If private exponent is available, it should be included within RSA session as per RFC 8017 (A.1.2). OpenSSL 1.1.1 implementation rely on this private exponent, to implicitly reject invalid cipher. Hence, check if it is available for session and include it.
Fixes: 3e9d6bd447fb ("crypto/openssl: add RSA and mod asym operations") Cc: sta...@dpdk.org Signed-off-by: Gowrishankar Muthukrishnan <gmuthukri...@marvell.com> --- drivers/crypto/openssl/rte_openssl_pmd_ops.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/openssl/rte_openssl_pmd_ops.c b/drivers/crypto/openssl/rte_openssl_pmd_ops.c index 04e018f3df..d3aa396c76 100644 --- a/drivers/crypto/openssl/rte_openssl_pmd_ops.c +++ b/drivers/crypto/openssl/rte_openssl_pmd_ops.c @@ -1025,7 +1025,7 @@ static int openssl_set_asym_session_parameters( if (rsa == NULL) goto err_rsa; - if (xform->rsa.key_type == RTE_RSA_KEY_TYPE_EXP) { + if (xform->rsa.d.length > 0) { d = BN_bin2bn( (const unsigned char *)xform->rsa.d.data, xform->rsa.d.length, @@ -1034,7 +1034,9 @@ static int openssl_set_asym_session_parameters( RSA_free(rsa); goto err_rsa; } - } else { + } + + if (xform->rsa.key_type == RTE_RSA_KEY_TYPE_QT) { p = BN_bin2bn((const unsigned char *) xform->rsa.qt.p.data, xform->rsa.qt.p.length, -- 2.25.1