dotnet / runtime

.NET is a cross-platform runtime for cloud, mobile, desktop, and IoT apps.
https://docs.microsoft.com/dotnet/core/
MIT License
15.21k stars 4.72k forks source link

RSAAndroid fails to verify RSA signatures when the public exponent is bigger than 2^32 #72906

Open runfoapp[bot] opened 2 years ago

runfoapp[bot] commented 2 years ago

There are a bunch of cryptography failures on Android in rolling build 1905046. Here is an example of one:

https://helixre107v0xdeko0k025g8.blob.core.windows.net/dotnet-runtime-refs-heads-main-e21ac2efc94b48918e/Microsoft.Extensions.Caching.Memory.Tests/1/console.10ca6335.log?%3Fhelixlogtype%3Dresult

<test name="System.Security.Cryptography.X509Certificates.Tests.CertificateCreation.CrlBuilderTests.BuildEmptyRsaPss(hashName: \&quot;SHA256\&quot;)" type="System.Security.Cryptography.X509Certificates.Tests.CertificateCreation.CrlBuilderTests" method="BuildEmptyRsaPss" time="0.031689" result="Fail">
        <failure exception-type="Xunit.Sdk.TrueException">
          <message><![CDATA[Certificate's public key verifies the signature\nExpected: True\nActual:   False]]></message>
          <stack-trace><![CDATA[   at System.Security.Cryptography.X509Certificates.Tests.CertificateCreation.CrlBuilderTests.<>c__DisplayClass17_0.<BuildEmptyRsaPss>b__0(X509Certificate2 cert, DateTimeOffset now) in /_/src/libraries/System.Security.Cryptography.X509Certificates/tests/CertificateCreation/CrlBuilderTests.cs:line 407
   at System.Security.Cryptography.X509Certificates.Tests.CertificateCreation.CrlBuilderTests.BuildRsaCertificateAndRun(IEnumerable`1 extensions, Action`2 action, Boolean addSubjectKeyIdentifier, String callerName) in /_/src/libraries/System.Security.Cryptography.X509Certificates/tests/CertificateCreation/CrlBuilderTests.cs:line 1490
   at System.Security.Cryptography.X509Certificates.Tests.CertificateCreation.CrlBuilderTests.BuildEmptyRsaPss(String hashName) in /_/src/libraries/System.Security.Cryptography.X509Certificates/tests/CertificateCreation/CrlBuilderTests.cs:line 382
   at System.Reflection.MethodInvoker.InterpretedInvoke(Object obj, Span`1 args, BindingFlags invokeAttr)]]></stack-trace>
        </failure>
      </test>
Runfo Tracking Issue: system.security.cryptography.x509certificates.tests work item Build Definition Kind Run Name
Build Result Summary Day Hit Count Week Hit Count Month Hit Count
0 0 0
ghost commented 2 years ago

Tagging subscribers to this area: @dotnet/area-system-security, @vcsjones See info in area-owners.md if you want to be subscribed.

Issue Details
Runfo Creating Tracking Issue (data being generated)
Author: runfoapp[bot]
Assignees: -
Labels: `area-System.Security`
Milestone: -
ghost commented 2 years ago

Tagging subscribers to 'arch-android': @steveisok, @akoeplinger See info in area-owners.md if you want to be subscribed.

