crypto/openssl: fix inproper freeing of asymmetric crypto keys in rsa
Checks
Commit Message
In case big number need to be freed, data it contains should be cleared
before especially if it is critical data like private keys.
Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations")
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
config/common_base | 4 ++--
drivers/crypto/openssl/rte_openssl_pmd_ops.c | 16 ++++++++--------
2 files changed, 10 insertions(+), 10 deletions(-)
Comments
Hi Arek,
> In case big number need to be freed, data it contains should be cleared
> before especially if it is critical data like private keys.
>
> Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations")
>
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> ---
> config/common_base | 4 ++--
> drivers/crypto/openssl/rte_openssl_pmd_ops.c | 16 ++++++++--------
> 2 files changed, 10 insertions(+), 10 deletions(-)
>
> diff --git a/config/common_base b/config/common_base
> index 6b96e0e..a3d8e17 100644
> --- a/config/common_base
> +++ b/config/common_base
> @@ -573,7 +573,7 @@ CONFIG_RTE_LIBRTE_PMD_OCTEONTX_CRYPTO=y
> #
> CONFIG_RTE_LIBRTE_PMD_QAT=y
> CONFIG_RTE_LIBRTE_PMD_QAT_SYM=n
> -CONFIG_RTE_LIBRTE_PMD_QAT_ASYM=n
> +CONFIG_RTE_LIBRTE_PMD_QAT_ASYM=y
> #
> # Max. number of QuickAssist devices, which can be detected and attached
> #
> @@ -597,7 +597,7 @@ CONFIG_RTE_LIBRTE_PMD_AESNI_MB=n
> #
> # Compile PMD for Software backed device
> #
> -CONFIG_RTE_LIBRTE_PMD_OPENSSL=n
> +CONFIG_RTE_LIBRTE_PMD_OPENSSL=y
>
I think these config changes were done by mistake in this patch.
Openssl cannot be enabled by default as it needs external codebase.
Please send fix only for openssl driver as the description says.
Thanks,
Akhil
@@ -573,7 +573,7 @@ CONFIG_RTE_LIBRTE_PMD_OCTEONTX_CRYPTO=y
#
CONFIG_RTE_LIBRTE_PMD_QAT=y
CONFIG_RTE_LIBRTE_PMD_QAT_SYM=n
-CONFIG_RTE_LIBRTE_PMD_QAT_ASYM=n
+CONFIG_RTE_LIBRTE_PMD_QAT_ASYM=y
#
# Max. number of QuickAssist devices, which can be detected and attached
#
@@ -597,7 +597,7 @@ CONFIG_RTE_LIBRTE_PMD_AESNI_MB=n
#
# Compile PMD for Software backed device
#
-CONFIG_RTE_LIBRTE_PMD_OPENSSL=n
+CONFIG_RTE_LIBRTE_PMD_OPENSSL=y
#
# Compile PMD for AESNI GCM device
@@ -912,14 +912,14 @@ static int openssl_set_asym_session_parameters(
asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_RSA;
break;
err_rsa:
- BN_free(n);
- BN_free(e);
- BN_free(d);
- BN_free(p);
- BN_free(q);
- BN_free(dmp1);
- BN_free(dmq1);
- BN_free(iqmp);
+ BN_clear_free(n);
+ BN_clear_free(e);
+ BN_clear_free(d);
+ BN_clear_free(p);
+ BN_clear_free(q);
+ BN_clear_free(dmp1);
+ BN_clear_free(dmq1);
+ BN_clear_free(iqmp);
return -1;
}