From: Gowrishankar Muthukrishnan
Sent: Sunday, February 16, 2025 14:28
To: dev@dpdk.org; Akhil Goyal; Ji, Kai; Fan Zhang
Cc: anoobj@marvell.com; Gowrishankar Muthukrishnan; stable@dpdk.org
Subject: [PATCH] crypto/openssl: validate incorrect signature in verify op
Return correct error status when incorrect signature is
used in RSA verify op.
Fixes: d7bd42f6db19 ("crypto/openssl: update RSA routine with 3.0 EVP API")
Cc: stable@dpdk.org
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn@marvell.com>
---
drivers/crypto/openssl/rte_openssl_pmd.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index b090611bd0..239688ed47 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -2710,6 +2710,8 @@ process_openssl_rsa_op_evp(struct rte_crypto_op *cop,
return ret;
}
+ cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+
[Kai] I dont see any status need to be change between L.2694 to here, unless I missing anyhere.
switch (op->rsa.op_type) {
case RTE_CRYPTO_ASYM_OP_ENCRYPT:
if (EVP_PKEY_encrypt_init(rsa_ctx) != 1)
@@ -2807,6 +2809,7 @@ process_openssl_rsa_op_evp(struct rte_crypto_op *cop,
op->rsa.sign.data,
op->rsa.sign.length) <= 0) {
OPENSSL_free(tmp);
+ ret = 0;
[Kai] Please add some comments why ret need to return 0
goto err_rsa;
}
--
2.25.1