Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OaepSHA1 -> OaepSHA256 #4989

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

OaepSHA1 -> OaepSHA256 #4989

wants to merge 1 commit into from

Conversation

martin-toman
Copy link
Contributor

@martin-toman martin-toman commented Sep 11, 2024
edited
Loading

This has been flagged by CodeQL for some time.

The backend side change adding OaepSHA256 has rolled out everywhere, the Agent side now needs to be updated to request it.

I tested the OaepSHA256 code path locally, with Windows and macOS self-hosted Agent.

Notes:

  • RSACryptoServiceProvider is a legacy implementation, that only supports OaepSHA1, see RSACryptoServiceProvider.Decrypt docs.
  • However, RSA.Create() does not support KeyContainerName, I had to work around that.
  • Actions Runner switched to OaepSHA256 almost five years ago.

@martin-toman martin-toman requested review from a team as code owners September 11, 2024 16:43
@martin-toman martin-toman changed the title Switch from SHA1 to SHA256 Switch from OeapSHA1 to OaepSHA256 Oct 15, 2024
@martin-toman martin-toman force-pushed the users/mtoman/update-from-sha1-to-sha256 branch from bc8034d to aa0a9ac Compare October 15, 2024 15:30
@martin-toman
Copy link
Contributor Author

/azp run

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@martin-toman martin-toman changed the title Switch from OeapSHA1 to OaepSHA256 OaepSHA1 -> OaepSHA256 Oct 16, 2024
DergachevE
DergachevE previously approved these changes Oct 17, 2024
View reviewed changes
@martin-toman martin-toman force-pushed the users/mtoman/update-from-sha1-to-sha256 branch from aa0a9ac to a29c01d Compare October 17, 2024 14:57
@martin-toman martin-toman force-pushed the users/mtoman/update-from-sha1-to-sha256 branch from a29c01d to e738e1d Compare March 5, 2025 20:57
@martin-toman martin-toman reopened this Mar 10, 2025
@martin-toman martin-toman requested a review from a team as a code owner March 10, 2025 16:48
@martin-toman martin-toman force-pushed the users/mtoman/update-from-sha1-to-sha256 branch from a29c01d to c5b7657 Compare March 10, 2025 17:04
@martin-toman martin-toman force-pushed the users/mtoman/update-from-sha1-to-sha256 branch from c5b7657 to 178bc35 Compare March 19, 2025 09:47
@martin-toman martin-toman force-pushed the users/mtoman/update-from-sha1-to-sha256 branch from 178bc35 to 3c20b6e Compare March 19, 2025 12:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@merlynomsft merlynomsft merlynomsft left review comments

@DergachevE DergachevE DergachevE left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
internal
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@martin-toman @merlynomsft @DergachevE