Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Investigate if RSA issue can happen with ECDSA/ECDH on OpenSSL < 3.0 #105175

Closed
krwq opened this issue Jul 20, 2024 · 1 comment · Fixed by #106397
Closed

Investigate if RSA issue can happen with ECDSA/ECDH on OpenSSL < 3.0 #105175

krwq opened this issue Jul 20, 2024 · 1 comment · Fixed by #106397
Assignees
@krwq
Labels
area-System.Security blocking-release in-pr There is an active PR which will close this issue when it is merged
Milestone
9.0.0

Comments

@krwq
Copy link
Member

krwq commented Jul 20, 2024
edited
Loading

In #104961 we've changed OpenSSL implementation of ECDsa and ECDH to be similar to RSA. RSA implementation had a workaround for OpenSSL issue which occurs only on some low versions of OpenSSL and it requires us checking if key is a private key explicitly rather than relying on OpenSSL API. See: #53345 (comment) - we've added HasNoPrivateKey check in the Sign/Decrypt operations.

We need to verify if:

  • is that code still needed (i.e. has OpenSSL fixed the bug)
  • do we need similar check in ECDSA/ECDH? (the most likely answer is "no" but we need to confirm)

As part of this it would be good to add provider test cases as suggested per #104961 (review)
@krwq krwq added this to the 9.0.0 milestone Jul 20, 2024
@krwq krwq self-assigned this Jul 20, 2024
@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

@krwq krwq mentioned this issue Jul 20, 2024
Merged
@krwq krwq mentioned this issue Aug 14, 2024
Merged
@dotnet-policy-service dotnet-policy-service bot added the in-pr There is an active PR which will close this issue when it is merged label Aug 14, 2024
@github-actions github-actions bot locked and limited conversation to collaborators Sep 20, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@krwq krwq

Labels
area-System.Security blocking-release in-pr There is an active PR which will close this issue when it is merged
Projects
None yet
Milestone
9.0.0
Development

Successfully merging a pull request may close this issue.

Make SafeEvpPKeyHandle.OpenKeyFromProvider throw PNSE on OSSL less than 3.0 krwq/runtime-1
2 participants
@krwq @jeffhandley