@@ -190,6 +190,8 @@ struct openssl_asym_session {
struct dh {
DH *dh_key;
uint32_t key_op;
+ BIGNUM *p;
+ BIGNUM *g;
#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
OSSL_PARAM_BLD * param_bld;
OSSL_PARAM_BLD *param_bld_peer;
@@ -199,6 +201,10 @@ struct openssl_asym_session {
DSA *dsa;
#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
OSSL_PARAM_BLD * param_bld;
+ BIGNUM *p;
+ BIGNUM *g;
+ BIGNUM *q;
+ BIGNUM *priv_key;
#endif
} s;
struct {
@@ -1958,11 +1958,8 @@ process_openssl_dsa_sign_op_evp(struct rte_crypto_op *cop,
err_dsa_sign:
if (params)
OSSL_PARAM_free(params);
- if (key_ctx)
- EVP_PKEY_CTX_free(key_ctx);
- if (dsa_ctx)
- EVP_PKEY_CTX_free(dsa_ctx);
-
+ EVP_PKEY_CTX_free(key_ctx);
+ EVP_PKEY_CTX_free(dsa_ctx);
EVP_PKEY_free(pkey);
return ret;
}
@@ -2043,10 +2040,8 @@ process_openssl_dsa_verify_op_evp(struct rte_crypto_op *cop,
DSA_SIG_free(sign);
if (params)
OSSL_PARAM_free(params);
- if (key_ctx)
- EVP_PKEY_CTX_free(key_ctx);
- if (dsa_ctx)
- EVP_PKEY_CTX_free(dsa_ctx);
+ EVP_PKEY_CTX_free(key_ctx);
+ EVP_PKEY_CTX_free(dsa_ctx);
BN_free(pub_key);
EVP_PKEY_free(pkey);
@@ -2301,17 +2296,12 @@ process_openssl_dh_op_evp(struct rte_crypto_op *cop,
ret = 0;
err_dh:
- if (pub_key)
- BN_free(pub_key);
- if (priv_key)
- BN_free(priv_key);
+ BN_free(pub_key);
+ BN_free(priv_key);
if (params)
OSSL_PARAM_free(params);
- if (dhpkey)
- EVP_PKEY_free(dhpkey);
- if (peerkey)
- EVP_PKEY_free(peerkey);
-
+ EVP_PKEY_free(dhpkey);
+ EVP_PKEY_free(peerkey);
EVP_PKEY_CTX_free(dh_ctx);
return ret;
@@ -2887,18 +2877,10 @@ process_openssl_sm2_op_evp(struct rte_crypto_op *cop,
err_sm2:
EVP_MD_free(check_md);
EVP_MD_CTX_free(md_ctx);
-
- if (kctx)
- EVP_PKEY_CTX_free(kctx);
-
- if (sctx)
- EVP_PKEY_CTX_free(sctx);
-
- if (cctx)
- EVP_PKEY_CTX_free(cctx);
-
- if (pkey)
- EVP_PKEY_free(pkey);
+ EVP_PKEY_CTX_free(kctx);
+ EVP_PKEY_CTX_free(sctx);
+ EVP_PKEY_CTX_free(cctx);
+ EVP_PKEY_free(pkey);
return ret;
}
@@ -1106,18 +1106,18 @@ static int openssl_set_asym_session_parameters(
}
case RTE_CRYPTO_ASYM_XFORM_DH:
{
- BIGNUM *p = NULL;
- BIGNUM *g = NULL;
+ BIGNUM **p = &asym_session->u.dh.p;
+ BIGNUM **g = &asym_session->u.dh.g;
- p = BN_bin2bn((const unsigned char *)
+ *p = BN_bin2bn((const unsigned char *)
xform->dh.p.data,
xform->dh.p.length,
- p);
- g = BN_bin2bn((const unsigned char *)
+ *p);
+ *g = BN_bin2bn((const unsigned char *)
xform->dh.g.data,
xform->dh.g.length,
- g);
- if (!p || !g)
+ *g);
+ if (!*p || !*g)
goto err_dh;
DH *dh = NULL;
@@ -1131,9 +1131,9 @@ static int openssl_set_asym_session_parameters(
if ((!OSSL_PARAM_BLD_push_utf8_string(param_bld,
"group", "ffdhe2048", 0))
|| (!OSSL_PARAM_BLD_push_BN(param_bld,
- OSSL_PKEY_PARAM_FFC_P, p))
+ OSSL_PKEY_PARAM_FFC_P, *p))
|| (!OSSL_PARAM_BLD_push_BN(param_bld,
- OSSL_PKEY_PARAM_FFC_G, g))) {
+ OSSL_PKEY_PARAM_FFC_G, *g))) {
OSSL_PARAM_BLD_free(param_bld);
goto err_dh;
}
@@ -1148,9 +1148,9 @@ static int openssl_set_asym_session_parameters(
if ((!OSSL_PARAM_BLD_push_utf8_string(param_bld_peer,
"group", "ffdhe2048", 0))
|| (!OSSL_PARAM_BLD_push_BN(param_bld_peer,
- OSSL_PKEY_PARAM_FFC_P, p))
+ OSSL_PKEY_PARAM_FFC_P, *p))
|| (!OSSL_PARAM_BLD_push_BN(param_bld_peer,
- OSSL_PKEY_PARAM_FFC_G, g))) {
+ OSSL_PKEY_PARAM_FFC_G, *g))) {
OSSL_PARAM_BLD_free(param_bld);
OSSL_PARAM_BLD_free(param_bld_peer);
goto err_dh;
@@ -1177,40 +1177,42 @@ static int openssl_set_asym_session_parameters(
err_dh:
OPENSSL_LOG(ERR, " failed to set dh params\n");
- BN_free(p);
- BN_free(g);
