patch 'crypto/openssl: fix memory leak in auth processing' has been queued to stable release 22.11.3

Xueming Li xuemingl at nvidia.com
Thu Aug 10 01:47:30 CEST 2023

Previous message (by thread): patch 'crypto/qat: fix sym device prototype' has been queued to stable release 22.11.3
Next message (by thread): patch 'crypto/openssl: skip workaround at compilation time' has been queued to stable release 22.11.3
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

FYI, your patch has been queued to stable release 22.11.3

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 08/11/23. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://git.dpdk.org/dpdk-stable/log/?h=22.11-staging

This queued commit can be viewed at:
https://git.dpdk.org/dpdk-stable/commit/?h=22.11-staging&id=91085d3b58db8f04ffcc00cc848b7333fd10295a

Thanks.

Xueming Li <xuemingl at nvidia.com>

---
>From 91085d3b58db8f04ffcc00cc848b7333fd10295a Mon Sep 17 00:00:00 2001
From: Didier Pallard <didier.pallard at 6wind.com>
Date: Tue, 18 Apr 2023 16:26:19 +0200
Subject: [PATCH] crypto/openssl: fix memory leak in auth processing
Cc: Xueming Li <xuemingl at nvidia.com>

[ upstream commit b7b06b3fa4ef4dc8ba6ba822bfa7d9affaaa434a ]

Contexts allocated with EVP_MAC_CTX_new calls are leaking, they are created
then overwritten by the return value of EVP_MAC_CTX_dup call.

Fixes: 75adf1eae44f ("crypto/openssl: update HMAC routine with 3.0 EVP API")
Fixes: 2b9c693f6ef5 ("crypto/openssl: support AES-CMAC operations")

Signed-off-by: Didier Pallard <didier.pallard at 6wind.com>
Acked-by: Kai Ji <kai.ji at intel.com>
---
 drivers/crypto/openssl/rte_openssl_pmd.c | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index f65fbca300..175b651000 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1797,7 +1797,6 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 # if OPENSSL_VERSION_NUMBER >= 0x30000000L
 	EVP_MAC_CTX *ctx_h;
 	EVP_MAC_CTX *ctx_c;
-	EVP_MAC *mac;
 # else
 	HMAC_CTX *ctx_h;
 	CMAC_CTX *ctx_c;
@@ -1818,10 +1817,7 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 		break;
 	case OPENSSL_AUTH_AS_HMAC:
 # if OPENSSL_VERSION_NUMBER >= 0x30000000L
-		mac = EVP_MAC_fetch(NULL, "HMAC", NULL);
-		ctx_h = EVP_MAC_CTX_new(mac);
 		ctx_h = EVP_MAC_CTX_dup(sess->auth.hmac.ctx);
-		EVP_MAC_free(mac);
 		status = process_openssl_auth_mac(mbuf_src, dst,
 				op->sym->auth.data.offset, srclen,
 				ctx_h);
@@ -1836,10 +1832,7 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
 		break;
 	case OPENSSL_AUTH_AS_CMAC:
 # if OPENSSL_VERSION_NUMBER >= 0x30000000L
-		mac = EVP_MAC_fetch(NULL, OSSL_MAC_NAME_CMAC, NULL);
-		ctx_c = EVP_MAC_CTX_new(mac);
 		ctx_c = EVP_MAC_CTX_dup(sess->auth.cmac.ctx);
-		EVP_MAC_free(mac);
 		status = process_openssl_auth_mac(mbuf_src, dst,
 				op->sym->auth.data.offset, srclen,
 				ctx_c);
-- 
2.25.1

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2023-08-09 21:51:18.511140400 +0800
+++ 0008-crypto-openssl-fix-memory-leak-in-auth-processing.patch	2023-08-09 21:51:18.114352000 +0800
@@ -1 +1 @@
-From b7b06b3fa4ef4dc8ba6ba822bfa7d9affaaa434a Mon Sep 17 00:00:00 2001
+From 91085d3b58db8f04ffcc00cc848b7333fd10295a Mon Sep 17 00:00:00 2001
@@ -4,0 +5,3 @@
+Cc: Xueming Li <xuemingl at nvidia.com>
+
+[ upstream commit b7b06b3fa4ef4dc8ba6ba822bfa7d9affaaa434a ]
@@ -11 +13,0 @@
-Cc: stable at dpdk.org
@@ -20 +22 @@
-index b20904f3bf..9b83811d67 100644
+index f65fbca300..175b651000 100644
@@ -23 +25 @@
-@@ -1798,7 +1798,6 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
+@@ -1797,7 +1797,6 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
@@ -31 +33 @@
-@@ -1819,10 +1818,7 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
+@@ -1818,10 +1817,7 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
@@ -42 +44 @@
-@@ -1837,10 +1833,7 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,
+@@ -1836,10 +1832,7 @@ process_openssl_auth_op(struct openssl_qp *qp, struct rte_crypto_op *op,

Previous message (by thread): patch 'crypto/qat: fix sym device prototype' has been queued to stable release 22.11.3
Next message (by thread): patch 'crypto/openssl: skip workaround at compilation time' has been queued to stable release 22.11.3
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list