Skip to content

fix: in rsa signatures, configure digest before padding mode #114261

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Apr 12, 2025
Merged

fix: in rsa signatures, configure digest before padding mode #114261

merged 4 commits into from
Apr 12, 2025

Conversation

rcatolino
Copy link
Contributor

Fixes #114260
I simply moved the EVP_PKEY_CTX_set_signature_md call before the EVP_PKEY_CTX_set_rsa_padding call, in order to prevent the openssl signature context from defaulting to SHA1 in the set_rsa_padding phase, as SHA1 is not supported in fips mode.

@ghost ghost added the area-System.Security label Apr 4, 2025
@dotnet-policy-service dotnet-policy-service bot added the community-contribution Indicates that the PR has been added by a community member label Apr 4, 2025
@vcsjones vcsjones requested a review from bartonjs April 4, 2025 12:51
This was referenced Apr 4, 2025
Open
Open
Closed
Closed
Closed
@build-analysis build-analysis bot mentioned this pull request Apr 6, 2025
Open
@rcatolino
Copy link
Contributor Author

@dotnet-policy-service agree [company="OVHCloud"]

@rcatolino
Copy link
Contributor Author

@dotnet-policy-service agree company="OVHCloud"

@build-analysis build-analysis bot mentioned this pull request Apr 10, 2025
Open
@bartonjs bartonjs merged commit 850b0ba into dotnet:main Apr 12, 2025
96 of 99 checks passed
@github-actions github-actions bot locked and limited conversation to collaborators May 12, 2025
@trianglee trianglee mentioned this pull request May 18, 2025
Closed
@dotnet dotnet unlocked this conversation May 18, 2025
@vcsjones
Copy link
Member

/backport to release/9.0-staging

@github-actions GitHub Actions
Copy link
Contributor

Started backporting to release/9.0-staging: https://github.com/dotnet/runtime/actions/runs/15096596111

@vcsjones
Copy link
Member

/backport to release/8.0-staging

@github-actions GitHub Actions
Copy link
Contributor

Started backporting to release/8.0-staging: https://github.com/dotnet/runtime/actions/runs/15096599543

This was referenced May 18, 2025
Merged
Merged
@dotnet dotnet locked and limited conversation to collaborators May 18, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@bartonjs bartonjs bartonjs approved these changes

Assignees
No one assigned
Labels
area-System.Security community-contribution Indicates that the PR has been added by a community member
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

openssl error digest not allowed on RSA PSS signature in fips mode
3 participants
@rcatolino @vcsjones @bartonjs