Issue Details
There are a bunch of cryptography failures on Android in rolling build [1905046](https://runfo.azurewebsites.net/view/build/?number=1905046). Here is an example of one: https://helixre107v0xdeko0k025g8.blob.core.windows.net/dotnet-runtime-refs-heads-main-e21ac2efc94b48918e/Microsoft.Extensions.Caching.Memory.Tests/1/console.10ca6335.log?%3Fhelixlogtype%3Dresult ``` c__DisplayClass17_0.b__0(X509Certificate2 cert, DateTimeOffset now) in /_/src/libraries/System.Security.Cryptography.X509Certificates/tests/CertificateCreation/CrlBuilderTests.cs:line 407 at System.Security.Cryptography.X509Certificates.Tests.CertificateCreation.CrlBuilderTests.BuildRsaCertificateAndRun(IEnumerable`1 extensions, Action`2 action, Boolean addSubjectKeyIdentifier, String callerName) in /_/src/libraries/System.Security.Cryptography.X509Certificates/tests/CertificateCreation/CrlBuilderTests.cs:line 1490 at System.Security.Cryptography.X509Certificates.Tests.CertificateCreation.CrlBuilderTests.BuildEmptyRsaPss(String hashName) in /_/src/libraries/System.Security.Cryptography.X509Certificates/tests/CertificateCreation/CrlBuilderTests.cs:line 382 at System.Reflection.MethodInvoker.InterpretedInvoke(Object obj, Span`1 args, BindingFlags invokeAttr)]]> ``` Runfo Tracking Issue: [system.security.cryptography.x509certificates.tests work item](https://runfo.azurewebsites.net/tracking/issue/400) |Build|Definition|Kind|Run Name|Console|Core Dump|Test Results|Run Client| |---|---|---|---|---|---|---|---| |[1905046](https://dev.azure.com/dnceng/public/_build/results?buildId=1905046)|[runtime-extra-platforms](https://dnceng.visualstudio.com/public/_build?definitionId=1080)|Rolling|net7.0-Android-Release-x86-Mono_Release-Ubuntu.1804.Amd64.Android.29.Open|[console.log](https://helixre107v0xdeko0k025g8.blob.core.windows.net/dotnet-runtime-refs-heads-main-80fd0205a2ce4e27b5/System.Security.Cryptography.X509Certificates.Tests/1/console.541d7802.log?%3F%253Fhelixlogtype%253Dresult)||[test results](https://helixre107v0xdeko0k025g8.blob.core.windows.net/dotnet-runtime-refs-heads-main-80fd0205a2ce4e27b5/System.Security.Cryptography.X509Certificates.Tests/1/testResults.xml?%3F%253Fhelixlogtype%253Dresult)|[runclient.py](https://helixre107v0xdeko0k025g8.blob.core.windows.net/dotnet-runtime-refs-heads-main-80fd0205a2ce4e27b5/System.Security.Cryptography.X509Certificates.Tests/ab578582-ef1e-490c-844a-732e33a4dc40.log?%3F%253Fhelixlogtype%253Dresult)| |[1905046](https://dev.azure.com/dnceng/public/_build/results?buildId=1905046)|[runtime-extra-platforms](https://dnceng.visualstudio.com/public/_build?definitionId=1080)|Rolling|net7.0-Android-Release-x64-Mono_Release-Ubuntu.1804.Amd64.Android.29.Open|[console.log](https://helixre107v0xdeko0k025g8.blob.core.windows.net/dotnet-runtime-refs-heads-main-2b1b9638c3b34b10b9/System.Security.Cryptography.X509Certificates.Tests/1/console.3f7347e8.log?%3F%253Fhelixlogtype%253Dresult)||[test results](https://helixre107v0xdeko0k025g8.blob.core.windows.net/dotnet-runtime-refs-heads-main-2b1b9638c3b34b10b9/System.Security.Cryptography.X509Certificates.Tests/1/testResults.xml?%3F%253Fhelixlogtype%253Dresult)|[runclient.py](https://helixre107v0xdeko0k025g8.blob.core.windows.net/dotnet-runtime-refs-heads-main-2b1b9638c3b34b10b9/System.Security.Cryptography.X509Certificates.Tests/a22df577-a427-4ae8-97cf-69c8def53bdf.log?%3F%253Fhelixlogtype%253Dresult)| |[1905046](https://dev.azure.com/dnceng/public/_build/results?buildId=1905046)|[runtime-extra-platforms](https://dnceng.visualstudio.com/public/_build?definitionId=1080)|Rolling|net7.0-Android-Release-arm-Mono_Release-Windows.10.Amd64.Android.Open|[console.log](https://helixre107v0xdeko0k025g8.blob.core.windows.net/dotnet-runtime-refs-heads-main-103fcff24ca6468c83/System.Security.Cryptography.X509Certificates.Tests/1/console.abdc5182.log?%3F%253Fhelixlogtype%253Dresult)||[test results](https://helixre107v0xdeko0k025g8.blob.core.windows.net/dotnet-runtime-refs-heads-main-103fcff24ca6468c83/System.Security.Cryptography.X509Certificates.Tests/1/testResults.xml?%3F%253Fhelixlogtype%253Dresult)|[runclient.py](https://helixre107v0xdeko0k025g8.blob.core.windows.net/dotnet-runtime-refs-heads-main-103fcff24ca6468c83/System.Security.Cryptography.X509Certificates.Tests/5024859b-2f13-4f25-8bb5-36e2853780c7.log?%3F%253Fhelixlogtype%253Dresult)| |[1905046](https://dev.azure.com/dnceng/public/_build/results?buildId=1905046)|[runtime-extra-platforms](https://dnceng.visualstudio.com/public/_build?definitionId=1080)|Rolling|net7.0-Android-Release-arm64-Mono_Release-Windows.10.Amd64.Android.Open|[console.log](https://helixre107v0xdeko0k025g8.blob.core.windows.net/dotnet-runtime-refs-heads-main-69205241c5d9418885/System.Security.Cryptography.X509Certificates.Tests/1/console.d3ad5440.log?%3F%253Fhelixlogtype%253Dresult)||[test results](https://helixre107v0xdeko0k025g8.blob.core.windows.net/dotnet-runtime-refs-heads-main-69205241c5d9418885/System.Security.Cryptography.X509Certificates.Tests/1/testResults.xml?%3F%253Fhelixlogtype%253Dresult)|[runclient.py](https://helixre107v0xdeko0k025g8.blob.core.windows.net/dotnet-runtime-refs-heads-main-69205241c5d9418885/System.Security.Cryptography.X509Certificates.Tests/037c92f6-c227-47f7-af3d-18736c422c78.log?%3F%253Fhelixlogtype%253Dresult)| |[1904585](https://dev.azure.com/dnceng/public/_build/results?buildId=1904585)|[runtime-extra-platforms](https://dnceng.visualstudio.com/public/_build?definitionId=1080)|Rolling|net7.0-Linux-Release-x64-CoreCLR_release-(Fedora.34.Amd64.Open)ubuntu.1604.amd64.open@mcr.microsoft.com/dotnet-buildtools/prereqs:fedora-34-helix-20220523150939-4f64125|[console.log](https://helixre107v0xdeko0k025g8.blob.core.windows.net/dotnet-runtime-refs-heads-release-70-preview595dc2809d52642768c/System.Security.Cryptography.X509Certificates.Tests.Attempt.3/1/console.3547900f.log?%3F%253Fhelixlogtype%253Dresult)|||[runclient.py](https://helixre107v0xdeko0k025g8.blob.core.windows.net/dotnet-runtime-refs-heads-release-70-preview595dc2809d52642768c/System.Security.Cryptography.X509Certificates.Tests.Attempt.3/2158354b-bbda-458a-8505-db70dcaa2b67.log?%3F%253Fhelixlogtype%253Dresult)| |[1903280](https://dev.azure.com/dnceng/public/_build/results?buildId=1903280)|[runtime-extra-platforms](https://dnceng.visualstudio.com/public/_build?definitionId=1080)|[PR 72832](https://github.com/dotnet/runtime/pull/72832)|net7.0-MacCatalyst-Release-arm64-Mono_Release-OSX.1200.Arm64.Open|[console.log](https://helixre107v0xdeko0k025g8.blob.core.windows.net/dotnet-runtime-refs-pull-72832-merge-2ade837fc3ac41d086/System.Security.Cryptography.X509Certificates.Tests/1/console.5f2f8612.log?%3F%253Fhelixlogtype%253Dresult)|||[runclient.py](https://helixre107v0xdeko0k025g8.blob.core.windows.net/dotnet-runtime-refs-pull-72832-merge-2ade837fc3ac41d086/System.Security.Cryptography.X509Certificates.Tests/b3fb9c27-c65a-4e5e-92f6-cd82d94308f9.log?%3F%253Fhelixlogtype%253Dresult)| |[1903274](https://dev.azure.com/dnceng/public/_build/results?buildId=1903274)|[runtime-extra-platforms](https://dnceng.visualstudio.com/public/_build?definitionId=1080)|Rolling|net7.0-Linux-Release-x64-CoreCLR_release-(Fedora.34.Amd64.Open)ubuntu.1604.amd64.open@mcr.microsoft.com/dotnet-buildtools/prereqs:fedora-34-helix-20220523150939-4f64125|[console.log](https://helixre107v0xdeko0k025g8.blob.core.windows.net/dotnet-runtime-refs-heads-release-70-preview54c19e80e9fac4df783/System.Security.Cryptography.X509Certificates.Tests.Attempt.3/1/console.f46d5102.log?%3F%253Fhelixlogtype%253Dresult)|||[runclient.py](https://helixre107v0xdeko0k025g8.blob.core.windows.net/dotnet-runtime-refs-heads-release-70-preview54c19e80e9fac4df783/System.Security.Cryptography.X509Certificates.Tests.Attempt.3/2972e2c3-f2ba-44c5-a189-84bf6621b060.log?%3F%253Fhelixlogtype%253Dresult)| |[1902034](https://dev.azure.com/dnceng/public/_build/results?buildId=1902034)|[runtime-extra-platforms](https://dnceng.visualstudio.com/public/_build?definitionId=1080)|Rolling|net7.0-Linux-Release-x64-CoreCLR_release-(Fedora.34.Amd64.Open)ubuntu.1604.amd64.open@mcr.microsoft.com/dotnet-buildtools/prereqs:fedora-34-helix-20220523150939-4f64125|[console.log](https://helixre107v0xdeko0k025g8.blob.core.windows.net/dotnet-runtime-refs-heads-release-70-preview5f9d1e71459d7430b83/System.Security.Cryptography.X509Certificates.Tests.Attempt.3/1/console.f4672f14.log?