RE: [EXT] [dpdk-dev v4 2/4] crypto/openssl: 3.0 EVP update on RSA routine

DPDK patches and discussions
 help / color / mirror / Atom feed

From: "Ji, Kai" <kai.ji@intel.com>
To: Akhil Goyal <gakhil@marvell.com>, "dev@dpdk.org" <dev@dpdk.org>
Subject: RE: [EXT] [dpdk-dev v4 2/4] crypto/openssl: 3.0 EVP update on RSA routine
Date: Tue, 21 Jun 2022 13:35:59 +0000	[thread overview]
Message-ID: <SN6PR11MB3408398C6C0210502A2235D681B39@SN6PR11MB3408.namprd11.prod.outlook.com> (raw)
In-Reply-To: <CO6PR18MB4484C3836817A3F7FC5203C4D8B39@CO6PR18MB4484.namprd18.prod.outlook.com>



> -----Original Message-----
> > --- a/drivers/crypto/openssl/rte_openssl_pmd.c
> > +++ b/drivers/crypto/openssl/rte_openssl_pmd.c
> > @@ -2046,6 +2046,150 @@ process_openssl_modexp_op(struct
> rte_crypto_op
> > *cop,  }
> >
> >  /* process rsa operations */
> > +#if (OPENSSL_VERSION_NUMBER >= 0x30000000L) static int
> > +process_openssl_rsa_op_evp(struct rte_crypto_op *cop,
> > +		struct openssl_asym_session *sess)
> > +{
> > +	struct rte_crypto_asym_op *op = cop->asym;
> > +	uint32_t pad = (op->rsa.padding.type);
> > +	uint8_t *tmp;
> > +	size_t outlen = 0;
> > +	int ret = -1;
> > +
> > +	cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
> > +	EVP_PKEY_CTX *rsa_ctx = sess->u.r.ctx;
> > +	if (!rsa_ctx)
> > +		return ret;
> > +
> > +	switch (pad) {
> > +	case RTE_CRYPTO_RSA_PADDING_PKCS1_5:
> > +		pad = RSA_PKCS1_PADDING;
> > +		break;
> > +	case RTE_CRYPTO_RSA_PADDING_NONE:
> > +		pad = RSA_NO_PADDING;
> > +		break;
> > +	default:
> > +		cop->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
> > +		OPENSSL_LOG(ERR,
> > +				"rsa pad type not supported %d\n", pad);
> > +		return ret;
> > +	}
> > +
> > +	switch (op->rsa.op_type) {
> > +	case RTE_CRYPTO_ASYM_OP_ENCRYPT:
> > +		if (EVP_PKEY_encrypt_init(rsa_ctx) != 1)
> > +			goto err_rsa;
> > +
> > +		if (EVP_PKEY_CTX_set_rsa_padding(rsa_ctx, pad) <= 0)
> > +			goto err_rsa;
> > +
> > +		if (EVP_PKEY_encrypt(rsa_ctx, NULL, &outlen,
> > +							op-
> >rsa.message.data,
> > +							op-
> > >rsa.message.length) <= 0)
> 
> Remove extra indentation here and below also.
> 
> Cop->status is not updated in case of failure gotos.
>
Cop->status was assigned RTE_CRYPTO_OP_STATUS_ERROR at the top of this func, and only change to 
RTE_CRYPTO_OP_STATUS_SUCCESS before the return when no failure. 

