[dpdk-dev] [PATCH] openssl: fix not clearing big numbers after computations
Shally Verma
shallyv at marvell.com
Tue Feb 12 12:01:43 CET 2019
>-----Original Message-----
>From: dev <dev-bounces at dpdk.org> On Behalf Of Arek Kusztal
>Sent: 07 February 2019 16:25
>To: dev at dpdk.org
>Cc: akhil.goyal at nxp.com; fiona.trahe at intel.com; shally.verma at caviumnetworks.com; sunila.sahu at caviumnetworks.com;
>ashish.gupta at caviumnetworks.com; Arek Kusztal <arkadiuszx.kusztal at intel.com>
>Subject: [dpdk-dev] [PATCH] openssl: fix not clearing big numbers after computations
>
>After performing mod exp and mod inv big numbers (BIGNUM) should
>be cleared as data already is copied into op fields and this BNs would
>very likely contain private information for unspecified amount of time
>(duration of the session).
>
>Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations")
>
>Signed-off-by: Arek Kusztal <arkadiuszx.kusztal at intel.com>
>---
Acked-by: Shally Verma <shallyv at marvell.com>
> drivers/crypto/openssl/rte_openssl_pmd.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
>diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
>index ea5aac6..4ecc3c4 100644
>--- a/drivers/crypto/openssl/rte_openssl_pmd.c
>+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
>@@ -1795,6 +1795,9 @@ process_openssl_modinv_op(struct rte_crypto_op *cop,
> cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
> }
>
>+ BN_clear(res);
>+ BN_clear(base);
>+
> return 0;
> }
>
>@@ -1825,6 +1828,9 @@ process_openssl_modexp_op(struct rte_crypto_op *cop,
> cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
> }
>
>+ BN_clear(res);
>+ BN_clear(base);
>+
> return 0;
> }
>
>--
>2.1.0
More information about the dev
mailing list