[v2] crypto/openssl: fix inproper freeing of asymmetric crypto keys in rsa
Checks
Commit Message
In case big number need to be freed, data it contains should be cleared
before especially if it is critical data like private keys.
Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations")
Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
v2:
- removed unnecessary config lines
drivers/crypto/openssl/rte_openssl_pmd_ops.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
Comments
> -----Original Message-----
> From: Kusztal, ArkadiuszX
> Sent: Monday, July 1, 2019 3:57 PM
> To: dev@dpdk.org
> Cc: akhil.goyal@nxp.com; Trahe, Fiona <fiona.trahe@intel.com>; Doherty, Declan
> <declan.doherty@intel.com>; Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>
> Subject: [PATCH v2] crypto/openssl: fix inproper freeing of asymmetric crypto keys in rsa
>
> In case big number need to be freed, data it contains should be cleared
> before especially if it is critical data like private keys.
>
> Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations")
>
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
> >
> > In case big number need to be freed, data it contains should be cleared
> > before especially if it is critical data like private keys.
> >
> > Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations")
> >
> > Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
> Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Applied to dpdk-next-crypto
Thanks.
@@ -912,14 +912,14 @@ static int openssl_set_asym_session_parameters(
asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_RSA;
break;
err_rsa:
- BN_free(n);
- BN_free(e);
- BN_free(d);
- BN_free(p);
- BN_free(q);
- BN_free(dmp1);
- BN_free(dmq1);
- BN_free(iqmp);
+ BN_clear_free(n);
+ BN_clear_free(e);
+ BN_clear_free(d);
+ BN_clear_free(p);
+ BN_clear_free(q);
+ BN_clear_free(dmp1);
+ BN_clear_free(dmq1);
+ BN_clear_free(iqmp);
return -1;
}