>-----Original Message-----
>From: dev <dev-boun...@dpdk.org> On Behalf Of Arek Kusztal
>Sent: 07 February 2019 16:25
>To: dev@dpdk.org
>Cc: akhil.go...@nxp.com; fiona.tr...@intel.com;
>shally.ve...@caviumnetworks.com; sunila.s...@caviumnetworks.com;
>ashish.gu...@caviumnetworks.com; Arek Kusztal <arkadiuszx.kusz...@intel.com>
>Subject: [dpdk-dev] [PATCH] openssl: fix not clearing big numbers after
>computations
>
>After performing mod exp and mod inv big numbers (BIGNUM) should
>be cleared as data already is copied into op fields and this BNs would
>very likely contain private information for unspecified amount of time
>(duration of the session).
>
>Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations")
>
>Signed-off-by: Arek Kusztal <arkadiuszx.kusz...@intel.com>
>---
Acked-by: Shally Verma <shal...@marvell.com>
> drivers/crypto/openssl/rte_openssl_pmd.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
>diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c
>b/drivers/crypto/openssl/rte_openssl_pmd.c
>index ea5aac6..4ecc3c4 100644
>--- a/drivers/crypto/openssl/rte_openssl_pmd.c
>+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
>@@ -1795,6 +1795,9 @@ process_openssl_modinv_op(struct rte_crypto_op *cop,
> cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
> }
>
>+ BN_clear(res);
>+ BN_clear(base);
>+
> return 0;
> }
>
>@@ -1825,6 +1828,9 @@ process_openssl_modexp_op(struct rte_crypto_op *cop,
> cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
> }
>
>+ BN_clear(res);
>+ BN_clear(base);
>+
> return 0;
> }
>
>--
>2.1.0
