From 0eff9703c334c1ab391a5ebc8fea57f6e95a3ed0 Mon Sep 17 00:00:00 2001 From: Kevin Jones Date: Tue, 29 Nov 2022 14:02:35 -0500 Subject: [PATCH] Revert "Handle zero value RSA modulus for OpenSSL 1.1" This reverts commit fe49b0a19f028ace6d504d4d661a855c16270b5f. --- .../RSA/ImportExport.cs | 33 ------------------- .../apibridge.c | 7 +--- .../apibridge.h | 1 - .../openssl_1_0_structs.h | 8 ----- .../opensslshim.h | 3 -- .../osslcompat_111.h | 2 -- .../pal_evp_pkey.c | 20 ----------- 7 files changed, 1 insertion(+), 73 deletions(-) diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/ImportExport.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/ImportExport.cs index 4378f4590f19d..ee608a62a3075 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/ImportExport.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/ImportExport.cs @@ -311,22 +311,6 @@ public static void ExportAfterDispose(bool importKey) } } - [ConditionalTheory(typeof(PlatformDetection), nameof(PlatformDetection.IsNotWindows7))] - [InlineData(true)] - [InlineData(false)] - public static void ImportZeroModulus(bool includePrivateParameters) - { - RSAParameters zeroModulus = CopyRSAParameters(TestData.RSA2048Params); - zeroModulus.Modulus.AsSpan().Clear(); - - if (!includePrivateParameters) - { - zeroModulus = MakePublic(zeroModulus); - } - - Assert.ThrowsAny(() => RSAFactory.Create(zeroModulus)); - } - internal static void AssertKeyEquals(in RSAParameters expected, in RSAParameters actual) { Assert.Equal(expected.Modulus, actual.Modulus); @@ -460,22 +444,5 @@ private static bool TestRsa16384() return false; } } - - private static RSAParameters CopyRSAParameters(in RSAParameters rsaParams) - { - static byte[] CopyBytes(byte[] data) => data is null ? null : data.AsSpan().ToArray(); - - return new RSAParameters - { - Modulus = CopyBytes(rsaParams.Modulus), - Exponent = CopyBytes(rsaParams.Exponent), - D = CopyBytes(rsaParams.D), - P = CopyBytes(rsaParams.P), - Q = CopyBytes(rsaParams.Q), - DP = CopyBytes(rsaParams.DP), - DQ = CopyBytes(rsaParams.DQ), - InverseQ = CopyBytes(rsaParams.InverseQ), - }; - } } } diff --git a/src/native/libs/System.Security.Cryptography.Native/apibridge.c b/src/native/libs/System.Security.Cryptography.Native/apibridge.c index b130edf3574e0..8077a1e2bb6db 100644 --- a/src/native/libs/System.Security.Cryptography.Native/apibridge.c +++ b/src/native/libs/System.Security.Cryptography.Native/apibridge.c @@ -890,6 +890,7 @@ int local_EVP_PKEY_public_check(EVP_PKEY_CTX* ctx) } } + int local_ASN1_TIME_to_tm(const ASN1_TIME* s, struct tm* tm) { (void)s; @@ -897,10 +898,4 @@ int local_ASN1_TIME_to_tm(const ASN1_TIME* s, struct tm* tm) return 0; } - -int local_BN_is_zero(const BIGNUM* a) -{ - return a->top == 0; -} - #endif diff --git a/src/native/libs/System.Security.Cryptography.Native/apibridge.h b/src/native/libs/System.Security.Cryptography.Native/apibridge.h index 397159da810be..92f4c592ad893 100644 --- a/src/native/libs/System.Security.Cryptography.Native/apibridge.h +++ b/src/native/libs/System.Security.Cryptography.Native/apibridge.h @@ -7,7 +7,6 @@ #include "pal_types.h" int local_ASN1_TIME_to_tm(const ASN1_TIME* s, struct tm* tm); -int local_BN_is_zero(const BIGNUM* a); int local_BIO_up_ref(BIO *a); const BIGNUM* local_DSA_get0_key(const DSA* dsa, const BIGNUM** pubKey, const BIGNUM** privKey); void local_DSA_get0_pqg(const DSA* dsa, const BIGNUM** p, const BIGNUM** q, const BIGNUM** g); diff --git a/src/native/libs/System.Security.Cryptography.Native/openssl_1_0_structs.h b/src/native/libs/System.Security.Cryptography.Native/openssl_1_0_structs.h index 486dbb902de3b..83942449bb3af 100644 --- a/src/native/libs/System.Security.Cryptography.Native/openssl_1_0_structs.h +++ b/src/native/libs/System.Security.Cryptography.Native/openssl_1_0_structs.h @@ -184,11 +184,3 @@ struct bio_st const void*_ignored11; int references; }; - -struct bignum_st { - const void* _ignored1; - int top; - int _ignored2; - int _ignored3; - int _ignored4; -}; diff --git a/src/native/libs/System.Security.Cryptography.Native/opensslshim.h b/src/native/libs/System.Security.Cryptography.Native/opensslshim.h index e1fbe91205ceb..c56303c2b48cc 100644 --- a/src/native/libs/System.Security.Cryptography.Native/opensslshim.h +++ b/src/native/libs/System.Security.Cryptography.Native/opensslshim.h @@ -192,7 +192,6 @@ const EVP_CIPHER* EVP_chacha20_poly1305(void); REQUIRED_FUNCTION(BN_clear_free) \ REQUIRED_FUNCTION(BN_dup) \ REQUIRED_FUNCTION(BN_free) \ - FALLBACK_FUNCTION(BN_is_zero) \ REQUIRED_FUNCTION(BN_new) \ REQUIRED_FUNCTION(BN_num_bits) \ REQUIRED_FUNCTION(BN_set_word) \ @@ -674,7 +673,6 @@ FOR_ALL_OPENSSL_FUNCTIONS #define BN_clear_free BN_clear_free_ptr #define BN_dup BN_dup_ptr #define BN_free BN_free_ptr -#define BN_is_zero BN_is_zero_ptr #define BN_new BN_new_ptr #define BN_num_bits BN_num_bits_ptr #define BN_set_word BN_set_word_ptr @@ -1187,7 +1185,6 @@ FOR_ALL_OPENSSL_FUNCTIONS // Alias "future" API to the local_ version. #define ASN1_TIME_to_tm local_ASN1_TIME_to_tm -#define BN_is_zero local_BN_is_zero #define BIO_up_ref local_BIO_up_ref #define DSA_get0_key local_DSA_get0_key #define DSA_get0_pqg local_DSA_get0_pqg diff --git a/src/native/libs/System.Security.Cryptography.Native/osslcompat_111.h b/src/native/libs/System.Security.Cryptography.Native/osslcompat_111.h index ccb8ddfb22368..4630276689e3f 100644 --- a/src/native/libs/System.Security.Cryptography.Native/osslcompat_111.h +++ b/src/native/libs/System.Security.Cryptography.Native/osslcompat_111.h @@ -6,7 +6,6 @@ #pragma once #include "pal_types.h" -#undef BN_is_zero #undef SSL_CTX_set_options #undef SSL_set_options #undef SSL_session_reused @@ -21,7 +20,6 @@ typedef struct stack_st OPENSSL_STACK; #define OPENSSL_INIT_LOAD_SSL_STRINGS 0x00200000L int ASN1_TIME_to_tm(const ASN1_TIME* s, struct tm* tm); -int BN_is_zero(const BIGNUM* a); int BIO_up_ref(BIO* a); const BIGNUM* DSA_get0_key(const DSA* dsa, const BIGNUM** pubKey, const BIGNUM** privKey); void DSA_get0_pqg(const DSA* dsa, const BIGNUM** p, const BIGNUM** q, const BIGNUM** g); diff --git a/src/native/libs/System.Security.Cryptography.Native/pal_evp_pkey.c b/src/native/libs/System.Security.Cryptography.Native/pal_evp_pkey.c index 1452ea2cb96cb..402903b8781a6 100644 --- a/src/native/libs/System.Security.Cryptography.Native/pal_evp_pkey.c +++ b/src/native/libs/System.Security.Cryptography.Native/pal_evp_pkey.c @@ -97,26 +97,6 @@ static bool CheckKey(EVP_PKEY* key, int32_t algId, int32_t (*check_func)(EVP_PKE return false; } - // OpenSSL 1.x does not fail when importing a key with a zero modulus. It fails at key-usage time with an - // out-of-memory error. For RSA keys, check the modulus for zero and report an invalid key. - // OpenSSL 3 correctly fails with with an invalid modulus error. - if (algId == NID_rsaEncryption) - { - const RSA* rsa = EVP_PKEY_get0_RSA(key); - - if (rsa != NULL) - { - const BIGNUM* modulus = NULL; - RSA_get0_key(rsa, &modulus, NULL, NULL); - - if (modulus != NULL && BN_is_zero(modulus)) - { - ERR_put_error(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY, __FILE__, __LINE__); - return false; - } - } - } - EVP_PKEY_CTX* ctx = EVP_PKEY_CTX_new(key, NULL); if (ctx == NULL)