From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by dpdk.org (Postfix) with ESMTP id 767621B441 for ; Thu, 7 Feb 2019 11:55:00 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Feb 2019 02:54:59 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.58,343,1544515200"; d="scan'208";a="136598723" Received: from akusztax-mobl.ger.corp.intel.com ([10.103.104.106]) by orsmga001.jf.intel.com with ESMTP; 07 Feb 2019 02:54:56 -0800 From: Arek Kusztal To: dev@dpdk.org Cc: akhil.goyal@nxp.com, fiona.trahe@intel.com, shally.verma@caviumnetworks.com, sunila.sahu@caviumnetworks.com, ashish.gupta@caviumnetworks.com, Arek Kusztal Date: Thu, 7 Feb 2019 11:54:39 +0100 Message-Id: <20190207105439.12260-1-arkadiuszx.kusztal@intel.com> X-Mailer: git-send-email 2.19.1.windows.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-dev] [PATCH] openssl: fix not clearing big numbers after computations X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Feb 2019 10:55:01 -0000 After performing mod exp and mod inv big numbers (BIGNUM) should be cleared as data already is copied into op fields and this BNs would very likely contain private information for unspecified amount of time (duration of the session). Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations") Signed-off-by: Arek Kusztal --- drivers/crypto/openssl/rte_openssl_pmd.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index ea5aac6..4ecc3c4 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -1795,6 +1795,9 @@ process_openssl_modinv_op(struct rte_crypto_op *cop, cop->status = RTE_CRYPTO_OP_STATUS_ERROR; } + BN_clear(res); + BN_clear(base); + return 0; } @@ -1825,6 +1828,9 @@ process_openssl_modexp_op(struct rte_crypto_op *cop, cop->status = RTE_CRYPTO_OP_STATUS_ERROR; } + BN_clear(res); + BN_clear(base); + return 0; } -- 2.1.0