diff mbox series

[2/5] crypto/openssl: fix output of RSA verify op

Message ID 20211129095159.16376-3-rbalu@marvell.com (mailing list archive)
State Rejected
Delegated to: akhil goyal
Headers show
Series cryptodev: fix inconsistency in RSA op usage | expand

Checks

Context Check Description
ci/checkpatch success coding style OK

Commit Message

Ramkumar Balu Nov. 29, 2021, 9:51 a.m. UTC
From: Ramkumar <rbalu@marvell.com>

During RSA verify, the OpenSSL PMD fails to return the plaintext after
public key decryption.
This patch fixes the OpenSSL PMD to return the decrypted plaintext in
cipher.data / cipher.length fields

Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations")
Fixes: fe1606e0138c ("crypto/openssl: fix RSA verify operation")
Cc: stable@dpdk.org

Signed-off-by: Ramkumar <rbalu@marvell.com>
---
 drivers/crypto/openssl/rte_openssl_pmd.c | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

Comments

Arek Kusztal Dec. 28, 2021, 9:10 a.m. UTC | #1
> -----Original Message-----
> From: Ramkumar Balu <rbalu@marvell.com>
> Sent: Monday, November 29, 2021 10:52 AM
> To: Akhil Goyal <gakhil@marvell.com>; Anoob Joseph <anoobj@marvell.com>;
> Doherty, Declan <declan.doherty@intel.com>; Zhang, Roy Fan
> <roy.fan.zhang@intel.com>; Ankur Dwivedi <adwivedi@marvell.com>; Tejasree
> Kondoj <ktejasree@marvell.com>
> Cc: stable@dpdk.org; dev@dpdk.org; Ramkumar <rbalu@marvell.com>
> Subject: [PATCH 2/5] crypto/openssl: fix output of RSA verify op
> 
> From: Ramkumar <rbalu@marvell.com>
> 
> During RSA verify, the OpenSSL PMD fails to return the plaintext after public key
> decryption.
> This patch fixes the OpenSSL PMD to return the decrypted plaintext in
> cipher.data / cipher.length fields
> 
> Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations")
> Fixes: fe1606e0138c ("crypto/openssl: fix RSA verify operation")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Ramkumar <rbalu@marvell.com>
> ---
>  drivers/crypto/openssl/rte_openssl_pmd.c | 16 +++++++++++-----
>  1 file changed, 11 insertions(+), 5 deletions(-)
> 
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c
> b/drivers/crypto/openssl/rte_openssl_pmd.c
> index 5794ed8159..3ab2c3b5c1 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd.c
> +++ b/drivers/crypto/openssl/rte_openssl_pmd.c
> @@ -1953,12 +1953,16 @@ process_openssl_rsa_op(struct rte_crypto_op
> *cop,
>  		break;
> 
>  	case RTE_CRYPTO_ASYM_OP_VERIFY:
> -		tmp = rte_malloc(NULL, op->rsa.sign.length, 0);
> +		tmp = op->rsa.cipher.data;
>  		if (tmp == NULL) {
> -			OPENSSL_LOG(ERR, "Memory allocation failed");
> -			cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
> -			break;
> +			tmp = rte_malloc(NULL, op->rsa.sign.length, 0);
> +			if (tmp == NULL) {
> +				OPENSSL_LOG(ERR, "Memory allocation
> failed");
> +				cop->status =
> RTE_CRYPTO_OP_STATUS_ERROR;
> +				break;
> +			}
>  		}
> +
>  		ret = RSA_public_decrypt(op->rsa.sign.length,
>  				op->rsa.sign.data,
>  				tmp,
[Arek] - this function is deprecated and more importantly it properly handle only NO_PADDING situation (no der encoding, like pre TLS 1.2). OpenSSL code needs major refactor in this area soon (mostly in asymmetric crypto).
> @@ -1974,7 +1978,9 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
>  			OPENSSL_LOG(ERR, "RSA sign Verification failed");
>  			cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
>  		}
> -		rte_free(tmp);
> +		op->rsa.cipher.length = ret;
> +		if (tmp != op->rsa.cipher.data)
> +			rte_free(tmp);
>  		break;
> 
>  	default:
> --
> 2.17.1
Ramkumar Balu Jan. 13, 2022, 10:34 a.m. UTC | #2
Thank you for the comments. I agree that OpenSSL PMD needs a major refactoring in asym crypto. 
I have asked Akhil to reject this patch series.

