Return correct error status when incorrect signature is
used in RSA verify op.
Fixes: d7bd42f6db19 ("crypto/openssl: update RSA routine with 3.0 EVP API")
Cc: sta...@dpdk.org
Signed-off-by: Gowrishankar Muthukrishnan <gmuthukri...@marvell.com>
---
v2:
- added comments.
---
drivers/crypto/openssl/rte_openssl_pmd.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c
b/drivers/crypto/openssl/rte_openssl_pmd.c
index b090611bd0..5bfad92b7c 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -2803,9 +2803,15 @@ process_openssl_rsa_op_evp(struct rte_crypto_op *cop,
goto err_rsa;
}
- if (EVP_PKEY_verify_recover(rsa_ctx, tmp, &outlen,
+ ret = EVP_PKEY_verify_recover(rsa_ctx, tmp, &outlen,
op->rsa.sign.data,
- op->rsa.sign.length) <= 0) {
+ op->rsa.sign.length);
+ if (ret <= 0) {
+ /* OpenSSL RSA verification returns one on
+ * successful verification, otherwise 0. Hence,
+ * this enqueue operation should succeed even if
+ * invalid signature has been requested in verify.
+ */
OPENSSL_free(tmp);
goto err_rsa;
}
--
2.25.1
