DPDK patches and discussions
 help / color / mirror / Atom feed
* [dpdk-dev v1] crypto/openssl: EVP_PKEY routine update in rsa op
@ 2022-06-30 10:38 Kai Ji
  2022-07-01 19:14 ` [EXT] " Akhil Goyal
                   ` (2 more replies)
  0 siblings, 3 replies; 7+ messages in thread
From: Kai Ji @ 2022-06-30 10:38 UTC (permalink / raw)
  To: dev; +Cc: gakhil, Kai Ji

EVP_PKEY function need to be called twice for rsa sign and verify
operations. This patch also remove the OPENSSL_API_COMPAT as all
the deprecated APIs are avoid if 3.0 lib is present.

Fixes: d7bd42f6db19 ("crypto/openssl: update RSA routine with 3.0 EVP API")
Cc: kai.ji@intel.com

Signed-off-by: Kai Ji <kai.ji@intel.com>
---
 drivers/crypto/openssl/rte_openssl_pmd.c     | 32 ++++++++++++++------
 drivers/crypto/openssl/rte_openssl_pmd_ops.c |  2 --
 2 files changed, 22 insertions(+), 12 deletions(-)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 84bca86894..e01dacc98d 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1788,7 +1788,7 @@ process_openssl_dsa_sign_op_evp(struct rte_crypto_op *cop,
 	if (key_ctx == NULL
 		|| EVP_PKEY_fromdata_init(key_ctx) <= 0
 		|| EVP_PKEY_fromdata(key_ctx, &pkey,
-						EVP_PKEY_PUBLIC_KEY, params) <= 0)
+			EVP_PKEY_KEYPAIR, params) <= 0)
 		goto err_dsa_sign;
 
 	dsa_ctx = EVP_PKEY_CTX_new(pkey, NULL);
@@ -2478,6 +2478,14 @@ process_openssl_rsa_op_evp(struct rte_crypto_op *cop,
 		if (EVP_PKEY_CTX_set_rsa_padding(rsa_ctx, pad) <= 0)
 			goto err_rsa;
 
+		if (EVP_PKEY_sign(rsa_ctx, NULL, &outlen,
+				op->rsa.message.data,
+				op->rsa.message.length) <= 0)
+			goto err_rsa;
+
+		if (outlen <= 0)
+			goto err_rsa;
+
 		if (EVP_PKEY_sign(rsa_ctx, op->rsa.sign.data, &outlen,
 				op->rsa.message.data,
 				op->rsa.message.length) <= 0)
@@ -2486,19 +2494,23 @@ process_openssl_rsa_op_evp(struct rte_crypto_op *cop,
 		break;
 
 	case RTE_CRYPTO_ASYM_OP_VERIFY:
-		tmp = rte_malloc(NULL, op->rsa.sign.length, 0);
-		if (tmp == NULL) {
-			OPENSSL_LOG(ERR, "Memory allocation failed");
+		if (EVP_PKEY_verify_recover_init(rsa_ctx) <= 0)
 			goto err_rsa;
-		}
 
-		if (EVP_PKEY_verify_recover_init(rsa_ctx) <= 0) {
-			rte_free(tmp);
+		if (EVP_PKEY_CTX_set_rsa_padding(rsa_ctx, pad) <= 0)
 			goto err_rsa;
-		}
 
-		if (EVP_PKEY_CTX_set_rsa_padding(rsa_ctx, pad) <= 0) {
-			rte_free(tmp);
+		if (EVP_PKEY_verify_recover(rsa_ctx, NULL, &outlen,
+				op->rsa.sign.data,
+				op->rsa.sign.length) <= 0)
+			goto err_rsa;
+
+		if ((outlen <= 0) || (outlen != op->rsa.sign.length))
+			goto err_rsa;
+
+		tmp = OPENSSL_malloc(outlen);
+		if (tmp == NULL) {
+			OPENSSL_LOG(ERR, "Memory allocation failed");
 			goto err_rsa;
 		}
 
