Skip to content

Make SafeEvpPKeyHandle.OpenKeyFromProvider throw PNSE on OSSL less than 3.0 #106397

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Aug 21, 2024
Merged

Make SafeEvpPKeyHandle.OpenKeyFromProvider throw PNSE on OSSL less than 3.0 #106397

merged 3 commits into from
Aug 21, 2024

Conversation

@krwq
Copy link
Member

@krwq krwq commented Aug 14, 2024

Fixes: #105175

Description:

  • RSA HasNoPrivateKey is still needed on OpenSSL 1.1.1
  • ECDSA/ECDH doesn't have the same problem as RSA when trying to sign/key exchange with public key
  • found issue on OpenSSL 1.1.1 that we're throwing CryptographicException (providers require OpenSSL 3.0) where PlatformNotSupportedException seems like a better fit - also improved message so it's more clear what user needs to do
  • Manual tests are not failing on OpenSSL 1.1.1 anymore
  • Added couple of providers tests based on default provider - they're not as comprehensive as existing manual tests because losing info about provider from SafeEvpPKeyHandle will not cause them to fail (this is because NULL is equivalent to default provider so they may accidentally pass) - they will exercise the new logic in the DuplicateHandle and other places in the automated tests

@krwq krwq requested review from bartonjs and vcsjones August 14, 2024 14:41
@krwq krwq added this to the 9.0.0 milestone Aug 14, 2024
@build-analysis build-analysis bot mentioned this pull request Aug 14, 2024
Closed
@build-analysis build-analysis bot mentioned this pull request Aug 14, 2024
Open
bartonjs
bartonjs reviewed Aug 19, 2024
View reviewed changes
@build-analysis build-analysis bot mentioned this pull request Aug 20, 2024
Closed
@krwq krwq merged commit 779baa6 into dotnet:main Aug 21, 2024
@krwq
Copy link
Member Author

krwq commented Aug 21, 2024

/backport to release/9.0-rc1

@github-actions
Copy link
Contributor

Started backporting to release/9.0-rc1: https://github.com/dotnet/runtime/actions/runs/10486290096

@github-actions github-actions bot mentioned this pull request Aug 21, 2024
Closed
4 tasks
@krwq
Copy link
Member Author

krwq commented Aug 21, 2024

/backport to release/9.0-rc2

@github-actions
Copy link
Contributor

Started backporting to release/9.0-rc2: https://github.com/dotnet/runtime/actions/runs/10487089426

@github-actions
Copy link
Contributor

@krwq an error occurred while backporting to release/9.0-rc2, please check the run log for details!

Error: The specified backport target branch release/9.0-rc2 wasn't found in the repo.

@krwq
Copy link
Member Author

krwq commented Aug 21, 2024

/backport to release/9.0

@github-actions
Copy link
Contributor

Started backporting to release/9.0: https://github.com/dotnet/runtime/actions/runs/10487129178

@github-actions github-actions bot mentioned this pull request Aug 21, 2024
Merged
4 tasks
@vcsjones vcsjones mentioned this pull request Aug 22, 2024
Closed
@vcsjones vcsjones mentioned this pull request Sep 4, 2024
Merged
@github-actions github-actions bot locked and limited conversation to collaborators Sep 21, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@vcsjones vcsjones vcsjones left review comments

@bartonjs bartonjs bartonjs approved these changes

Assignees

@krwq krwq

Labels

area-System.Security

Projects

None yet

Milestone

9.0.0

Development

Successfully merging this pull request may close these issues.

Investigate if RSA issue can happen with ECDSA/ECDH on OpenSSL < 3.0

3 participants

@krwq @vcsjones @bartonjs