| Message ID | 20211129095159.16376-3-rbalu@marvell.com (mailing list archive) |
|---|---|
| State | Rejected, archived |
| Delegated to: | akhil goyal |
| Headers | show |
| Series | cryptodev: fix inconsistency in RSA op usage | expand |
| Context | Check | Description |
|---|---|---|
| ci/checkpatch | success | coding style OK |
> -----Original Message----- > From: Ramkumar Balu <rbalu@marvell.com> > Sent: Monday, November 29, 2021 10:52 AM > To: Akhil Goyal <gakhil@marvell.com>; Anoob Joseph <anoobj@marvell.com>; > Doherty, Declan <declan.doherty@intel.com>; Zhang, Roy Fan > <roy.fan.zhang@intel.com>; Ankur Dwivedi <adwivedi@marvell.com>; Tejasree > Kondoj <ktejasree@marvell.com> > Cc: stable@dpdk.org; dev@dpdk.org; Ramkumar <rbalu@marvell.com> > Subject: [PATCH 2/5] crypto/openssl: fix output of RSA verify op > > From: Ramkumar <rbalu@marvell.com> > > During RSA verify, the OpenSSL PMD fails to return the plaintext after public key > decryption. > This patch fixes the OpenSSL PMD to return the decrypted plaintext in > cipher.data / cipher.length fields > > Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations") > Fixes: fe1606e0138c ("crypto/openssl: fix RSA verify operation") > Cc: stable@dpdk.org > > Signed-off-by: Ramkumar <rbalu@marvell.com> > --- > drivers/crypto/openssl/rte_openssl_pmd.c | 16 +++++++++++----- > 1 file changed, 11 insertions(+), 5 deletions(-) > > diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c > b/drivers/crypto/openssl/rte_openssl_pmd.c > index 5794ed8159..3ab2c3b5c1 100644 > --- a/drivers/crypto/openssl/rte_openssl_pmd.c > +++ b/drivers/crypto/openssl/rte_openssl_pmd.c > @@ -1953,12 +1953,16 @@ process_openssl_rsa_op(struct rte_crypto_op > *cop, > break; > > case RTE_CRYPTO_ASYM_OP_VERIFY: > - tmp = rte_malloc(NULL, op->rsa.sign.length, 0); > + tmp = op->rsa.cipher.data; > if (tmp == NULL) { > - OPENSSL_LOG(ERR, "Memory allocation failed"); > - cop->status = RTE_CRYPTO_OP_STATUS_ERROR; > - break; > + tmp = rte_malloc(NULL, op->rsa.sign.length, 0); > + if (tmp == NULL) { > + OPENSSL_LOG(ERR, "Memory allocation > failed"); > + cop->status = > RTE_CRYPTO_OP_STATUS_ERROR; > + break; > + } > } > + > ret = RSA_public_decrypt(op->rsa.sign.length, > op->rsa.sign.data, > tmp, [Arek] - this function is deprecated and more importantly it properly handle only NO_PADDING situation (no der encoding, like pre TLS 1.2). OpenSSL code needs major refactor in this area soon (mostly in asymmetric crypto). > @@ -1974,7 +1978,9 @@ process_openssl_rsa_op(struct rte_crypto_op *cop, > OPENSSL_LOG(ERR, "RSA sign Verification failed"); > cop->status = RTE_CRYPTO_OP_STATUS_ERROR; > } > - rte_free(tmp); > + op->rsa.cipher.length = ret; > + if (tmp != op->rsa.cipher.data) > + rte_free(tmp); > break; > > default: > -- > 2.17.1
Thank you for the comments. I agree that OpenSSL PMD needs a major refactoring in asym crypto. I have asked Akhil to reject this patch series. -----Original Message----- From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com> Sent: Tuesday, December 28, 2021 2:41 PM To: Ramkumar Balu <rbalu@marvell.com>; Akhil Goyal <gakhil@marvell.com>; Anoob Joseph <anoobj@marvell.com>; Doherty, Declan <declan.doherty@intel.com>; Zhang, Roy Fan <roy.fan.zhang@intel.com>; Ankur Dwivedi <adwivedi@marvell.com>; Tejasree Kondoj <ktejasree@marvell.com> Cc: stable@dpdk.org; dev@dpdk.org Subject: [EXT] RE: [PATCH 2/5] crypto/openssl: fix output of RSA verify op ---------------------------------------------------------------------- > -----Original