From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 6F37B43703 for ; Sat, 16 Dec 2023 01:57:29 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 5F077402A8; Sat, 16 Dec 2023 01:57:29 +0100 (CET) Received: from NAM04-MW2-obe.outbound.protection.outlook.com (mail-mw2nam04on2047.outbound.protection.outlook.com [40.107.101.47]) by mails.dpdk.org (Postfix) with ESMTP id CB8C840261 for ; Sat, 16 Dec 2023 01:57:27 +0100 (CET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YFR3yXCwiwYxI2kdba9T3a0zajYJ7L84j5D3dr/oMYkdC2uZgk+Jj3DkY3FPH8FtBt3ymoL85c32rwrY+Dti5bVTpbaZ2wfnadiIDQobdreaGqBOQTTSgqvMBBwKseZbgy/ggLoqArLxTSzb0BDwiCviSLGdxeke3MG7+eKW3IWN3YNabOgkCm+g/t4JF4jgk+fylFVEN54vUslzsiLY4sFFNov9bPTTrFFccPtnwxUu3Lt/oDVHzR3fVkTB4iILCJVe38mCivuGxMm/ZV6S5cWJJ4MjVbjBl6sA47hDAg7GmqYzOgkNfWygpCzY7lf66oTcTMO8I640d0uIFG3KIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=w3SULioXDyODsPaaNRvVfN7V44CyoYQgNht8BmjcGuo=; b=dGIl0QkBTEDAjNhNqGBuJJaYlyf8mmBVXzB5S7NXZyS5k2vAtV4FAw8DeFPkBxYX50X3IK2c1+zWIkArUcJBoXMWcucs4dRHbI2w+DX/mu5Rer6+vIHoTFIf8LgtJKybSOfQP9tdvPdgzNvxUKEcZpX0ne4SzyzZJX9CYnf7Mtvdxupb09t7u5u/KN3lSdzCb5NjWpp0teyd/FOTM3TJxJb7pufueQgDP5iuIr5I9X8vRYnhW7J6YEoYy/8nbhHMzjdHltaxikDIiJJNl5od3F/kNtSfhBCvUUjWQIgYM1V+8clFZ6iIKKi4H53Mph8jSKsbCTBwJdqE0E0LAQZ5QA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=w3SULioXDyODsPaaNRvVfN7V44CyoYQgNht8BmjcGuo=; b=KF7zZNsCBxb+UrcGxkiZhRQTTNHGn34rDrPRQQSdOLQL7aV9O61m55Yg7p67SnjwjCDn2WZqW3KvcKsaLMqrgwOiISe2v3MuJx4YLYDb8nd77ttl3GQFADK1ve8YYRIneF/Bz2b60mr60m3VH6TBW4MxkvIZm1nPQSF2lZCApUCRAxIhFYoyGbvP48+wt9P+CWg8IilMiffM0dTMZwRaB/TlQC2BpiZA63Tz3ScwZmjFvY62Hc2599BK7KfajeB+MvkHS6LR76dnjIdxRkpQCKzOo+wrvO1mKSLfWOvoU61f2OY5Oiub/pSzLuNDhK00co6p5TJH65QJwsq5OVkuaA== Received: from DM4PR12MB5373.namprd12.prod.outlook.com (2603:10b6:5:39d::14) by DM6PR12MB4091.namprd12.prod.outlook.com (2603:10b6:5:222::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7091.28; Sat, 16 Dec 2023 00:57:25 +0000 Received: from DM4PR12MB5373.namprd12.prod.outlook.com ([fe80::6e12:5648:d8f4:ab2d]) by DM4PR12MB5373.namprd12.prod.outlook.com ([fe80::6e12:5648:d8f4:ab2d%4]) with mapi id 15.20.7091.032; Sat, 16 Dec 2023 00:57:25 +0000 From: "Xueming(Steven) Li" To: Ciara Power CC: "stable@dpdk.org" , Kai Ji Subject: RE: [PATCH 22.11] crypto/openssl: fix memory leaks in asym session Thread-Topic: [PATCH 22.11] crypto/openssl: fix memory leaks in asym session Thread-Index: AQHaLPQ/RUboRY8sCE+h8koWxnYqrbCrG6AA Date: Sat, 16 Dec 2023 00:57:25 +0000 Message-ID: References: <20231212121042.3180007-1-ciara.power@intel.com> In-Reply-To: <20231212121042.3180007-1-ciara.power@intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nvidia.