<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);" class="elementToProof">
Acked-by: Rupesh Chiluka <<a style="color: rgb(18, 100, 163);" rel="noopener noreferrer" class="OWAAutoLink" id="OWAa8951eae-424d-a979-1cae-301ece29c790" target="_blank" href="mailto:your.email@example.com">r</a><a style="color: rgb(18, 100, 163);" rel="noopener noreferrer" class="OWAAutoLink" id="OWA9874ba78-2c03-48aa-5af9-d7285a3dfbec" target="_blank" href="mailto:chiluka@marvell.com">chiluka@marvell.com</a>></div>
<div id="appendonsend"></div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Emma Finn <emma.finn@intel.com><br>
<b>Sent:</b> Monday, March 23, 2026 20:38<br>
<b>To:</b> Akhil Goyal <gakhil@marvell.com>; Fan Zhang <fanzhang.oss@gmail.com>; Kai Ji <kai.ji@intel.com>; Rupesh Chiluka <rchiluka@marvell.com><br>
<b>Cc:</b> dev@dpdk.org <dev@dpdk.org>; Emma Finn <emma.finn@intel.com><br>
<b>Subject:</b> [EXTERNAL] [PATCH 2/2] crypto/qat: fix modexp and modinv result length and comparison</font>
<div> </div>
</div>
<div>
<div style="display:none!important; display:none; visibility:hidden; font-size:1px; color:#ffffff; line-height:1px; max-height:0px; opacity:0; overflow:hidden">
QAT HW rounds the output buffer size up to the next supported size, but result. length was set to alg_bytesize instead of n. length, causing result comparisons to read past the end of the expected value. Additionally, when a modulus has a leading</div>
<div style="display:none!important; display:none; visibility:hidden; font-size:1px; color:#ffffff; line-height:1px; max-height:0px; opacity:0; overflow:hidden">
ZjQcmQRYFpfptBannerStart</div>
<div dir="ltr" lang="en" id="x_pfptBannerkfyd01q" style="display:block!important; text-align:left!important; margin:0 0 10px 0!important; padding:7px 16px 8px 16px!important; border-radius:4px!important; min-width:200px!important; background-color:#d2d0d0!important; background-color:#d2d0d0; border-top:4px solid #8d8c8c!important; border-top:4px solid #8d8c8c">
<div id="x_pfptBannerkfyd01q" style="float:left!important; display:block!important; margin:1px 0 1px 0!important; max-width:600px!important">
<div id="x_pfptBannerkfyd01q" style="display:block!important; visibility:visible!important; background-color:#d2d0d0!important; color:#000000!important; color:#000000; font-family:'Arial',sans-serif!important; font-family:'Arial',sans-serif; font-weight:bold!important; font-weight:bold; font-size:14px!important; line-height:1.29!important; line-height:1.29">
Prioritize security for external emails: </div>
<div id="x_pfptBannerkfyd01q" style="display:block!important; visibility:visible!important; background-color:#d2d0d0!important; color:#000000!important; color:#000000; font-weight:normal; font-family:'Arial',sans-serif!important; font-family:'Arial',sans-serif; font-size:12px!important; line-height:1.5!important; line-height:1.5; margin-top:2px!important">
Confirm sender and content safety before clicking links or opening attachments </div>
</div>
<div id="x_pfptBannerkfyd01q" style="float:right!important; display:block!important; display:block; margin-left:16px!important; margin-top:1px!important; text-align:right!important; width:fit-content!important; font-size:12px!important">
<a id="x_pfptBannerkfyd01q" href="https://us-phishalarm-ewt.proofpoint.com/EWT/v1/CRVmXkqW!te3Z1f8UYnW6tG-cGdxazuubvGPgl6yTU25nHC1z9RXK4YEidjaGpjsKME98FEQ50hB_lPsKuSS8cG6Y0i77JxgNu0tFoG0$" style="display:inline-block!important; text-decoration:none">
<div class="x_pfptPrimaryButtonkfyd01q" style="display:inline-block!important; display:inline-block; visibility:visible!important; opacity:1!important; color:#000000!important; color:#000000; font-family:'Arial',sans-serif!important; font-family:'Arial',sans-serif; font-size:14px!important; font-weight:normal!important; text-decoration:none!important; border-radius:2px!important; margin-top:3px!important; margin-bottom:3px!important; margin-left:16px!important; padding:7.5px 16px!important; white-space:nowrap!important; width:fit-content!important; border:1px solid #666666">
Report Suspicious </div>
</a></div>
<div style="clear:both!important; display:block!important; visibility:hidden!important; line-height:0!important; font-size:0.01px!important; height:0px">
 </div>
</div>
<div style="display:none!important; display:none; visibility:hidden; font-size:1px; color:#ffffff; line-height:1px; max-height:0px; opacity:0; overflow:hidden">
ZjQcmQRYFpfptBannerEnd</div>
<style>
<!--
#x_pfptBannerkfyd01q
        {display:block!important;
        visibility:visible!important;
        opacity:1!important;
        background-color:#d2d0d0!important;
        max-width:none!important;
        max-height:none!important}
html:root, html:root > div
        {display:block!important;
        visibility:visible!important;
        opacity:1!important}
-->
</style>
<pre style="font-family:sans-serif; font-size:100%; white-space:pre-wrap; word-wrap:break-word">QAT HW rounds the output buffer size up to the next supported size,
but result.length was set to alg_bytesize instead of n.length, causing
result comparisons to read past the end of the expected value.