> 
> > +			goto err_rsa;
> > +
> > +		if (outlen <= 0)
> > +			goto err_rsa;
> > +
> > +		if (EVP_PKEY_encrypt(rsa_ctx, op->rsa.cipher.data, &outlen,
> > +							op-
> >rsa.message.data,
> > +							op-
> > >rsa.message.length) <= 0)
> > +			goto err_rsa;
> > +		op->rsa.cipher.length = outlen;
> > +
> > +		OPENSSL_LOG(DEBUG,
> > +				"length of encrypted text %zu\n", outlen);
> > +		break;
> > +
> > +	case RTE_CRYPTO_ASYM_OP_DECRYPT:
> > +		if (EVP_PKEY_decrypt_init(rsa_ctx) != 1)
> > +			goto err_rsa;
> > +
> > +		if (EVP_PKEY_CTX_set_rsa_padding(rsa_ctx, pad) <= 0)
> > +			goto err_rsa;
> > +
> > +		if (EVP_PKEY_decrypt(rsa_ctx, NULL, &outlen,
> > +							op->rsa.cipher.data,
> > +							op->rsa.cipher.length)
> > <= 0)
> > +			goto err_rsa;
> > +
> > +		if (outlen <= 0)
> > +			goto err_rsa;
> > +
> > +		if (EVP_PKEY_decrypt(rsa_ctx, op->rsa.message.data,
> &outlen,
> > +							op->rsa.cipher.data,
> > +							op->rsa.cipher.length)
> > <= 0)
> > +			goto err_rsa;
> > +		op->rsa.message.length = outlen;
> > +
> > +		OPENSSL_LOG(DEBUG, "length of decrypted text %zu\n",
> > outlen);
> > +		break;
> > +
> > +	case RTE_CRYPTO_ASYM_OP_SIGN:
> > +		if (EVP_PKEY_sign_init(rsa_ctx) <= 0)
> > +			goto err_rsa;
> > +
> > +		if (EVP_PKEY_CTX_set_rsa_padding(rsa_ctx, pad) <= 0)
> > +			goto err_rsa;
> > +
> > +		if (EVP_PKEY_sign(rsa_ctx, op->rsa.sign.data, &outlen,
> > +							op-
> >rsa.message.data,
> > +							op-
> > >rsa.message.length) <= 0)
> > +			goto err_rsa;
> > +		op->rsa.sign.length = outlen;
> > +		break;
> > +
> > +	case RTE_CRYPTO_ASYM_OP_VERIFY:
> > +		tmp = rte_malloc(NULL, op->rsa.sign.length, 0);
> > +		if (tmp == NULL) {
> > +			OPENSSL_LOG(ERR, "Memory allocation failed");
> > +			goto err_rsa;
> > +		}
> > +
> > +		if (EVP_PKEY_verify_recover_init(rsa_ctx) <= 0) {
> > +			rte_free(tmp);
> > +			goto err_rsa;
> > +		}
> > +
> > +		if (EVP_PKEY_CTX_set_rsa_padding(rsa_ctx, pad) <= 0) {
> > +			rte_free(tmp);
> > +			goto err_rsa;
> > +		}
> > +
> > +		if (EVP_PKEY_verify_recover(rsa_ctx, tmp, &outlen,
> > +							op->rsa.sign.data,
> > +							op->rsa.sign.length)
> <=
> > 0) {
> > +			rte_free(tmp);
> > +			goto err_rsa;
> > +		}
> > +
> > +		OPENSSL_LOG(DEBUG,
> > +				"Length of public_decrypt %zu "
> > +				"length of message %zd\n",
> > +				outlen, op->rsa.message.length);
> > +		if (CRYPTO_memcmp(tmp, op->rsa.message.data,
> > +				op->rsa.message.length)) {
> > +			OPENSSL_LOG(ERR, "RSA sign Verification failed");
> > +		}
> > +		rte_free(tmp);
> > +		break;
> > +
> > +	default:
> > +		/* allow ops with invalid args to be pushed to
> > +		 * completion queue
> > +		 */
> > +		cop->status = RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
> > +		goto err_rsa;
> > +	}
> > +
> > +	ret = 0;
> > +	cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
> > +err_rsa:
> > +	return ret;
> > +
> > +}
> > --
> > 2.17.1

next prev parent reply	other threads:[~2022-06-21 13:36 UTC|newest]