-----Original Message-----
From: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com> 
Sent: Tuesday, December 28, 2021 2:41 PM
To: Ramkumar Balu <rbalu@marvell.com>; Akhil Goyal <gakhil@marvell.com>; Anoob Joseph <anoobj@marvell.com>; Doherty, Declan <declan.doherty@intel.com>; Zhang, Roy Fan <roy.fan.zhang@intel.com>; Ankur Dwivedi <adwivedi@marvell.com>; Tejasree Kondoj <ktejasree@marvell.com>
Cc: stable@dpdk.org; dev@dpdk.org
Subject: [EXT] RE: [PATCH 2/5] crypto/openssl: fix output of RSA verify op

----------------------------------------------------------------------


> -----Original Message-----
> From: Ramkumar Balu <rbalu@marvell.com>
> Sent: Monday, November 29, 2021 10:52 AM
> To: Akhil Goyal <gakhil@marvell.com>; Anoob Joseph 
> <anoobj@marvell.com>; Doherty, Declan <declan.doherty@intel.com>; 
> Zhang, Roy Fan <roy.fan.zhang@intel.com>; Ankur Dwivedi 
> <adwivedi@marvell.com>; Tejasree Kondoj <ktejasree@marvell.com>
> Cc: stable@dpdk.org; dev@dpdk.org; Ramkumar <rbalu@marvell.com>
> Subject: [PATCH 2/5] crypto/openssl: fix output of RSA verify op
> 
> From: Ramkumar <rbalu@marvell.com>
> 
> During RSA verify, the OpenSSL PMD fails to return the plaintext after 
> public key decryption.
> This patch fixes the OpenSSL PMD to return the decrypted plaintext in 
> cipher.data / cipher.length fields
> 
> Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym 
> operations")
> Fixes: fe1606e0138c ("crypto/openssl: fix RSA verify operation")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Ramkumar <rbalu@marvell.com>
> ---
>  drivers/crypto/openssl/rte_openssl_pmd.c | 16 +++++++++++-----
>  1 file changed, 11 insertions(+), 5 deletions(-)
> 
> diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c
> b/drivers/crypto/openssl/rte_openssl_pmd.c
> index 5794ed8159..3ab2c3b5c1 100644
> --- a/drivers/crypto/openssl/rte_openssl_pmd.c
> +++ b/drivers/crypto/openssl/rte_openssl_pmd.c
> @@ -1953,12 +1953,16 @@ process_openssl_rsa_op(struct rte_crypto_op 
> *cop,
>  		break;
> 
>  	case RTE_CRYPTO_ASYM_OP_VERIFY:
> -		tmp = rte_malloc(NULL, op->rsa.sign.length, 0);
> +		tmp = op->rsa.cipher.data;
>  		if (tmp == NULL) {
> -			OPENSSL_LOG(ERR, "Memory allocation failed");
> -			cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
> -			break;
> +			tmp = rte_malloc(NULL, op->rsa.sign.length, 0);
> +			if (tmp == NULL) {
> +				OPENSSL_LOG(ERR, "Memory allocation
> failed");
> +				cop->status =
> RTE_CRYPTO_OP_STATUS_ERROR;
> +				break;
> +			}
>  		}
> +
>  		ret = RSA_public_decrypt(op->rsa.sign.length,
>  				op->rsa.sign.data,
>  				tmp,
[Arek] - this function is deprecated and more importantly it properly handle only NO_PADDING situation (no der encoding, like pre TLS 1.2). OpenSSL code needs major refactor in this area soon (mostly in asymmetric crypto).
> @@ -1974,7 +1978,9 @@ process_openssl_rsa_op(struct rte_crypto_op *cop,
>  			OPENSSL_LOG(ERR, "RSA sign Verification failed");
>  			cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
>  		}
> -		rte_free(tmp);
> +		op->rsa.cipher.length = ret;
> +		if (tmp != op->rsa.cipher.data)
> +			rte_free(tmp);
>  		break;
> 
>  	default:
> --
> 2.17.1
diff mbox series

Patch

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index 5794ed8159..3ab2c3b5c1 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -1953,12 +1953,16 @@  process_openssl_rsa_op(struct rte_crypto_op *cop,
 		break;
 
 	case RTE_CRYPTO_ASYM_OP_VERIFY:
-		tmp = rte_malloc(NULL, op->rsa.sign.length, 0);
+		tmp = op->rsa.cipher.data;
 		if (tmp == NULL) {
-			OPENSSL_LOG(ERR, "Memory allocation failed");
-			cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
-			break;
+			tmp = rte_malloc(NULL, op->rsa.sign.length, 0);
+			if (tmp == NULL) {
+				OPENSSL_LOG(ERR, "Memory allocation failed");
+				cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+				break;
+			}
 		}
+
 		ret = RSA_public_decrypt(op->rsa.sign.length,
 				op->rsa.sign.data,
 				tmp,
@@ -1974,7 +1978,9 @@  process_openssl_rsa_op(struct rte_crypto_op *cop,
 			OPENSSL_LOG(ERR, "RSA sign Verification failed");
 			cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
 		}
-		rte_free(tmp);
+		op->rsa.cipher.length = ret;
+		if (tmp != op->rsa.cipher.data)
+			rte_free(tmp);
 		break;
 
 	default: