Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Implement faster RSA key check #97827

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Feb 5, 2024
Merged

Implement faster RSA key check #97827

merged 6 commits into from
Feb 5, 2024

Conversation

vcsjones
Copy link
Member

@vcsjones vcsjones commented Feb 1, 2024
edited
Loading

This improves RSA key loading performance by using a lighter-weight RSA key checking mechanism instead of OpenSSL's.

For private keys, this represents a 60x speed up for RSA 2048, and 270x for RSA 4096. Public keys also see a decent improvement.

This is accomplished by reducing the amount of work that the key check is doing. The consistency of the key is still checked, but the quality of it is not.

Method Toolchain KeySize PublicOnly Mean Error StdDev Ratio
ImportParameters PR 2048 False 534.2 us 0.77 us 0.72 us 0.02
ImportParameters main 2048 False 34,460.4 us 188.61 us 176.43 us 1.00
ImportParameters PR 2048 True 109.7 us 0.18 us 0.15 us 0.04
ImportParameters main 2048 True 2,659.9 us 9.59 us 8.50 us 1.00
ImportParameters PR 4096 False 805.1 us 3.84 us 3.00 us 0.004
ImportParameters main 4096 False 220,509.8 us 1,297.47 us 1,213.66 us 1.000
ImportParameters PR 4096 True 111.0 us 0.43 us 0.40 us 0.007
ImportParameters main 4096 True 15,161.4 us 57.91 us 48.36 us 1.000

Fixes #97727

@ghost ghost assigned vcsjones Feb 1, 2024
@ghost ghost added the area-System.Security label Feb 1, 2024
@ghost
Copy link

ghost commented Feb 1, 2024

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

This improves RSA key loading performance by using a lighter-weight RSA key checking mechanism instead of OpenSSL's.

For private keys, this represents a 25x speed up for RSA 2048, and 250x for RSA 4096. Public keys also see a decent improvement.

This is accomplished by reducing the amount of work that the key check is doing. The consistency of the key is still checked, but the quality of it is not.

Method Job Toolchain KeySize PublicOnly Mean Error StdDev Ratio
ImportParameters Job-USQXLC branch 2048 False 534.2 us 0.77 us 0.72 us 0.02
ImportParameters Job-OISLSD main 2048 False 34,460.4 us 188.61 us 176.43 us 1.00
ImportParameters Job-USQXLC branch 2048 True 109.7 us 0.18 us 0.15 us 0.04
ImportParameters Job-OISLSD main 2048 True 2,659.9 us 9.59 us 8.50 us 1.00
ImportParameters Job-USQXLC branch 4096 False 805.1 us 3.84 us 3.00 us 0.004
ImportParameters Job-OISLSD main 4096 False 220,509.8 us 1,297.47 us 1,213.66 us 1.000
ImportParameters Job-USQXLC branch 4096 True 111.0 us 0.43 us 0.40 us 0.007
ImportParameters Job-OISLSD main 4096 True 15,161.4 us 57.91 us 48.36 us 1.000
Author: vcsjones
Assignees: vcsjones
Labels:

area-System.Security
Milestone: -

This was referenced Feb 1, 2024
Closed
Closed
@vcsjones vcsjones marked this pull request as ready for review February 1, 2024 21:44
@vcsjones vcsjones added the tenet-performance Performance related issue label Feb 2, 2024
bartonjs
bartonjs reviewed Feb 2, 2024
View reviewed changes
bartonjs
bartonjs reviewed Feb 2, 2024
View reviewed changes
@vcsjones
Copy link
Member Author

vcsjones commented Feb 5, 2024

Test failures as known. I checked the portable / non-portable build against OpenSSL 1.0.2g. Merging.

@vcsjones vcsjones merged commit 4eadfbe into dotnet:main Feb 5, 2024
@vcsjones vcsjones deleted the ossl-fast-pkey-check branch February 5, 2024 16:01
@vcsjones vcsjones mentioned this pull request Feb 5, 2024
Closed
@bartonjs
Copy link
Member

bartonjs commented Feb 5, 2024

/backport to release/8.0-staging

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 5, 2024

Started backporting to release/8.0-staging: https://github.com/dotnet/runtime/actions/runs/7792389191

@github-actions github-actions bot mentioned this pull request Feb 5, 2024
Merged
5 tasks
@vcsjones vcsjones mentioned this pull request Feb 7, 2024
Merged
@vcsjones vcsjones added this to the 9.0.0 milestone Feb 9, 2024
@sebastienros
Copy link
Member

FYI impact on aspnet startup time with https

image

@vcsjones vcsjones mentioned this pull request Feb 19, 2024
Closed
@adamsitnik
Copy link
Member

@stephentoub this perf improvement is blog-post worthy!

@stephentoub
Copy link
Member

@stephentoub this perf improvement is blog-post worthy!

Not for a 9 post; this was backported to 8.

@github-actions github-actions bot locked and limited conversation to collaborators Mar 24, 2024
@bartonjs bartonjs added the cryptographic-docs-impact Issues impacting cryptographic docs. Cleared and reused after documentation is updated each release. label Aug 15, 2024
@bartonjs bartonjs added the tracking This issue is tracking the completion of other related issues. label Aug 27, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@bartonjs bartonjs bartonjs approved these changes

Assignees

@vcsjones vcsjones

Labels
area-System.Security cryptographic-docs-impact Issues impacting cryptographic docs. Cleared and reused after documentation is updated each release. tenet-performance Performance related issue tracking This issue is tracking the completion of other related issues.
Projects
None yet
Milestone
9.0.0
Development

Successfully merging this pull request may close these issues.

Massive performance downgrade when using latest .NET 8 linux runtime image caused by libssl3
5 participants
@vcsjones @bartonjs @sebastienros @adamsitnik @stephentoub