Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Finish migrating RSAOpenSsl from RSA* to EVP_PKEY* #54282

Merged
merged 18 commits into from
Jul 14, 2021
Merged

Finish migrating RSAOpenSsl from RSA* to EVP_PKEY* #54282

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
b91a2f8
Add EVP_PKEY based Decode methods.
bartonjs Jun 10, 2021
2c39b94
Change RSAOpenSsl to use new EVP_PKEY-based imports
bartonjs Jun 10, 2021
d946012
Native methods for EVP_PKEY to PKCS8PrivateKeyInfo
bartonjs Jun 11, 2021
186bf50
Change RSAOpenSsl export methods to be PKCS8-based
bartonjs Jun 11, 2021
a410ffb
Native support for EVP_PKEY to SubjectPublicKeyInfo
bartonjs Jun 11, 2021
64ec3a0
Eliminate SafeRsaHandle from the Unix build
bartonjs Jun 11, 2021
0e35eba
Remove RSA*-based PALEXPORT functions
bartonjs Jun 11, 2021
9e422fb
"Add" deleted file.
bartonjs Jun 11, 2021
2f75b09
Make the S.S.C.OpenSsl library work again
bartonjs Jun 16, 2021
7c5a5f8
Bringing back some small amount of RSA* PALEXPORTs.
bartonjs Jun 16, 2021
df42f68
Undo unintended config change
bartonjs Jun 16, 2021
5528ab3
Fix some build breaks
bartonjs Jun 16, 2021
80f753e
Add support for OpenSSL 1.0.x
bartonjs Jun 17, 2021
64b2f37
Remove PALEXPORT EVP_PKEY get/set RSA functions
bartonjs Jun 17, 2021
6b85d76
Error code, take 3.
bartonjs Jun 17, 2021
6e0444c
Merge remote-tracking branch 'dotnet/main' into finish_rsa_evp_pkey
bartonjs Jul 13, 2021
5900493
Clean up references to renamed functions.
bartonjs Jul 13, 2021
e05907d
Make new code build with OpenSSL 3 headers.
bartonjs Jul 13, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
59 changes: 59 additions & 0 deletions src/libraries/Native/Unix/System.Security.Cryptography.Native/apibridge.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -818,4 +818,63 @@ int local_RSA_test_flags(const RSA *r, int flags)
return r->flags & flags;
}

int local_EVP_PKEY_check(EVP_PKEY_CTX* ctx)
{
EVP_PKEY* pkey = EVP_PKEY_CTX_get0_pkey(ctx);

if (pkey == NULL)
{
ERR_put_error(ERR_LIB_EVP, 0, EVP_R_INPUT_NOT_INITIALIZED, __FILE__, __LINE__);
return -1;
}

int id = EVP_PKEY_base_id(pkey);

switch (id)
{
case NID_rsaEncryption:
{
RSA* rsa = EVP_PKEY_get0_RSA(pkey);

if (rsa != NULL)
{
return RSA_check_key(rsa);
bartonjs marked this conversation as resolved.
Show resolved Hide resolved
}

break;
}
default:
ERR_put_error(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_ALGORITHM, __FILE__, __LINE__);
return -1;
}

ERR_put_error(ERR_LIB_EVP, 0, EVP_R_NO_KEY_SET, __FILE__, __LINE__);
return -1;
}

int local_EVP_PKEY_public_check(EVP_PKEY_CTX* ctx)
{
EVP_PKEY* pkey = EVP_PKEY_CTX_get0_pkey(ctx);

if (pkey == NULL)
{
ERR_put_error(ERR_LIB_EVP, 0, EVP_R_INPUT_NOT_INITIALIZED, __FILE__, __LINE__);
return -1;
}

int id = EVP_PKEY_base_id(pkey);

switch (id)
{
case NID_rsaEncryption:
{
ERR_put_error(ERR_LIB_EVP, 0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE, __FILE__, __LINE__);
return -2;
}
default:
ERR_put_error(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_ALGORITHM, __FILE__, __LINE__);
return -1;
}
}

