[release/2.1] Add hybrid support for OpenSSL 1.0 and 1.1

src/Common/src/Interop/Unix/System.Net.Http.Native/Interop.Initialization.cs

@@ -26,11 +26,11 @@ static HttpInitializer()
 #if !SYSNETHTTP_NO_OPENSSL
             string opensslVersion = Interop.Http.GetSslVersionDescription();
             if (string.IsNullOrEmpty(opensslVersion) ||
-                opensslVersion.IndexOf(Interop.Http.OpenSsl10Description, StringComparison.OrdinalIgnoreCase) != -1)
+                opensslVersion.IndexOf(Interop.Http.OpenSslDescriptionPrefix, StringComparison.OrdinalIgnoreCase) != -1)
             {
-                // CURL uses OpenSSL which we must initialize first to guarantee thread-safety
-                // Only initialize for OpenSSL/1.0, any newer versions may have mismatched
-                // pointers, resulting in segfaults.
+                // CURL uses OpenSSL which we must initialize first to guarantee thread-safety.
+                // We'll wake up whatever OpenSSL we're going to run against, but might later determine that
+                // they aren't compatible.
                 CryptoInitializer.Initialize();
             }
 #endif

src/Common/src/Interop/Unix/System.Net.Http.Native/Interop.VersionInfo.cs

@@ -3,6 +3,7 @@
 // See the LICENSE file in the project root for more information.
 
 using System;
+using System.Diagnostics;
 using System.Runtime.InteropServices;
 
 internal static partial class Interop
@@ -47,8 +48,49 @@ internal enum CurlFeatures : int
         [DllImport(Libraries.HttpNative, EntryPoint = "HttpNative_GetSslVersionDescription")]
         internal static extern string GetSslVersionDescription();
 
-        internal const string OpenSsl10Description = "openssl/1.0";
+        internal const string OpenSslDescriptionPrefix = "OpenSSL/";
         internal const string SecureTransportDescription = "SecureTransport";
         internal const string LibreSslDescription = "LibreSSL";
+
+#if !SYSNETHTTP_NO_OPENSSL
+        private static readonly Lazy<string> s_requiredOpenSslDescription =
+            new Lazy<string>(() => DetermineRequiredOpenSslDescription());
+
+        private static readonly Lazy<bool> s_hasMatchingOpenSsl =
+            new Lazy<bool>(() => RequiredOpenSslDescription == GetSslVersionDescription());
+
+        internal static string RequiredOpenSslDescription => s_requiredOpenSslDescription.Value;
+        internal static bool HasMatchingOpenSslVersion => s_hasMatchingOpenSsl.Value;
+
+        private static string DetermineRequiredOpenSslDescription()
+        {
+            string versionDescription = Interop.OpenSsl.OpenSslVersionDescription();
+            var version = versionDescription.AsSpan();
+
+            // OpenSSL version description looks like this:
+            //
+            // OpenSSL 1.1.1 FIPS  11 Sep 2018
+            //
+            // libcurl's OpenSSL vtls backend ignores status in the version string.
+            // Major, minor, and fix are encoded (by libcurl) as unpadded hex
+            // (0 => "0", 15 => "f", 16 => "10").
+            //
+            // Patch is encoded as in the way OpenSSL would do it.
+
+            string prefix = "OpenSSL ";
+            if (version.StartsWith(prefix))
+            {
+                version = version.Slice(prefix.Length).Trim();
+            }
+            int end = version.IndexOf(" ");
+            if (end != -1)
+            {
+                version = version.Slice(0, end);
+            }
+            version = version.Trim();
+
+            return $"{OpenSslDescriptionPrefix}{version.ToString()}";
+        }
+#endif
     }
 }

src/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.ASN1.cs

@@ -61,22 +61,6 @@ internal static IntPtr GetObjectDefinitionByName(string friendlyName)
         [DllImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_Asn1StringFree")]
         internal static extern void Asn1StringFree(IntPtr o);
 
