Disable implicit rejection for RSA PKCS#1 v1.5 by vcsjones · Pull Request #95157 · dotnet/runtime

vcsjones · 2023-11-23T02:19:56Z

Starting in OpenSSL 3.2, RSA PKCS#1 v1.5 decryption no longer fails for invalid RSA padding. Instead, it produces random output data. This was introduced in openssl/openssl#13817.

Some Linux distributions back ported this to OpenSSL 3.1.x which resulted in failures seen in #95115.

This disables the "implicit rejection" of PKCS#1 v1.5 RSA decryption so that RSA.Encrypt and RSA.Decrypt continue to follow their documented behavior and cross-platform behavior.

Fixes #95115.

ghost · 2023-11-23T02:20:08Z

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

Starting in OpenSSL 3.2, RSA PKCS#1 v1.5 decryption no longer fails for invalid RSA padding. Instead, it produces random output data. This was introduced in openssl/openssl#13817.

Some Linux distributions back ported this to OpenSSL 3.1.x which resulted in failures seen in #95115.

This disables the "implicit rejection" of PKCS#1 v1.5 RSA decryption so that RSA.Encrypt and RSA.Decrypt continue to follow their documented behavior and cross-platform behavior.

Fixes #95115.

Author:	vcsjones
Assignees:	-
Labels:	`area-System.Security`
Milestone:	-

vcsjones · 2023-11-23T02:28:04Z

/azp list

vcsjones · 2023-11-23T02:29:10Z

/azp run runtime-libraries-coreclr outerloop-linux

azure-pipelines · 2023-11-23T02:29:18Z

Azure Pipelines successfully started running 1 pipeline(s).

vcsjones · 2023-11-23T13:56:16Z

Decrypt_512_CekDoesNotDecrypt_FixedValue passed in outerloop. I think this is good to merge now, and open back ports.

bartonjs · 2023-11-24T18:40:58Z

The outerloop tests that failed look to be unrelated; and, notably, the one we're fixing didn't fail.

vcsjones · 2023-11-24T20:54:09Z

/backport to release/8.0-staging

vcsjones · 2023-11-24T20:54:19Z

/backport to release/7.0-staging

github-actions · 2023-11-24T20:54:20Z

Started backporting to release/8.0-staging: https://github.com/dotnet/runtime/actions/runs/6984746124

github-actions · 2023-11-24T20:54:31Z

Started backporting to release/7.0-staging: https://github.com/dotnet/runtime/actions/runs/6984747052

vcsjones · 2023-11-24T20:54:32Z

/backport to release/6.0-staging

github-actions · 2023-11-24T20:54:42Z

Started backporting to release/6.0-staging: https://github.com/dotnet/runtime/actions/runs/6984748090

tomato42 · 2023-12-06T12:38:53Z

This will make all users of the RSA PKCS#1v1.5 decryption API vulnerable!

The change in OpenSSL was introduced to protect users of OpenSSL against https://people.redhat.com/~hkario/marvin/

carlossanlop · 2024-01-16T18:25:51Z

The above feedback was addressed in detail by @GrabYourPitchforks here. All backports have been merged.

Disable implicit rejection for RSA PKCS#1

8944467

ghost added the area-System.Security label Nov 23, 2023

ghost assigned vcsjones Nov 23, 2023

vcsjones requested a review from bartonjs November 23, 2023 02:26

This comment was marked as outdated.

Sign in to view

build-analysis Bot mentioned this pull request Nov 23, 2023

Test failure: Expect100Continue_WaitsExpectedPeriodOfTimeBeforeSendingContent #58628

Closed

bartonjs approved these changes Nov 23, 2023

View reviewed changes

bartonjs merged commit c23d9fa into dotnet:main Nov 24, 2023

vcsjones deleted the rsa-implicit-encryption branch November 24, 2023 19:09

This was referenced Nov 24, 2023

[release/8.0-staging] Disable implicit rejection for RSA PKCS#1 v1.5 #95216

Merged

[release/7.0-staging] Disable implicit rejection for RSA PKCS#1 v1.5 #95217

Merged

[release/6.0-staging] Disable implicit rejection for RSA PKCS#1 v1.5 #95218

Merged

github-actions Bot locked and limited conversation to collaborators Jan 6, 2024

bartonjs added cryptographic-docs-impact Issues impacting cryptographic docs. Cleared and reused after documentation is updated each release. tracking This issue is tracking the completion of other related issues. labels Aug 15, 2024

Conversation

vcsjones commented Nov 23, 2023

Uh oh!

ghost commented Nov 23, 2023

Uh oh!

vcsjones commented Nov 23, 2023

Uh oh!

This comment was marked as outdated.

vcsjones commented Nov 23, 2023

Uh oh!

azure-pipelines Bot commented Nov 23, 2023

Uh oh!

vcsjones commented Nov 23, 2023

Uh oh!

bartonjs commented Nov 24, 2023

Uh oh!

vcsjones commented Nov 24, 2023

Uh oh!

vcsjones commented Nov 24, 2023

Uh oh!

github-actions Bot commented Nov 24, 2023

Uh oh!

github-actions Bot commented Nov 24, 2023

Uh oh!

vcsjones commented Nov 24, 2023

Uh oh!

github-actions Bot commented Nov 24, 2023

Uh oh!

tomato42 commented Dec 6, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

carlossanlop commented Jan 16, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

tomato42 commented Dec 6, 2023 •

edited

Loading