* [PATCH] crypto/openssl: validate incorrect signature in verify op
@ 2025-02-16 14:28 Gowrishankar Muthukrishnan
2025-02-17 10:47 ` Ji, Kai
0 siblings, 1 reply; 2+ messages in thread
From: Gowrishankar Muthukrishnan @ 2025-02-16 14:28 UTC (permalink / raw)
To: dev, Akhil Goyal, Kai Ji, Fan Zhang
Cc: anoobj, Gowrishankar Muthukrishnan, stable
Return correct error status when incorrect signature is
used in RSA verify op.
Fixes: d7bd42f6db19 ("crypto/openssl: update RSA routine with 3.0 EVP API")
Cc: stable@dpdk.org
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
drivers/crypto/openssl/rte_openssl_pmd.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index b090611bd0..239688ed47 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -2710,6 +2710,8 @@ process_openssl_rsa_op_evp(struct rte_crypto_op *cop,
return ret;
}
+ cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+
switch (op->rsa.op_type) {
case RTE_CRYPTO_ASYM_OP_ENCRYPT:
if (EVP_PKEY_encrypt_init(rsa_ctx) != 1)
@@ -2807,6 +2809,7 @@ process_openssl_rsa_op_evp(struct rte_crypto_op *cop,
op->rsa.sign.data,
op->rsa.sign.length) <= 0) {
OPENSSL_free(tmp);
+ ret = 0;
goto err_rsa;
}
--
2.25.1
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH] crypto/openssl: validate incorrect signature in verify op
2025-02-16 14:28 [PATCH] crypto/openssl: validate incorrect signature in verify op Gowrishankar Muthukrishnan
@ 2025-02-17 10:47 ` Ji, Kai
0 siblings, 0 replies; 2+ messages in thread
From: Ji, Kai @ 2025-02-17 10:47 UTC (permalink / raw)
To: Gowrishankar Muthukrishnan, dev, Akhil Goyal, Fan Zhang; +Cc: anoobj, stable
[-- Attachment #1: Type: text/plain, Size: 1705 bytes --]
________________________________
From: Gowrishankar Muthukrishnan
Sent: Sunday, February 16, 2025 14:28
To: dev@dpdk.org; Akhil Goyal; Ji, Kai; Fan Zhang
Cc: anoobj@marvell.com; Gowrishankar Muthukrishnan; stable@dpdk.org
Subject: [PATCH] crypto/openssl: validate incorrect signature in verify op
Return correct error status when incorrect signature is
used in RSA verify op.
Fixes: d7bd42f6db19 ("crypto/openssl: update RSA routine with 3.0 EVP API")
Cc: stable@dpdk.org
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
drivers/crypto/openssl/rte_openssl_pmd.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index b090611bd0..239688ed47 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -2710,6 +2710,8 @@ process_openssl_rsa_op_evp(struct rte_crypto_op *cop,
return ret;
}
+ cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+
[Kai] I dont see any status need to be change between L.2694 to here, unless I missing anyhere.
switch (op->rsa.op_type) {
case RTE_CRYPTO_ASYM_OP_ENCRYPT:
if (EVP_PKEY_encrypt_init(rsa_ctx) != 1)
@@ -2807,6 +2809,7 @@ process_openssl_rsa_op_evp(struct rte_crypto_op *cop,
op->rsa.sign.data,
op->rsa.sign.length) <= 0) {
OPENSSL_free(tmp);
+ ret = 0;
[Kai] Please add some comments why ret need to return 0
goto err_rsa;
}
--
2.25.1
[-- Attachment #2: Type: text/html, Size: 4065 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-02-17 10:48 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-02-16 14:28 [PATCH] crypto/openssl: validate incorrect signature in verify op Gowrishankar Muthukrishnan
2025-02-17 10:47 ` Ji, Kai
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).