Skip to content

[release/8.0-staging] Permit MD5 regardless of FIPS configuration for Linux #94979

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Nov 21, 2023
Merged

[release/8.0-staging] Permit MD5 regardless of FIPS configuration for Linux #94979

merged 3 commits into from
Nov 21, 2023

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Nov 19, 2023
edited by bartonjs
Loading

Backport of #94934 to release/8.0-staging

/cc @vcsjones @bartonjs

Customer Impact

Customers legitimately using the MD5 algorithm for non-cryptographic purposes get a CryptographicException on certain Linux configurations; including RHEL (with an opt-in) and Mariner (the new default?).

The main known purpose for continuing to use MD5 is to set the Content-MD5 header required on uploading to Azure Blob Storage.

Testing

Verified by running the MD5 tests on a machine in this configuration. CI does not currently have such a configuration.

Risk

Low.

Customers not using MD5 are entirely unaffected. Customers using MD5 on a system without a FIPS lockout are verified by CI. Customers using MD5 on a system with a FIPS lockout are already broken, and have been manually verified as being unbroken.

The affected codepaths are initialization, they do not process arguments, so there are no argument-based edge cases.

@ghost ghost added the area-System.Security label Nov 19, 2023
@ghost
Copy link

ghost commented Nov 19, 2023

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

Backport of #94934 to release/8.0-staging

/cc @vcsjones

Customer Impact

Testing

Risk

IMPORTANT: If this backport is for a servicing release, please verify that:

  • The PR target branch is release/X.0-staging, not release/X.0.

  • If the change touches code that ships in a NuGet package, you have added the necessary package authoring and gotten it explicitly reviewed.

Author: github-actions[bot]
Assignees: -
Labels:

area-System.Security
Milestone: -

@bartonjs bartonjs added the Servicing-consider Issue for next servicing release review label Nov 20, 2023
@carlossanlop carlossanlop added Servicing-approved Approved for servicing release and removed Servicing-consider Issue for next servicing release review labels Nov 21, 2023
@carlossanlop
Copy link
Contributor

carlossanlop commented Nov 21, 2023

Approved by Tactics via email.

@carlossanlop carlossanlop added this to the 8.0.1 milestone Nov 21, 2023
@carlossanlop carlossanlop merged commit 9b0f22f into release/8.0-staging Nov 21, 2023
@carlossanlop carlossanlop deleted the backport/pr-94934-to-release/8.0-staging branch November 21, 2023 20:07
@github-actions github-actions bot locked and limited conversation to collaborators Dec 22, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@bartonjs bartonjs bartonjs approved these changes

Assignees

No one assigned

Labels

area-System.Security Servicing-approved Approved for servicing release

Projects

None yet

Milestone

8.0.1

Development

Successfully merging this pull request may close these issues.

4 participants

@carlossanlop @bartonjs @vcsjones