Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[release/8.0] Support Windows based ECDSA SignedCms #91247

Merged
merged 1 commit into from
Aug 31, 2023

Conversation

github-actions[bot]
Copy link
Contributor

@github-actions github-actions bot commented Aug 28, 2023

Backport of #91183 to release/8.0

/cc @jeffhandley @jborean93

Customer Impact

Reported by multiple customers at #77377. Customers that created a signed CMS using .NET Framework or Win32 APIs using an ECDSA key or certificate will not validate in .NET (Core). This hinders compatibility between .NET Framework / Win32 and .NET.

This change fixes the validation to be compatible with .NET Framework.

Testing

A unit test was introduced to verify the correct behavior and to prevent regressions.

Risk

Low. This is a small change that is not logically complex.

Supports SignedCms signatured with an ECDSA key created by the Windows
API or .NET Framework. These signatures store an EC public key OID
rather than a hash specific ECDSA OID used in newer versions of dotnet.

Fixes #77377
@ghost
Copy link

ghost commented Aug 28, 2023

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

Backport of #91183 to release/8.0

/cc @jeffhandley @jborean93

Customer Impact

Testing

Risk

IMPORTANT: If this backport is for a servicing release, please verify that:

  • The PR target branch is release/X.0-staging, not release/X.0.

  • If the change touches code that ships in a NuGet package, you have added the necessary package authoring and gotten it explicitly reviewed.

Author: github-actions[bot]
Assignees: -
Labels:

area-System.Security

Milestone: -

@vcsjones vcsjones added the Servicing-consider Issue for next servicing release review label Aug 29, 2023
@vcsjones vcsjones added this to the 8.0.0 milestone Aug 29, 2023
@jeffhandley
Copy link
Member

Failures were from a known test issue (that is now fixed):

@SamMonoRT SamMonoRT requested a review from jeffschwMSFT August 30, 2023 22:49
Copy link
Member

@jeffschwMSFT jeffschwMSFT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

approved. once ready this can be merged.

@jeffschwMSFT jeffschwMSFT added Servicing-approved Approved for servicing release and removed Servicing-consider Issue for next servicing release review labels Aug 30, 2023
@carlossanlop carlossanlop merged commit a4c96df into release/8.0 Aug 31, 2023
@carlossanlop carlossanlop deleted the backport/pr-91183-to-release/8.0 branch August 31, 2023 15:43
@radical radical mentioned this pull request Sep 26, 2023
@ghost ghost locked as resolved and limited conversation to collaborators Sep 30, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
area-System.Security Servicing-approved Approved for servicing release
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants