After performing mod exp and mod inv big numbers (BIGNUM) should
be cleared as data already is copied into op fields and this BNs would
very likely contain private information for unspecified amount of time
(duration of the session).
Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations")
Signed-off-by: Arek Kusztal <arkadiuszx.kusz...@intel.com>
---
drivers/crypto/openssl/rte_openssl_pmd.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c
b/drivers/crypto/openssl/rte_openssl_pmd.c
index ea5aac6..4ecc3c4 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1795,6 +1795,9 @@ process_openssl_modinv_op(struct rte_crypto_op *cop,
cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
}
+ BN_clear(res);
+ BN_clear(base);
+
return 0;
}
@@ -1825,6 +1828,9 @@ process_openssl_modexp_op(struct rte_crypto_op *cop,
cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
}
+ BN_clear(res);
+ BN_clear(base);
+
return 0;
}
--
2.1.0
