|WARNING| pw133842 [PATCH] crypto/openssl: fix asym memory leaks

|WARNING| pw133842 [PATCH] crypto/openssl: fix asym memory leaks

[qemudev]

Test-Label: loongarch-compilation
Test-Status: WARNING
http://dpdk.org/patch/133842

_apply patch failure_

Submitter: Ciara Power <ciara.power@intel.com>
Date: Fri,  3 Nov 2023 15:45:16 +0000
DPDK git baseline: Repo:dpdk-next-crypto
  Branch: for-main
  CommitID: 11e5ca63c77b355d0397f642989f28a7a0318cbc

Apply patch set 133842 failed:

Checking patch drivers/crypto/openssl/openssl_pmd_private.h...
Checking patch drivers/crypto/openssl/rte_openssl_pmd.c...
error: while searching for:
err_dsa_sign:
	if (params)
		OSSL_PARAM_free(params);
	if (key_ctx)
		EVP_PKEY_CTX_free(key_ctx);
	if (dsa_ctx)
		EVP_PKEY_CTX_free(dsa_ctx);

	EVP_PKEY_free(pkey);
	return ret;
}

error: patch failed: drivers/crypto/openssl/rte_openssl_pmd.c:1958
error: drivers/crypto/openssl/rte_openssl_pmd.c: patch does not apply
Checking patch drivers/crypto/openssl/rte_openssl_pmd_ops.c...
Hunk #1 succeeded at 1104 (offset -2 lines).
Hunk #2 succeeded at 1129 (offset -2 lines).
Hunk #3 succeeded at 1146 (offset -2 lines).
error: while searching for:

err_dh:
		OPENSSL_LOG(ERR, " failed to set dh params\n");
		BN_free(p);
		BN_free(g);
		return -1;
	}
	case RTE_CRYPTO_ASYM_XFORM_DSA:
	{
#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
		BIGNUM *p = NULL, *g = NULL;
		BIGNUM *q = NULL, *priv_key = NULL;
		BIGNUM *pub_key = NULL;
		OSSL_PARAM_BLD *param_bld = NULL;

		p = BN_bin2bn((const unsigned char *)
				xform->dsa.p.data,
				xform->dsa.p.length,
				p);

		g = BN_bin2bn((const unsigned char *)
				xform->dsa.g.data,
				xform->dsa.g.length,
				g);

		q = BN_bin2bn((const unsigned char *)
				xform->dsa.q.data,
				xform->dsa.q.length,
				q);
		if (!p || !q || !g)
			goto err_dsa;

		priv_key = BN_bin2bn((const unsigned char *)
				xform->dsa.x.data,
				xform->dsa.x.length,
				priv_key);
		if (priv_key == NULL)
			goto err_dsa;

		param_bld = OSSL_PARAM_BLD_new();

error: patch failed: drivers/crypto/openssl/rte_openssl_pmd_ops.c:1177
error: drivers/crypto/openssl/rte_openssl_pmd_ops.c: patch does not apply

|WARNING| pw133842 [PATCH] crypto/openssl: fix asym memory leaks

[checkpatch]

Test-Label: checkpatch
Test-Status: WARNING
http://dpdk.org/patch/133842

_coding style issues_


WARNING:LONG_LINE: line length of 101 exceeds 100 columns
#318: FILE: drivers/crypto/openssl/rte_openssl_pmd_ops.c:1227:
+			|| !OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PRIV_KEY, *priv_key)) {

total: 0 errors, 1 warnings, 259 lines checked

|WARNING| pw133842 [PATCH] crypto/openssl: fix asym memory leaks

[dpdklab]

Test-Label: iol-testing
Test-Status: WARNING
http://dpdk.org/patch/133842

_apply patch failure_

Submitter: Ciara Power <ciara.power@intel.com>
Date: Friday, November 03 2023 15:45:16 
Applied on: CommitID:11e5ca63c77b355d0397f642989f28a7a0318cbc
Apply patch set 133842 failed:

Checking patch drivers/crypto/openssl/openssl_pmd_private.h...
Checking patch drivers/crypto/openssl/rte_openssl_pmd.c...
error: while searching for:
err_dsa_sign:
	if (params)
		OSSL_PARAM_free(params);
	if (key_ctx)
		EVP_PKEY_CTX_free(key_ctx);
	if (dsa_ctx)
		EVP_PKEY_CTX_free(dsa_ctx);

	EVP_PKEY_free(pkey);
	return ret;
}

error: patch failed: drivers/crypto/openssl/rte_openssl_pmd.c:1958
error: while searching for:
		DSA_SIG_free(sign);
	if (params)
		OSSL_PARAM_free(params);
	if (key_ctx)
		EVP_PKEY_CTX_free(key_ctx);
	if (dsa_ctx)
		EVP_PKEY_CTX_free(dsa_ctx);

	BN_free(pub_key);
	EVP_PKEY_free(pkey);

error: patch failed: drivers/crypto/openssl/rte_openssl_pmd.c:2043
Hunk #3 succeeded at 2294 (offset -2 lines).
error: while searching for:
err_sm2:
	EVP_MD_free(check_md);
	EVP_MD_CTX_free(md_ctx);

	if (kctx)
		EVP_PKEY_CTX_free(kctx);

	if (sctx)
		EVP_PKEY_CTX_free(sctx);

	if (cctx)
		EVP_PKEY_CTX_free(cctx);

	if (pkey)
		EVP_PKEY_free(pkey);

	return ret;
}

error: patch failed: drivers/crypto/openssl/rte_openssl_pmd.c:2887
Checking patch drivers/crypto/openssl/rte_openssl_pmd_ops.c...
Hunk #1 succeeded at 1104 (offset -2 lines).
Hunk #2 succeeded at 1129 (offset -2 lines).
Hunk #3 succeeded at 1146 (offset -2 lines).
error: while searching for:

err_dh:
		OPENSSL_LOG(ERR, " failed to set dh params\n");
		BN_free(p);
		BN_free(g);
		return -1;
	}
	case RTE_CRYPTO_ASYM_XFORM_DSA:
	{
#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
		BIGNUM *p = NULL, *g = NULL;
		BIGNUM *q = NULL, *priv_key = NULL;
		BIGNUM *pub_key = NULL;
		OSSL_PARAM_BLD *param_bld = NULL;

		p = BN_bin2bn((const unsigned char *)
				xform->dsa.p.data,
				xform->dsa.p.length,
				p);

		g = BN_bin2bn((const unsigned char *)
				xform->dsa.g.data,
				xform->dsa.g.length,
				g);

		q = BN_bin2bn((const unsigned char *)
				xform->dsa.q.data,
				xform->dsa.q.length,
				q);
		if (!p || !q || !g)
			goto err_dsa;

		priv_key = BN_bin2bn((const unsigned char *)
				xform->dsa.x.data,
				xform->dsa.x.length,
				priv_key);
		if (priv_key == NULL)
			goto err_dsa;

		param_bld = OSSL_PARAM_BLD_new();

error: patch failed: drivers/crypto/openssl/rte_openssl_pmd_ops.c:1177
Hunk #5 succeeded at 1218 (offset -3 lines).
Hunk #6 succeeded at 1285 (offset -3 lines).
Hunk #7 succeeded at 1306 (offset -3 lines).
Hunk #8 succeeded at 1431 (offset -5 lines).
error: while searching for:
		if (sess->u.dh.dh_key)
			DH_free(sess->u.dh.dh_key);
#endif
		break;
	case RTE_CRYPTO_ASYM_XFORM_DSA:
#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
		OSSL_PARAM_BLD_free(sess->u.s.param_bld);
		sess->u.s.param_bld = NULL;
#else
		if (sess->u.s.dsa)
			DSA_free(sess->u.s.dsa);

error: patch failed: drivers/crypto/openssl/rte_openssl_pmd_ops.c:1463
Applied patch drivers/crypto/openssl/openssl_pmd_private.h cleanly.
Applying patch drivers/crypto/openssl/rte_openssl_pmd.c with 3 rejects...
Rejected hunk #1.
Rejected hunk #2.
Hunk #3 applied cleanly.
Rejected hunk #4.
Applying patch drivers/crypto/openssl/rte_openssl_pmd_ops.c with 2 rejects...
Hunk #1 applied cleanly.
Hunk #2 applied cleanly.
Hunk #3 applied cleanly.
Rejected hunk #4.
Hunk #5 applied cleanly.
Hunk #6 applied cleanly.
Hunk #7 applied cleanly.
Hunk #8 applied cleanly.
Rejected hunk #9.
hint: Use 'git am --show-current-patch' to see the failed patch
diff a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c	(rejected hunks)
@@ -1958,11 +1958,8 @@ process_openssl_dsa_sign_op_evp(struct rte_crypto_op *cop,
 err_dsa_sign:
 	if (params)
 		OSSL_PARAM_free(params);
-	if (key_ctx)
-		EVP_PKEY_CTX_free(key_ctx);
-	if (dsa_ctx)
-		EVP_PKEY_CTX_free(dsa_ctx);
-
+	EVP_PKEY_CTX_free(key_ctx);
+	EVP_PKEY_CTX_free(dsa_ctx);
 	EVP_PKEY_free(pkey);
 	return ret;
 }
@@ -2043,10 +2040,8 @@ process_openssl_dsa_verify_op_evp(struct rte_crypto_op *cop,
 		DSA_SIG_free(sign);
 	if (params)
 		OSSL_PARAM_free(params);
-	if (key_ctx)
-		EVP_PKEY_CTX_free(key_ctx);
-	if (dsa_ctx)
-		EVP_PKEY_CTX_free(dsa_ctx);
+	EVP_PKEY_CTX_free(key_ctx);
+	EVP_PKEY_CTX_free(dsa_ctx);
 
 	BN_free(pub_key);
 	EVP_PKEY_free(pkey);
@@ -2887,18 +2877,10 @@ process_openssl_sm2_op_evp(struct rte_crypto_op *cop,
 err_sm2:
 	EVP_MD_free(check_md);
 	EVP_MD_CTX_free(md_ctx);
-
-	if (kctx)
-		EVP_PKEY_CTX_free(kctx);
-
-	if (sctx)
-		EVP_PKEY_CTX_free(sctx);
-
-	if (cctx)
-		EVP_PKEY_CTX_free(cctx);
-
-	if (pkey)
-		EVP_PKEY_free(pkey);
+	EVP_PKEY_CTX_free(kctx);
+	EVP_PKEY_CTX_free(sctx);
+	EVP_PKEY_CTX_free(cctx);
+	EVP_PKEY_free(pkey);
 
 	return ret;
 }
diff a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c	(rejected hunks)
@@ -1177,40 +1177,42 @@ static int openssl_set_asym_session_parameters(
 
 err_dh:
 		OPENSSL_LOG(ERR, " failed to set dh params\n");
-		BN_free(p);
-		BN_free(g);
+		BN_free(*p);
+		BN_free(*g);
 		return -1;
 	}
 	case RTE_CRYPTO_ASYM_XFORM_DSA:
 	{
 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
-		BIGNUM *p = NULL, *g = NULL;
-		BIGNUM *q = NULL, *priv_key = NULL;
+		BIGNUM **p = &asym_session->u.s.p;
+		BIGNUM **g = &asym_session->u.s.g;
+		BIGNUM **q = &asym_session->u.s.q;
+		BIGNUM **priv_key = &asym_session->u.s.priv_key;
 		BIGNUM *pub_key = NULL;
 		OSSL_PARAM_BLD *param_bld = NULL;
 
-		p = BN_bin2bn((const unsigned char *)
+		*p = BN_bin2bn((const unsigned char *)
 				xform->dsa.p.data,
 				xform->dsa.p.length,
-				p);
+				*p);
 
-		g = BN_bin2bn((const unsigned char *)
+		*g = BN_bin2bn((const unsigned char *)
 				xform->dsa.g.data,
 				xform->dsa.g.length,
-				g);
+				*g);
 
-		q = BN_bin2bn((const unsigned char *)
+		*q = BN_bin2bn((const unsigned char *)
 				xform->dsa.q.data,
 				xform->dsa.q.length,
-				q);
-		if (!p || !q || !g)
+				*q);
+		if (!*p || !*q || !*g)
 			goto err_dsa;
 
-		priv_key = BN_bin2bn((const unsigned char *)
+		*priv_key = BN_bin2bn((const unsigned char *)
 				xform->dsa.x.data,
 				xform->dsa.x.length,
-				priv_key);
-		if (priv_key == NULL)
+				*priv_key);
+		if (*priv_key == NULL)
 			goto err_dsa;
 
 		param_bld = OSSL_PARAM_BLD_new();
@@ -1463,11 +1464,17 @@ static void openssl_reset_asym_session(struct openssl_asym_session *sess)
 		if (sess->u.dh.dh_key)
 			DH_free(sess->u.dh.dh_key);
 #endif
+		BN_clear_free(sess->u.dh.p);
+		BN_clear_free(sess->u.dh.g);
 		break;
 	case RTE_CRYPTO_ASYM_XFORM_DSA:
 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
 		OSSL_PARAM_BLD_free(sess->u.s.param_bld);
 		sess->u.s.param_bld = NULL;
+		BN_clear_free(sess->u.s.p);
+		BN_clear_free(sess->u.s.q);
+		BN_clear_free(sess->u.s.g);
+		BN_clear_free(sess->u.s.priv_key);
 #else
 		if (sess->u.s.dsa)
 			DSA_free(sess->u.s.dsa);

https://lab.dpdk.org/results/dashboard/patchsets/28225/

UNH-IOL DPDK Community Lab