[PATCH 2/5] crypto/openssl: fix output of RSA verify op
Ramkumar Balu
rbalu at marvell.com
Thu Jan 13 11:34:33 CET 2022
Thank you for the comments. I agree that OpenSSL PMD needs a major refactoring in asym crypto.
I have asked Akhil to reject this patch series.
-----Original Message-----
From: Kusztal, ArkadiuszX <arkadiuszx.kusztal at intel.com>
Sent: Tuesday, December 28, 2021 2:41 PM
To: Ramkumar Balu <rbalu at marvell.com>; Akhil Goyal <gakhil at marvell.com>; Anoob Joseph <anoobj at marvell.com>; Doherty, Declan <declan.doherty at intel.com>; Zhang, Roy Fan <roy.fan.zhang at intel.com>; Ankur Dwivedi <adwivedi at marvell.com>; Tejasree Kondoj <ktejasree at marvell.com>
Cc: stable at dpdk.org; dev at dpdk.org
Subject: [EXT] RE: [PATCH 2/5] crypto/openssl: fix output of RSA verify op
----------------------------------------------------------------------
> -----Original Message-----
> From: Ramkumar Balu <rbalu at marvell.com>
> Sent: Monday, November 29, 2021 10:52 AM
> To: Akhil Goyal <gakhil at marvell.com>; Anoob Joseph
> <anoobj at marvell.com>; Doherty, Declan <declan.doherty at intel.com>;
> Zhang, Roy Fan <roy.fan.zhang at intel.com>; Ankur Dwivedi
> <adwivedi at marvell.com>; Tejasree Kondoj <ktejasree at marvell.com>
> Cc: stable at dpdk.org; dev at dpdk.org; Ramkumar <rbalu at marvell.com>
> Subject: [PATCH 2/5] crypto/openssl: fix output of RSA verify op
>
> From: Ramkumar <rbalu at marvell.com>
>
> During RSA verify, the OpenSSL PMD fails to return the plaintext after
> public key decryption.
> This patch fixes the OpenSSL PMD to return the decrypted plaintext in
> cipher.data / cipher.length fields
>
> Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym
> operations")
> Fixes: fe1606e0138c ("crypto/openssl: fix RSA verify operation")
> Cc: stable at dpdk.org
>
> Signed-off-by: Ramkumar <rbalu at marvell.com>
> ---
> drivers/crypto/openssl/rte_openssl_pmd.c | 16 +++++++++++-----
> 1 file changed, 11 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c
> b/drivers/crypto/openssl/rte_openssl_pmd.c
> index 5794ed8159..3ab2c3b5c1 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd.c
> +++ b/drivers/crypto/openssl/rte_openssl_pmd.c
> @@ -1953,12 +1953,16 @@ process_openssl_rsa_op(struct rte_crypto_op
> *cop,
> break;
>
> case RTE_CRYPTO_ASYM_OP_VERIFY:
> - tmp = rte_malloc(NULL, op->rsa.sign.length, 0);
> + tmp = op->rsa.cipher.data;
> if (tmp == NULL) {
> - OPENSSL_LOG(ERR, "Memory allocation failed");
> - cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
> - break;
> + tmp = rte_malloc(NULL, op->rsa.sign.length, 0);
> + if (tmp == NULL) {
> + OPENSSL_LOG(ERR, "Memory allocation
> failed");
> + cop->status =
> RTE_CRYPTO_OP_STATUS_ERROR;
> + break;
> + }
> }
> +
> ret = RSA_public_decrypt(op->rsa.sign.length,
> op->rsa.sign.data,
> tmp,
[Arek] - this function is deprecated and more importantly it properly handle only NO_PADDING situation (no der encoding, like pre TLS 1.2). OpenSSL code needs major refactor in this area soon (mostly in asymmetric crypto).
> @@ -1974,7 +1978,9 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
> OPENSSL_LOG(ERR, "RSA sign Verification failed");
> cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
> }
> - rte_free(tmp);
> + op->rsa.cipher.length = ret;
> + if (tmp != op->rsa.cipher.data)
> + rte_free(tmp);
> break;
>
> default:
> --
> 2.17.1
More information about the stable
mailing list