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: DM4PR12MB5373:EE_|DM6PR12MB4091:EE_ x-ms-office365-filtering-correlation-id: 42b840ed-c732-4ed6-a6b8-08dbfdd1f7d9 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: Six0b37Eo2PgvDjuRBI2cCCcP/U4fTP8Dx/9QIX4Y0INFaHlnBFRDuXDGad4GQ92XIO2+9+Jw7GA0I9ZWipqkFlA3qzY+E4efPq2s4Rj9HtWePqKUWcBe3e/zo+LD2lUduzZO+pUAP10/y+VTslGoY3z3b10dC7ytmndcIkXW38+tQskxgQwboMAu75v3wikeOca2jL+fZ6KPulmcKG3TH9MLaZZTbkxuyD8vorQ6BaW0gcGNRyBeujM7+FEW/wYozo0w7JSZK6yThQZy7L5S/aIxcL8iJjrNJqqtlS2pnMsltNTfgdZ/UoJBhL8M5TtnLW3Bxk92LFTXPfO/WKK5jXzWFTrGYw2gw4nViBtDyoXTXE1JvnwQmOx3Sjx6t61uW8xoJtdpJR8zW/jd1VjwkaXG5Ulynsq2RQsdetE/vUffaKROmrBdUgbxRZvOsAir01XY/aa7UonESkly2q/rI9fsb45VsNgJEEGVX0Z8oYbBEdOBxPIa89UOsj0OXr+Ffe5eV3GJSJ27S9/DU6HKMSqv78FuNBdWYoLOWMDVLLBUCSDKvZICkqZvQ90HwIiXOk5AVHYMkeeGwiG2AYAZMk3EhCCu8ouht2+pxpZc2I2tfvbLyHTnvon9lziyE4f x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM4PR12MB5373.namprd12.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(346002)(376002)(366004)(136003)(39860400002)(396003)(230922051799003)(186009)(451199024)(64100799003)(1800799012)(26005)(6506007)(9686003)(53546011)(7696005)(71200400001)(83380400001)(5660300002)(52536014)(8936002)(41300700001)(2906002)(478600001)(54906003)(64756008)(8676002)(76116006)(6916009)(66946007)(66476007)(316002)(4326008)(66556008)(66446008)(86362001)(33656002)(122000001)(38070700009)(38100700002)(55016003); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?doPlkQ8uVOTeUpifErLul38Nub3gssHSR4n4R6XZp0zfGof3EaPtbbWCShBb?= =?us-ascii?Q?6+ZK7l/8cC1YO3fOCkU5p6lvNTstweu5RjpqRh6zGFc/ylg50jsQw0OSXQIn?= =?us-ascii?Q?IhZ168pSADiGhxhSzel3FpJSe5D7ItLIvLkNDMztZZtYNwPnjWSupGh5tsRi?= =?us-ascii?Q?xbVXvT8BbLOLdEvlrIPExRNU2uoIq5C/nuyxO2y93/S+W9b/GBMAPCIj1rNJ?= =?us-ascii?Q?nu+tyBCeGATsxzCMWQ6mypZ9d+oSWzuFAkC8hJcHEMo6RWUhTJM/PATNJrli?= =?us-ascii?Q?RmX14MuKvplZZCMDuPOuWonsF2tIJQhEsCbssU3VPAeB1O2x9h8enHWP0fDA?= =?us-ascii?Q?KKQ/nUnyEP9G4gJ9W6tjNq9aUeXeFasNlkowUJ4S/kDoA6nMlDEXy4+6EhwH?= =?us-ascii?Q?F84UZXkAc4RFcHfBQgCQ6phB/BgXQ9dackzxMwnN8ppIsVzbzq5SHELeuZDQ?= =?us-ascii?Q?0ByU/K+G9tCNWUP9g/OBYe0zOKWxuQWXWLtj/7TA3dBpOE0G3ZTW27XVq7gP?= =?us-ascii?Q?Bh5+7lJaXujtPONLrJsWK1g8VliAP0Ln/DWyd9hnWPmCZ/pZCbFswh1VqkER?= =?us-ascii?Q?3JrrzNJ3egleHmWazsX56N33As2ezK6XZWNo0xZb9+HwVQ2f38ceNNCvYG0M?= =?us-ascii?Q?cQYjpdVWC+ESBVof9+h5eJLRloZUuj2rkbvHRrCu4+ybd3wtmYpQKqpCft+A?= =?us-ascii?Q?UGorl4PfMV3+C7/sRhPcbHcosXAxfJqi11be+Pop3xrjS6+EQSF/M9lfiGui?