Thank you for the comments. I agree that OpenSSL PMD needs a major refactoring in asym crypto. I have asked Akhil to reject this patch series.
-----Original Message----- From: Kusztal, ArkadiuszX <[email protected]> Sent: Tuesday, December 28, 2021 2:41 PM To: Ramkumar Balu <[email protected]>; Akhil Goyal <[email protected]>; Anoob Joseph <[email protected]>; Doherty, Declan <[email protected]>; Zhang, Roy Fan <[email protected]>; Ankur Dwivedi <[email protected]>; Tejasree Kondoj <[email protected]> Cc: [email protected]; [email protected] Subject: [EXT] RE: [PATCH 2/5] crypto/openssl: fix output of RSA verify op ---------------------------------------------------------------------- > -----Original Message----- > From: Ramkumar Balu <[email protected]> > Sent: Monday, November 29, 2021 10:52 AM > To: Akhil Goyal <[email protected]>; Anoob Joseph > <[email protected]>; Doherty, Declan <[email protected]>; > Zhang, Roy Fan <[email protected]>; Ankur Dwivedi > <[email protected]>; Tejasree Kondoj <[email protected]> > Cc: [email protected]; [email protected]; Ramkumar <[email protected]> > Subject: [PATCH 2/5] crypto/openssl: fix output of RSA verify op > > From: Ramkumar <[email protected]> > > During RSA verify, the OpenSSL PMD fails to return the plaintext after > public key decryption. > This patch fixes the OpenSSL PMD to return the decrypted plaintext in > cipher.data / cipher.length fields > > Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym > operations") > Fixes: fe1606e0138c ("crypto/openssl: fix RSA verify operation") > Cc: [email protected] > > Signed-off-by: Ramkumar <[email protected]> > --- > drivers/crypto/openssl/rte_openssl_pmd.c | 16 +++++++++++----- > 1 file changed, 11 insertions(+), 5 deletions(-) > > diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c > b/drivers/crypto/openssl/rte_openssl_pmd.c > index 5794ed8159..3ab2c3b5c1 100644 > --- a/drivers/crypto/openssl/rte_openssl_pmd.c > +++ b/drivers/crypto/openssl/rte_openssl_pmd.c > @@ -1953,12 +1953,16 @@ process_openssl_rsa_op(struct rte_crypto_op > *cop, > break; > > case RTE_CRYPTO_ASYM_OP_VERIFY: > - tmp = rte_malloc(NULL, op->rsa.sign.length, 0); > + tmp = op->rsa.cipher.data; > if (tmp == NULL) { > - OPENSSL_LOG(ERR, "Memory allocation failed"); > - cop->status = RTE_CRYPTO_OP_STATUS_ERROR; > - break; > + tmp = rte_malloc(NULL, op->rsa.sign.length, 0); > + if (tmp == NULL) { > + OPENSSL_LOG(ERR, "Memory allocation > failed"); > + cop->status = > RTE_CRYPTO_OP_STATUS_ERROR; > + break; > + } > } > + > ret = RSA_public_decrypt(op->rsa.sign.length, > op->rsa.sign.data, > tmp, [Arek] - this function is deprecated and more importantly it properly handle only NO_PADDING situation (no der encoding, like pre TLS 1.2). OpenSSL code needs major refactor in this area soon (mostly in asymmetric crypto). > @@ -1974,7 +1978,9 @@ process_openssl_rsa_op(struct rte_crypto_op *cop, > OPENSSL_LOG(ERR, "RSA sign Verification failed"); > cop->status = RTE_CRYPTO_OP_STATUS_ERROR; > } > - rte_free(tmp); > + op->rsa.cipher.length = ret; > + if (tmp != op->rsa.cipher.data) > + rte_free(tmp); > break; > > default: > -- > 2.17.1
