Acked-by: Kai Ji ________________________________ From: Gowrishankar Muthukrishnan Sent: 20 June 2025 09:19 To: dev@dpdk.org ; Ji, Kai ; Ashish Gupta ; Shally Verma ; Sunila Sahu Cc: anoobj@marvell.com ; Akhil Goyal ; Gowrishankar Muthukrishnan ; stable@dpdk.org Subject: [PATCH 1/3] crypto/openssl: include private exponent in RSA session If private exponent is available, it should be included within RSA session as per RFC 8017 (A.1.2). OpenSSL 1.1.1 implementation rely on this private exponent, to implicitly reject invalid cipher. Hence, check if it is available for session and include it. Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations") Cc: stable@dpdk.org Signed-off-by: Gowrishankar Muthukrishnan --- drivers/crypto/openssl/rte_openssl_pmd_ops.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c index 04e018f3df..d3aa396c76 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c @@ -1025,7 +1025,7 @@ static int openssl_set_asym_session_parameters( if (rsa == NULL) goto err_rsa; - if (xform->rsa.key_type == RTE_RSA_KEY_TYPE_EXP) { + if (xform->rsa.d.length > 0) { d = BN_bin2bn( (const unsigned char *)xform->rsa.d.data, xform->rsa.d.length, @@ -1034,7 +1034,9 @@ static int openssl_set_asym_session_parameters( RSA_free(rsa); goto err_rsa; } - } else { + } + + if (xform->rsa.key_type == RTE_RSA_KEY_TYPE_QT) { p = BN_bin2bn((const unsigned char *) xform->rsa.qt.p.data, xform->rsa.qt.p.length, -- 2.25.1