In case big number need to be freed, data it contains should be cleared
before especially if it is critical data like private keys.
Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations")
Signed-off-by: Arek Kusztal <arkadiuszx.kusz...@intel.com>
---
config/common_base | 4 ++--
drivers/crypto/openssl/rte_openssl_pmd_ops.c | 16 ++++++++--------
2 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/config/common_base b/config/common_base
index 6b96e0e..a3d8e17 100644
--- a/config/common_base
+++ b/config/common_base
@@ -573,7 +573,7 @@ CONFIG_RTE_LIBRTE_PMD_OCTEONTX_CRYPTO=y
#
CONFIG_RTE_LIBRTE_PMD_QAT=y
CONFIG_RTE_LIBRTE_PMD_QAT_SYM=n
-CONFIG_RTE_LIBRTE_PMD_QAT_ASYM=n
+CONFIG_RTE_LIBRTE_PMD_QAT_ASYM=y
#
# Max. number of QuickAssist devices, which can be detected and attached
#
@@ -597,7 +597,7 @@ CONFIG_RTE_LIBRTE_PMD_AESNI_MB=n
#
# Compile PMD for Software backed device
#
-CONFIG_RTE_LIBRTE_PMD_OPENSSL=n
+CONFIG_RTE_LIBRTE_PMD_OPENSSL=y
#
# Compile PMD for AESNI GCM device
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 40217cf..a307c91 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -912,14 +912,14 @@ static int openssl_set_asym_session_parameters(
asym_session->xfrm_type = RTE_CRYPTO_ASYM_XFORM_RSA;
break;
err_rsa:
- BN_free(n);
- BN_free(e);
- BN_free(d);
- BN_free(p);
- BN_free(q);
- BN_free(dmp1);
- BN_free(dmq1);
- BN_free(iqmp);
+ BN_clear_free(n);
+ BN_clear_free(e);
+ BN_clear_free(d);
+ BN_clear_free(p);
+ BN_clear_free(q);
+ BN_clear_free(dmp1);
+ BN_clear_free(dmq1);
+ BN_clear_free(iqmp);
return -1;
}
--
2.1.0