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 8d1f8e834a..3e24ef94f7 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -2,8 +2,6 @@
  * Copyright(c) 2016-2017 Intel Corporation
  */
 
-#define OPENSSL_API_COMPAT 0x10100000L
-
 #include <string.h>
 
 #include <rte_common.h>
-- 
2.17.1


^ permalink raw reply	[flat|nested] 7+ messages in thread

* RE: [EXT] [dpdk-dev v1] crypto/openssl: EVP_PKEY routine update in rsa op
  2022-06-30 10:38 [dpdk-dev v1] crypto/openssl: EVP_PKEY routine update in rsa op Kai Ji
@ 2022-07-01 19:14 ` Akhil Goyal
  2022-07-04 19:45 ` Thomas Monjalon
  2022-07-05 13:16 ` [dpdk-dev v2] " Kai Ji
  2 siblings, 0 replies; 7+ messages in thread
From: Akhil Goyal @ 2022-07-01 19:14 UTC (permalink / raw)
  To: Kai Ji, dev

> EVP_PKEY function need to be called twice for rsa sign and verify
> operations. This patch also remove the OPENSSL_API_COMPAT as all
> the deprecated APIs are avoid if 3.0 lib is present.
> 
> Fixes: d7bd42f6db19 ("crypto/openssl: update RSA routine with 3.0 EVP API")
> Cc: kai.ji@intel.com
No need to self cc
> 
> Signed-off-by: Kai Ji <kai.ji@intel.com>
Applied to dpdk-next-crypto

Thanks.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [dpdk-dev v1] crypto/openssl: EVP_PKEY routine update in rsa op
  2022-06-30 10:38 [dpdk-dev v1] crypto/openssl: EVP_PKEY routine update in rsa op Kai Ji
  2022-07-01 19:14 ` [EXT] " Akhil Goyal
@ 2022-07-04 19:45 ` Thomas Monjalon
  2022-07-05 10:43   ` Ji, Kai
  2022-07-05 13:16 ` [dpdk-dev v2] " Kai Ji
  2 siblings, 1 reply; 7+ messages in thread
From: Thomas Monjalon @ 2022-07-04 19:45 UTC (permalink / raw)
  To: Kai Ji; +Cc: dev, gakhil

30/06/2022 12:38, Kai Ji:
> EVP_PKEY function need to be called twice for rsa sign and verify
> operations. This patch also remove the OPENSSL_API_COMPAT as all
> the deprecated APIs are avoid if 3.0 lib is present.

I prefer not pulling this patch for now because it is not clear.

1/ What is fixed exactly? All RSA sign and verify were broken?
2/ Do you mean OpenSSL 3 is required?




^ permalink raw reply	[flat|nested] 7+ messages in thread

* RE: [dpdk-dev v1] crypto/openssl: EVP_PKEY routine update in rsa op
  2022-07-04 19:45 ` Thomas Monjalon
@ 2022-07-05 10:43   ` Ji, Kai
  2022-07-05 10:55     ` Thomas Monjalon
  0 siblings, 1 reply; 7+ messages in thread
From: Ji, Kai @ 2022-07-05 10:43 UTC (permalink / raw)
  To: Thomas Monjalon; +Cc: dev, gakhil

Hi Thomas, 

> -----Original Message-----
> From: Thomas Monjalon <thomas@monjalon.net>
> Sent: Monday, July 4, 2022 8:45 PM
> To: Ji, Kai <kai.ji@intel.com>
> Cc: dev@dpdk.org; gakhil@marvell.com
> Subject: Re: [dpdk-dev v1] crypto/openssl: EVP_PKEY routine update in rsa
> op
> 
> 30/06/2022 12:38, Kai Ji:
> > EVP_PKEY function need to be called twice for rsa sign and verify
> > operations. This patch also remove the OPENSSL_API_COMPAT as all the
> > deprecated APIs are avoid if 3.0 lib is present.
> 
> I prefer not pulling this patch for now because it is not clear.
> 
> 1/ What is fixed exactly? All RSA sign and verify were broken?
No, this patch fix the 3.0 EVP API in RSA sign and verify routine,  original openssl 1.x rsa sign and verify routines are untouched. 
The original patch set for Openssl 3.0 EVP API is here: 
http://patchwork.dpdk.org/project/dpdk/patch/20220621154214.78176-3-kai.ji@intel.com/


> 2/ Do you mean OpenSSL 3 is required?
No, this branch code will be only executed when Openssl 3.0 lib is detected on the host.  