Message----- > From: Ramkumar Balu <rbalu@marvell.com> > Sent: Monday, November 29, 2021 10:52 AM > To: Akhil Goyal <gakhil@marvell.com>; Anoob Joseph > <anoobj@marvell.com>; Doherty, Declan <declan.doherty@intel.com>; > Zhang, Roy Fan <roy.fan.zhang@intel.com>; Ankur Dwivedi > <adwivedi@marvell.com>; Tejasree Kondoj <ktejasree@marvell.com> > Cc: stable@dpdk.org; dev@dpdk.org; Ramkumar <rbalu@marvell.com> > Subject: [PATCH 2/5] crypto/openssl: fix output of RSA verify op > > From: Ramkumar <rbalu@marvell.com> > > During RSA verify, the OpenSSL PMD fails to return the plaintext after > public key decryption. > This patch fixes the OpenSSL PMD to return the decrypted plaintext in > cipher.data / cipher.length fields > > Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym > operations") > Fixes: fe1606e0138c ("crypto/openssl: fix RSA verify operation") > Cc: stable@dpdk.org > > Signed-off-by: Ramkumar <rbalu@marvell.com> > --- > drivers/crypto/openssl/rte_openssl_pmd.c | 16 +++++++++++----- > 1 file changed, 11 insertions(+), 5 deletions(-) > > diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c > b/drivers/crypto/openssl/rte_openssl_pmd.c > index 5794ed8159..3ab2c3b5c1 100644 > --- a/drivers/crypto/openssl/rte_openssl_pmd.c > +++ b/drivers/crypto/openssl/rte_openssl_pmd.c > @@ -1953,12 +1953,16 @@ process_openssl_rsa_op(struct rte_crypto_op > *cop, > break; > > case RTE_CRYPTO_ASYM_OP_VERIFY: > - tmp = rte_malloc(NULL, op->rsa.sign.length, 0); > + tmp = op->rsa.cipher.data; > if (tmp == NULL) { > - OPENSSL_LOG(ERR, "Memory allocation failed"); > - cop->status = RTE_CRYPTO_OP_STATUS_ERROR; > - break; > + tmp = rte_malloc(NULL, op->rsa.sign.length, 0); > + if (tmp == NULL) { > + OPENSSL_LOG(ERR, "Memory allocation > failed"); > + cop->status = > RTE_CRYPTO_OP_STATUS_ERROR; > + break; > + } > } > + > ret = RSA_public_decrypt(op->rsa.sign.length, > op->rsa.sign.data, > tmp, [Arek] - this function is deprecated and more importantly it properly handle only NO_PADDING situation (no der encoding, like pre TLS 1.2). OpenSSL code needs major refactor in this area soon (mostly in asymmetric crypto). > @@ -1974,7 +1978,9 @@ process_openssl_rsa_op(struct rte_crypto_op *cop, > OPENSSL_LOG(ERR, "RSA sign Verification failed"); > cop->status = RTE_CRYPTO_OP_STATUS_ERROR; > } > - rte_free(tmp); > + op->rsa.cipher.length = ret; > + if (tmp != op->rsa.cipher.data) > + rte_free(tmp); > break; > > default: > -- > 2.17.1
diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c index 5794ed8159..3ab2c3b5c1 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd.c +++ b/drivers/crypto/openssl/rte_openssl_pmd.c @@ -1953,12 +1953,16 @@ process_openssl_rsa_op(struct rte_crypto_op *cop, break; case RTE_CRYPTO_ASYM_OP_VERIFY: - tmp = rte_malloc(NULL, op->rsa.sign.length, 0); + tmp = op->rsa.cipher.data; if (tmp == NULL) { - OPENSSL_LOG(ERR, "Memory allocation failed"); - cop->status = RTE_CRYPTO_OP_STATUS_ERROR; - break; + tmp = rte_malloc(NULL, op->rsa.sign.length, 0); + if (tmp == NULL) { + OPENSSL_LOG(ERR, "Memory allocation failed"); + cop->status = RTE_CRYPTO_OP_STATUS_ERROR; + break; + } } + ret = RSA_public_decrypt(op->rsa.sign.length, op->rsa.sign.data, tmp, @@ -1974,7 +1978,9 @@ process_openssl_rsa_op(struct rte_crypto_op *cop, OPENSSL_LOG(ERR, "RSA sign Verification failed"); cop->status = RTE_CRYPTO_OP_STATUS_ERROR; } - rte_free(tmp); + op->rsa.cipher.length = ret; + if (tmp != op->rsa.cipher.data) + rte_free(tmp); break; default: