[PATCH] crypto/openssl: validate incorrect signature in verify op

Gowrishankar Muthukrishnan gmuthukrishn at marvell.com
Sun Feb 16 15:28:19 CET 2025

Previous message (by thread): [PATCH] testpmd: support meter_mark init_color in indirect list configuration
Next message (by thread): [PATCH] crypto/openssl: validate incorrect signature in verify op
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Return correct error status when incorrect signature is
used in RSA verify op.

Fixes: d7bd42f6db19 ("crypto/openssl: update RSA routine with 3.0 EVP API")
Cc: stable at dpdk.org

Signed-off-by: Gowrishankar Muthukrishnan <gmuthukrishn at marvell.com>
---
 drivers/crypto/openssl/rte_openssl_pmd.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/crypto/openssl/rte_openssl_pmd.c b/drivers/crypto/openssl/rte_openssl_pmd.c
index b090611bd0..239688ed47 100644
--- a/drivers/crypto/openssl/rte_openssl_pmd.c
+++ b/drivers/crypto/openssl/rte_openssl_pmd.c
@@ -2710,6 +2710,8 @@ process_openssl_rsa_op_evp(struct rte_crypto_op *cop,
 		return ret;
 	}
 
+	cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+
 	switch (op->rsa.op_type) {
 	case RTE_CRYPTO_ASYM_OP_ENCRYPT:
 		if (EVP_PKEY_encrypt_init(rsa_ctx) != 1)
@@ -2807,6 +2809,7 @@ process_openssl_rsa_op_evp(struct rte_crypto_op *cop,
 				op->rsa.sign.data,
 				op->rsa.sign.length) <= 0) {
 			OPENSSL_free(tmp);
+			ret = 0;
 			goto err_rsa;
 		}
 
-- 
2.25.1

Previous message (by thread): [PATCH] testpmd: support meter_mark init_color in indirect list configuration
Next message (by thread): [PATCH] crypto/openssl: validate incorrect signature in verify op
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list