Thread (9 messages) 9 messages, 2 authors, 2022-01-13

RE: [PATCH 2/5] crypto/openssl: fix output of RSA verify op

From: Kusztal, ArkadiuszX <hidden>
Date: 2021-12-28 09:11:06 

quoted hunk ↗ jump to hunk
-----Original Message-----
From: Ramkumar Balu <redacted>
Sent: Monday, November 29, 2021 10:52 AM
To: Akhil Goyal <redacted>; Anoob Joseph <redacted>;
Doherty, Declan [off-list ref]; Zhang, Roy Fan
[off-list ref]; Ankur Dwivedi [off-list ref]; Tejasree
Kondoj [off-list ref]
Cc: stable@dpdk.org; dev@dpdk.org; Ramkumar <redacted>
Subject: [PATCH 2/5] crypto/openssl: fix output of RSA verify op

From: Ramkumar <redacted>

During RSA verify, the OpenSSL PMD fails to return the plaintext after public key
decryption.
This patch fixes the OpenSSL PMD to return the decrypted plaintext in
cipher.data / cipher.length fields

Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations")
Fixes: fe1606e0138c ("crypto/openssl: fix RSA verify operation")
Cc: stable@dpdk.org

Signed-off-by: Ramkumar <redacted>
---
 drivers/crypto/openssl/rte_openssl_pmd.c | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c
b/drivers/crypto/openssl/rte_openssl_pmd.c
index 5794ed8159..3ab2c3b5c1 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1953,12 +1953,16 @@ process_openssl_rsa_op(struct rte_crypto_op
*cop,
 		break;

 	case RTE_CRYPTO_ASYM_OP_VERIFY:
-		tmp = rte_malloc(NULL, op->rsa.sign.length, 0);
+		tmp = op->rsa.cipher.data;
 		if (tmp == NULL) {
-			OPENSSL_LOG(ERR, "Memory allocation failed");
-			cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
-			break;
+			tmp = rte_malloc(NULL, op->rsa.sign.length, 0);
+			if (tmp == NULL) {
+				OPENSSL_LOG(ERR, "Memory allocation
failed");
+				cop->status =
RTE_CRYPTO_OP_STATUS_ERROR;
+				break;
+			}
 		}
+
 		ret = RSA_public_decrypt(op->rsa.sign.length,
 				op->rsa.sign.data,
 				tmp,
[Arek] - this function is deprecated and more importantly it properly handle only NO_PADDING situation (no der encoding, like pre TLS 1.2). OpenSSL code needs major refactor in this area soon (mostly in asymmetric crypto).
quoted hunk ↗ jump to hunk
@@ -1974,7 +1978,9 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
 			OPENSSL_LOG(ERR, "RSA sign Verification failed");
 			cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
 		}
-		rte_free(tmp);
+		op->rsa.cipher.length = ret;
+		if (tmp != op->rsa.cipher.data)
+			rte_free(tmp);
 		break;

 	default:
--
2.17.1
  



    
  

  
    

      

        Keyboard shortcuts
      

      

        
          
hback out one level

          
jnext message in thread

          
kprevious message in thread

          
ldrill in

          
Escclose help / fold thread tree

          
?toggle this help