= =?us-ascii?Q?HCtbCPfQAkz+/bNDFHwVefoTuwPj6kA2lsFgbqkbQStSGlTssSQTWz1esFkR?= =?us-ascii?Q?slSuORfzZOYxIiWKbm4wFkEJSQz63bYX5D0pGmwJoRfsV0/0nknrCsu3cU6n?= =?us-ascii?Q?ZpO4MqPBJ59t8Zr8T7oISyMhRPoks6a0xygBwzIHnA1Q3HuQvO+rpSn52opH?= =?us-ascii?Q?T09nezdSfwD9hf1/kUQTlTMQ00hbOEplE4nrK5bFLmC+pFrQ9w22SavTQKG5?= =?us-ascii?Q?W97KPV6hMXq4rsKzfhDwyNhKKPijVRK30OJIi3JvyLDIuZD2fX5qqusKXRW1?= =?us-ascii?Q?j/U2/70TjG5vC2qdv/cDG3KZ0vvTbCRtlYF9e7Z6EY22w82gSCmZmzV8m1bT?= =?us-ascii?Q?9qCxuwO0/jccSfp2FFuI8HWPvv7DZSMOUDBzYHoclCbCx8shearsa2OwYKcV?= =?us-ascii?Q?4HOIneXHgjBckqrrntSVgm8v8bGwo23giXRh943fqcSllye6AEcwSFP1GrFw?= =?us-ascii?Q?5iwkt6J4pXrX9KeDq4S6x4IBxD8Hr/WJS+yJ2yKDaVYusJ6sccsbdwJC9nzi?= =?us-ascii?Q?cns2My2/liA1EfT6R7fdVW8ytXMMjQ1+n0v5HiTLUKHvqvH5X2yeHlvIdpak?= =?us-ascii?Q?9eVv4qIgleBHNDZ35AWmq2aLETy5r7+9Bvcykdc9TlylFpPkiuZ7IxhjkSI8?= =?us-ascii?Q?sduJmR4i7/3rkAdO8vlRAoYVhcVGNn9O8RM/o0kaHWoPlwZX51sJn02BSt0u?= =?us-ascii?Q?BMCb1sBACUpWt5pnBbna+zEwBH14rSQC4qSVZOoLNDp8BpyXMUda4Ti0iiV1?= =?us-ascii?Q?KwJ2BGnHMER3iZw1qf9EpvwKcN92H2atjNGdehiE?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5373.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 42b840ed-c732-4ed6-a6b8-08dbfdd1f7d9 X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Dec 2023 00:57:25.1123 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 2VZZhckHJYL1gvBg5q7RE4k1VWkAO7+zP7xVkQQKoAxiweP0vSzw0hBRWbYxKzFTvI4flIfN1QbzyldvdHD/8A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4091 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Hi Clara, Thanks for the backporting, patch applied to 22.11 LTS candidate branch. > -----Original Message----- > From: Ciara Power > Sent: 12/12/2023 20:11 > To: Xueming(Steven) Li > Cc: stable@dpdk.org; Ciara Power ; Kai Ji > > Subject: [PATCH 22.11] crypto/openssl: fix memory leaks in asym session >=20 > [upstream commit 47a85dda3f06 ] >=20 > Numerous memory leaks were detected by ASAN in the OpenSSL PMD > asymmetric code path. >=20 > These are now fixed to free all variables allocated by OpenSSL functions = such as > BN_bin2bn and OSSL_PARAM_BLD_new. >=20 > Some need to exist until the op is processed, for example the BIGNUMs > associated with DSA. > The pointers for these are added to the private asym session so they can = be > accessed later when calling free. >=20 > Some cases need to be treated differently if OpenSSL < 3.0. > It has slightly different handling of memory, as functions such as > RSA_set0_key() take over memory management of values, so the caller shoul= d > not free the values. >=20 > Fixes: 4c7ae22f1f83 ("crypto/openssl: update