Finish moving DSAOpenSsl to EVP_PKEY for the shim boundary. #55787
Conversation
|
Tagging subscribers to this area: @bartonjs, @vcsjones, @krwq, @GrabYourPitchforks Issue Details
|
|
Looks like some of the "tell me about this DSA key" behaviors aren't as consistent as I'd like, since the pass/fail is by distro (works on 18.04 😄). I see the failures on my mac, so: looking. (Though I won't turn away any parallel investigation advice) |
I can look over the weekend. If you figure something out before then, please share so I don't duplicate the research. |
|
Looks like it might be that (a) those tests cycle between keys ( { generated 1024, generated 2048, imported 2048, imported 1024 } ), and (b) only the tests that hit generated 1024 fail. All the errors look like Q is too big. Seems like some builds are making FIPS 186-3 keys at 1024-bit, and some are making FIPS 186-2. Hopefully this is a one-liner. |
| // int qbits = keySize > 1024 ? 256 : 160; | ||
|
|
||
| if (EVP_PKEY_paramgen_init(paramCtx) == 1 && EVP_PKEY_CTX_set_dsa_paramgen_bits(paramCtx, keySize) == 1 && | ||
| // EVP_PKEY_CTX_set_dsa_paramgen_q_bits(paramCtx, qbits) == 1 && |
There was a problem hiding this comment.
Looks like I knew it was potentially a problem, but ultimately decided it wasn't needed. Well. That saves some work ;)
|
K, this round's errors:
Next commit should have both of those fixed. |
|
I think I'm going to close this until after .NET 6 peels off of main, and likewise not pursue moving ECC fully to EVP_PKEY in this release (ECC was giving me some trouble, anyways). When running this change with OpenSSL 3.0 the DSA tests which try to export a public key with private parameters fail with an OutOfMemoryException. Why? Well, because the (mostly generated) code walks down a path, does Trying to rewind my brain 5 years, I'm pretty sure we take the last error because of all the places that we decide there was an error and we move on anyways without clearing it, and this was partly because of the expense of interacting with the error state in OpenSSL 0.9.8 and 1.0.x (with 1.1.0 (IIRC) it moved to a thread-local thing and got much less costly). What this error shows is that we're just out of touch and need to rethink exception processing for OpenSSL. I /think/ that what we want is:
Because this is a pretty fundamental change in how we're interopping I think we want to make sure there's a chance to see if something complicated goes wrong, which means we want it in a preview release we can get good feedback on. And that means it's probably .NET 7 Preview 1. The alternative is that we just say "eh, let's only throw OOM if that was the oldest error in the queue", but that feels like we're just missing the point and kicking the can a bit. Leaving this open for another hour or two in case anyone wants to try swaying me back. |
|
Agree waiting for the 6.0 branch to be taken ("snap" as I think you call it...) seems to be the most sensible thing to do. |
|
Opened #55973 with a bigger braindump on the exception/error modelling, closing this until after that. |
ghost
locked as resolved and limited conversation to collaborators
Similar to the change for RSA, this removes SafeDsaHandle and changes the shim to work in terms
of EVP_PKEY* instead of DSA*, except for the DSAOpenSsl(IntPtr) constructor.
Related to #54282.
Contributes to #46526.