18 Apr 2023 07:26:50 -0700 (PDT)
Received: from arion.dev.6wind.com ([185.13.181.2])
 by smtp.gmail.com with ESMTPSA id
 f16-20020a05600c4e9000b003f0a6a1f969sm15556702wmq.46.2023.04.18.07.26.49
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 18 Apr 2023 07:26:49 -0700 (PDT)
From: Didier Pallard <didier.pallard@6wind.com>
To: dev@dpdk.org
Cc: stable@dpdk.org, Kai Ji <kai.ji@intel.com>,
 Akhil Goyal <gakhil@marvell.com>, Fan Zhang <fanzhang.oss@gmail.com>,
 Ashwin Sekhar T K <asekhar@marvell.com>
Subject: [PATCH] crypto/openssl: fix memory leak in auth processing function
Date: Tue, 18 Apr 2023 16:26:19 +0200
Message-Id: <20230418142619.2643428-1-didier.pallard@6wind.com>
X-Mailer: git-send-email 2.30.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
Errors-To: stable-bounces@dpdk.org

Contexts allocated with EVP_MAC_CTX_new calls are leaking, they are created
then overwritten by the return value of EVP_MAC_CTX_dup call.

Fixes: 75adf1eae44f ("crypto/openssl: update HMAC routine with 3.0 EVP API")
Fixes: 2b9c693f6ef5 ("crypto/openssl: support AES-CMAC operations")
Signed-off-by: Didier Pallard <didier.pallard@6wind.com>
Cc: stable@dpdk.org
---
 drivers/crypto/openssl/rte_openssl_pmd.c | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 384d26262105..e00db0facba5 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1797,7 +1797,6 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 # if OPENSSL_VERSION_NUMBER >= 0x30000000L
 	EVP_MAC_CTX *ctx_h;
 	EVP_MAC_CTX *ctx_c;
-	EVP_MAC *mac;
 # else
 	HMAC_CTX *ctx_h;
 	CMAC_CTX *ctx_c;
@@ -1818,10 +1817,7 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 		break;
 	case OPENSSL_AUTH_AS_HMAC:
 # if OPENSSL_VERSION_NUMBER >= 0x30000000L
-		mac = EVP_MAC_fetch(NULL, "HMAC", NULL);
-		ctx_h = EVP_MAC_CTX_new(mac);
 		ctx_h = EVP_MAC_CTX_dup(sess->auth.hmac.ctx);
-		EVP_MAC_free(mac);
 		status = process_openssl_auth_mac(mbuf_src, dst,
 				op->sym->auth.data.offset, srclen,
 				ctx_h);
@@ -1836,10 +1832,7 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 		break;
 	case OPENSSL_AUTH_AS_CMAC:
 # if OPENSSL_VERSION_NUMBER >= 0x30000000L
-		mac = EVP_MAC_fetch(NULL, OSSL_MAC_NAME_CMAC, NULL);
-		ctx_c = EVP_MAC_CTX_new(mac);
 		ctx_c = EVP_MAC_CTX_dup(sess->auth.cmac.ctx);
-		EVP_MAC_free(mac);
 		status = process_openssl_auth_mac(mbuf_src, dst,
 				op->sym->auth.data.offset, srclen,
 				ctx_c);
-- 
2.30.2