diff mbox series

openssl: fix not clearing big numbers after computations

Message ID	20190207105439.12260-1-arkadiuszx.kusztal@intel.com (mailing list archive)
State	Accepted, archived
Delegated to:	akhil goyal
Headers	From: Arek Kusztal <arkadiuszx.kusztal@intel.com> To: dev@dpdk.org Cc: akhil.goyal@nxp.com, fiona.trahe@intel.com, shally.verma@caviumnetworks.com, sunila.sahu@caviumnetworks.com, ashish.gupta@caviumnetworks.com, Arek Kusztal <arkadiuszx.kusztal@intel.com> Date: Thu, 7 Feb 2019 11:54:39 +0100 Message-Id: <20190207105439.12260-1-arkadiuszx.kusztal@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-dev] [PATCH] openssl: fix not clearing big numbers after computations Precedence: list Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org>
Series	openssl: fix not clearing big numbers after computations \| openssl: fix not clearing big numbers after computations

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK
ci/mellanox-Performance-Testing	success	Performance Testing PASS
ci/intel-Performance-Testing	success	Performance Testing PASS
ci/Intel-compilation	success	Compilation OK

Commit Message

Arkadiusz Kusztal Feb. 7, 2019, 10:54 a.m. UTC

  After performing mod exp and mod inv big numbers (BIGNUM) should
be cleared as data already is copied into op fields and this BNs would
very likely contain private information for unspecified amount of time
(duration of the session).

Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations")

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 drivers/crypto/openssl/rte_openssl_pmd.c | 6 ++++++
 1 file changed, 6 insertions(+)

Comments

Fiona Trahe Feb. 7, 2019, 3:27 p.m. UTC | #1

> -----Original Message-----
> From: Kusztal, ArkadiuszX
> Sent: Thursday, February 7, 2019 10:55 AM
> To: dev@dpdk.org
> Cc: akhil.goyal@nxp.com; Trahe, Fiona <fiona.trahe@intel.com>; shally.verma@caviumnetworks.com;
> sunila.sahu@caviumnetworks.com; ashish.gupta@caviumnetworks.com; Kusztal, ArkadiuszX
> <arkadiuszx.kusztal@intel.com>
> Subject: [PATCH] openssl: fix not clearing big numbers after computations
> 
> After performing mod exp and mod inv big numbers (BIGNUM) should
> be cleared as data already is copied into op fields and this BNs would
> very likely contain private information for unspecified amount of time
> (duration of the session).
> 
> Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations")
> 
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>

Shally Verma Feb. 12, 2019, 11:01 a.m. UTC | #2

>-----Original Message-----
>From: dev <dev-bounces@dpdk.org> On Behalf Of Arek Kusztal
>Sent: 07 February 2019 16:25
>To: dev@dpdk.org
>Cc: akhil.goyal@nxp.com; fiona.trahe@intel.com; shally.verma@caviumnetworks.com; sunila.sahu@caviumnetworks.com;
>ashish.gupta@caviumnetworks.com; Arek Kusztal <arkadiuszx.kusztal@intel.com>
>Subject: [dpdk-dev] [PATCH] openssl: fix not clearing big numbers after computations
>
>After performing mod exp and mod inv big numbers (BIGNUM) should
>be cleared as data already is copied into op fields and this BNs would
>very likely contain private information for unspecified amount of time
>(duration of the session).
>
>Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations")
>
>Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
>---
Acked-by: Shally Verma <shallyv@marvell.com>

> drivers/crypto/openssl/rte_openssl_pmd.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
>diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
>index ea5aac6..4ecc3c4 100644
>--- a/drivers/crypto/openssl/rte_openssl_pmd.c
>+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
>@@ -1795,6 +1795,9 @@ process_openssl_modinv_op(struct rte_crypto_op *cop,
> 		cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
> 	}
>
>+	BN_clear(res);
>+	BN_clear(base);
>+
> 	return 0;
> }
>
>@@ -1825,6 +1828,9 @@ process_openssl_modexp_op(struct rte_crypto_op *cop,
> 		cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
> 	}
>
>+	BN_clear(res);
>+	BN_clear(base);
>+
> 	return 0;
> }
>
>--
>2.1.0

Akhil Goyal March 6, 2019, 4:44 p.m. UTC | #3

On 2/12/2019 4:31 PM, Shally Verma wrote:
>
>> -----Original Message-----
>> From: dev <dev-bounces@dpdk.org> On Behalf Of Arek Kusztal
>> Sent: 07 February 2019 16:25
>> To: dev@dpdk.org
>> Cc: akhil.goyal@nxp.com; fiona.trahe@intel.com; shally.verma@caviumnetworks.com; sunila.sahu@caviumnetworks.com;
>> ashish.gupta@caviumnetworks.com; Arek Kusztal <arkadiuszx.kusztal@intel.com>
>> Subject: [dpdk-dev] [PATCH] openssl: fix not clearing big numbers after computations
>>
>> After performing mod exp and mod inv big numbers (BIGNUM) should
>> be cleared as data already is copied into op fields and this BNs would
>> very likely contain private information for unspecified amount of time
>> (duration of the session).
>>
>> Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations")
>>
>> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
>> ---
> Acked-by: Shally Verma <shallyv@marvell.com>
>
>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

title changed to "crypto/openssl: fix big numbers after computations"
Applied to dpdk-next-crypto

Thanks

diff mbox series

Patch

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index ea5aac6..4ecc3c4 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1795,6 +1795,9 @@  process_openssl_modinv_op(struct rte_crypto_op *cop,
 		cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
 	}
 
+	BN_clear(res);
+	BN_clear(base);
+
 	return 0;
 }
 
@@ -1825,6 +1828,9 @@  process_openssl_modexp_op(struct rte_crypto_op *cop,
 		cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
 	}
 
+	BN_clear(res);
+	BN_clear(base);
+
 	return 0;
 }