Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Implement faster RSA key check#97827

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
vcsjones merged 6 commits intodotnet:mainfromvcsjones:ossl-fast-pkey-check
Feb 5, 2024

Conversation

vcsjones
Copy link
Member

@vcsjonesvcsjones commentedFeb 1, 2024
edited
Loading

This improves RSA key loading performance by using a lighter-weight RSA key checking mechanism instead of OpenSSL's.

For private keys, this represents a 60x speed up for RSA 2048, and 270x for RSA 4096. Public keys also see a decent improvement.

This is accomplished by reducing the amount of work that the key check is doing. The consistency of the key is still checked, but the quality of it is not.

MethodToolchainKeySizePublicOnlyMeanErrorStdDevRatio
ImportParametersPR2048False534.2 us0.77 us0.72 us0.02
ImportParametersmain2048False34,460.4 us188.61 us176.43 us1.00
ImportParametersPR2048True109.7 us0.18 us0.15 us0.04
ImportParametersmain2048True2,659.9 us9.59 us8.50 us1.00
ImportParametersPR4096False805.1 us3.84 us3.00 us0.004
ImportParametersmain4096False220,509.8 us1,297.47 us1,213.66 us1.000
ImportParametersPR4096True111.0 us0.43 us0.40 us0.007
ImportParametersmain4096True15,161.4 us57.91 us48.36 us1.000

Fixes#97727

am11, adamsitnik, and rzikm reacted with rocket emojifilipnavara reacted with eyes emoji
@ghostghost assignedvcsjonesFeb 1, 2024
@ghost
Copy link

Tagging subscribers to this area: @dotnet/area-system-security,@bartonjs,@vcsjones
See info inarea-owners.md if you want to be subscribed.

Issue Details

This improves RSA key loading performance by using a lighter-weight RSA key checking mechanism instead of OpenSSL's.

For private keys, this represents a 25x speed up for RSA 2048, and 250x for RSA 4096. Public keys also see a decent improvement.

This is accomplished by reducing the amount of work that the key check is doing. The consistency of the key is still checked, but the quality of it is not.

MethodJobToolchainKeySizePublicOnlyMeanErrorStdDevRatio
ImportParametersJob-USQXLCbranch2048False534.2 us0.77 us0.72 us0.02
ImportParametersJob-OISLSDmain2048False34,460.4 us188.61 us176.43 us1.00
ImportParametersJob-USQXLCbranch2048True109.7 us0.18 us0.15 us0.04
ImportParametersJob-OISLSDmain2048True2,659.9 us9.59 us8.50 us1.00
ImportParametersJob-USQXLCbranch4096False805.1 us3.84 us3.00 us0.004
ImportParametersJob-OISLSDmain4096False220,509.8 us1,297.47 us1,213.66 us1.000
ImportParametersJob-USQXLCbranch4096True111.0 us0.43 us0.40 us0.007
ImportParametersJob-OISLSDmain4096True15,161.4 us57.91 us48.36 us1.000
Author:vcsjones
Assignees:vcsjones
Labels:

area-System.Security

Milestone:-

@vcsjonesvcsjones marked this pull request as ready for reviewFebruary 1, 2024 21:44
@vcsjonesvcsjones added the tenet-performancePerformance related issue labelFeb 2, 2024
@vcsjones
Copy link
MemberAuthor

Test failures as known. I checked the portable / non-portable build against OpenSSL 1.0.2g. Merging.

@bartonjs
Copy link
Member

/backport to release/8.0-staging

@github-actionsGitHub Actions
Copy link
Contributor

Started backporting to release/8.0-staging:https://github.com/dotnet/runtime/actions/runs/7792389191

@sebastienros
Copy link
Member

FYI impact on aspnet startup time with https

image

martincostello, vcsjones, and adamsitnik reacted with rocket emoji

@adamsitnik
Copy link
Member

@stephentoub this perf improvement is blog-post worthy!

@stephentoub
Copy link
Member

@stephentoub this perf improvement is blog-post worthy!

Not for a 9 post; this was backported to 8.

@github-actionsgithub-actionsbot locked and limited conversation to collaboratorsMar 24, 2024
@bartonjsbartonjs added the cryptographic-docs-impactIssues impacting cryptographic docs. Cleared and reused after documentation is updated each release. labelAug 15, 2024
@bartonjsbartonjs added the trackingThis issue is tracking the completion of other related issues. labelAug 27, 2024
Sign up for freeto subscribe to this conversation on GitHub. Already have an account?Sign in.
Reviewers

@bartonjsbartonjsbartonjs approved these changes

Assignees

@vcsjonesvcsjones

Labels
area-System.Securitycryptographic-docs-impactIssues impacting cryptographic docs. Cleared and reused after documentation is updated each release.tenet-performancePerformance related issuetrackingThis issue is tracking the completion of other related issues.
Projects
None yet
Milestone
9.0.0
Development

Successfully merging this pull request may close these issues.

Massive performance downgrade when using latest .NET 8 linux runtime image caused by libssl3
5 participants
@vcsjones@bartonjs@sebastienros@adamsitnik@stephentoub
[8]ページ先頭
©2009-2025 Movatter.jp