From: Didier Pallard <didier.pallard@6wind.com>
To: dev@dpdk.org
Cc: stable@dpdk.org, Kai Ji <kai.ji@intel.com>,
Akhil Goyal <gakhil@marvell.com>,
Fan Zhang <fanzhang.oss@gmail.com>,
Ashwin Sekhar T K <asekhar@marvell.com>
Subject: [PATCH] crypto/openssl: fix memory leak in auth processing function
Date: Tue, 18 Apr 2023 16:26:19 +0200 [thread overview]
Message-ID: <20230418142619.2643428-1-didier.pallard@6wind.com> (raw)
Contexts allocated with EVP_MAC_CTX_new calls are leaking, they are created
then overwritten by the return value of EVP_MAC_CTX_dup call.
Fixes: 75adf1eae44f ("crypto/openssl: update HMAC routine with 3.0 EVP API")
Fixes: 2b9c693f6ef5 ("crypto/openssl: support AES-CMAC operations")
Signed-off-by: Didier Pallard <didier.pallard@6wind.com>
Cc: stable@dpdk.org
---
drivers/crypto/openssl/rte_openssl_pmd.c | 7 -------
1 file changed, 7 deletions(-)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 384d26262105..e00db0facba5 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1797,7 +1797,6 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
# if OPENSSL_VERSION_NUMBER >= 0x30000000L
EVP_MAC_CTX *ctx_h;
EVP_MAC_CTX *ctx_c;
- EVP_MAC *mac;
# else
HMAC_CTX *ctx_h;
CMAC_CTX *ctx_c;
@@ -1818,10 +1817,7 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
break;
case OPENSSL_AUTH_AS_HMAC:
# if OPENSSL_VERSION_NUMBER >= 0x30000000L
- mac = EVP_MAC_fetch(NULL, "HMAC", NULL);
- ctx_h = EVP_MAC_CTX_new(mac);
ctx_h = EVP_MAC_CTX_dup(sess->auth.hmac.ctx);
- EVP_MAC_free(mac);
status = process_openssl_auth_mac(mbuf_src, dst,
op->sym->auth.data.offset, srclen,
ctx_h);
@@ -1836,10 +1832,7 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
break;
case OPENSSL_AUTH_AS_CMAC:
# if OPENSSL_VERSION_NUMBER >= 0x30000000L
- mac = EVP_MAC_fetch(NULL, OSSL_MAC_NAME_CMAC, NULL);
- ctx_c = EVP_MAC_CTX_new(mac);
ctx_c = EVP_MAC_CTX_dup(sess->auth.cmac.ctx);
- EVP_MAC_free(mac);
status = process_openssl_auth_mac(mbuf_src, dst,
op->sym->auth.data.offset, srclen,
ctx_c);
--
2.30.2
next reply other threads:[~2023-04-18 14:26 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-18 14:26 Didier Pallard [this message]
[not found] ` <SN7PR11MB763991660B6600688B66C5E3E65CA@SN7PR11MB7639.namprd11.prod.outlook.com>
2023-06-20 10:01 ` Ji, Kai
2023-06-20 11:00 ` Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230418142619.2643428-1-didier.pallard@6wind.com \
--to=didier.pallard@6wind.com \
--cc=asekhar@marvell.com \
--cc=dev@dpdk.org \
--cc=fanzhang.oss@gmail.com \
--cc=gakhil@marvell.com \
--cc=kai.ji@intel.com \
--cc=stable@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).