Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[release/6.0] Fix process aborts when using cryptographic primitives with empty input for Android #77283

Merged
merged 1 commit into from
Nov 7, 2022

Conversation

vcsjones
Copy link
Member

Backport of #61827 to release/6.0.

/cc @bartonjs @steveisok

Customer Impact

Reported by a customer is #77258. Customers that use HMAC APIs to append data, or use APIs that append HMAC data, and that data is empty will see a process crash (SIGABRT) in Android.

Some higher-level APIs such as HKDF or ECDiffieHellman will append empty data the HMAC. Customers using these APIs that do that have no reasonable work around.

Testing

These changes have been present in .NET 7 for quite some time. Existing tests caught this behavior for .NET 7.

Risk

Low. The changes are well understood and isolated.

IMPORTANT: Is this backport for a servicing release? If so and this change touches code that ships in a NuGet package, please make certain that you have added any necessary package authoring and gotten it explicitly reviewed.

Fix Android crypto asserts (dotnet#61827)

This fixes three asserts that were started occurring in the native Android cryptographic primitives.

- One shot hashing now tolerates empty/null input.
- Hashing and HMAC will now no-op if the append is empty.
- RSA encryption now tolerates empty/null input.
@ghost
Copy link

ghost commented Oct 20, 2022

Tagging subscribers to this area: @dotnet/area-system-security, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

Backport of #61827 to release/6.0.

/cc @bartonjs @steveisok

Customer Impact

Reported by a customer is #77258. Customers that use HMAC APIs to append data, or use APIs that append HMAC data, and that data is empty will see a process crash (SIGABRT) in Android.

Some higher-level APIs such as HKDF or ECDiffieHellman will append empty data the HMAC. Customers using these APIs that do that have no reasonable work around.

Testing

These changes have been present in .NET 7 for quite some time. Existing tests caught this behavior for .NET 7.

Risk

Low. The changes are well understood and isolated.

IMPORTANT: Is this backport for a servicing release? If so and this change touches code that ships in a NuGet package, please make certain that you have added any necessary package authoring and gotten it explicitly reviewed.

Author: vcsjones
Assignees: vcsjones
Labels:

area-System.Security

Milestone: -

@bartonjs bartonjs added the Servicing-consider Issue for next servicing release review label Oct 20, 2022
@vcsjones vcsjones added this to the 6.0.x milestone Oct 20, 2022
@rbhanda rbhanda added Servicing-approved Approved for servicing release and removed Servicing-consider Issue for next servicing release review labels Oct 25, 2022
@rbhanda rbhanda modified the milestones: 6.0.x, 6.0.12 Oct 25, 2022
@carlossanlop
Copy link
Member

CI results were too old and were deleted. There were some infra problems back then. I'm closing and reopening, hopefully we get cleaner results.

@carlossanlop carlossanlop reopened this Nov 3, 2022
@carlossanlop
Copy link
Member

CI failure in System.Data.OleDb showed up before and after the CI re-run. It is #74488

@build-analysis build-analysis bot mentioned this pull request Nov 3, 2022
2 tasks
@carlossanlop
Copy link
Member

There are some warning failures in Android, but none in cryptography relates tests.
There were warning failures in cryptography tests, but none in Android.
The other failures were unrelated 429 nuget failures that are intermittently affecting many PRs currently. They happened in OSX, so they're unrelated.

I think this is ready to merge since it has been approved by Tactics and signed off. It also does not need OOB package authoring changes since it's native Android code. :shipit:

@carlossanlop carlossanlop merged commit c56b716 into dotnet:release/6.0 Nov 7, 2022
@vcsjones vcsjones deleted the backport-61827 branch November 7, 2022 20:22
@ghost ghost locked as resolved and limited conversation to collaborators Dec 8, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
area-System.Security Servicing-approved Approved for servicing release
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants