[PATCH 1/3] crypto/openssl: include private exponent in RSA session

Ji, Kai kai.ji at intel.com
Fri Jul 4 12:35:12 CEST 2025

Previous message (by thread): [PATCH v2] mbuf: add new ptype for slow protocols
Next message (by thread): [DPDK/vhost/virtio Bug 1747] [dpdk-25.07] virtio_pvp_regression: perf drop
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Acked-by: Kai Ji <kai.ji at intel.com>

________________________________
From: Gowrishankar Muthukrishnan <gmuthukrishn at marvell.com>
Sent: 20 June 2025 09:19
To: dev at dpdk.org <dev at dpdk.org>; Ji, Kai <kai.ji at intel.com>; Ashish Gupta <ashishg at marvell.comashish.gupta@marvell.com>; Shally Verma <shallyv at marvell.com>; Sunila Sahu <ssahu at marvell.com>
Cc: anoobj at marvell.com <anoobj at marvell.com>; Akhil Goyal <gakhil at marvell.com>; Gowrishankar Muthukrishnan <gmuthukrishn at marvell.com>; stable at dpdk.org <stable at dpdk.org>
Subject: [PATCH 1/3] crypto/openssl: include private exponent in RSA session

If private exponent is available, it should be included within
RSA session as per RFC 8017 (A.1.2). OpenSSL 1.1.1 implementation
rely on this private exponent, to implicitly reject invalid cipher.
Hence, check if it is available for session and include it.

Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations")
Cc: stable at dpdk.org

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn at marvell.com>
---
 drivers/crypto/openssl/rte_openssl_pmd_ops.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
index 04e018f3df..d3aa396c76 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c
@@ -1025,7 +1025,7 @@ static int openssl_set_asym_session_parameters(
                 if (rsa == NULL)
                         goto err_rsa;

-               if (xform->rsa.key_type == RTE_RSA_KEY_TYPE_EXP) {
+               if (xform->rsa.d.length > 0) {
                         d = BN_bin2bn(
                         (const unsigned char *)xform->rsa.d.data,
                         xform->rsa.d.length,
@@ -1034,7 +1034,9 @@ static int openssl_set_asym_session_parameters(
                                 RSA_free(rsa);
                                 goto err_rsa;
                         }
-               } else {
+               }
+
+               if (xform->rsa.key_type == RTE_RSA_KEY_TYPE_QT) {
                         p = BN_bin2bn((const unsigned char *)
                                         xform->rsa.qt.p.data,
                                         xform->rsa.qt.p.length,
--
2.25.1

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mails.dpdk.org/archives/dev/attachments/20250704/a832116a/attachment.htm>

Previous message (by thread): [PATCH v2] mbuf: add new ptype for slow protocols
Next message (by thread): [DPDK/vhost/virtio Bug 1747] [dpdk-25.07] virtio_pvp_regression: perf drop
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list