crypto/openssl: fix memory leak in auth processing function
Checks
Commit Message
Contexts allocated with EVP_MAC_CTX_new calls are leaking, they are created
then overwritten by the return value of EVP_MAC_CTX_dup call.
Fixes: 75adf1eae44f ("crypto/openssl: update HMAC routine with 3.0 EVP API")
Fixes: 2b9c693f6ef5 ("crypto/openssl: support AES-CMAC operations")
Signed-off-by: Didier Pallard <didier.pallard@6wind.com>
Cc: stable@dpdk.org
---
drivers/crypto/openssl/rte_openssl_pmd.c | 7 -------
1 file changed, 7 deletions(-)
Comments
Acked-by: Kai Ji <kai.ji@intel.com<mailto:kai.ji@intel.com>>
> -----Original Message-----
> From: Didier Pallard <didier.pallard@6wind.com>
> Sent: Tuesday 18 April 2023 15:26
> To: dev@dpdk.org
> Cc: stable@dpdk.org; Ji, Kai <kai.ji@intel.com>; Akhil Goyal
> <gakhil@marvell.com>; Fan Zhang <fanzhang.oss@gmail.com>; Ashwin
> Sekhar T K <asekhar@marvell.com>
> Subject: [PATCH] crypto/openssl: fix memory leak in auth processing
> function
>
> Contexts allocated with EVP_MAC_CTX_new calls are leaking, they are
> created then overwritten by the return value of EVP_MAC_CTX_dup call.
>
> Fixes: 75adf1eae44f ("crypto/openssl: update HMAC routine with 3.0 EVP
> API")
> Fixes: 2b9c693f6ef5 ("crypto/openssl: support AES-CMAC operations")
> Signed-off-by: Didier Pallard <didier.pallard@6wind.com>
> Cc: stable@dpdk.org
> ---
> --
> 2.30.2
Applied to dpdk-next-crypto
Thanks.
@@ -1797,7 +1797,6 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
# if OPENSSL_VERSION_NUMBER >= 0x30000000L
EVP_MAC_CTX *ctx_h;
EVP_MAC_CTX *ctx_c;
- EVP_MAC *mac;
# else
HMAC_CTX *ctx_h;
CMAC_CTX *ctx_c;
@@ -1818,10 +1817,7 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
break;
case OPENSSL_AUTH_AS_HMAC:
# if OPENSSL_VERSION_NUMBER >= 0x30000000L
- mac = EVP_MAC_fetch(NULL, "HMAC", NULL);
- ctx_h = EVP_MAC_CTX_new(mac);
ctx_h = EVP_MAC_CTX_dup(sess->auth.hmac.ctx);
- EVP_MAC_free(mac);
status = process_openssl_auth_mac(mbuf_src, dst,
op->sym->auth.data.offset, srclen,
ctx_h);
@@ -1836,10 +1832,7 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
break;
case OPENSSL_AUTH_AS_CMAC:
# if OPENSSL_VERSION_NUMBER >= 0x30000000L
- mac = EVP_MAC_fetch(NULL, OSSL_MAC_NAME_CMAC, NULL);
- ctx_c = EVP_MAC_CTX_new(mac);
ctx_c = EVP_MAC_CTX_dup(sess->auth.cmac.ctx);
- EVP_MAC_free(mac);
status = process_openssl_auth_mac(mbuf_src, dst,
op->sym->auth.data.offset, srclen,
ctx_c);