+ BN_free(*p);
+ BN_free(*g);
return -1;
}
case RTE_CRYPTO_ASYM_XFORM_DSA:
{
#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
- BIGNUM *p = NULL, *g = NULL;
- BIGNUM *q = NULL, *priv_key = NULL;
+ BIGNUM **p = &asym_session->u.s.p;
+ BIGNUM **g = &asym_session->u.s.g;
+ BIGNUM **q = &asym_session->u.s.q;
+ BIGNUM **priv_key = &asym_session->u.s.priv_key;
BIGNUM *pub_key = NULL;
OSSL_PARAM_BLD *param_bld = NULL;
- p = BN_bin2bn((const unsigned char *)
+ *p = BN_bin2bn((const unsigned char *)
xform->dsa.p.data,
xform->dsa.p.length,
- p);
+ *p);
- g = BN_bin2bn((const unsigned char *)
+ *g = BN_bin2bn((const unsigned char *)
xform->dsa.g.data,
xform->dsa.g.length,
- g);
+ *g);
- q = BN_bin2bn((const unsigned char *)
+ *q = BN_bin2bn((const unsigned char *)
xform->dsa.q.data,
xform->dsa.q.length,
- q);
- if (!p || !q || !g)
+ *q);
+ if (!*p || !*q || !*g)
goto err_dsa;
- priv_key = BN_bin2bn((const unsigned char *)
+ *priv_key = BN_bin2bn((const unsigned char *)
xform->dsa.x.data,
xform->dsa.x.length,
- priv_key);
- if (priv_key == NULL)
+ *priv_key);
+ if (*priv_key == NULL)
goto err_dsa;
param_bld = OSSL_PARAM_BLD_new();
@@ -1219,10 +1221,10 @@ static int openssl_set_asym_session_parameters(
goto err_dsa;
}
- if (!OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_P, p)
- || !OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_G, g)
- || !OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_Q, q)
- || !OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PRIV_KEY, priv_key)) {
+ if (!OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_P, *p)
+ || !OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_G, *g)
+ || !OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_Q, *q)
+ || !OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PRIV_KEY, *priv_key)) {
OSSL_PARAM_BLD_free(param_bld);
OPENSSL_LOG(ERR, "failed to allocate resources\n");
goto err_dsa;
@@ -1286,17 +1288,17 @@ static int openssl_set_asym_session_parameters(
if (ret) {
DSA_free(dsa);
OPENSSL_LOG(ERR, "Failed to set keys\n");
- return -1;
+ goto err_dsa;
}
asym_session->u.s.dsa = dsa;
asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_DSA;
break;
#endif
err_dsa:
- BN_free(p);
- BN_free(q);
- BN_free(g);
- BN_free(priv_key);
+ BN_free(*p);
+ BN_free(*q);
+ BN_free(*g);
+ BN_free(*priv_key);
BN_free(pub_key);
return -1;
}
@@ -1307,7 +1309,7 @@ static int openssl_set_asym_session_parameters(
OSSL_PARAM_BLD *param_bld = NULL;
OSSL_PARAM *params = NULL;
BIGNUM *pkey_bn = NULL;
- uint8_t pubkey[64];
+ uint8_t pubkey[65];
size_t len = 0;
int ret = -1;
@@ -1434,8 +1436,7 @@ static void openssl_reset_asym_session(struct openssl_asym_session *sess)
switch (sess->xfrm_type) {
case RTE_CRYPTO_ASYM_XFORM_RSA:
#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
- if (sess->u.r.ctx)
- EVP_PKEY_CTX_free(sess->u.r.ctx);
+ EVP_PKEY_CTX_free(sess->u.r.ctx);
#else
if (sess->u.r.rsa)
RSA_free(sess->u.r.rsa);
@@ -1463,11 +1464,17 @@ static void openssl_reset_asym_session(struct openssl_asym_session *sess)
if (sess->u.dh.dh_key)
DH_free(sess->u.dh.dh_key);
#endif
+ BN_clear_free(sess->u.dh.p);
+ BN_clear_free(sess->u.dh.g);
break;
case RTE_CRYPTO_ASYM_XFORM_DSA:
#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
OSSL_PARAM_BLD_free(sess->u.s.param_bld);
sess->u.s.param_bld = NULL;
+ BN_clear_free(sess->u.s.p);
+ BN_clear_free(sess->u.s.q);
+ BN_clear_free(sess->u.s.g);
+ BN_clear_free(sess->u.s.priv_key);
#else
if (sess->u.s.dsa)
DSA_free(sess->u.s.dsa);