[PATCH] test/crypto: fix RSA decrypt op validation

[PATCH] test/crypto: fix RSA decrypt op validation

[Gowrishankar Muthukrishnan]

Following RSA encrypt op, same plaintext buffer is used as output
buffer for decrypt op, hence comparing plaintext buffer against
same buffer pointer in crypto op always succeed irrespective of
whether decrypt op succeeds or not. This patch fixes this issue
with a local buffer for crypto op.

Fixes: 5ae36995f10 ("test/crypto: move RSA enqueue/dequeue into functions")
Cc: stable@dpdk.org

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
 app/test/test_cryptodev_asym.c | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 226270556d..cd4fe7e14e 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -174,7 +174,10 @@ queue_ops_rsa_enc_dec(void *sess)
 	struct rte_crypto_op *op, *result_op;
 	struct rte_crypto_asym_op *asym_op;
 	uint8_t cipher_buf[TEST_DATA_SIZE] = {0};
-	int ret, status = TEST_SUCCESS;
+	uint8_t msg_buf[TEST_DATA_SIZE] = {0};
+	int ret, status;
+
+	memcpy(msg_buf, rsaplaintext.data, rsaplaintext.len);
 
 	/* Set up crypto op data structure */
 	op = rte_crypto_op_alloc(op_mpool, RTE_CRYPTO_OP_TYPE_ASYMMETRIC);
@@ -189,7 +192,7 @@ queue_ops_rsa_enc_dec(void *sess)
 	/* Compute encryption on the test vector */
 	asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_ENCRYPT;
 
-	asym_op->rsa.message.data = rsaplaintext.data;
+	asym_op->rsa.message.data = msg_buf;
 	asym_op->rsa.cipher.data = cipher_buf;
 	asym_op->rsa.cipher.length = RTE_DIM(rsa_n);
 	asym_op->rsa.message.length = rsaplaintext.len;
@@ -224,6 +227,7 @@ queue_ops_rsa_enc_dec(void *sess)
 	asym_op = result_op->asym;
 	asym_op->rsa.message.length = RTE_DIM(rsa_n);
 	asym_op->rsa.op_type = RTE_CRYPTO_ASYM_OP_DECRYPT;
+	memset(asym_op->rsa.message.data, 0, asym_op->rsa.message.length);
 
 	/* Process crypto operation */
 	if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) {
@@ -240,11 +244,20 @@ queue_ops_rsa_enc_dec(void *sess)
 		status = TEST_FAILED;
 		goto error_exit;
 	}
-	status = TEST_SUCCESS;
+
+	if (result_op->status != RTE_CRYPTO_OP_STATUS_SUCCESS) {
+		RTE_LOG(ERR, USER1, "Expected crypto op to succeed\n");
+		status = TEST_FAILED;
+		goto error_exit;
+	}
+
 	ret = rsa_verify(&rsaplaintext, result_op);
-	if (ret)
+	if (ret) {
 		status = TEST_FAILED;
+		goto error_exit;
+	}
 
+	status = TEST_SUCCESS;
 error_exit:
 
 	rte_crypto_op_free(op);
-- 
2.25.1

RE: [PATCH] test/crypto: fix RSA decrypt op validation

[Gowrishankar Muthukrishnan]

Recheck unit test failure for openssl 1.1.1 in some distros.

Recheck-request: iol-unit-amd64-testing
--
Gowrishankar

> 
> Following RSA encrypt op, same plaintext buffer is used as output buffer for
> decrypt op, hence comparing plaintext buffer against same buffer pointer in
> crypto op always succeed irrespective of whether decrypt op succeeds or not.
> This patch fixes this issue with a local buffer for crypto op.
> 
> Fixes: 5ae36995f10 ("test/crypto: move RSA enqueue/dequeue into
> functions")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>

RE: [PATCH] test/crypto: fix RSA decrypt op validation

[Gowrishankar Muthukrishnan]

Hi Kai Ji,
This patch adds a check on cop status after DECRYPT in existing RSA test.There are
few CI failures for this patch and the failures are very specific to Openssl 1.1.1 variants
used in below platforms:
* Ubuntu 20.04 - Openssl 1.1.1f
* RHEL 8 - Openssl 1.1.1k

When I manually build these Openssl variants in the above platforms (using
Docker images) and execute tests using respective openssl shared libraries,
all tests PASS. If I use Openssl library that is shipped within the above 
distributions, the test in patch FAIL.

I would like to get your opinion first to proceed on getting these patches CI acked.
In my debug, I don't see any issue with the patch and the patch adds better
Validation indeed. May be that, it has uncovered a potential failure in above
Distros. Can you check on your end if these failures disappear in manual try.
What would you suggest to go forward, for openssl PMD ?

If required, I can start filing a Bugzilla as well.

Thanks,
Gowrishankar

> 
> Following RSA encrypt op, same plaintext buffer is used as output buffer for
> decrypt op, hence comparing plaintext buffer against same buffer pointer in
> crypto op always succeed irrespective of whether decrypt op succeeds or not.
> This patch fixes this issue with a local buffer for crypto op.
> 
> Fixes: 5ae36995f10 ("test/crypto: move RSA enqueue/dequeue into
> functions")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>