Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Implement faster RSA key check #97827

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Feb 5, 2024
Merged

Implement faster RSA key check #97827

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
635a083
Implement faster RSA key check
vcsjones Feb 1, 2024
b622f50
Self code review
vcsjones Feb 1, 2024
85c2ab0
Fix ordering of defines
vcsjones Feb 2, 2024
279466f
Code review feedback
vcsjones Feb 2, 2024
e1bedbe
More code review feedback
vcsjones Feb 2, 2024
08e1b92
Merge branch 'main' into ossl-fast-pkey-check
vcsjones Feb 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
Implement faster RSA key check
  • Loading branch information
@vcsjones
vcsjones committed Feb 1, 2024
commit 635a083b72d6c541d00196492beec2b847961ed0
23 changes: 23 additions & 0 deletions src/native/libs/System.Security.Cryptography.Native/apibridge.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -442,6 +442,14 @@ void local_RSA_get0_crt_params(const RSA* rsa, const BIGNUM** dmp1, const BIGNUM
}
}

int local_RSA_get_multi_prime_extra_count(const RSA* rsa)
{
(void)rsa;
// OpenSSL before 1.1 does not support multi-prime RSA, so it implicitly
// has zero extra primes.
return 0;
}

int32_t local_RSA_set0_key(RSA* rsa, BIGNUM* n, BIGNUM* e, BIGNUM* d)
{
if (rsa == NULL)
Expand Down Expand Up @@ -909,4 +917,19 @@ int local_BN_is_zero(const BIGNUM* a)
return a->top == 0;
}

int local_BN_is_one(const BIGNUM* a)
{
return BN_abs_is_word(a, 1) && !a->neg;
}

int local_BN_abs_is_word(const BIGNUM *a, const BN_ULONG w)
{
return ((a->top == 1) && (a->d[0] == w)) || ((w == 0) && (a->top == 0));
}

int local_BN_is_odd(const BIGNUM* a)
{
return (a->top > 0) && (a->d[0] & 1);
}

#endif
4 changes: 4 additions & 0 deletions src/native/libs/System.Security.Cryptography.Native/apibridge.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,10 @@
#include "pal_types.h"

int local_ASN1_TIME_to_tm(const ASN1_TIME* s, struct tm* tm);
int local_BN_abs_is_word(const BIGNUM *a, const BN_ULONG w);
int local_BN_is_zero(const BIGNUM* a);
int local_BN_is_odd(const BIGNUM* a);
int local_BN_is_one(const BIGNUM* a);
int local_BIO_up_ref(BIO *a);
const BIGNUM* local_DSA_get0_key(const DSA* dsa, const BIGNUM** pubKey, const BIGNUM** privKey);
void local_DSA_get0_pqg(const DSA* dsa, const BIGNUM** p, const BIGNUM** q, const BIGNUM** g);
Expand All @@ -27,6 +30,7 @@ long local_OpenSSL_version_num(void);
void local_RSA_get0_crt_params(const RSA* rsa, const BIGNUM** dmp1, const BIGNUM** dmq1, const BIGNUM** iqmp);
void local_RSA_get0_factors(const RSA* rsa, const BIGNUM** p, const BIGNUM** q);
void local_RSA_get0_key(const RSA* rsa, const BIGNUM** n, const BIGNUM** e, const BIGNUM** d);
int local_RSA_get_multi_prime_extra_count(const RSA* r);
int32_t local_RSA_meth_get_flags(const RSA_METHOD* meth);
int32_t local_RSA_set0_crt_params(RSA* rsa, BIGNUM* dmp1, BIGNUM* dmq1, BIGNUM* iqmp);
int32_t local_RSA_set0_factors(RSA* rsa, BIGNUM* p, BIGNUM* q);
Expand Down
11 changes: 6 additions & 5 deletions src/native/libs/System.Security.Cryptography.Native/openssl_1_0_structs.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -185,10 +185,11 @@ struct bio_st
int references;
};

struct bignum_st {
const void* _ignored1;
struct bignum_st
{
BN_ULONG *d;
int top;
int _ignored2;
int _ignored3;
int _ignored4;
int dmax;
int neg;
int flags;
};
35 changes: 35 additions & 0 deletions src/native/libs/System.Security.Cryptography.Native/opensslshim.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,9 @@
#if OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_1_1_0_RTM

