[dpdk-dev] [PATCH] openssl: fix not clearing big numbers after computations

DPDK patches and discussions
 help / color / mirror / Atom feed

* [dpdk-dev] [PATCH] openssl: fix not clearing big numbers after computations
@ 2019-02-07 10:54 Arek Kusztal
  2019-02-07 15:27 ` Trahe, Fiona
  2019-02-12 11:01 ` Shally Verma
  0 siblings, 2 replies; 4+ messages in thread
From: Arek Kusztal @ 2019-02-07 10:54 UTC (permalink / raw)
  To: dev
  Cc: akhil.goyal, fiona.trahe, shally.verma, sunila.sahu,
	ashish.gupta, Arek Kusztal

After performing mod exp and mod inv big numbers (BIGNUM) should
be cleared as data already is copied into op fields and this BNs would
very likely contain private information for unspecified amount of time
(duration of the session).

Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations")

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 drivers/crypto/openssl/rte_openssl_pmd.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index ea5aac6..4ecc3c4 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1795,6 +1795,9 @@ process_openssl_modinv_op(struct rte_crypto_op *cop,
 		cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
 	}
 
+	BN_clear(res);
+	BN_clear(base);
+
 	return 0;
 }
 
@@ -1825,6 +1828,9 @@ process_openssl_modexp_op(struct rte_crypto_op *cop,
 		cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
 	}
 
+	BN_clear(res);
+	BN_clear(base);
+
 	return 0;
 }
 
-- 
2.1.0

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [dpdk-dev] [PATCH] openssl: fix not clearing big numbers after computations
  2019-02-07 10:54 [dpdk-dev] [PATCH] openssl: fix not clearing big numbers after computations Arek Kusztal
@ 2019-02-07 15:27 ` Trahe, Fiona
  2019-02-12 11:01 ` Shally Verma
  1 sibling, 0 replies; 4+ messages in thread
From: Trahe, Fiona @ 2019-02-07 15:27 UTC (permalink / raw)
  To: Kusztal, ArkadiuszX, dev
  Cc: akhil.goyal, shally.verma, sunila.sahu, ashish.gupta



> -----Original Message-----
> From: Kusztal, ArkadiuszX
> Sent: Thursday, February 7, 2019 10:55 AM
> To: dev@dpdk.org
> Cc: akhil.goyal@nxp.com; Trahe, Fiona <fiona.trahe@intel.com>; shally.verma@caviumnetworks.com;
> sunila.sahu@caviumnetworks.com; ashish.gupta@caviumnetworks.com; Kusztal, ArkadiuszX
> <arkadiuszx.kusztal@intel.com>
> Subject: [PATCH] openssl: fix not clearing big numbers after computations
> 
> After performing mod exp and mod inv big numbers (BIGNUM) should
> be cleared as data already is copied into op fields and this BNs would
> very likely contain private information for unspecified amount of time
> (duration of the session).
> 
> Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations")
> 
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [dpdk-dev] [PATCH] openssl: fix not clearing big numbers after computations
  2019-02-07 10:54 [dpdk-dev] [PATCH] openssl: fix not clearing big numbers after computations Arek Kusztal
  2019-02-07 15:27 ` Trahe, Fiona
@ 2019-02-12 11:01 ` Shally Verma
  2019-03-06 16:44   ` Akhil Goyal
  1 sibling, 1 reply; 4+ messages in thread
From: Shally Verma @ 2019-02-12 11:01 UTC (permalink / raw)
  To: Arek Kusztal, dev; +Cc: akhil.goyal, fiona.trahe, sunila.sahu, ashish.gupta



>-----Original Message-----
>From: dev <dev-bounces@dpdk.org> On Behalf Of Arek Kusztal
>Sent: 07 February 2019 16:25
>To: dev@dpdk.org
>Cc: akhil.goyal@nxp.com; fiona.trahe@intel.com; shally.verma@caviumnetworks.com; sunila.sahu@caviumnetworks.com;
>ashish.gupta@caviumnetworks.com; Arek Kusztal <arkadiuszx.kusztal@intel.com>
>Subject: [dpdk-dev] [PATCH] openssl: fix not clearing big numbers after computations
>
>After performing mod exp and mod inv big numbers (BIGNUM) should
>be cleared as data already is copied into op fields and this BNs would
>very likely contain private information for unspecified amount of time
>(duration of the session).
>
>Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations")
>
>Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
>---
Acked-by: Shally Verma <shallyv@marvell.com>

> drivers/crypto/openssl/rte_openssl_pmd.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
>diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
>index ea5aac6..4ecc3c4 100644
>--- a/drivers/crypto/openssl/rte_openssl_pmd.c
>+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
>@@ -1795,6 +1795,9 @@ process_openssl_modinv_op(struct rte_crypto_op *cop,
> 		cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
> 	}
>
>+	BN_clear(res);
>+	BN_clear(base);
>+
> 	return 0;
> }
>
>@@ -1825,6 +1828,9 @@ process_openssl_modexp_op(struct rte_crypto_op *cop,
> 		cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
> 	}
>
>+	BN_clear(res);
>+	BN_clear(base);
>+
> 	return 0;
> }
>
>--
>2.1.0

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [dpdk-dev] [PATCH] openssl: fix not clearing big numbers after computations
  2019-02-12 11:01 ` Shally Verma
@ 2019-03-06 16:44   ` Akhil Goyal
  0 siblings, 0 replies; 4+ messages in thread
From: Akhil Goyal @ 2019-03-06 16:44 UTC (permalink / raw)
  To: Shally Verma, Arek Kusztal, dev; +Cc: fiona.trahe, sunila.sahu, ashish.gupta



On 2/12/2019 4:31 PM, Shally Verma wrote:
>
>> -----Original Message-----
>> From: dev <dev-bounces@dpdk.org> On Behalf Of Arek Kusztal
>> Sent: 07 February 2019 16:25
>> To: dev@dpdk.org
>> Cc: akhil.goyal@nxp.com; fiona.trahe@intel.com; shally.verma@caviumnetworks.com; sunila.sahu@caviumnetworks.com;
>> ashish.gupta@caviumnetworks.com; Arek Kusztal <arkadiuszx.kusztal@intel.com>
>> Subject: [dpdk-dev] [PATCH] openssl: fix not clearing big numbers after computations
>>
>> After performing mod exp and mod inv big numbers (BIGNUM) should
>> be cleared as data already is copied into op fields and this BNs would
>> very likely contain private information for unspecified amount of time
>> (duration of the session).
>>
>> Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations")
>>
>> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
>> ---
> Acked-by: Shally Verma <shallyv@marvell.com>
>
>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

title changed to "crypto/openssl: fix big numbers after computations"
Applied to dpdk-next-crypto

Thanks

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2019-03-06 16:44 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-02-07 10:54 [dpdk-dev] [PATCH] openssl: fix not clearing big numbers after computations Arek Kusztal
2019-02-07 15:27 ` Trahe, Fiona
2019-02-12 11:01 ` Shally Verma
2019-03-06 16:44   ` Akhil Goyal

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).