@@ -190,6 +190,8 @@ struct openssl_asym_session {
struct dh {
DH *dh_key;
uint32_t key_op;
+ BIGNUM *p;
+ BIGNUM *g;
#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
OSSL_PARAM_BLD * param_bld;
OSSL_PARAM_BLD *param_bld_peer;
@@ -199,6 +201,10 @@ struct openssl_asym_session {
DSA *dsa;
#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
OSSL_PARAM_BLD * param_bld;
+ BIGNUM *p;
+ BIGNUM *g;
+ BIGNUM *q;
+ BIGNUM *priv_key;
#endif
} s;
struct {
@@ -1960,6 +1960,7 @@ process_openssl_dsa_sign_op_evp(struct rte_crypto_op *cop,
OSSL_PARAM_free(params);
EVP_PKEY_CTX_free(key_ctx);
EVP_PKEY_CTX_free(dsa_ctx);
+ EVP_PKEY_free(pkey);
return ret;
}
@@ -1032,7 +1032,7 @@ static int openssl_set_asym_session_parameters(
}
asym_session->u.r.rsa = rsa;
asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_RSA;
- ret = 0;
+ break;
#endif
err_rsa:
BN_clear_free(n);
@@ -1106,22 +1106,22 @@ static int openssl_set_asym_session_parameters(
}
case RTE_CRYPTO_ASYM_XFORM_DH:
{
- BIGNUM *p = NULL;
- BIGNUM *g = NULL;
+ DH *dh = NULL;
+#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+ BIGNUM **p = &asym_session->u.dh.p;
+ BIGNUM **g = &asym_session->u.dh.g;
- p = BN_bin2bn((const unsigned char *)
+ *p = BN_bin2bn((const unsigned char *)
xform->dh.p.data,
xform->dh.p.length,
- p);
- g = BN_bin2bn((const unsigned char *)
+ *p);
+ *g = BN_bin2bn((const unsigned char *)
xform->dh.g.data,
xform->dh.g.length,
- g);
- if (!p || !g)
+ *g);
+ if (!*p || !*g)
goto err_dh;
- DH *dh = NULL;
-#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
OSSL_PARAM_BLD *param_bld = NULL;
param_bld = OSSL_PARAM_BLD_new();
if (!param_bld) {
@@ -1131,9 +1131,9 @@ static int openssl_set_asym_session_parameters(
if ((!OSSL_PARAM_BLD_push_utf8_string(param_bld,
"group", "ffdhe2048", 0))
|| (!OSSL_PARAM_BLD_push_BN(param_bld,
- OSSL_PKEY_PARAM_FFC_P, p))
+ OSSL_PKEY_PARAM_FFC_P, *p))
|| (!OSSL_PARAM_BLD_push_BN(param_bld,
- OSSL_PKEY_PARAM_FFC_G, g))) {
+ OSSL_PKEY_PARAM_FFC_G, *g))) {
OSSL_PARAM_BLD_free(param_bld);
goto err_dh;
}
@@ -1148,9 +1148,9 @@ static int openssl_set_asym_session_parameters(
if ((!OSSL_PARAM_BLD_push_utf8_string(param_bld_peer,
"group", "ffdhe2048", 0))
|| (!OSSL_PARAM_BLD_push_BN(param_bld_peer,
- OSSL_PKEY_PARAM_FFC_P, p))
+ OSSL_PKEY_PARAM_FFC_P, *p))
|| (!OSSL_PARAM_BLD_push_BN(param_bld_peer,
- OSSL_PKEY_PARAM_FFC_G, g))) {
+ OSSL_PKEY_PARAM_FFC_G, *g))) {
OSSL_PARAM_BLD_free(param_bld);
OSSL_PARAM_BLD_free(param_bld_peer);
goto err_dh;
@@ -1159,6 +1159,20 @@ static int openssl_set_asym_session_parameters(
asym_session->u.dh.param_bld = param_bld;
asym_session->u.dh.param_bld_peer = param_bld_peer;
#else
+ BIGNUM *p = NULL;
+ BIGNUM *g = NULL;
+
+ p = BN_bin2bn((const unsigned char *)
+ xform->dh.p.data,
+ xform->dh.p.length,
+ p);
+ g = BN_bin2bn((const unsigned char *)
+ xform->dh.g.data,
+ xform->dh.g.length,
+ g);
+ if (!p || !g)
+ goto err_dh;
+
dh = DH_new();
if (dh == NULL) {
OPENSSL_LOG(ERR,
@@ -1177,40 +1191,47 @@ static int openssl_set_asym_session_parameters(
err_dh:
OPENSSL_LOG(ERR, " failed to set dh params\n");
+#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+ BN_free(*p);
+ BN_free(*g);
+#else
BN_free(p);