#endif
2 changes: 2 additions & 0 deletions src/libraries/Native/Unix/System.Security.Cryptography.Native/apibridge.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,9 @@ int32_t local_DSA_set0_pqg(DSA* dsa, BIGNUM* bnP, BIGNUM* bnQ, BIGNUM* bnG);
void local_EVP_CIPHER_CTX_free(EVP_CIPHER_CTX* ctx);
EVP_CIPHER_CTX* local_EVP_CIPHER_CTX_new(void);
int32_t local_EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX* ctx);
int local_EVP_PKEY_check(EVP_PKEY_CTX* ctx);
RSA* local_EVP_PKEY_get0_RSA(EVP_PKEY* pkey);
int local_EVP_PKEY_public_check(EVP_PKEY_CTX* ctx);
int32_t local_EVP_PKEY_up_ref(EVP_PKEY* pkey);
void local_HMAC_CTX_free(HMAC_CTX* ctx);
HMAC_CTX* local_HMAC_CTX_new(void);
Expand Down
2 changes: 0 additions & 2 deletions src/libraries/Native/Unix/System.Security.Cryptography.Native/entrypoints.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -154,10 +154,8 @@ static const Entry s_cryptoNative[] =
DllImportEntry(CryptoNative_EvpPKeyDuplicate)
DllImportEntry(CryptoNative_EvpPkeyGetDsa)
DllImportEntry(CryptoNative_EvpPkeyGetEcKey)
DllImportEntry(CryptoNative_EvpPkeyGetRsa)
DllImportEntry(CryptoNative_EvpPkeySetDsa)
DllImportEntry(CryptoNative_EvpPkeySetEcKey)
DllImportEntry(CryptoNative_EvpPkeySetRsa)
DllImportEntry(CryptoNative_EvpPKeySize)
DllImportEntry(CryptoNative_EvpRC2Cbc)
DllImportEntry(CryptoNative_EvpRC2Ecb)
Expand Down
6 changes: 4 additions & 2 deletions src/libraries/Native/Unix/System.Security.Cryptography.Native/opensslshim.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -334,7 +334,7 @@ const EVP_CIPHER* EVP_chacha20_poly1305(void);
FALLBACK_FUNCTION(EVP_PKEY_CTX_set_rsa_pss_saltlen) \
FALLBACK_FUNCTION(EVP_PKEY_CTX_set_signature_md) \
REQUIRED_FUNCTION(EVP_PKEY_base_id) \
REQUIRED_FUNCTION(EVP_PKEY_check) \
FALLBACK_FUNCTION(EVP_PKEY_check) \
REQUIRED_FUNCTION(EVP_PKEY_decrypt) \
REQUIRED_FUNCTION(EVP_PKEY_decrypt_init) \
REQUIRED_FUNCTION(EVP_PKEY_derive_set_peer) \
Expand All @@ -350,7 +350,7 @@ const EVP_CIPHER* EVP_chacha20_poly1305(void);
REQUIRED_FUNCTION(EVP_PKEY_keygen) \
REQUIRED_FUNCTION(EVP_PKEY_keygen_init) \
REQUIRED_FUNCTION(EVP_PKEY_new) \
REQUIRED_FUNCTION(EVP_PKEY_public_check) \
FALLBACK_FUNCTION(EVP_PKEY_public_check) \
REQUIRED_FUNCTION(EVP_PKEY_set1_DSA) \
REQUIRED_FUNCTION(EVP_PKEY_set1_EC_KEY) \
REQUIRED_FUNCTION(EVP_PKEY_set1_RSA) \
Expand Down Expand Up @@ -1114,7 +1114,9 @@ FOR_ALL_OPENSSL_FUNCTIONS
#define EVP_CIPHER_CTX_free local_EVP_CIPHER_CTX_free
#define EVP_CIPHER_CTX_new local_EVP_CIPHER_CTX_new
#define EVP_CIPHER_CTX_reset local_EVP_CIPHER_CTX_reset
#define EVP_PKEY_check local_EVP_PKEY_check
#define EVP_PKEY_get0_RSA local_EVP_PKEY_get0_RSA
#define EVP_PKEY_public_check local_EVP_PKEY_public_check
#define EVP_PKEY_up_ref local_EVP_PKEY_up_ref
#define HMAC_CTX_free local_HMAC_CTX_free
#define HMAC_CTX_new local_HMAC_CTX_new
Expand Down
2 changes: 2 additions & 0 deletions src/libraries/Native/Unix/System.Security.Cryptography.Native/osslcompat_111.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,8 @@ int32_t EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX* ctx);
void EVP_MD_CTX_free(EVP_MD_CTX* ctx);
EVP_MD_CTX* EVP_MD_CTX_new(void);
RSA* EVP_PKEY_get0_RSA(EVP_PKEY* pkey);
int EVP_PKEY_check(EVP_PKEY_CTX* ctx);
int EVP_PKEY_public_check(EVP_PKEY_CTX* ctx);
int32_t EVP_PKEY_up_ref(EVP_PKEY* pkey);
void HMAC_CTX_free(HMAC_CTX* ctx);
HMAC_CTX* HMAC_CTX_new(void);
Expand Down
2 changes: 1 addition & 1 deletion src/libraries/Native/Unix/System.Security.Cryptography.Native/pal_evp_pkey.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ EVP_PKEY* CryptoNative_EvpPKeyDuplicate(EVP_PKEY* currentKey, int32_t algId)

