[release/10.0] [Android] Normalize RSA no-padding output to modulus size to fix VerifyHash#118950
Merged
jeffschwMSFT merged 1 commit intorelease/10.0from Aug 26, 2025
Merged
Conversation
simonrozsival
added
Servicing-consider
Contributor
|
Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones |
jeffschwMSFT
approved these changes
Aug 21, 2025
Member
jeffschwMSFT
left a comment
jeffschwMSFT
left a comment
There was a problem hiding this comment.
approved. please get a code review. we can merge when ready
jeffschwMSFT
added
Servicing-approved
bartonjs
approved these changes
Aug 21, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backport of #118880 to release/10.0
Supersedes #118918
/cc @simonrozsival
Customer Impact
Certain cryptographic operations (RSA.VerifyData, RSA.VerifyHash) do not work properly on some devices, for example on Samsung phones running Android 15. I am not aware of any report from a customer, but this might be because this issue can be hard to detect, as it only affects some versions of Android.
Regression
Testing
Manual testing - existing unit tests are now passing on the affected Android devices and emulators (specific OS versions of certain vendors). The issue was missed because it did not reproduce consistently on the android emulators used in our Helix queue. It appears that this is a change in behavior in the platform library caused by an OS update.
Risk
Low. The fix modifies crypto code but the changes are scoped just to Android and they are well tested through unit tests.
/cc @bartonjs @vcsjones @vitek-karas