diff mbox series

[v2,1/2] crypto/openssl: changes for RSA verify operation

Message ID 1540461621-28828-2-git-send-email-akash.saxena@caviumnetworks.com (mailing list archive)
State Accepted, archived
Delegated to: akhil goyal
Headers
Series Changes for RSA verify operation in OpenSSL PMD and unit tests |

Checks

Context Check Description
ci/Intel-compilation success Compilation OK

Commit Message

Akash Saxena Oct. 25, 2018, 10 a.m. UTC 
  Add tmp buffer to pass to OpenSSL sign API and memcmp output with
original plain text to verify signature match.
Set op->status = RTE_CRYPO_OP_STATUS_ERROR on signature mismatch.

Signed-off-by: Ayuj Verma <ayuj.verma@caviumnetworks.com>
Signed-off-by: Akash Saxena <akash.saxena@caviumnetworks.com>
Signed-off-by: Shally Verma <shally.verma@caviumnetworks.com>
---
 drivers/crypto/openssl/rte_openssl_pmd.c | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

Comments

Akhil Goyal Nov. 2, 2018, 11:25 a.m. UTC | #1 
On 10/25/2018 3:30 PM, Akash Saxena wrote:
> Add tmp buffer to pass to OpenSSL sign API and memcmp output with
> original plain text to verify signature match.
> Set op->status = RTE_CRYPO_OP_STATUS_ERROR on signature mismatch.
>
> Signed-off-by: Ayuj Verma <ayuj.verma@caviumnetworks.com>
> Signed-off-by: Akash Saxena <akash.saxena@caviumnetworks.com>
> Signed-off-by: Shally Verma <shally.verma@caviumnetworks.com>
> ---
>   drivers/crypto/openssl/rte_openssl_pmd.c | 22 +++++++++++++++-------
>   1 file changed, 15 insertions(+), 7 deletions(-)
>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
diff mbox series

Patch

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 003116d..11ea0d1 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1843,6 +1843,9 @@  process_openssl_rsa_op(struct rte_crypto_op *cop,
 	struct rte_crypto_asym_op *op = cop->asym;
 	RSA *rsa = sess->u.r.rsa;
 	uint32_t pad = (op->rsa.pad);
+	uint8_t *tmp;
+
+	cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
 
 	switch (pad) {
 	case RTE_CRYPTO_RSA_PKCS1_V1_5_BT0:
@@ -1895,9 +1898,15 @@  process_openssl_rsa_op(struct rte_crypto_op *cop,
 		break;
 
 	case RTE_CRYPTO_ASYM_OP_VERIFY:
+		tmp = rte_malloc(NULL, op->rsa.sign.length, 0);
+		if (tmp == NULL) {
+			OPENSSL_LOG(ERR, "Memory allocation failed");
+			cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+			break;
+		}
 		ret = RSA_public_decrypt(op->rsa.sign.length,
 				op->rsa.sign.data,
-				op->rsa.sign.data,
+				tmp,
 				rsa,
 				pad);
 
@@ -1905,13 +1914,12 @@  process_openssl_rsa_op(struct rte_crypto_op *cop,
 				"Length of public_decrypt %d "
 				"length of message %zd\n",
 				ret, op->rsa.message.length);
-
-		if (memcmp(op->rsa.sign.data, op->rsa.message.data,
-					op->rsa.message.length)) {
-			OPENSSL_LOG(ERR,
-					"RSA sign Verification failed");
-			return -1;
+		if ((ret <= 0) || (memcmp(tmp, op->rsa.message.data,
+				op->rsa.message.length))) {
+			OPENSSL_LOG(ERR, "RSA sign Verification failed");
+			cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
 		}
+		rte_free(tmp);
 		break;
 
 	default: