From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <arkadiuszx.kusztal@intel.com>
Received: from mga02.intel.com (mga02.intel.com [134.134.136.20])
 by dpdk.org (Postfix) with ESMTP id 767621B441
 for <dev@dpdk.org>; Thu,  7 Feb 2019 11:55:00 +0100 (CET)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga001.jf.intel.com ([10.7.209.18])
 by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 07 Feb 2019 02:54:59 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.58,343,1544515200"; d="scan'208";a="136598723"
Received: from akusztax-mobl.ger.corp.intel.com ([10.103.104.106])
 by orsmga001.jf.intel.com with ESMTP; 07 Feb 2019 02:54:56 -0800
From: Arek Kusztal <arkadiuszx.kusztal@intel.com>
To: dev@dpdk.org
Cc: akhil.goyal@nxp.com, fiona.trahe@intel.com,
 shally.verma@caviumnetworks.com, sunila.sahu@caviumnetworks.com,
 ashish.gupta@caviumnetworks.com,
 Arek Kusztal <arkadiuszx.kusztal@intel.com>
Date: Thu,  7 Feb 2019 11:54:39 +0100
Message-Id: <20190207105439.12260-1-arkadiuszx.kusztal@intel.com>
X-Mailer: git-send-email 2.19.1.windows.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: [dpdk-dev] [PATCH] openssl: fix not clearing big numbers after
	computations
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Feb 2019 10:55:01 -0000

After performing mod exp and mod inv big numbers (BIGNUM) should
be cleared as data already is copied into op fields and this BNs would
very likely contain private information for unspecified amount of time
(duration of the session).

Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations")

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 drivers/crypto/openssl/rte_openssl_pmd.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index ea5aac6..4ecc3c4 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1795,6 +1795,9 @@ process_openssl_modinv_op(struct rte_crypto_op *cop,
 		cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
 	}
 
+	BN_clear(res);
+	BN_clear(base);
+
 	return 0;
 }
 
@@ -1825,6 +1828,9 @@ process_openssl_modexp_op(struct rte_crypto_op *cop,
 		cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
 	}
 
+	BN_clear(res);
+	BN_clear(base);
+
 	return 0;
 }
 
-- 
2.1.0