> 
> 


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [dpdk-dev v1] crypto/openssl: EVP_PKEY routine update in rsa op
  2022-07-05 10:43   ` Ji, Kai
@ 2022-07-05 10:55     ` Thomas Monjalon
  0 siblings, 0 replies; 7+ messages in thread
From: Thomas Monjalon @ 2022-07-05 10:55 UTC (permalink / raw)
  To: Ji, Kai; +Cc: dev, gakhil

05/07/2022 12:43, Ji, Kai:
> From: Thomas Monjalon <thomas@monjalon.net>
> > 30/06/2022 12:38, Kai Ji:
> > > EVP_PKEY function need to be called twice for rsa sign and verify
> > > operations. This patch also remove the OPENSSL_API_COMPAT as all the
> > > deprecated APIs are avoid if 3.0 lib is present.
> > 
> > I prefer not pulling this patch for now because it is not clear.
> > 
> > 1/ What is fixed exactly? All RSA sign and verify were broken?
> No, this patch fix the 3.0 EVP API in RSA sign and verify routine,  original openssl 1.x rsa sign and verify routines are untouched. 
> The original patch set for Openssl 3.0 EVP API is here: 
> http://patchwork.dpdk.org/project/dpdk/patch/20220621154214.78176-3-kai.ji@intel.com/
> 
> 
> > 2/ Do you mean OpenSSL 3 is required?
> No, this branch code will be only executed when Openssl 3.0 lib is detected on the host.  

OK, please could you reword the commit message
so I can apply it to the commit?
Thanks






^ permalink raw reply	[flat|nested] 7+ messages in thread

* [dpdk-dev v2] crypto/openssl: EVP_PKEY routine update in rsa op
  2022-06-30 10:38 [dpdk-dev v1] crypto/openssl: EVP_PKEY routine update in rsa op Kai Ji
  2022-07-01 19:14 ` [EXT] " Akhil Goyal
  2022-07-04 19:45 ` Thomas Monjalon
@ 2022-07-05 13:16 ` Kai Ji
  2022-07-05 16:33   ` [EXT] " Akhil Goyal
  2 siblings, 1 reply; 7+ messages in thread
From: Kai Ji @ 2022-07-05 13:16 UTC (permalink / raw)
  To: dev; +Cc: gakhil, thomas, Kai Ji

EVP_PKEY function need to be called twice for rsa sign and verify
operations in 3.0 EVP API, original openssl 1.x routines are
untouched. The OPENSSL_API_COMPAT also removed as this branch code
will be executed when Openssl 3.0 lib is detected on the host.

Fixes: d7bd42f6db19 ("crypto/openssl: update RSA routine with 3.0 EVP API")

Signed-off-by: Kai Ji <kai.ji@intel.com>
---
 drivers/crypto/openssl/rte_openssl_pmd.c     | 32 ++++++++++++++------
 drivers/crypto/openssl/rte_openssl_pmd_ops.c |  2 --
 2 files changed, 22 insertions(+), 12 deletions(-)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 84bca86894..e01dacc98d 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1788,7 +1788,7 @@ process_openssl_dsa_sign_op_evp(struct rte_crypto_op *cop,
 	if (key_ctx == NULL
 		|| EVP_PKEY_fromdata_init(key_ctx) <= 0
 		|| EVP_PKEY_fromdata(key_ctx, &pkey,
-						EVP_PKEY_PUBLIC_KEY, params) <= 0)
+			EVP_PKEY_KEYPAIR, params) <= 0)
 		goto err_dsa_sign;
 
 	dsa_ctx = EVP_PKEY_CTX_new(pkey, NULL);
@@ -2478,6 +2478,14 @@ process_openssl_rsa_op_evp(struct rte_crypto_op *cop,
 		if (EVP_PKEY_CTX_set_rsa_padding(rsa_ctx, pad) <= 0)
 			goto err_rsa;
 