// Remove problematic #defines
#undef BN_abs_is_word
#undef BN_is_odd
#undef BN_is_one
#undef BN_is_zero
#undef SSL_get_state
#undef SSL_is_init_finished
Expand Down Expand Up @@ -210,15 +213,28 @@ int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t len);
FALLBACK_FUNCTION(BIO_up_ref) \
REQUIRED_FUNCTION(BIO_s_mem) \
REQUIRED_FUNCTION(BIO_write) \
FALLBACK_FUNCTION(BN_abs_is_word) \
REQUIRED_FUNCTION(BN_bin2bn) \
REQUIRED_FUNCTION(BN_bn2bin) \
REQUIRED_FUNCTION(BN_clear_free) \
REQUIRED_FUNCTION(BN_cmp) \
REQUIRED_FUNCTION(BN_div) \
REQUIRED_FUNCTION(BN_dup) \
REQUIRED_FUNCTION(BN_free) \
REQUIRED_FUNCTION(BN_gcd) \
REQUIRED_FUNCTION(BN_mod_inverse) \
REQUIRED_FUNCTION(BN_mod_mul) \
FALLBACK_FUNCTION(BN_is_odd) \
FALLBACK_FUNCTION(BN_is_one) \
FALLBACK_FUNCTION(BN_is_zero) \
REQUIRED_FUNCTION(BN_mul) \
REQUIRED_FUNCTION(BN_new) \
REQUIRED_FUNCTION(BN_num_bits) \
REQUIRED_FUNCTION(BN_set_word) \
REQUIRED_FUNCTION(BN_sub) \
REQUIRED_FUNCTION(BN_value_one) \
REQUIRED_FUNCTION(BN_CTX_new) \
REQUIRED_FUNCTION(BN_CTX_free) \
LEGACY_FUNCTION(CRYPTO_add_lock) \
REQUIRED_FUNCTION(CRYPTO_free) \
REQUIRED_FUNCTION(CRYPTO_get_ex_new_index) \
Expand Down Expand Up @@ -496,6 +512,7 @@ int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t len);
REQUIRED_FUNCTION(RSA_free) \
REQUIRED_FUNCTION(RSA_generate_key_ex) \
REQUIRED_FUNCTION(RSA_get_method) \
FALLBACK_FUNCTION(RSA_get_multi_prime_extra_count) \
FALLBACK_FUNCTION(RSA_get0_crt_params) \
FALLBACK_FUNCTION(RSA_get0_factors) \
FALLBACK_FUNCTION(RSA_get0_key) \
Expand Down Expand Up @@ -722,15 +739,28 @@ FOR_ALL_OPENSSL_FUNCTIONS
#define BIO_up_ref BIO_up_ref_ptr
#define BIO_s_mem BIO_s_mem_ptr
#define BIO_write BIO_write_ptr
#define BN_abs_is_word BN_abs_is_word_ptr
#define BN_bin2bn BN_bin2bn_ptr
#define BN_bn2bin BN_bn2bin_ptr
#define BN_clear_free BN_clear_free_ptr
#define BN_cmp BN_cmp_ptr
#define BN_div BN_div_ptr
#define BN_dup BN_dup_ptr
#define BN_free BN_free_ptr
#define BN_is_odd BN_is_odd_ptr
#define BN_is_one BN_is_one_ptr
#define BN_is_zero BN_is_zero_ptr
#define BN_gcd BN_gcd_ptr
#define BN_mod_inverse BN_mod_inverse_ptr
#define BN_mod_mul BN_mod_mul_ptr
#define BN_mul BN_mul_ptr
#define BN_new BN_new_ptr
#define BN_num_bits BN_num_bits_ptr
#define BN_set_word BN_set_word_ptr
#define BN_sub BN_sub_ptr
#define BN_value_one BN_value_one_ptr
#define BN_CTX_free BN_CTX_free_ptr
#define BN_CTX_new BN_CTX_new_ptr
#define CRYPTO_add_lock CRYPTO_add_lock_ptr
#define CRYPTO_free CRYPTO_free_ptr
#define CRYPTO_get_ex_new_index CRYPTO_get_ex_new_index_ptr
Expand Down Expand Up @@ -1011,6 +1041,7 @@ FOR_ALL_OPENSSL_FUNCTIONS
#define RSA_get0_factors RSA_get0_factors_ptr
#define RSA_get0_key RSA_get0_key_ptr
#define RSA_get_method RSA_get_method_ptr
#define RSA_get_multi_prime_extra_count RSA_get_multi_prime_extra_count_ptr
#define RSA_meth_get_flags RSA_meth_get_flags_ptr
#define RSA_new RSA_new_ptr
#define RSA_pkey_ctx_ctrl RSA_pkey_ctx_ctrl_ptr
Expand Down Expand Up @@ -1270,6 +1301,9 @@ FOR_ALL_OPENSSL_FUNCTIONS

