[release/6.0] Fix OpenSSL 3 reporting an OutOfMemoryException for missing private key #63955
Conversation
ghost
added
the
community-contribution
|
Tagging subscribers to this area: @dotnet/area-system-security, @vcsjones, @krwq Issue DetailsBackport of #63804 to release/6.0. Customer ImpactReported in #63624 by Red Hat. Customers moving to Linux distributions that come with OpenSSL 3, the next major version of OpenSSL, will experience incorrect exceptions when attempting to perform private key operations using only a public key. Prior to this change, we reported an TestingThis was uncovered by existing tests when run against OpenSSL 3.0. The tests were manually run against a Linux distribution that includes OpenSSL 3.0, in this case Fedora 36. With the changes, the tests began to pass again. RiskLow. Existing test infrastructure ensures we remain working with OpenSSL 1.x. The change is simply to react to OpenSSL's error conditions differently in an isolated location.
|
leecow
added
Servicing-approved
ghost
locked as resolved and limited conversation to collaborators
Backport of #63804 to release/6.0.
Customer Impact
Reported in #63624 by Red Hat. Customers moving to Linux distributions that come with OpenSSL 3, the next major version of OpenSSL, will experience incorrect exceptions when attempting to perform private key operations using only a public key.
Prior to this change, we reported an
OutOfMemoryExceptionon OpenSSL 3 when using a public-only key for operations that required a private key. This adjusts the exception throwing logic to report aCryptographicExceptionas we are with OpenSSL 1.x.Testing
This was uncovered by existing tests when run against OpenSSL 3.0. The tests were manually run against a Linux distribution that includes OpenSSL 3.0, in this case Fedora 36. With the changes, the tests began to pass again.
Risk
Low. Existing test infrastructure ensures we remain working with OpenSSL 1.x. The change is simply to react to OpenSSL's error conditions differently in an isolated location.