* [PATCH 2/8] crypto/cnxk: fix compilation error and warnings
[not found] <20250821045300.3787899-1-ktejasree@marvell.com>
@ 2025-08-21 4:52 ` Tejasree Kondoj
2025-08-21 4:52 ` [PATCH 6/8] crypto/cnxk: refactor rsa verification Tejasree Kondoj
1 sibling, 0 replies; 2+ messages in thread
From: Tejasree Kondoj @ 2025-08-21 4:52 UTC (permalink / raw)
To: Akhil Goyal
Cc: Nithinsen Kaithakadan, Anoob Joseph, Aakash Sasidharan,
Rupesh Chiluka, Sucharitha Sarananaga, Vidya Sagar Velumuri, dev,
stable
From: Nithinsen Kaithakadan <nkaithakadan@marvell.com>
Remove multiple return statements.
Fix compilation error in debug mode.
Fixes: 8fc370ee0208 ("crypto/cnxk: add CN20K security skeleton")
Cc: stable@dpdk.org
Signed-off-by: Nithinsen Kaithakadan <nkaithakadan@marvell.com>
---
drivers/crypto/cnxk/cn20k_ipsec.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/crypto/cnxk/cn20k_ipsec.c b/drivers/crypto/cnxk/cn20k_ipsec.c
index 8f79033ccc..0bca863492 100644
--- a/drivers/crypto/cnxk/cn20k_ipsec.c
+++ b/drivers/crypto/cnxk/cn20k_ipsec.c
@@ -373,6 +373,4 @@ cn20k_ipsec_session_update(struct cnxk_cpt_vf *vf, struct cnxk_cpt_qp *qp,
return cn20k_ipsec_outb_sa_create(roc_cpt, &qp->lf, &conf->ipsec, conf->crypto_xform,
(struct cn20k_sec_session *)sess);
-
- return 0;
}
--
2.25.1
^ permalink raw reply [flat|nested] 2+ messages in thread* [PATCH 6/8] crypto/cnxk: refactor rsa verification
[not found] <20250821045300.3787899-1-ktejasree@marvell.com>
2025-08-21 4:52 ` [PATCH 2/8] crypto/cnxk: fix compilation error and warnings Tejasree Kondoj
@ 2025-08-21 4:52 ` Tejasree Kondoj
1 sibling, 0 replies; 2+ messages in thread
From: Tejasree Kondoj @ 2025-08-21 4:52 UTC (permalink / raw)
To: Akhil Goyal
Cc: Sucharitha Sarananaga, Anoob Joseph, Aakash Sasidharan,
Nithinsen Kaithakadan, Rupesh Chiluka, Vidya Sagar Velumuri, dev,
stable
From: Sucharitha Sarananaga <ssarananaga@marvell.com>
This patch avoid copying the decrypted message into
the signature buffer, which is actually an input to the
verify operation. This prevents overwriting the input
buffer unnecessarily.
Fixes: 6661bedf1605 ("crypto/cnxk: add asymmetric datapath")
Cc: stable@dpdk.org
Signed-off-by: Sucharitha Sarananaga <ssarananaga@marvell.com>
---
drivers/crypto/cnxk/cnxk_ae.h | 15 ++++++---------
1 file changed, 6 insertions(+), 9 deletions(-)
diff --git a/drivers/crypto/cnxk/cnxk_ae.h b/drivers/crypto/cnxk/cnxk_ae.h
index 8508ab8736..912a2a9496 100644
--- a/drivers/crypto/cnxk/cnxk_ae.h
+++ b/drivers/crypto/cnxk/cnxk_ae.h
@@ -1592,20 +1592,17 @@ cnxk_ae_dequeue_rsa_op(struct rte_crypto_op *cop, uint8_t *rptr,
case RTE_CRYPTO_ASYM_OP_VERIFY:
if (rsa_ctx->padding.type == RTE_CRYPTO_RSA_PADDING_NONE) {
rsa->sign.length = rsa_ctx->n.length;
- memcpy(rsa->sign.data, rptr, rsa->sign.length);
+ if (memcmp(rptr, rsa->message.data, rsa->message.length))
+ cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
} else {
/* Get length of signed output */
- rsa->sign.length =
- rte_cpu_to_be_16(*((uint16_t *)rptr));
+ rsa->sign.length = rte_cpu_to_be_16(*((uint16_t *)rptr));
/*
* Offset output data pointer by length field
- * (2 bytes) and copy signed data.
+ * (2 bytes) and compare signed data.
*/
- memcpy(rsa->sign.data, rptr + 2, rsa->sign.length);
- }
- if (memcmp(rsa->sign.data, rsa->message.data,
- rsa->message.length)) {
- cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+ if (memcmp(rptr + 2, rsa->message.data, rsa->message.length))
+ cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
}
break;
default:
--
2.25.1
^ permalink raw reply [flat|nested] 2+ messages in thread