Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[release/7.0-staging] Manually depad RSAES-PKCS1 on Apple OSes #98390

Merged

Conversation

github-actions[bot]
Copy link
Contributor

@github-actions github-actions bot commented Feb 13, 2024

Backport of #97738 to release/7.0-staging

/cc @bartonjs

Customer Impact

  • Customer reported
  • Found internally

Apple macOS 14.3 and Apple iOS/iPadOS 17.3 have applied a variant of the OpenSSL 3.2 "implicit rejection" feature where rather than reporting a decryption failure for RSAEncryptionPadding.Pkcs1 they report success and return random data. As with the similar change on Linux, this change breaks routines which depend on the failure for correctness.

Regression

  • Yes
  • No
  • OS Behavior Change

Apple macOS 14.3 and Apple iOS/iPadOS 17.3 have made this change intentionally, but this manifests as a functional regression in .NET applications depending on the current behavior.

Testing

This OS regression was caught by existing tests. New tests have also been added to verify the full reliability of the fix.

Risk

Low. The fix is in an area that we already have test coverage.

@ghost
Copy link

ghost commented Feb 13, 2024

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

Backport of #97738 to release/7.0-staging

/cc @bartonjs

Customer Impact

  • Customer reported
  • Found internally

[Select one or both of the boxes. Describe how this issue impacts customers, citing the expected and actual behaviors and scope of the issue. If customer-reported, provide the issue number.]

Regression

  • Yes
  • No

[If yes, specify when the regression was introduced. Provide the PR or commit if known.]

Testing

[How was the fix verified? How was the issue missed previously? What tests were added?]

Risk

[High/Medium/Low. Justify the indication by mentioning how risks were measured and addressed.]

IMPORTANT: If this backport is for a servicing release, please verify that:

  • The PR target branch is release/X.0-staging, not release/X.0.

  • If the change touches code that ships in a NuGet package, you have added the necessary package authoring and gotten it explicitly reviewed.

Author: github-actions[bot]
Assignees: -
Labels:

area-System.Security

Milestone: -

@bartonjs bartonjs added the Servicing-consider Issue for next servicing release review label Feb 13, 2024
@bartonjs bartonjs added Servicing-approved Approved for servicing release and removed Servicing-consider Issue for next servicing release review labels Feb 14, 2024
@bartonjs
Copy link
Member

The mono-Linux-arm64 failure is #90019/#87444; wasm is #87482

@bartonjs bartonjs merged commit 19468e1 into release/7.0-staging Feb 14, 2024
119 of 127 checks passed
@bartonjs bartonjs deleted the backport/pr-97738-to-release/7.0-staging branch February 14, 2024 23:17
@github-actions github-actions bot locked and limited conversation to collaborators Mar 16, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
area-System.Security Servicing-approved Approved for servicing release
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants