openssl: fix not clearing big numbers after computations

Message ID 20190207105439.12260-1-arkadiuszx.kusztal@intel.com
State Accepted, archived
Delegated to: akhil goyal
Headers show
Series
  • openssl: fix not clearing big numbers after computations
Related show

Checks

Context Check Description
ci/Intel-compilation success Compilation OK
ci/intel-Performance-Testing success Performance Testing PASS
ci/mellanox-Performance-Testing success Performance Testing PASS
ci/checkpatch success coding style OK

Commit Message

Kusztal, ArkadiuszX Feb. 7, 2019, 10:54 a.m.
After performing mod exp and mod inv big numbers (BIGNUM) should
be cleared as data already is copied into op fields and this BNs would
very likely contain private information for unspecified amount of time
(duration of the session).

Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations")

Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
---
 drivers/crypto/openssl/rte_openssl_pmd.c | 6 ++++++
 1 file changed, 6 insertions(+)

Comments

Trahe, Fiona Feb. 7, 2019, 3:27 p.m. | #1
> -----Original Message-----
> From: Kusztal, ArkadiuszX
> Sent: Thursday, February 7, 2019 10:55 AM
> To: dev@dpdk.org
> Cc: akhil.goyal@nxp.com; Trahe, Fiona <fiona.trahe@intel.com>; shally.verma@caviumnetworks.com;
> sunila.sahu@caviumnetworks.com; ashish.gupta@caviumnetworks.com; Kusztal, ArkadiuszX
> <arkadiuszx.kusztal@intel.com>
> Subject: [PATCH] openssl: fix not clearing big numbers after computations
> 
> After performing mod exp and mod inv big numbers (BIGNUM) should
> be cleared as data already is copied into op fields and this BNs would
> very likely contain private information for unspecified amount of time
> (duration of the session).
> 
> Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations")
> 
> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
Acked-by: Fiona Trahe <fiona.trahe@intel.com>
Shally Verma Feb. 12, 2019, 11:01 a.m. | #2
>-----Original Message-----
>From: dev <dev-bounces@dpdk.org> On Behalf Of Arek Kusztal
>Sent: 07 February 2019 16:25
>To: dev@dpdk.org
>Cc: akhil.goyal@nxp.com; fiona.trahe@intel.com; shally.verma@caviumnetworks.com; sunila.sahu@caviumnetworks.com;
>ashish.gupta@caviumnetworks.com; Arek Kusztal <arkadiuszx.kusztal@intel.com>
>Subject: [dpdk-dev] [PATCH] openssl: fix not clearing big numbers after computations
>
>After performing mod exp and mod inv big numbers (BIGNUM) should
>be cleared as data already is copied into op fields and this BNs would
>very likely contain private information for unspecified amount of time
>(duration of the session).
>
>Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations")
>
>Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
>---
Acked-by: Shally Verma <shallyv@marvell.com>

> drivers/crypto/openssl/rte_openssl_pmd.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
>diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
>index ea5aac6..4ecc3c4 100644
>--- a/drivers/crypto/openssl/rte_openssl_pmd.c
>+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
>@@ -1795,6 +1795,9 @@ process_openssl_modinv_op(struct rte_crypto_op *cop,
> 		cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
> 	}
>
>+	BN_clear(res);
>+	BN_clear(base);
>+
> 	return 0;
> }
>
>@@ -1825,6 +1828,9 @@ process_openssl_modexp_op(struct rte_crypto_op *cop,
> 		cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
> 	}
>
>+	BN_clear(res);
>+	BN_clear(base);
>+
> 	return 0;
> }
>
>--
>2.1.0
Akhil Goyal March 6, 2019, 4:44 p.m. | #3
On 2/12/2019 4:31 PM, Shally Verma wrote:
>
>> -----Original Message-----
>> From: dev <dev-bounces@dpdk.org> On Behalf Of Arek Kusztal
>> Sent: 07 February 2019 16:25
>> To: dev@dpdk.org
>> Cc: akhil.goyal@nxp.com; fiona.trahe@intel.com; shally.verma@caviumnetworks.com; sunila.sahu@caviumnetworks.com;
>> ashish.gupta@caviumnetworks.com; Arek Kusztal <arkadiuszx.kusztal@intel.com>
>> Subject: [dpdk-dev] [PATCH] openssl: fix not clearing big numbers after computations
>>
>> After performing mod exp and mod inv big numbers (BIGNUM) should
>> be cleared as data already is copied into op fields and this BNs would
>> very likely contain private information for unspecified amount of time
>> (duration of the session).
>>
>> Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations")
>>
>> Signed-off-by: Arek Kusztal <arkadiuszx.kusztal@intel.com>
>> ---
> Acked-by: Shally Verma <shallyv@marvell.com>
>
>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

title changed to "crypto/openssl: fix big numbers after computations"
Applied to dpdk-next-crypto

Thanks

Patch

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index ea5aac6..4ecc3c4 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1795,6 +1795,9 @@  process_openssl_modinv_op(struct rte_crypto_op *cop,
 		cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
 	}
 
+	BN_clear(res);
+	BN_clear(base);
+
 	return 0;
 }
 
@@ -1825,6 +1828,9 @@  process_openssl_modexp_op(struct rte_crypto_op *cop,
 		cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
 	}
 
+	BN_clear(res);
+	BN_clear(base);
+
 	return 0;
 }