Thread overview: 39+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-04-07 16:36 [dpdk-dev v1] crypto/openssl: openssl 3.0 support on asym crypto routine Kai Ji
2022-05-16 10:10 ` [dpdk-dev v2 0/5] crypto/openssl: EVP api update for 3.0 lib Kai Ji
2022-05-16 10:10   ` [dpdk-dev v2 1/5] drivers/crypto: suppress openssl deprecated api warning messages Kai Ji
2022-05-16 19:21     ` [EXT] " Akhil Goyal
2022-05-16 20:20       ` Stephen Hemminger
2022-05-17  6:52         ` Akhil Goyal
2022-05-16 10:10   ` [dpdk-dev v2 2/5] crypto/openssl: 3.0 EVP update on HMAC routine Kai Ji
2022-05-16 10:10   ` [dpdk-dev v2 3/5] crypto/openssl: 3.0 EVP update on RSA routine Kai Ji
2022-05-16 10:10   ` [dpdk-dev v2 4/5] crypto/openssl: 3.0 EVP update on DH routine Kai Ji
2022-05-16 10:10   ` [dpdk-dev v2 5/5] crypto/openssl: 3.0 EVP update on DSA routine Kai Ji
2022-06-13 16:40   ` [dpdk-dev v3 0/4] crypto/openssl: EVP api update for 3.0 lib Kai Ji
2022-06-13 16:40     ` [dpdk-dev v3 1/4] crypto/openssl: 3.0 EVP update on HMAC routine Kai Ji
2022-06-13 16:40     ` [dpdk-dev v3 2/4] crypto/openssl: 3.0 EVP update on RSA routine Kai Ji
2022-06-13 16:40     ` [dpdk-dev v3 3/4] crypto/openssl: 3.0 EVP update on DH routine Kai Ji
2022-06-13 16:40     ` [dpdk-dev v3 4/4] crypto/openssl: 3.0 EVP update on DSA routine Kai Ji
2022-06-14 13:25     ` [dpdk-dev v4 0/4] crypto/openssl: EVP api update for 3.0 lib Kai Ji
2022-06-14 13:25       ` [dpdk-dev v4 1/4] crypto/openssl: 3.0 EVP update on HMAC routine Kai Ji
2022-06-17 10:04         ` Zhang, Roy Fan
2022-06-21  9:22         ` [EXT] " Akhil Goyal
2022-06-14 13:25       ` [dpdk-dev v4 2/4] crypto/openssl: 3.0 EVP update on RSA routine Kai Ji
2022-06-17 10:04         ` Zhang, Roy Fan
2022-06-21  9:30         ` [EXT] " Akhil Goyal
2022-06-21 13:35           ` Ji, Kai [this message]
2022-06-14 13:25       ` [dpdk-dev v4 3/4] crypto/openssl: 3.0 EVP update on DH routine Kai Ji
2022-06-17 10:05         ` Zhang, Roy Fan
2022-06-14 13:25       ` [dpdk-dev v4 4/4] crypto/openssl: 3.0 EVP update on DSA routine Kai Ji
2022-06-17 10:05         ` Zhang, Roy Fan
2022-06-21 10:16       ` [EXT] [dpdk-dev v4 0/4] crypto/openssl: EVP api update for 3.0 lib Akhil Goyal
2022-06-21 13:55       ` [dpdk-dev v5 " Kai Ji
2022-06-21 13:55         ` [dpdk-dev v5 1/4] crypto/openssl: update on HMAC routine with 3.0 EVP API Kai Ji
2022-06-21 13:55         ` [dpdk-dev v5 2/4] crypto/openssl: update on RSA " Kai Ji
2022-06-21 13:55         ` [dpdk-dev v5 3/4] crypto/openssl: update on DH " Kai Ji
2022-06-21 13:55         ` [dpdk-dev v5 4/4] crypto/openssl: update on DSA " Kai Ji
2022-06-21 15:42         ` [dpdk-dev v5 0/4] crypto/openssl: EVP api update for 3.0 lib Kai Ji
2022-06-21 15:42           ` [dpdk-dev v5 1/4] crypto/openssl: update on HMAC routine with 3.0 EVP API Kai Ji
2022-06-21 15:42           ` [dpdk-dev v5 2/4] crypto/openssl: update on RSA " Kai Ji
2022-06-21 15:42           ` [dpdk-dev v5 3/4] crypto/openssl: update on DH " Kai Ji
2022-06-21 15:42           ` [dpdk-dev v5 4/4] crypto/openssl: update on DSA " Kai Ji
2022-06-21 17:15           ` [EXT] [dpdk-dev v5 0/4] crypto/openssl: EVP api update for 3.0 lib Akhil Goyal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=SN6PR11MB3408398C6C0210502A2235D681B39@SN6PR11MB3408.namprd11.prod.outlook.com \
    --to=kai.ji@intel.com \
    --cc=dev@dpdk.org \
    --cc=gakhil@marvell.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).