+		if (EVP_PKEY_sign(rsa_ctx, NULL, &outlen,
+				op->rsa.message.data,
+				op->rsa.message.length) <= 0)
+			goto err_rsa;
+
+		if (outlen <= 0)
+			goto err_rsa;
+
 		if (EVP_PKEY_sign(rsa_ctx, op->rsa.sign.data, &outlen,
 				op->rsa.message.data,
 				op->rsa.message.length) <= 0)
@@ -2486,19 +2494,23 @@ process_openssl_rsa_op_evp(struct rte_crypto_op *cop,
 		break;
 
 	case RTE_CRYPTO_ASYM_OP_VERIFY:
-		tmp = rte_malloc(NULL, op->rsa.sign.length, 0);
-		if (tmp == NULL) {
-			OPENSSL_LOG(ERR, "Memory allocation failed");
+		if (EVP_PKEY_verify_recover_init(rsa_ctx) <= 0)
 			goto err_rsa;
-		}
 
-		if (EVP_PKEY_verify_recover_init(rsa_ctx) <= 0) {
-			rte_free(tmp);
+		if (EVP_PKEY_CTX_set_rsa_padding(rsa_ctx, pad) <= 0)
 			goto err_rsa;
-		}
 
-		if (EVP_PKEY_CTX_set_rsa_padding(rsa_ctx, pad) <= 0) {
-			rte_free(tmp);
+		if (EVP_PKEY_verify_recover(rsa_ctx, NULL, &outlen,
+				op->rsa.sign.data,
+				op->rsa.sign.length) <= 0)
+			goto err_rsa;
+
+		if ((outlen <= 0) || (outlen != op->rsa.sign.length))
+			goto err_rsa;
+
+		tmp = OPENSSL_malloc(outlen);
+		if (tmp == NULL) {
+			OPENSSL_LOG(ERR, "Memory allocation failed");
 			goto err_rsa;
 		}
 
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 8d1f8e834a..3e24ef94f7 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -2,8 +2,6 @@
  * Copyright(c) 2016-2017 Intel Corporation
  */
 
-#define OPENSSL_API_COMPAT 0x10100000L
-
 #include <string.h>
 
 #include <rte_common.h>
-- 
2.17.1


^ permalink raw reply	[flat|nested] 7+ messages in thread

* RE: [EXT] [dpdk-dev v2] crypto/openssl: EVP_PKEY routine update in rsa op
  2022-07-05 13:16 ` [dpdk-dev v2] " Kai Ji
@ 2022-07-05 16:33   ` Akhil Goyal
  0 siblings, 0 replies; 7+ messages in thread
From: Akhil Goyal @ 2022-07-05 16:33 UTC (permalink / raw)
  To: Kai Ji, dev; +Cc: thomas

> EVP_PKEY function need to be called twice for rsa sign and verify
> operations in 3.0 EVP API, original openssl 1.x routines are
> untouched. The OPENSSL_API_COMPAT also removed as this branch code
> will be executed when Openssl 3.0 lib is detected on the host.
> 
> Fixes: d7bd42f6db19 ("crypto/openssl: update RSA routine with 3.0 EVP API")
> 
> Signed-off-by: Kai Ji <kai.ji@intel.com>
Applied again on dpdk-next-crypto
Reworded title and description.

Thanks.

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2022-07-05 16:33 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-30 10:38 [dpdk-dev v1] crypto/openssl: EVP_PKEY routine update in rsa op Kai Ji
2022-07-01 19:14 ` [EXT] " Akhil Goyal
2022-07-04 19:45 ` Thomas Monjalon
2022-07-05 10:43   ` Ji, Kai
2022-07-05 10:55     ` Thomas Monjalon
2022-07-05 13:16 ` [dpdk-dev v2] " Kai Ji
2022-07-05 16:33   ` [EXT] " Akhil Goyal

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).