BN_free(g);
+#endif
return -1;
}
case RTE_CRYPTO_ASYM_XFORM_DSA:
{
#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
- BIGNUM *p = NULL, *g = NULL;
- BIGNUM *q = NULL, *priv_key = NULL;
+ BIGNUM **p = &asym_session->u.s.p;
+ BIGNUM **g = &asym_session->u.s.g;
+ BIGNUM **q = &asym_session->u.s.q;
+ BIGNUM **priv_key = &asym_session->u.s.priv_key;
BIGNUM *pub_key = NULL;
OSSL_PARAM_BLD *param_bld = NULL;
- p = BN_bin2bn((const unsigned char *)
+ *p = BN_bin2bn((const unsigned char *)
xform->dsa.p.data,
xform->dsa.p.length,
- p);
+ *p);
- g = BN_bin2bn((const unsigned char *)
+ *g = BN_bin2bn((const unsigned char *)
xform->dsa.g.data,
xform->dsa.g.length,
- g);
+ *g);
- q = BN_bin2bn((const unsigned char *)
+ *q = BN_bin2bn((const unsigned char *)
xform->dsa.q.data,
xform->dsa.q.length,
- q);
- if (!p || !q || !g)
+ *q);
+ if (!*p || !*q || !*g)
goto err_dsa;
- priv_key = BN_bin2bn((const unsigned char *)
+ *priv_key = BN_bin2bn((const unsigned char *)
xform->dsa.x.data,
xform->dsa.x.length,
- priv_key);
- if (priv_key == NULL)
+ *priv_key);
+ if (*priv_key == NULL)
goto err_dsa;
param_bld = OSSL_PARAM_BLD_new();
@@ -1219,10 +1240,11 @@ static int openssl_set_asym_session_parameters(
goto err_dsa;
}
- if (!OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_P, p)
- || !OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_G, g)
- || !OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_Q, q)
- || !OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PRIV_KEY, priv_key)) {
+ if (!OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_P, *p)
+ || !OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_G, *g)
+ || !OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_FFC_Q, *q)
+ || !OSSL_PARAM_BLD_push_BN(param_bld, OSSL_PKEY_PARAM_PRIV_KEY,
+ *priv_key)) {
OSSL_PARAM_BLD_free(param_bld);
OPENSSL_LOG(ERR, "failed to allocate resources\n");
goto err_dsa;
@@ -1286,17 +1308,24 @@ static int openssl_set_asym_session_parameters(
if (ret) {
DSA_free(dsa);
OPENSSL_LOG(ERR, "Failed to set keys\n");
- return -1;
+ goto err_dsa;
}
asym_session->u.s.dsa = dsa;
asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_DSA;
break;
#endif
err_dsa:
+#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+ BN_free(*p);
+ BN_free(*q);
+ BN_free(*g);
+ BN_free(*priv_key);
+#else
BN_free(p);
BN_free(q);
BN_free(g);
BN_free(priv_key);
+#endif
BN_free(pub_key);
return -1;
}
@@ -1307,7 +1336,7 @@ static int openssl_set_asym_session_parameters(
OSSL_PARAM_BLD *param_bld = NULL;
OSSL_PARAM *params = NULL;
BIGNUM *pkey_bn = NULL;
- uint8_t pubkey[64];
+ uint8_t pubkey[65];
size_t len = 0;
int ret = -1;
@@ -1462,11 +1491,17 @@ static void openssl_reset_asym_session(struct openssl_asym_session *sess)
if (sess->u.dh.dh_key)
DH_free(sess->u.dh.dh_key);
#endif
+ BN_clear_free(sess->u.dh.p);
+ BN_clear_free(sess->u.dh.g);
break;
case RTE_CRYPTO_ASYM_XFORM_DSA:
#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
OSSL_PARAM_BLD_free(sess->u.s.param_bld);
sess->u.s.param_bld = NULL;
+ BN_clear_free(sess->u.s.p);
+ BN_clear_free(sess->u.s.q);
+ BN_clear_free(sess->u.s.g);
+ BN_clear_free(sess->u.s.priv_key);
#else
if (sess->u.s.dsa)
DSA_free(sess->u.s.dsa);