Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Manually depad RSAES-PKCS1 on Apple OSes #97738

Merged
merged 7 commits into from
Feb 12, 2024
Merged

Manually depad RSAES-PKCS1 on Apple OSes #97738

merged 7 commits into from
Feb 12, 2024

Conversation

bartonjs
Copy link
Member

@bartonjs bartonjs commented Jan 31, 2024
edited
Loading

This provides a workaround for a behavioral change in the latest macOS update, to keep the platform behaving consistently (and tests passing on fully patched machines).

@bartonjs bartonjs added this to the 9.0.0 milestone Jan 31, 2024
@bartonjs bartonjs self-assigned this Jan 31, 2024
@ghost
Copy link

ghost commented Jan 31, 2024

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

null

Author: bartonjs
Assignees: bartonjs
Labels:

area-System.Security
Milestone: 9.0.0

@lewing lewing added the os-ios Apple iOS label Jan 31, 2024
@ghost
Copy link

ghost commented Jan 31, 2024

Tagging subscribers to 'os-ios': @steveisok, @akoeplinger, @kotlarmilos
See info in area-owners.md if you want to be subscribed.

Issue Details

This provides a workaround for a behavioral change in the latest macOS update, to keep the platform behaving consistently (and tests passing on fully patched machines).

Author: bartonjs
Assignees: bartonjs
Labels:

area-System.Security, os-ios
Milestone: 9.0.0

@lewing lewing added the os-mac-os-x macOS aka OSX label Jan 31, 2024
This was referenced Jan 31, 2024
Open
Closed
Closed
@bartonjs bartonjs mentioned this pull request Feb 8, 2024
Open
vcsjones
vcsjones reviewed Feb 9, 2024
View reviewed changes
Copy link
Member

@vcsjones vcsjones left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Jeremy and I have been talking about this one in another medium. But to translate over the commentary:

  1. There is a lack of test coverage for this change. The existing rsaes-pkcs1-v1_5 tests are lacking.
  2. Preliminary tests uncovered an issue.

@bartonjs
Dedicated PKCS1 decryption padding failure tests.
3274431 
Also fix the boundary bugs uncovered by those tests.
This was referenced Feb 9, 2024
Closed
Open
@eiriktsarpalis eiriktsarpalis mentioned this pull request Feb 9, 2024
Merged
@build-analysis build-analysis bot mentioned this pull request Feb 9, 2024
Closed
@build-analysis build-analysis bot mentioned this pull request Feb 9, 2024
Open
3 tasks
@steveisok
Copy link
Member

/azp run runtime-ioslike

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@build-analysis build-analysis bot mentioned this pull request Feb 10, 2024
Closed
@build-analysis build-analysis bot mentioned this pull request Feb 10, 2024
Closed
@bartonjs bartonjs merged commit d4bab6b into dotnet:main Feb 12, 2024
125 checks passed
@dotnet dotnet deleted a comment from github-actions bot Feb 13, 2024
@dotnet dotnet deleted a comment from github-actions bot Feb 13, 2024
@dotnet dotnet deleted a comment from github-actions bot Feb 13, 2024
@dotnet dotnet deleted a comment from github-actions bot Feb 13, 2024
@bartonjs
Copy link
Member Author

/backport to release/8.0-staging

@github-actions GitHub Actions
Copy link
Contributor

Started backporting to release/8.0-staging: https://github.com/dotnet/runtime/actions/runs/7893244443

@bartonjs
Copy link
Member Author

/backport to release/7.0-staging

@bartonjs
Copy link
Member Author

/backport to release/6.0-staging

@github-actions GitHub Actions
Copy link
Contributor

Started backporting to release/7.0-staging: https://github.com/dotnet/runtime/actions/runs/7893247431

@github-actions GitHub Actions
Copy link
Contributor

Started backporting to release/6.0-staging: https://github.com/dotnet/runtime/actions/runs/7893248395

This was referenced Feb 13, 2024
Merged
Merged
@github-actions GitHub Actions
Copy link
Contributor

@bartonjs backporting to release/6.0-staging failed, the patch most likely resulted in conflicts:

$ git am --3way --ignore-whitespace --keep-non-patch changes.patch

Applying: Manually depad RSAES-PKCS1 on Apple OSes
Using index info to reconstruct a base tree...
M	src/libraries/Common/src/Interop/OSX/System.Security.Cryptography.Native.Apple/Interop.RSA.cs
M	src/libraries/Common/src/System/Security/Cryptography/RsaPaddingProcessor.cs
A	src/native/libs/System.Security.Cryptography.Native.Apple/entrypoints.c
A	src/native/libs/System.Security.Cryptography.Native.Apple/pal_rsa.c
A	src/native/libs/System.Security.Cryptography.Native.Apple/pal_rsa.h
Falling back to patching base and 3-way merge...
Auto-merging src/libraries/Native/Unix/System.Security.Cryptography.Native.Apple/entrypoints.c
Auto-merging src/libraries/Common/src/System/Security/Cryptography/RsaPaddingProcessor.cs
CONFLICT (content): Merge conflict in src/libraries/Common/src/System/Security/Cryptography/RsaPaddingProcessor.cs
Auto-merging src/libraries/Common/src/Interop/OSX/System.Security.Cryptography.Native.Apple/Interop.RSA.cs
CONFLICT (content): Merge conflict in src/libraries/Common/src/Interop/OSX/System.Security.Cryptography.Native.Apple/Interop.RSA.cs
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0001 Manually depad RSAES-PKCS1 on Apple OSes
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".
Error: The process '/usr/bin/git' failed with exit code 128

Please backport manually!

@github-actions GitHub Actions
Copy link
Contributor

@bartonjs an error occurred while backporting to release/6.0-staging, please check the run log for details!

Error: git am failed, most likely due to a merge conflict.

@bartonjs bartonjs mentioned this pull request Feb 14, 2024
Merged
5 tasks
@bartonjs bartonjs deleted the apple_rsaes_pkcs1 branch February 14, 2024 22:35
@github-actions github-actions bot locked and limited conversation to collaborators Mar 16, 2024
@bartonjs bartonjs added cryptographic-docs-impact Issues impacting cryptographic docs. Cleared and reused after documentation is updated each release. tracking This issue is tracking the completion of other related issues. labels Aug 15, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@vcsjones vcsjones vcsjones approved these changes

@vitek-karas vitek-karas Awaiting requested review from vitek-karas

@simonrozsival simonrozsival Awaiting requested review from simonrozsival

Assignees

@bartonjs bartonjs

Labels
area-System.Security cryptographic-docs-impact Issues impacting cryptographic docs. Cleared and reused after documentation is updated each release. os-ios Apple iOS os-mac-os-x macOS aka OSX tracking This issue is tracking the completion of other related issues.
Projects
None yet
Milestone
9.0.0
Development

Successfully merging this pull request may close these issues.
4 participants
@bartonjs @steveisok @vcsjones @lewing