DSA routine with 3.0 EVP API= ") > Fixes: c794b40c9258 ("crypto/openssl: update DH routine with 3.0 EVP API"= ) > Fixes: ac42813a0a7c ("crypto/openssl: add DH and DSA asym operations") > Fixes: d7bd42f6db19 ("crypto/openssl: update RSA routine with 3.0 EVP API= ") >=20 > Signed-off-by: Ciara Power > --- > drivers/crypto/openssl/openssl_pmd_private.h | 6 ++ > drivers/crypto/openssl/rte_openssl_pmd.c | 1 + > drivers/crypto/openssl/rte_openssl_pmd_ops.c | 96 +++++++++++++------- > 3 files changed, 72 insertions(+), 31 deletions(-) >=20 > diff --git a/drivers/crypto/openssl/openssl_pmd_private.h > b/drivers/crypto/openssl/openssl_pmd_private.h > index ed6841e460..4e224b040b 100644 > --- a/drivers/crypto/openssl/openssl_pmd_private.h > +++ b/drivers/crypto/openssl/openssl_pmd_private.h > @@ -189,6 +189,8 @@ struct openssl_asym_session { > struct dh { > DH *dh_key; > uint32_t key_op; > + BIGNUM *p; > + BIGNUM *g; > #if (OPENSSL_VERSION_NUMBER >=3D 0x30000000L) > OSSL_PARAM_BLD * param_bld; > OSSL_PARAM_BLD *param_bld_peer; > @@ -198,6 +200,10 @@ struct openssl_asym_session { > DSA *dsa; > #if (OPENSSL_VERSION_NUMBER >=3D 0x30000000L) > OSSL_PARAM_BLD * param_bld; > + BIGNUM *p; > + BIGNUM *g; > + BIGNUM *q; > + BIGNUM *priv_key; > #endif > } s; > } u; > diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c > b/drivers/crypto/openssl/rte_openssl_pmd.c > index 6825b0469e..6ae31cb5cd 100644 > --- a/drivers/crypto/openssl/rte_openssl_pmd.c > +++ b/drivers/crypto/openssl/rte_openssl_pmd.c > @@ -1960,6 +1960,7 @@ process_openssl_dsa_sign_op_evp(struct > rte_crypto_op *cop, > EVP_PKEY_CTX_free(key_ctx); > if (dsa_ctx) > EVP_PKEY_CTX_free(dsa_ctx); > + EVP_PKEY_free(pkey); > return -1; > } >=20 > diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c > b/drivers/crypto/openssl/rte_openssl_pmd_ops.c > index defed4429e..24d6d48262 100644 > --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c > +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c > @@ -1087,22 +1087,21 @@ static int openssl_set_asym_session_parameters( > } > case RTE_CRYPTO_ASYM_XFORM_DH: > { > - BIGNUM *p =3D NULL; > - BIGNUM *g =3D NULL; > - > - p =3D BN_bin2bn((const unsigned char *) > + DH *dh =3D NULL; > +#if (OPENSSL_VERSION_NUMBER >=3D 0x30000000L) > + BIGNUM **p =3D &asym_session->u.dh.p; > + BIGNUM **g =3D &asym_session->u.dh.g; > + *p =3D BN_bin2bn((const unsigned char *) > xform->dh.p.data, > xform->dh.p.length, > - p); > - g =3D BN_bin2bn((const unsigned char *) > + *p); > + *g =3D BN_bin2bn((const unsigned char *) > xform->dh.g.data, > xform->dh.g.length, > - g); > - if (!p || !g) > + *g); > + if (!*p || !*g) > goto err_dh; >=20 > - DH *dh =3D NULL; > -#if (OPENSSL_VERSION_NUMBER >=3D 0x30000000L) > OSSL_PARAM_BLD *param_bld =3D NULL; > param_bld =3D OSSL_PARAM_BLD_new(); > if (!param_bld) { > @@ -1112,9 +1111,9 @@ static int openssl_set_asym_session_parameters( > if ((!OSSL_PARAM_BLD_push_utf8_string(param_bld, > "group", "ffdhe2048", 0)) > || (!OSSL_PARAM_BLD_push_BN(param_bld, > - OSSL_PKEY_PARAM_FFC_P, p)) > + OSSL_PKEY_PARAM_FFC_P, *p)) > || (!OSSL_PARAM_BLD_push_BN(param_bld, > - OSSL_PKEY_PARAM_FFC_G, g))) { > + OSSL_PKEY_PARAM_FFC_G, *g))) { > OSSL_PARAM_BLD_free(param_bld); > goto err_dh; > } > @@ -1129,9 +1128,9 @@ static int openssl_set_asym_session_parameters( > if ((!OSSL_PARAM_BLD_push_utf8_string(param_bld_peer, > "group", "ffdhe2048", 0)) > || (!OSSL_PARAM_BLD_push_BN(param_bld_peer, > - OSSL_PKEY_PARAM_FFC_P, p)) > + OSSL_PKEY_PARAM_FFC_P, *p)) > || (!OSSL_PARAM_BLD_push_BN(param_bld_peer, > - OSSL_PKEY_PARAM_FFC_G, g))) { > + OSSL_PKEY_PARAM_FFC_G, *g))) { > OSSL_PARAM_BLD_free(param_bld); > OSSL_PARAM_BLD_free(param_bld_peer); > goto err_dh; > @@ -1140,6 +1139,20 @@ static int openssl_set_asym_session_parameters( > asym_session->u.dh.param_bld =3D param_bld; > asym_session->u.dh.param_bld_peer =3D param_bld_peer; #else > + BIGNUM *p =3D NULL; > + BIGNUM *g =3D NULL; > + > + p =3D BN_bin2bn((const unsigned char *) > + xform->dh.p.data, > + xform->dh.p.length, > + p); > + g =3D BN_bin2bn((const unsigned char *) > + xform->dh.g.data, > + xform->dh.g.length, > + g); > + if (!p || !g) > + goto err_dh; > + > dh =3D DH_new(); > if (dh =3D=3D NULL) { > OPENSSL_LOG(ERR, > @@ -1158,41 +1171,48 @@ static int openssl_set_asym_session_parameters( >=20 > err_dh: > OPENSSL_LOG(ERR, " failed to set dh params\n"); > +#if (OPENSSL_VERSION_NUMBER >=3D 0x30000000L) > + BN_free(*p); > + BN_free(*g); > +#else > BN_free(p); > BN_free(g); > +#endif > return -1; > } > case RTE_CRYPTO_ASYM_XFORM_DSA: > { > #if (OPENSSL_VERSION_NUMBER >=3D 0x30000000L) > - BIGNUM *p =3D NULL, *g =3D NULL; > - BIGNUM *q =3D NULL, *priv_key =3D NULL; > + BIGNUM **p =3D &asym_session->u.s.p; > + BIGNUM **g =3D &asym_session->u.s.g; > + BIGNUM **q =3D &asym_session->u.s.q; > + BIGNUM **priv_key =3D &asym_session->u.s.priv_key; > BIGNUM *pub_key =3D BN_new(); > BN_zero(pub_key); > OSSL_PARAM_BLD *param_bld =3D NULL; >=20 > - p =3D BN_bin2bn((const unsigned char *) > + *p =3D BN_bin2bn((const unsigned char *) > xform->dsa.p.data, > xform->dsa.p.length, > - p); > + *p); >=20 > - g =3D BN_bin2bn((const unsigned char *) > + *g =3D BN_bin2bn((const unsigned char *) > xform->dsa.g.data, > xform->dsa.g.length, > - g); > + *g); >=20 > - q =3D BN_bin2bn((const unsigned char *) > + *q =3D BN_bin2bn((const unsigned char *) > xform->dsa.q.data, > xform->dsa.q.length, > - q); > - if (!p || !q || !g) > + *q); > + if (!