From: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
To: <dev@dpdk.org>, Kai Ji <kai.ji@intel.com>,
Ashish Gupta <"ashishg@marvell.comashish.gupta"@marvell.com>,
Shally Verma <shallyv@marvell.com>,
Sunila Sahu <ssahu@marvell.com>
Cc: <anoobj@marvell.com>, Akhil Goyal <gakhil@marvell.com>,
"Gowrishankar Muthukrishnan" <gmuthukrishn@marvell.com>,
<stable@dpdk.org>
Subject: [PATCH 1/3] crypto/openssl: include private exponent in RSA session
Date: Fri, 20 Jun 2025 13:49:16 +0530 [thread overview]
Message-ID: <20250620081921.2145-1-gmuthukrishn@marvell.com> (raw)
If private exponent is available, it should be included within
RSA session as per RFC 8017 (A.1.2). OpenSSL 1.1.1 implementation
rely on this private exponent, to implicitly reject invalid cipher.
Hence, check if it is available for session and include it.
Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations")
Cc: stable@dpdk.org
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
drivers/crypto/openssl/rte_openssl_pmd_ops.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 04e018f3df..d3aa396c76 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -1025,7 +1025,7 @@ static int openssl_set_asym_session_parameters(
if (rsa == NULL)
goto err_rsa;
- if (xform->rsa.key_type == RTE_RSA_KEY_TYPE_EXP) {
+ if (xform->rsa.d.length > 0) {
d = BN_bin2bn(
(const unsigned char *)xform->rsa.d.data,
xform->rsa.d.length,
@@ -1034,7 +1034,9 @@ static int openssl_set_asym_session_parameters(
RSA_free(rsa);
goto err_rsa;
}
- } else {
+ }
+
+ if (xform->rsa.key_type == RTE_RSA_KEY_TYPE_QT) {
p = BN_bin2bn((const unsigned char *)
xform->rsa.qt.p.data,
xform->rsa.qt.p.length,
--
2.25.1
next reply other threads:[~2025-06-20 8:19 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-20 8:19 Gowrishankar Muthukrishnan [this message]
2025-06-20 8:19 ` [PATCH 2/3] test/crypto: fix RSA test vector as per RFC 8017 Gowrishankar Muthukrishnan
2025-06-20 8:19 ` [PATCH 3/3] test/crypto: fix RSA decrypt op validation Gowrishankar Muthukrishnan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250620081921.2145-1-gmuthukrishn@marvell.com \
--to=gmuthukrishn@marvell.com \
--cc="ashishg@marvell.comashish.gupta"@marvell.com \
--cc=anoobj@marvell.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=kai.ji@intel.com \
--cc=shallyv@marvell.com \
--cc=ssahu@marvell.com \
--cc=stable@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).