%3F%253Fhelixlogtype%253Dresult)|||[runclient.py](https://helixre107v0xdeko0k025g8.blob.core.windows.net/dotnet-runtime-refs-heads-release-70-preview5f9d1e71459d7430b83/System.Security.Cryptography.X509Certificates.Tests.Attempt.3/927c8e71-3275-4689-aa64-57a721fa777b.log?%3F%253Fhelixlogtype%253Dresult)| |[1901750](https://dev.azure.com/dnceng/public/_build/results?buildId=1901750)|[runtime-extra-platforms](https://dnceng.visualstudio.com/public/_build?definitionId=1080)|[PR 72545](https://github.com/dotnet/runtime/pull/72545)|net7.0-MacCatalyst-Release-arm64-Mono_Release-OSX.1200.Arm64.Open|[console.log](https://helixre107v0xdeko0k025g8.blob.core.windows.net/dotnet-runtime-refs-pull-72545-merge-d14203a3dee34b7c82/System.Security.Cryptography.X509Certificates.Tests/1/console.1f0db02b.log?%3F%253Fhelixlogtype%253Dresult)|||[runclient.py](https://helixre107v0xdeko0k025g8.blob.core.windows.net/dotnet-runtime-refs-pull-72545-merge-d14203a3dee34b7c82/System.Security.Cryptography.X509Certificates.Tests/91545728-b7e5-4764-8fc4-1c598e75fdfd.log?%3F%253Fhelixlogtype%253Dresult)| |[1900887](https://dev.azure.com/dnceng/public/_build/results?buildId=1900887)|[runtime-extra-platforms](https://dnceng.visualstudio.com/public/_build?definitionId=1080)|Rolling|net7.0-Linux-Release-x64-CoreCLR_release-(Fedora.34.Amd64.Open)ubuntu.1604.amd64.open@mcr.microsoft.com/dotnet-buildtools/prereqs:fedora-34-helix-20220523150939-4f64125|[console.log](https://helixre107v0xdeko0k025g8.blob.core.windows.net/dotnet-runtime-refs-heads-release-70-preview5eaddb923c77e422c8d/System.Security.Cryptography.X509Certificates.Tests.Attempt.3/1/console.360a41b1.log?%3F%253Fhelixlogtype%253Dresult)|||[runclient.py](https://helixre107v0xdeko0k025g8.blob.core.windows.net/dotnet-runtime-refs-heads-release-70-preview5eaddb923c77e422c8d/System.Security.Cryptography.X509Certificates.Tests.Attempt.3/42131b59-700b-4cb0-88b7-32785a160e30.log?%3F%253Fhelixlogtype%253Dresult)| |[1900480](https://dev.azure.com/dnceng/public/_build/results?buildId=1900480)|[runtime-extra-platforms](https://dnceng.visualstudio.com/public/_build?definitionId=1080)|Rolling|net7.0-Linux-Release-x64-CoreCLR_release-(Fedora.34.Amd64.Open)ubuntu.1604.amd64.open@mcr.microsoft.com/dotnet-buildtools/prereqs:fedora-34-helix-20220523150939-4f64125|[console.log](https://helixre107v0xdeko0k025g8.blob.core.windows.net/dotnet-runtime-refs-heads-release-70-preview5d1d9a4ca352f4ff7b7/System.Security.Cryptography.X509Certificates.Tests.Attempt.3/1/console.00cbe271.log?%3F%253Fhelixlogtype%253Dresult)|||[runclient.py](https://helixre107v0xdeko0k025g8.blob.core.windows.net/dotnet-runtime-refs-heads-release-70-preview5d1d9a4ca352f4ff7b7/System.Security.Cryptography.X509Certificates.Tests.Attempt.3/ec8a2dd2-3f2b-45af-ad0a-80dfbdfdc8ac.log?%3F%253Fhelixlogtype%253Dresult)| |[1900064](https://dev.azure.com/dnceng/public/_build/results?buildId=1900064)|[runtime-extra-platforms](https://dnceng.visualstudio.com/public/_build?definitionId=1080)|Rolling|net7.0-Linux-Release-x64-CoreCLR_release-(Fedora.34.Amd64.Open)ubuntu.1604.amd64.open@mcr.microsoft.com/dotnet-buildtools/prereqs:fedora-34-helix-20220523150939-4f64125|[console.log](https://helixre107v0xdeko0k025g8.blob.core.windows.net/dotnet-runtime-refs-heads-release-70-preview54ec82d7b2b1247f8b0/System.Security.Cryptography.X509Certificates.Tests.Attempt.3/1/console.5f00e88c.log?%3F%253Fhelixlogtype%253Dresult)|||[runclient.py](https://helixre107v0xdeko0k025g8.blob.core.windows.net/dotnet-runtime-refs-heads-release-70-preview54ec82d7b2b1247f8b0/System.Security.Cryptography.X509Certificates.Tests.Attempt.3/1b128c04-4033-411a-9c59-bf2215caef15.log?%3F%253Fhelixlogtype%253Dresult)| Build Result Summary |Day Hit Count|Week Hit Count|Month Hit Count| |---|---|---| |4|9|9|
Author: runfoapp[bot]
Assignees: -
Labels: `area-System.Security`, `blocking-clean-ci`, `os-android`, `untriaged`
Milestone: -
bartonjs commented 2 years ago