*p || !*q || !*g) > goto err_dsa; >=20 > - priv_key =3D BN_bin2bn((const unsigned char *) > + *priv_key =3D BN_bin2bn((const unsigned char *) > xform->dsa.x.data, > xform->dsa.x.length, > - priv_key); > - if (priv_key =3D=3D NULL) > + *priv_key); > + if (*priv_key =3D=3D NULL) > goto err_dsa; >=20 > param_bld =3D OSSL_PARAM_BLD_new(); > @@ -1201,10 +1221,11 @@ static int openssl_set_asym_session_parameters( > goto err_dsa; > } >=20 > - if (!OSSL_PARAM_BLD_push_BN(param_bld, > OSSL_PKEY_PARAM_FFC_P, p) > - || !OSSL_PARAM_BLD_push_BN(param_bld, > OSSL_PKEY_PARAM_FFC_G, g) > - || !OSSL_PARAM_BLD_push_BN(param_bld, > OSSL_PKEY_PARAM_FFC_Q, q) > - || !OSSL_PARAM_BLD_push_BN(param_bld, > OSSL_PKEY_PARAM_PRIV_KEY, priv_key)) { > + if (!OSSL_PARAM_BLD_push_BN(param_bld, > OSSL_PKEY_PARAM_FFC_P, *p) > + || !OSSL_PARAM_BLD_push_BN(param_bld, > OSSL_PKEY_PARAM_FFC_G, *g) > + || !OSSL_PARAM_BLD_push_BN(param_bld, > OSSL_PKEY_PARAM_FFC_Q, *q) > + || !OSSL_PARAM_BLD_push_BN(param_bld, > OSSL_PKEY_PARAM_PRIV_KEY, > + *priv_key)) { > OSSL_PARAM_BLD_free(param_bld); > OPENSSL_LOG(ERR, "failed to allocate resources\n"); > goto err_dsa; > @@ -1268,18 +1289,25 @@ static int openssl_set_asym_session_parameters( > if (ret) { > DSA_free(dsa); > OPENSSL_LOG(ERR, "Failed to set keys\n"); > - return -1; > + goto err_dsa; > } > asym_session->u.s.dsa =3D dsa; > asym_session->xfrm_type =3D RTE_CRYPTO_ASYM_XFORM_DSA; > break; > #endif > err_dsa: > +#if (OPENSSL_VERSION_NUMBER >=3D 0x30000000L) > + BN_free(*p); > + BN_free(*q); > + BN_free(*g); > + BN_free(*priv_key); > +#else > BN_free(p); > BN_free(q); > BN_free(g); > BN_free(priv_key); > BN_free(pub_key); > +#endif > return -1; > } > default: > @@ -1357,10 +1385,16 @@ static void openssl_reset_asym_session(struct > openssl_asym_session *sess) > if (sess->u.dh.dh_key) > DH_free(sess->u.dh.dh_key); > #endif > + BN_clear_free(sess->u.dh.p); > + BN_clear_free(sess->u.dh.g); > break; > case RTE_CRYPTO_ASYM_XFORM_DSA: > #if (OPENSSL_VERSION_NUMBER >=3D 0x30000000L) > sess->u.s.param_bld =3D NULL; > + BN_clear_free(sess->u.s.p); > + BN_clear_free(sess->u.s.q); > + BN_clear_free(sess->u.s.g); > + BN_clear_free(sess->u.s.priv_key); > #else > if (sess->u.s.dsa) > DSA_free(sess->u.s.dsa); > -- > 2.25.1