Skip to content

Comments

Obsolete Encrypt / Decrypt with fOAEP#124524

Open
vcsjones wants to merge 3 commits intodotnet:mainfrom
vcsjones:fix-113616
Open

Obsolete Encrypt / Decrypt with fOAEP#124524
vcsjones wants to merge 3 commits intodotnet:mainfrom
vcsjones:fix-113616

Conversation

@vcsjones
Copy link
Member

Closes #113616.

@dotnet-policy-service
Copy link
Contributor

Tagging subscribers to this area: @bartonjs, @vcsjones, @dotnet/area-system-security
See info in area-owners.md if you want to be subscribed.

Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request obsoletes the Encrypt and Decrypt methods on RSACryptoServiceProvider that accept a boolean parameter (fOAEP) for padding mode, as these methods implicitly use SHA-1 for OAEP padding which is now discouraged. Developers should use the overloads that accept RSAEncryptionPadding instead, which makes the hashing algorithm explicit.

Changes:

  • Added [Obsolete] attributes with diagnostic ID SYSLIB0064 to RSACryptoServiceProvider.Encrypt(byte[], bool) and RSACryptoServiceProvider.Decrypt(byte[], bool) methods
  • Refactored implementations to avoid mutual recursion: obsolete methods now delegate to the non-obsolete RSAEncryptionPadding overloads, while validation logic was moved from obsolete methods to the non-obsolete implementations
  • Added SYSLIB0064 diagnostic ID, message, and documentation entry

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated no comments.

Show a summary per file
File Description
src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/RSACryptoServiceProvider.Windows.cs Added obsolete attributes and refactored Windows implementation to move validation logic to non-obsolete methods
src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/RSACryptoServiceProvider.Unix.cs Added obsolete attributes and refactored Unix implementation to move validation logic to non-obsolete methods
src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/RSACryptoServiceProvider.NotSupported.cs Added obsolete attributes to stub implementations for unsupported platforms
src/libraries/System.Security.Cryptography/ref/System.Security.Cryptography.cs Updated reference assembly with obsolete attributes
src/libraries/Common/src/System/Obsoletions.cs Added SYSLIB0064 diagnostic ID and message constants
docs/project/list-of-diagnostics.md Added SYSLIB0064 to the diagnostic ID documentation table

@vcsjones vcsjones marked this pull request as ready for review February 17, 2026 22:18
Copilot AI review requested due to automatic review settings February 17, 2026 22:18
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated no new comments.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[API Proposal]: Obsolete RSACryptoServiceProvider.Decrypt,Encrypt with fOAEP

2 participants