Skip to content

[release/5.0-preview5] Ignore the private key handle cert property for persisted keys #36312

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Anipik merged 2 commits into from
May 13, 2020
Merged

[release/5.0-preview5] Ignore the private key handle cert property for persisted keys #36312

Anipik merged 2 commits into from
May 13, 2020

Conversation

@Anipik
Copy link
Contributor

@Anipik Anipik commented May 12, 2020
edited by danmoseley
Loading

Its already approved by servicing cc @danmosemsft

Ports #36287
Fixes #36273

cc @javiercn @mkArtakMSFT

@bartonjs @Anipik
Ignore the private key handle cert property for persisted keys
4f4337f 
When a CERT_CONTEXT value has both property 2 (prov info) and property 78
(ncrypt key handle), prefer to load based on the property 2 state.
This avoids a scenario where calling Get[Algorithm]PrivateKey sets the
'CLR IsEphemeral' property on a persisted key, preventing future loads of that key.

An alternative approach of preferring the loaded key over the cold-load was
not selected to avoid value contamination of ephemeral properties set on the
CngKey object directly after the caller calls Get[Algorithm]PrivateKey.
@Anipik Anipik added the Servicing-approved Approved for servicing release label May 12, 2020
@Anipik Anipik added this to the 5.0 Preview5 milestone May 12, 2020
@ghost
Copy link

ghost commented May 12, 2020

Tagging subscribers to this area: @bartonjs, @vcsjones, @krwq
Notify danmosemsft if you want to be subscribed.

@danmoseley danmoseley requested review from bartonjs and krwq May 12, 2020 23:50
@Anipik Anipik requested review from eerhardt, ericstj and joperezr May 13, 2020 00:23
joperezr
joperezr reviewed May 13, 2020
View reviewed changes
Copy link
Member

@joperezr joperezr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Package index changes port looks good

mkArtakMSFT
mkArtakMSFT approved these changes May 13, 2020
View reviewed changes
Copy link

@mkArtakMSFT mkArtakMSFT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@jaredpar jaredpar mentioned this pull request May 13, 2020
Closed
@Anipik Anipik closed this May 13, 2020
@Anipik Anipik reopened this May 13, 2020
@danmoseley
Copy link
Member

danmoseley commented May 13, 2020

@mkArtakMSFT can you please let us know, when your vendors have successfully validated?

@mkArtakMSFT
Copy link

mkArtakMSFT commented May 13, 2020

@danmosemsft they run validation on daily builds - similar to how other CTI vendors do. So this should be merged to get a preview 5 build, so they can validate it

@danmoseley
Copy link
Member

danmoseley commented May 13, 2020

Thanks yes, I saw @Anipik close it and thought it got merged 😋

@Anipik
Copy link
Contributor Author

Anipik commented May 13, 2020

some of the branches were hung, so i reopen it to run the start thiose again

@Anipik Anipik merged commit ea2a26b into dotnet:release/5.0-preview5 May 13, 2020
@mkArtakMSFT mkArtakMSFT mentioned this pull request May 14, 2020
Closed
@Anipik Anipik deleted the crypto branch August 25, 2020 21:52
@ghost ghost locked as resolved and limited conversation to collaborators Dec 9, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@joperezr joperezr joperezr left review comments

@bartonjs bartonjs bartonjs approved these changes

@krwq krwq Awaiting requested review from krwq

@ericstj ericstj Awaiting requested review from ericstj

@eerhardt eerhardt Awaiting requested review from eerhardt

+1 more reviewer

@mkArtakMSFT mkArtakMSFT mkArtakMSFT approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

area-System.Security Servicing-approved Approved for servicing release

Projects

None yet

Milestone

5.0 Preview5

Development

Successfully merging this pull request may close these issues.

6 participants

@Anipik @danmoseley @mkArtakMSFT @bartonjs @joperezr @Dotnet-GitSync-Bot