// Alias "future" API to the local_ version.
#define ASN1_TIME_to_tm local_ASN1_TIME_to_tm
#define BN_abs_is_word local_BN_abs_is_word
#define BN_is_odd local_BN_is_odd
#define BN_is_one local_BN_is_one
#define BN_is_zero local_BN_is_zero
#define BIO_up_ref local_BIO_up_ref
#define DSA_get0_key local_DSA_get0_key
Expand All @@ -1287,6 +1321,7 @@ FOR_ALL_OPENSSL_FUNCTIONS
#define HMAC_CTX_free local_HMAC_CTX_free
#define HMAC_CTX_new local_HMAC_CTX_new
#define OpenSSL_version_num local_OpenSSL_version_num
#define RSA_get_multi_prime_extra_count local_RSA_get_multi_prime_extra_count
#define RSA_get0_crt_params local_RSA_get0_crt_params
#define RSA_get0_factors local_RSA_get0_factors
#define RSA_get0_key local_RSA_get0_key
Expand Down
7 changes: 7 additions & 0 deletions src/native/libs/System.Security.Cryptography.Native/osslcompat_111.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,9 @@
#pragma once
#include "pal_types.h"

#undef BN_abs_is_word
#undef BN_is_odd
#undef BN_is_one
#undef BN_is_zero
#undef SSL_CTX_set_options
#undef SSL_set_options
Expand All @@ -21,6 +24,9 @@ typedef struct stack_st OPENSSL_STACK;
#define OPENSSL_INIT_LOAD_SSL_STRINGS 0x00200000L

int ASN1_TIME_to_tm(const ASN1_TIME* s, struct tm* tm);
int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w);
int BN_is_odd(const BIGNUM* a);
int BN_is_one(const BIGNUM* a);
int BN_is_zero(const BIGNUM* a);
int BIO_up_ref(BIO* a);
const BIGNUM* DSA_get0_key(const DSA* dsa, const BIGNUM** pubKey, const BIGNUM** privKey);
Expand Down Expand Up @@ -52,6 +58,7 @@ const RSA_METHOD* RSA_PKCS1_OpenSSL(void);
void RSA_get0_crt_params(const RSA* rsa, const BIGNUM** dmp1, const BIGNUM** dmq1, const BIGNUM** iqmp);
void RSA_get0_factors(const RSA* rsa, const BIGNUM** p, const BIGNUM** q);
void RSA_get0_key(const RSA* rsa, const BIGNUM** n, const BIGNUM** e, const BIGNUM** d);
int RSA_get_multi_prime_extra_count(const RSA* r);
int32_t RSA_meth_get_flags(const RSA_METHOD* meth);
int32_t RSA_pkey_ctx_ctrl(EVP_PKEY_CTX* ctx, int32_t optype, int32_t cmd, int32_t p1, void* p2);
int32_t RSA_set0_crt_params(RSA* rsa, BIGNUM* dmp1, BIGNUM* dmq1, BIGNUM* iqmp);
Expand Down
Loading