Use OpenSSL 3's KBKDF for SP800-108 if it is available #106779
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
If OpenSSL 3 is not available, or KBKDF is not present, then the managed implementation will continue to be used. This does not impact The Microsoft.Bcl.Cryptography package.
|
Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones |
vcsjones
changed the title
bartonjs
reviewed
Aug 21, 2024
bartonjs
reviewed
Aug 21, 2024
bartonjs
reviewed
Aug 21, 2024
src/native/libs/System.Security.Cryptography.Native/pal_evp_kdf.c
Outdated
Show resolved
Hide resolved
bartonjs
reviewed
Aug 21, 2024
src/native/libs/System.Security.Cryptography.Native/pal_evp_kdf.c
Outdated
Show resolved
Hide resolved
bartonjs
reviewed
Aug 21, 2024
src/native/libs/System.Security.Cryptography.Native/pal_evp_kdf.c
Outdated
Show resolved
Hide resolved
bartonjs
reviewed
Aug 21, 2024
src/libraries/Common/src/Microsoft/Win32/SafeHandles/SafeEvpKdfHandle.Unix.cs
Show resolved
Hide resolved
vcsjones
commented
Aug 22, 2024
src/native/libs/System.Security.Cryptography.Native/pal_evp_kdf.c
Outdated
Show resolved
Hide resolved
bartonjs
reviewed
Aug 22, 2024
src/native/libs/System.Security.Cryptography.Native/pal_evp_kdf.h
Outdated
Show resolved
Hide resolved
bartonjs
approved these changes
Aug 22, 2024
This was referenced Aug 23, 2024
|
/backport to release/9.0 |
|
Started backporting to release/9.0: https://github.com/dotnet/runtime/actions/runs/10530440871 |
vcsjones
added
the
cryptographic-docs-impact
|
@vcsjones backporting to release/9.0 failed, the patch most likely resulted in conflicts: $ git am --3way --ignore-whitespace --keep-non-patch changes.patch
hint: When you have resolved this problem, run "git am --continue".
hint: If you prefer to skip this patch, run "git am --skip" instead.
hint: To record the empty patch as an empty commit, run "git am --allow-empty".
hint: To restore the original branch and stop patching, run "git am --abort".
hint: Disable this message with "git config advice.mergeConflict false"
Applying: Use OpenSSL 3's KBKDF for SP800-108 if it available.
Applying: Add missing string consts to compat
Applying: Fix name of unused parameters in fallback
Applying: Code review feedback
Patch is empty.
Error: The process '/usr/bin/git' failed with exit code 128Please backport manually! |
|
@vcsjones an error occurred while backporting to release/9.0, please check the run log for details! Error: git am failed, most likely due to a merge conflict. |
This was referenced Aug 23, 2024
akoeplinger
pushed a commit
to dotnet/arcade
that referenced
this pull request
Aug 29, 2024
If the pull request being back ported contains an empty commit, the backport command will fail during `git am` since it has not been instructed what to do with an empty commit. This changes the backport command to preserve the empty commit. See this pull request from `dotnet/runtime` for an example of the backport command failing in the presence of an empty commit: dotnet/runtime#106779
bartonjs
removed
the
cryptographic-docs-impact
|
Note to future me: cryptograhic-docs-impact was removed because it's being incorporated in the 9.0 docs. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
If OpenSSL 3 is not available, or KBKDF is not present, then the managed implementation will continue to be used. This does not impact The Microsoft.Bcl.Cryptography package.