if (algId != NID_undef && algId != currentAlgId)
{
ERR_put_error(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY, __FILE__, __LINE__);
ERR_put_error(ERR_LIB_EVP, 0, EVP_R_WRONG_PUBLIC_KEY_TYPE, __FILE__, __LINE__);
return NULL;
}

Expand Down
10 changes: 0 additions & 10 deletions src/libraries/Native/Unix/System.Security.Cryptography.Native/pal_evp_pkey_rsa.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -314,16 +314,6 @@ int32_t CryptoNative_RsaVerifyHash(EVP_PKEY* pkey,
return ret;
}

RSA* CryptoNative_EvpPkeyGetRsa(EVP_PKEY* pkey)
{
return EVP_PKEY_get1_RSA(pkey);
}

int32_t CryptoNative_EvpPkeySetRsa(EVP_PKEY* pkey, RSA* rsa)
{
return EVP_PKEY_set1_RSA(pkey, rsa);
}

static int HasNoPrivateKey(const RSA* rsa)
{
if (rsa == NULL)
Expand Down
14 changes: 0 additions & 14 deletions src/libraries/Native/Unix/System.Security.Cryptography.Native/pal_evp_pkey_rsa.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,17 +79,3 @@ PALEXPORT int32_t CryptoNative_RsaVerifyHash(EVP_PKEY* pkey,
const uint8_t* signature,
int32_t signatureLen);

/*
Shims the EVP_PKEY_get1_RSA method.

Returns the RSA instance for the EVP_PKEY.
*/
PALEXPORT RSA* CryptoNative_EvpPkeyGetRsa(EVP_PKEY* pkey);

/*
Shims the EVP_PKEY_set1_RSA method to set the RSA
instance on the EVP_KEY.

Returns 1 upon success, otherwise 0.
*/
PALEXPORT int32_t CryptoNative_EvpPkeySetRsa(EVP_PKEY* pkey, RSA* rsa);
2 changes: 1 addition & 1 deletion src/libraries/Native/Unix/System.Security.Cryptography.Native/pal_ssl.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -660,7 +660,7 @@ static int MakeSelfSignedCertificate(X509 * cert, EVP_PKEY* evp)

if (rsa != NULL)
{
if (CryptoNative_EvpPkeySetRsa(evp, rsa) == 1)
if (EVP_PKEY_set1_RSA(evp, rsa) == 1)
{
rsa = NULL;
}
Expand Down