Additionally, when a modulus has a leading zero padding byte, QAT HW
strips it from the result but we never strip it from the expected result,
so the compare fails. Fix verify_modexp() and verify_modinv() to skip
leading zero bytes in the result before comparison.

Fixes: 064ef1b098d1 ("test/crypto: remove PMD-specific asym test suites")

Signed-off-by: Emma Finn <emma.finn@intel.com>
---
 app/test/test_cryptodev_asym.c      |  8 ++++++++
 app/test/test_cryptodev_asym_util.h | 20 ++++++++++++++++----
 drivers/crypto/qat/qat_asym.c       |  7 +++----
 3 files changed, 27 insertions(+), 8 deletions(-)

diff --git a/app/test/test_cryptodev_asym.c b/app/test/test_cryptodev_asym.c
index 1515372a35..07e5eb5842 100644
--- a/app/test/test_cryptodev_asym.c
+++ b/app/test/test_cryptodev_asym.c
@@ -3826,6 +3826,14 @@ modular_exponentiation(const void *test_data)
        uint8_t result[TEST_DATA_SIZE] = { 0 };
        struct rte_crypto_asym_xform xform = { };
        const uint8_t dev_id = params->valid_devs[0];
+       const struct rte_cryptodev_asymmetric_xform_capability *cap;
+       struct rte_cryptodev_asym_capability_idx cap_idx;
+
+       cap_idx.type = RTE_CRYPTO_ASYM_XFORM_MODEX;
+       cap = rte_cryptodev_asym_capability_get(dev_id, &cap_idx);
+       if (cap == NULL || rte_cryptodev_asym_xform_capability_check_modlen(
+                       cap, vector->modulus.len))
+               return TEST_SKIPPED;
 
        memcpy(input, vector->base.data, vector->base.len);
        memcpy(exponent, vector->exponent.data, vector->exponent.len);
diff --git a/app/test/test_cryptodev_asym_util.h b/app/test/test_cryptodev_asym_util.h
index 07e6e831e8..16e4c0da6c 100644
--- a/app/test/test_cryptodev_asym_util.h
+++ b/app/test/test_cryptodev_asym_util.h
@@ -20,8 +20,14 @@ static inline int rsa_verify(struct rsa_test_data *rsa_param,
 static inline int verify_modinv(uint8_t *mod_inv,
                struct rte_crypto_op *result_op)
 {
-       if (memcmp(mod_inv, result_op->asym->modinv.result.data,
-                               result_op->asym->modinv.result.length))
+       const uint8_t *b = result_op->asym->modinv.result.data;
+       size_t b_len = result_op->asym->modinv.result.length;
+
+       while (b_len > 1 && b[0] == 0) {
+               b++;
+               b_len--;
+       }
+       if (memcmp(mod_inv, b, b_len))
                return -1;
        return 0;
 }
@@ -29,8 +35,14 @@ static inline int verify_modinv(uint8_t *mod_inv,
 static inline int verify_modexp(uint8_t *mod_exp,
                struct rte_crypto_op *result_op)
 {
-       if (memcmp(mod_exp, result_op->asym->modex.result.data,
-                               result_op->asym->modex.result.length))
+       const uint8_t *b = result_op->asym->modex.result.data;
+       size_t b_len = result_op->asym->modex.result.length;
+
+       while (b_len > 1 && b[0] == 0) {
+               b++;
+               b_len--;
+       }
+       if (memcmp(mod_exp, b, b_len))
                return -1;
        return 0;
 }
diff --git a/drivers/crypto/qat/qat_asym.c b/drivers/crypto/qat/qat_asym.c
index beb5a27805..7a296cad6c 100644
--- a/drivers/crypto/qat/qat_asym.c
+++ b/drivers/crypto/qat/qat_asym.c
@@ -274,7 +274,7 @@ modexp_collect(struct rte_crypto_asym_op *asym_op,
        rte_memcpy(modexp_result,
                cookie->output_array[0] + alg_bytesize
                - n.length, n.length);
-       asym_op->modex.result.length = alg_bytesize;
+       asym_op->modex.result.length = n.length;
        HEXDUMP("ModExp result", cookie->output_array[0],
                        alg_bytesize);
        return RTE_CRYPTO_OP_STATUS_SUCCESS;
@@ -332,11 +332,10 @@ modinv_collect(struct rte_crypto_asym_op *asym_op,
                QAT_LOG(ERR, "Incorrect length of modinv modulus");
                return RTE_CRYPTO_OP_STATUS_INVALID_ARGS;
        }
-       rte_memcpy(modinv_result + (asym_op->modinv.result.length
-               - n.length),
+       rte_memcpy(modinv_result,
                cookie->output_array[0] + alg_bytesize
                - n.length, n.length);
-       asym_op->modinv.result.length = alg_bytesize;
+       asym_op->modinv.result.length = n.length;
        HEXDUMP("ModInv result", cookie->output_array[0],
                        alg_bytesize);
        return RTE_CRYPTO_OP_STATUS_SUCCESS;
-- 
2.43.0

</pre>
</div>
</body>
</html>