diff mbox series

crypto/openssl: fix inproper freeing of asymmetric crypto keys in rsa

Message ID 20190531065928.3420-1-arkadiuszx.kusztal@intel.com (mailing list archive)
State Changes Requested, archived
Delegated to: akhil goyal
Headers
Series crypto/openssl: fix inproper freeing of asymmetric crypto keys in rsa |

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/Performance-Testing fail build patch failure
ci/Intel-compilation fail Compilation issues

Commit Message

Arkadiusz Kusztal May 31, 2019, 6:59 a.m. UTC 
  In case big number need to be freed, data it contains should be cleared
before especially if it is critical data like private keys.

Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations")

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 config/common_base                           |  4 ++--
 drivers/crypto/openssl/rte_openssl_pmd_ops.c | 16 ++++++++--------
 2 files changed, 10 insertions(+), 10 deletions(-)

Comments

Akhil Goyal June 18, 2019, 12:59 p.m. UTC | #1 
Hi Arek,

> In case big number need to be freed, data it contains should be cleared
> before especially if it is critical data like private keys.
> 
> Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations")
> 
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> ---
>  config/common_base                           |  4 ++--
>  drivers/crypto/openssl/rte_openssl_pmd_ops.c | 16 ++++++++--------
>  2 files changed, 10 insertions(+), 10 deletions(-)
> 
> diff --git a/config/common_base b/config/common_base
> index 6b96e0e..a3d8e17 100644
> --- a/config/common_base
> +++ b/config/common_base
> @@ -573,7 +573,7 @@ CONFIG_RTE_LIBRTE_PMD_OCTEONTX_CRYPTO=y
>  #
>  CONFIG_RTE_LIBRTE_PMD_QAT=y
>  CONFIG_RTE_LIBRTE_PMD_QAT_SYM=n
> -CONFIG_RTE_LIBRTE_PMD_QAT_ASYM=n
> +CONFIG_RTE_LIBRTE_PMD_QAT_ASYM=y
>  #
>  # Max. number of QuickAssist devices, which can be detected and attached
>  #
> @@ -597,7 +597,7 @@ CONFIG_RTE_LIBRTE_PMD_AESNI_MB=n
>  #
>  # Compile PMD for Software backed device
>  #
> -CONFIG_RTE_LIBRTE_PMD_OPENSSL=n
> +CONFIG_RTE_LIBRTE_PMD_OPENSSL=y
> 
I think these config changes were done by mistake in this patch.

Openssl cannot be enabled by default as it needs external codebase.

Please send fix only for openssl driver as the description says.

Thanks,
Akhil
diff mbox series

Patch

diff --git a/config/common_base b/config/common_base
index 6b96e0e..a3d8e17 100644
--- a/config/common_base
+++ b/config/common_base
@@ -573,7 +573,7 @@  CONFIG_RTE_LIBRTE_PMD_OCTEONTX_CRYPTO=y
 #
 CONFIG_RTE_LIBRTE_PMD_QAT=y
 CONFIG_RTE_LIBRTE_PMD_QAT_SYM=n
-CONFIG_RTE_LIBRTE_PMD_QAT_ASYM=n
+CONFIG_RTE_LIBRTE_PMD_QAT_ASYM=y
 #
 # Max. number of QuickAssist devices, which can be detected and attached
 #
@@ -597,7 +597,7 @@  CONFIG_RTE_LIBRTE_PMD_AESNI_MB=n
 #
 # Compile PMD for Software backed device
 #
-CONFIG_RTE_LIBRTE_PMD_OPENSSL=n
+CONFIG_RTE_LIBRTE_PMD_OPENSSL=y
 
 #
 # Compile PMD for AESNI GCM device
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 40217cf..a307c91 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -912,14 +912,14 @@  static int openssl_set_asym_session_parameters(
 		asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_RSA;
 		break;
 err_rsa:
-		BN_free(n);
-		BN_free(e);
-		BN_free(d);
-		BN_free(p);
-		BN_free(q);
-		BN_free(dmp1);
-		BN_free(dmq1);
-		BN_free(iqmp);
+		BN_clear_free(n);
+		BN_clear_free(e);
+		BN_clear_free(d);
+		BN_clear_free(p);
+		BN_clear_free(q);
+		BN_clear_free(dmp1);
+		BN_clear_free(dmq1);
+		BN_clear_free(iqmp);
 
 		return -1;
 	}