The default RSA provider tests claim that Android supports both RSASSA-PSS and RSA with keys whose exponents are bigger than 32 bits; but this may be the only test that does both.

<test name="System.Security.Cryptography.X509Certificates.Tests.CertificateCreation.CrlBuilderTests.BuildEmptyRsaPss(hashName: \"SHA256\")" type="System.Security.Cryptography.X509Certificates.Tests.CertificateCreation.CrlBuilderTests" method="BuildEmptyRsaPss" time="0.0771638" result="Fail">
<failure exception-type="Xunit.Sdk.TrueException">
<message>
<![CDATA[ Certificate's public key verifies the signature\nExpected: True\nActual: False ]]>
</message>
<stack-trace>
<![CDATA[ at System.Security.Cryptography.X509Certificates.Tests.CertificateCreation.CrlBuilderTests.<>c__DisplayClass17_0.<BuildEmptyRsaPss>b__0(X509Certificate2 cert, DateTimeOffset now) in /_/src/libraries/System.Security.Cryptography.X509Certificates/tests/CertificateCreation/CrlBuilderTests.cs:line 407 at System.Security.Cryptography.X509Certificates.Tests.CertificateCreation.CrlBuilderTests.BuildRsaCertificateAndRun(IEnumerable`1 extensions, Action`2 action, Boolean addSubjectKeyIdentifier, String callerName) in /_/src/libraries/System.Security.Cryptography.X509Certificates/tests/CertificateCreation/CrlBuilderTests.cs:line 1490 at System.Security.Cryptography.X509Certificates.Tests.CertificateCreation.CrlBuilderTests.BuildEmptyRsaPss(String hashName) in /_/src/libraries/System.Security.Cryptography.X509Certificates/tests/CertificateCreation/CrlBuilderTests.cs:line 382 at System.Reflection.MethodInvoker.InterpretedInvoke(Object obj, Span`1 args, BindingFlags invokeAttr) ]]>
</stack-trace>
</failure>
</test>
<test name="System.Security.Cryptography.X509Certificates.Tests.CertificateCreation.CrlBuilderTests.BuildEmptyRsaPss(hashName: \"SHA384\")" type="System.Security.Cryptography.X509Certificates.Tests.CertificateCreation.CrlBuilderTests" method="BuildEmptyRsaPss" time="0.0057438" result="Fail">
<failure exception-type="Xunit.Sdk.TrueException">
<message>
<![CDATA[ Certificate's public key verifies the signature\nExpected: True\nActual: False ]]>
</message>
<stack-trace>
<![CDATA[ at System.Security.Cryptography.X509Certificates.Tests.CertificateCreation.CrlBuilderTests.<>c__DisplayClass17_0.<BuildEmptyRsaPss>b__0(X509Certificate2 cert, DateTimeOffset now) in /_/src/libraries/System.Security.Cryptography.X509Certificates/tests/CertificateCreation/CrlBuilderTests.cs:line 407 at System.Security.Cryptography.X509Certificates.Tests.CertificateCreation.CrlBuilderTests.BuildRsaCertificateAndRun(IEnumerable`1 extensions, Action`2 action, Boolean addSubjectKeyIdentifier, String callerName) in /_/src/libraries/System.Security.Cryptography.X509Certificates/tests/CertificateCreation/CrlBuilderTests.cs:line 1490 at System.Security.Cryptography.X509Certificates.Tests.CertificateCreation.CrlBuilderTests.BuildEmptyRsaPss(String hashName) in /_/src/libraries/System.Security.Cryptography.X509Certificates/tests/CertificateCreation/CrlBuilderTests.cs:line 382 at System.Reflection.MethodInvoker.InterpretedInvoke(Object obj, Span`1 args, BindingFlags invokeAttr) ]]>
</stack-trace>
</failure>
</test>
<test name="System.Security.Cryptography.X509Certificates.Tests.CertificateCreation.CrlBuilderTests.BuildEmptyRsaPss(hashName: \"SHA512\")" type="System.Security.Cryptography.X509Certificates.Tests.CertificateCreation.CrlBuilderTests" method="BuildEmptyRsaPss" time="0.0070822" result="Fail">
<failure exception-type="Xunit.Sdk.TrueException">
<message>
<![CDATA[ Certificate's public key verifies the signature\nExpected: True\nActual: False ]]>
</message>
<stack-trace>
<![CDATA[ at System.Security.Cryptography.X509Certificates.Tests.CertificateCreation.CrlBuilderTests.<>c__DisplayClass17_0.<BuildEmptyRsaPss>b__0(X509Certificate2 cert, DateTimeOffset now) in /_/src/libraries/System.Security.Cryptography.X509Certificates/tests/CertificateCreation/CrlBuilderTests.cs:line 407 at System.Security.Cryptography.X509Certificates.Tests.CertificateCreation.CrlBuilderTests.BuildRsaCertificateAndRun(IEnumerable`1 extensions, Action`2 action, Boolean addSubjectKeyIdentifier, String callerName) in /_/src/libraries/System.Security.Cryptography.X509Certificates/tests/CertificateCreation/CrlBuilderTests.cs:line 1490 at System.Security.Cryptography.X509Certificates.Tests.CertificateCreation.CrlBuilderTests.BuildEmptyRsaPss(String hashName) in /_/src/libraries/System.Security.Cryptography.X509Certificates/tests/CertificateCreation/CrlBuilderTests.cs:line 382 at System.Reflection.MethodInvoker.InterpretedInvoke(Object obj, Span`1 args, BindingFlags invokeAttr) ]]>
</stack-trace>
</failure>
</test>

