License validation fails on Fedora 41/RHEL 9 because SHA-1 not trusted by openssl

[chklauser]

Describe the bug

Description

Validation of license.xml signature fails an exception. I suspect it's the same issue as the one reported on the Unity forums. You use SHA-1 as the hashing algorithm for the license file. SHA-1 is broken and the system's crypto library no longer trusts SHA-1-based signatures.

Expected behavior

License validation works.

Actual behavior

Interop+Crypto+OpenSslCryptographicException: error:03000098:digital envelope routines::invalid digest
   at Interop.Crypto.RsaVerifyHash(SafeEvpPKeyHandle pkey, RSASignaturePaddingMode paddingMode, IntPtr digestAlgorithm, ReadOnlySpan`1 hash, ReadOnlySpan`1 signature)
   at System.Security.Cryptography.RSAOpenSsl.VerifyHash(ReadOnlySpan`1 hash, ReadOnlySpan`1 signature, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding)
   at System.Security.Cryptography.RSACryptoServiceProvider.VerifyHash(Byte[] hash, Byte[] signature, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding)
   at System.Security.Cryptography.RSAPKCS1SignatureDeformatter.VerifySignature(Byte[] rgbHash, Byte[] rgbSignature)
   at System.Security.Cryptography.Xml.SignedXml.CheckSignature(AsymmetricAlgorithm key)
   at Particular.Licensing.LicenseVerifier.SignedXmlVerifier.TryVerifyXml(String xml, String& failureMessage) in /_1/particular.licensing.sources/6.0.0/contentFiles/cs/net8.0/Particular.Licensing/LicenseVerifier.cs:line 69
   at Particular.Licensing.LicenseVerifier.TryVerify(String licenseText, String& failureMessage) in /_1/particular.licensing.sources/6.0.0/contentFiles/cs/net8.0/Particular.Licensing/LicenseVerifier.cs:line 21

Impact

For now, only bleeding edge workstations in our organization are affected. Developers get nagged with the license screen every time they run one of our applications under the debugger. But we generally stay relatively close to recent OS releases even in production. This issue will hit our production systems sooner or later

Versions

• NServiceBus 9.2.2
• .NET 8
• Fedora 41 Workstation
• OpenSSL: openssl-libs.x86_64 1:3.2.2-9.fc41

Steps to reproduce

1. Use a Fedora 41 system
2. Provide signed license.xml
3. Run an NServiceBus application

Relevant log output

Additional Information

Workarounds

On RHEL/Fedora, the system can be configured to trust SHA1 once again.

sudo update-crypto-policies --set DEFAULT:SHA1

But this reduces overall system security.

Possible solutions

Change the licenses you generate to no longer rely on SHA-1. The System.Security.Cryptography.Xml surely supports other algorithms out of the box.

Additional information

[bording]

@chklauser Another workaround that should work would be setting the OPENSSL_ENABLE_SHA1_SIGNATURES=1 environment variable on the endpoint process.

That should limit the scope of change to not be system-wide.