-        internal static string GetOidValue(SafeSharedAsn1ObjectHandle asn1Object)
-        {
-            Debug.Assert(asn1Object != null);
-
-            bool added = false;
-            asn1Object.DangerousAddRef(ref added);
-            try
-            {
-                return GetOidValue(asn1Object.DangerousGetHandle());
-            }
-            finally
-            {
-                asn1Object.DangerousRelease();
-            }
-        }
-
         internal static unsafe string GetOidValue(IntPtr asn1ObjectPtr)
         {
             // OBJ_obj2txt returns the number of bytes that should have been in the answer, but it does not accept
@@ -127,14 +111,3 @@ internal static unsafe string GetOidValue(IntPtr asn1ObjectPtr)
         }
     }
 }
-
-namespace Microsoft.Win32.SafeHandles
-{
-    internal class SafeSharedAsn1ObjectHandle : SafeInteriorHandle
-    {
-        private SafeSharedAsn1ObjectHandle() :
-            base(IntPtr.Zero, ownsHandle: true)
-        {
-        }
-    }
-}

src/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.OpenSslVersion.cs

@@ -12,7 +12,7 @@ internal static partial class OpenSsl
         private static Version s_opensslVersion;
 
         [DllImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_SSLEayVersion")]
-        private static extern string OpenSslVersionDescription();
+        internal static extern string OpenSslVersionDescription();
 
         internal static Version OpenSslVersion
         {

src/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.X509Name.cs

@@ -15,32 +15,13 @@ internal static partial class Crypto
         [DllImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_GetX509NameStackFieldCount")]
         internal static extern int GetX509NameStackFieldCount(SafeSharedX509NameStackHandle sk);
 
-        [DllImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_PushX509NameStackField")]
-        [return: MarshalAs(UnmanagedType.Bool)]
-        internal static extern bool PushX509NameStackField(SafeX509NameStackHandle stack, SafeX509NameHandle x509_Name);
-
-        [DllImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_RecursiveFreeX509NameStack")]
-        internal static extern void RecursiveFreeX509NameStack(IntPtr stack);
-
-        [DllImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_NewX509NameStack")]
-        internal static extern SafeX509NameStackHandle NewX509NameStack();
-
         [DllImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_GetX509NameStackField")]
         private static extern SafeSharedX509NameHandle GetX509NameStackField_private(SafeSharedX509NameStackHandle sk,
             int loc);
 
         [DllImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_GetX509NameRawBytes")]
         private static extern int GetX509NameRawBytes(SafeSharedX509NameHandle x509Name, byte[] buf, int cBuf);
 
-        [DllImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_DecodeX509Name")]
-        internal static extern SafeX509NameHandle DecodeX509Name(byte[] buf, int len);
-
-        [DllImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_X509NameDestroy")]
-        internal static extern void X509NameDestroy(IntPtr a);
-
-        [DllImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_GetX509NameEntryCount")]
-        internal static extern int GetX509NameEntryCount(SafeX509NameHandle x509Name);
-
         internal static X500DistinguishedName LoadX500Name(SafeSharedX509NameHandle namePtr)
         {
             CheckValidOpenSslHandle(namePtr);
@@ -86,25 +67,5 @@ private SafeSharedX509NameStackHandle() :
         {
         }
     }
-
-    internal sealed class SafeX509NameStackHandle : SafeHandle
-    {
-        private SafeX509NameStackHandle() :
-            base(IntPtr.Zero, ownsHandle: true)
-        {
-        }
-
-        protected override bool ReleaseHandle()
-        {
-            Interop.Crypto.RecursiveFreeX509NameStack(handle);
-            SetHandle(IntPtr.Zero);
-            return true;
-        }
-
-        public override bool IsInvalid
-        {
-            get { return handle == IntPtr.Zero; }
-        }
-    }
 }