The only failures are in the CrlBuilderTests.BuildEmptyRsaPss test, and that test is passing everywhere except Android.

bartonjs commented 2 years ago

Newer tests show that even RSASSA-PKCS1 is failing with big-exponent keys; it looks like RsaVerificationPrimitive is not working how we'd expect. That makes big-exponent encryption also suspect.

vcsjones commented 2 years ago

Looking at this:

https://github.com/google/boringssl/blob/ce65c1daf827f870cde6b54ee14e59117f38c0de/crypto/fipsmodule/rsa/rsa_impl.c#L88-L99

BoringSSL, the cryptographic provider used by conscrypt in Android, does not permit RSA e greater than 33-bits (yes 33 not 32).

I haven't yet figured out why sign appears to work and verify does not, but judging from the commentary it appears the intention is that verifying with a large public exponent is disabled to mitigate DoS.

bartonjs commented 2 years ago

Probably "you have the private key, you do you", vs "you got this public key from a certificate, oh, they're trolling you".

It'd be nicer if they failed at key import, though.

vcsjones commented 1 year ago

I got some amount of confirmation from a Google contact saying "Yes, we limit public key operations with an exponent of <= 2^33". So these disabled tests should become either conditional tests, or, where appropriate, don't use a large exponent (I seem to recall a number of the CRL tests using big exponents exclusively).

steveisok commented 1 year ago

@vcsjones thanks, we can work to get these enabled.