RE: [PATCH 2/5] crypto/openssl: fix output of RSA verify op

Tue, 28 Dec 2021 01:11:11 -0800 


> -----Original Message-----
> From: Ramkumar Balu <rb...@marvell.com>
> Sent: Monday, November 29, 2021 10:52 AM
> To: Akhil Goyal <gak...@marvell.com>; Anoob Joseph <ano...@marvell.com>;
> Doherty, Declan <declan.dohe...@intel.com>; Zhang, Roy Fan
> <roy.fan.zh...@intel.com>; Ankur Dwivedi <adwiv...@marvell.com>; Tejasree
> Kondoj <ktejas...@marvell.com>
> Cc: sta...@dpdk.org; dev@dpdk.org; Ramkumar <rb...@marvell.com>
> Subject: [PATCH 2/5] crypto/openssl: fix output of RSA verify op
> 
> From: Ramkumar <rb...@marvell.com>
> 
> During RSA verify, the OpenSSL PMD fails to return the plaintext after public 
> key
> decryption.
> This patch fixes the OpenSSL PMD to return the decrypted plaintext in
> cipher.data / cipher.length fields
> 
> Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations")
> Fixes: fe1606e0138c ("crypto/openssl: fix RSA verify operation")
> Cc: sta...@dpdk.org
> 
> Signed-off-by: Ramkumar <rb...@marvell.com>
> ---
>  drivers/crypto/openssl/rte_openssl_pmd.c | 16 +++++++++++-----
>  1 file changed, 11 insertions(+), 5 deletions(-)
> 
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c
> b/drivers/crypto/openssl/rte_openssl_pmd.c
> index 5794ed8159..3ab2c3b5c1 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd.c
> +++ b/drivers/crypto/openssl/rte_openssl_pmd.c
> @@ -1953,12 +1953,16 @@ process_openssl_rsa_op(struct rte_crypto_op
> *cop,
>               break;
> 
>       case RTE_CRYPTO_ASYM_OP_VERIFY:
> -             tmp = rte_malloc(NULL, op->rsa.sign.length, 0);
> +             tmp = op->rsa.cipher.data;
>               if (tmp == NULL) {
> -                     OPENSSL_LOG(ERR, "Memory allocation failed");
> -                     cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
> -                     break;
> +                     tmp = rte_malloc(NULL, op->rsa.sign.length, 0);
> +                     if (tmp == NULL) {
> +                             OPENSSL_LOG(ERR, "Memory allocation
> failed");
> +                             cop->status =
> RTE_CRYPTO_OP_STATUS_ERROR;
> +                             break;
> +                     }
>               }
> +
>               ret = RSA_public_decrypt(op->rsa.sign.length,
>                               op->rsa.sign.data,
>                               tmp,
[Arek] - this function is deprecated and more importantly it properly handle 
only NO_PADDING situation (no der encoding, like pre TLS 1.2). OpenSSL code 
needs major refactor in this area soon (mostly in asymmetric crypto).
> @@ -1974,7 +1978,9 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
>                       OPENSSL_LOG(ERR, "RSA sign Verification failed");
>                       cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
>               }
> -             rte_free(tmp);
> +             op->rsa.cipher.length = ret;
> +             if (tmp != op->rsa.cipher.data)
> +                     rte_free(tmp);
>               break;
> 
>       default:
> --
> 2.17.1























					Reply via email to