From: "Kusztal, ArkadiuszX" <arkadiuszx.kusztal@intel.com>
To: Ramkumar Balu <rbalu@marvell.com>,
Akhil Goyal <gakhil@marvell.com>,
"Anoob Joseph" <anoobj@marvell.com>,
"Doherty, Declan" <declan.doherty@intel.com>,
"Zhang, Roy Fan" <roy.fan.zhang@intel.com>,
Ankur Dwivedi <adwivedi@marvell.com>,
Tejasree Kondoj <ktejasree@marvell.com>
Cc: "stable@dpdk.org" <stable@dpdk.org>, "dev@dpdk.org" <dev@dpdk.org>
Subject: RE: [PATCH 2/5] crypto/openssl: fix output of RSA verify op
Date: Tue, 28 Dec 2021 09:10:58 +0000 [thread overview]
Message-ID: <PH0PR11MB5013FD6B41628E8CC79F1CF29F439@PH0PR11MB5013.namprd11.prod.outlook.com> (raw)
In-Reply-To: <20211129095159.16376-3-rbalu@marvell.com>
> -----Original Message-----
> From: Ramkumar Balu <rbalu@marvell.com>
> Sent: Monday, November 29, 2021 10:52 AM
> To: Akhil Goyal <gakhil@marvell.com>; Anoob Joseph <anoobj@marvell.com>;
> Doherty, Declan <declan.doherty@intel.com>; Zhang, Roy Fan
> <roy.fan.zhang@intel.com>; Ankur Dwivedi <adwivedi@marvell.com>; Tejasree
> Kondoj <ktejasree@marvell.com>
> Cc: stable@dpdk.org; dev@dpdk.org; Ramkumar <rbalu@marvell.com>
> Subject: [PATCH 2/5] crypto/openssl: fix output of RSA verify op
>
> From: Ramkumar <rbalu@marvell.com>
>
> During RSA verify, the OpenSSL PMD fails to return the plaintext after public key
> decryption.
> This patch fixes the OpenSSL PMD to return the decrypted plaintext in
> cipher.data / cipher.length fields
>
> Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations")
> Fixes: fe1606e0138c ("crypto/openssl: fix RSA verify operation")
> Cc: stable@dpdk.org
>
> Signed-off-by: Ramkumar <rbalu@marvell.com>
> ---
> drivers/crypto/openssl/rte_openssl_pmd.c | 16 +++++++++++-----
> 1 file changed, 11 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c
> b/drivers/crypto/openssl/rte_openssl_pmd.c
> index 5794ed8159..3ab2c3b5c1 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd.c
> +++ b/drivers/crypto/openssl/rte_openssl_pmd.c
> @@ -1953,12 +1953,16 @@ process_openssl_rsa_op(struct rte_crypto_op
> *cop,
> break;
>
> case RTE_CRYPTO_ASYM_OP_VERIFY:
> - tmp = rte_malloc(NULL, op->rsa.sign.length, 0);
> + tmp = op->rsa.cipher.data;
> if (tmp == NULL) {
> - OPENSSL_LOG(ERR, "Memory allocation failed");
> - cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
> - break;
> + tmp = rte_malloc(NULL, op->rsa.sign.length, 0);
> + if (tmp == NULL) {
> + OPENSSL_LOG(ERR, "Memory allocation
> failed");
> + cop->status =
> RTE_CRYPTO_OP_STATUS_ERROR;
> + break;
> + }
> }
> +
> ret = RSA_public_decrypt(op->rsa.sign.length,
> op->rsa.sign.data,
> tmp,
[Arek] - this function is deprecated and more importantly it properly handle only NO_PADDING situation (no der encoding, like pre TLS 1.2). OpenSSL code needs major refactor in this area soon (mostly in asymmetric crypto).
> @@ -1974,7 +1978,9 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
> OPENSSL_LOG(ERR, "RSA sign Verification failed");
> cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
> }
> - rte_free(tmp);
> + op->rsa.cipher.length = ret;
> + if (tmp != op->rsa.cipher.data)
> + rte_free(tmp);
> break;
>
> default:
> --
> 2.17.1
next prev parent reply other threads:[~2021-12-28 9:11 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-29 9:51 [PATCH 0/5] cryptodev: fix inconsistency in RSA op usage Ramkumar Balu
2021-11-29 9:51 ` [PATCH 1/5] cryptodev: fix RSA op cipher field description Ramkumar Balu
2021-11-29 9:51 ` [PATCH 2/5] crypto/openssl: fix output of RSA verify op Ramkumar Balu
2021-12-28 9:10 ` Kusztal, ArkadiuszX [this message]
2022-01-13 10:34 ` Ramkumar Balu
2021-11-29 9:51 ` [PATCH 3/5] crypto/octeontx: fix output field for RSA verify Ramkumar Balu
2021-11-29 9:51 ` [PATCH 4/5] crypto/octeontx2: " Ramkumar Balu
2021-11-29 9:51 ` [PATCH 5/5] crypto/cnxk: " Ramkumar Balu
2021-12-28 8:58 ` [PATCH 0/5] cryptodev: fix inconsistency in RSA op usage Kusztal, ArkadiuszX
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=PH0PR11MB5013FD6B41628E8CC79F1CF29F439@PH0PR11MB5013.namprd11.prod.outlook.com \
--to=arkadiuszx.kusztal@intel.com \
--cc=adwivedi@marvell.com \
--cc=anoobj@marvell.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=ktejasree@marvell.com \
--cc=rbalu@marvell.com \
--cc=roy.fan.zhang@intel.com \
--cc=stable@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).