if (rte_mempool_get(qp->sess_mp, (void **)&_sess))
return NULL;
- if (rte_mempool_get(qp->sess_mp, (void **)&_sess_private_data))
+ if (rte_mempool_get(qp->sess_mp_priv,
+ (void **)&_sess_private_data))
return NULL;
sess = (struct openssl_session *)_sess_private_data;
if (unlikely(openssl_set_session_parameters(sess,
op->sym->xform) != 0)) {
rte_mempool_put(qp->sess_mp, _sess);
- rte_mempool_put(qp->sess_mp, _sess_private_data);
+ rte_mempool_put(qp->sess_mp_priv, _sess_private_data);
sess = NULL;
}
op->sym->session = (struct rte_cryptodev_sym_session *)_sess;
op->y.length,
pub_key);
if (!r || !s || !pub_key) {
- if (r)
- BN_free(r);
- if (s)
- BN_free(s);
- if (pub_key)
- BN_free(pub_key);
+ BN_free(r);
+ BN_free(s);
+ BN_free(pub_key);
cop->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
return -1;
BIGNUM *res = BN_CTX_get(sess->u.m.ctx);
if (unlikely(base == NULL || res == NULL)) {
- if (base)
- BN_free(base);
- if (res)
- BN_free(res);
+ BN_free(base);
+ BN_free(res);
cop->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
return -1;
}
if (BN_mod_inverse(res, base, sess->u.m.modulus, sess->u.m.ctx)) {
cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
- op->modinv.base.length = BN_bn2bin(res, op->modinv.base.data);
+ op->modinv.result.length = BN_bn2bin(res, op->modinv.result.data);
} else {
cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
}
+ BN_clear(res);
+ BN_clear(base);
+
return 0;
}
BIGNUM *res = BN_CTX_get(sess->u.e.ctx);
if (unlikely(base == NULL || res == NULL)) {
- if (base)
- BN_free(base);
- if (res)
- BN_free(res);
+ BN_free(base);
+ BN_free(res);
cop->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
return -1;
}
- base = BN_bin2bn((const unsigned char *)op->modinv.base.data,
- op->modinv.base.length, base);
+ base = BN_bin2bn((const unsigned char *)op->modex.base.data,
+ op->modex.base.length, base);
if (BN_mod_exp(res, base, sess->u.e.exp,
sess->u.e.mod, sess->u.e.ctx)) {
- op->modinv.base.length = BN_bn2bin(res, op->modinv.base.data);
+ op->modex.result.length = BN_bn2bin(res, op->modex.result.data);
cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
} else {
cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
}
+ BN_clear(res);
+ BN_clear(base);
+
return 0;
}
struct rte_crypto_asym_op *op = cop->asym;
RSA *rsa = sess->u.r.rsa;
uint32_t pad = (op->rsa.pad);
+ uint8_t *tmp;
+
+ cop->status = RTE_CRYPTO_OP_STATUS_SUCCESS;
switch (pad) {
case RTE_CRYPTO_RSA_PKCS1_V1_5_BT0:
break;
case RTE_CRYPTO_ASYM_OP_VERIFY:
+ tmp = rte_malloc(NULL, op->rsa.sign.length, 0);
+ if (tmp == NULL) {
+ OPENSSL_LOG(ERR, "Memory allocation failed");
+ cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
+ break;
+ }
ret = RSA_public_decrypt(op->rsa.sign.length,
op->rsa.sign.data,
- op->rsa.sign.data,
+ tmp,
rsa,
pad);
"Length of public_decrypt %d "
"length of message %zd\n",
ret, op->rsa.message.length);
-
- if (memcmp(op->rsa.sign.data, op->rsa.message.data,
- op->rsa.message.length)) {
- OPENSSL_LOG(ERR,
- "RSA sign Verification failed");
- return -1;
+ if ((ret <= 0) || (memcmp(tmp, op->rsa.message.data,
+ op->rsa.message.length))) {
+ OPENSSL_LOG(ERR, "RSA sign Verification failed");
+ cop->status = RTE_CRYPTO_OP_STATUS_ERROR;
}
+ rte_free(tmp);
break;
default:
openssl_reset_session(sess);
memset(sess, 0, sizeof(struct openssl_session));
memset(op->sym->session, 0,
- rte_cryptodev_sym_get_header_session_size());
- rte_mempool_put(qp->sess_mp, sess);
+ rte_cryptodev_sym_get_existing_header_session_size(
+ op->sym->session));
+ rte_mempool_put(qp->sess_mp_priv, sess);
rte_mempool_put(qp->sess_mp, op->sym->session);
op->sym->session = NULL;
}
RTE_CRYPTODEV_FF_CPU_AESNI |
RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT |
RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT |
- RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO;
+ RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO |
+ RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_EXP |
+ RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_QT;
/* Set vector instructions mode supported */
internals = dev->data->dev_private;
git.droids-corp.org / dpdk.git / blobdiff