Skip to content

Commit

Permalink
Check for OpenSSL availability for OpenSsl asymmetric primitives
Browse files Browse the repository at this point in the history 
If you attempt to use any of the *OpenSsl primitives on macOS, this will currently abort the whole process.
This changes them to check for OpenSSL's presence and throw an appropriate exception instead of aborting.

When used as an internal implementation, the aborting behavior remains.
  • Loading branch information
@vcsjones
vcsjones authored Aug 16, 2021
1 parent c0fc818 commit 2144431
Show file tree
Hide file tree
Showing 10 changed files with 89 additions and 27 deletions.
3 changes: 3 additions & 0 deletions src/libraries/Common/src/System/Security/Cryptography/DSAOpenSsl.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ public DSAOpenSsl()

public DSAOpenSsl(int keySize)
{
ThrowIfNotSupported();
LegalKeySizesValue = s_legalKeySizes;
base.KeySize = keySize;
_key = new Lazy<SafeDsaHandle>(GenerateKey);
Expand Down Expand Up @@ -416,6 +417,8 @@ private void SetKey(SafeDsaHandle newKey)
_key = new Lazy<SafeDsaHandle>(newKey);
}

static partial void ThrowIfNotSupported();

private static readonly KeySizes[] s_legalKeySizes = new KeySizes[] { new KeySizes(minSize: 512, maxSize: 3072, skipSize: 64) };
}
#if INTERNAL_ASYMMETRIC_IMPLEMENTATIONS
Expand Down
4 changes: 4 additions & 0 deletions src/libraries/Common/src/System/Security/Cryptography/ECDiffieHellmanOpenSsl.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ public sealed partial class ECDiffieHellmanOpenSsl : ECDiffieHellman

public ECDiffieHellmanOpenSsl(ECCurve curve)
{
ThrowIfNotSupported();
_key = new ECOpenSsl(curve);
KeySizeValue = _key.KeySize;
}
Expand All @@ -26,6 +27,7 @@ public ECDiffieHellmanOpenSsl()

public ECDiffieHellmanOpenSsl(int keySize)
{
ThrowIfNotSupported();
base.KeySize = keySize;
_key = new ECOpenSsl(this);
}
Expand Down Expand Up @@ -133,6 +135,8 @@ private SafeEcKeyHandle GetKey()
ThrowIfDisposed();
return _key.Value;
}

static partial void ThrowIfNotSupported();
}
#if INTERNAL_ASYMMETRIC_IMPLEMENTATIONS
}
Expand Down
4 changes: 4 additions & 0 deletions src/libraries/Common/src/System/Security/Cryptography/ECDsaOpenSsl.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ public sealed partial class ECDsaOpenSsl : ECDsa
/// <exception cref="ArgumentNullException">if <paramref name="curve" /> is null.</exception>
public ECDsaOpenSsl(ECCurve curve)
{
ThrowIfNotSupported();
_key = new ECOpenSsl(curve);
ForceSetKeySize(_key.KeySize);
}
Expand All @@ -44,6 +45,7 @@ public ECDsaOpenSsl()
/// <param name="keySize">Size of the key to generate, in bits.</param>
public ECDsaOpenSsl(int keySize)
{
ThrowIfNotSupported();
// Use the base setter to get the validation and field assignment without the
// side effect of dereferencing _key.
base.KeySize = keySize;
Expand Down Expand Up @@ -360,6 +362,8 @@ private void ThrowIfDisposed()
);
}
}

static partial void ThrowIfNotSupported();
}
#if INTERNAL_ASYMMETRIC_IMPLEMENTATIONS
}
Expand Down
3 changes: 3 additions & 0 deletions src/libraries/Common/src/System/Security/Cryptography/RSAOpenSsl.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ public RSAOpenSsl()

public RSAOpenSsl(int keySize)
{
ThrowIfNotSupported();
base.KeySize = keySize;
_key = new Lazy<SafeEvpPKeyHandle>(GenerateKey);
}
Expand Down Expand Up @@ -946,6 +947,8 @@ private static void ValidatePadding(RSASignaturePadding padding)
}
}

static partial void ThrowIfNotSupported();

private static Exception PaddingModeNotSupported() =>
new CryptographicException(SR.Cryptography_InvalidPaddingMode);

Expand Down
57 changes: 30 additions & 27 deletions src/libraries/System.Security.Cryptography.OpenSsl/src/Resources/Strings.resx
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,16 @@
<root>
<!--
Microsoft ResX Schema
<!--
Microsoft ResX Schema
Version 2.0
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
The primary goals of this format is to allow a simple XML format
that is mostly human readable. The generation and parsing of the
various data types are done through the TypeConverter classes
associated with the data types.
Example:
... ado.net/XML headers & schema ...
<resheader name="resmimetype">text/microsoft-resx</resheader>
<resheader name="version">2.0</resheader>
Expand All @@ -25,36 +25,36 @@
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
<comment>This is a comment</comment>
</data>
There are any number of "resheader" rows that contain simple
There are any number of "resheader" rows that contain simple
name/value pairs.
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
Each data row contains a name, and value. The row also contains a
type or mimetype. Type corresponds to a .NET class that support
text/value conversion through the TypeConverter architecture.
Classes that don't support this are serialized and stored with the
mimetype set.
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
The mimetype is used for serialized objects, and tells the
ResXResourceReader how to depersist the object. This is currently not
extensible. For a given mimetype the value must be set accordingly:
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
Note - application/x-microsoft.net.object.binary.base64 is the format
that the ResXResourceWriter will generate, however the reader can
read any of the formats listed below.
mimetype: application/x-microsoft.net.object.binary.base64
value : The object must be serialized with
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.soap.base64
value : The object must be serialized with
value : The object must be serialized with
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
: and then encoded with base64 encoding.
mimetype: application/x-microsoft.net.object.bytearray.base64
value : The object must be serialized into a byte array
value : The object must be serialized into a byte array
: using a System.ComponentModel.TypeConverter
: and then encoded with base64 encoding.
-->
Expand Down Expand Up @@ -233,6 +233,9 @@
<data name="Cryptography_NotValidPublicOrPrivateKey" xml:space="preserve">
<value>Key is not a valid public or private key.</value>
</data>
<data name="Cryptography_AlgorithmNotSupported" xml:space="preserve">
<value>Algorithm '{0}' is not supported on this platform.</value>
</data>
<data name="PlatformNotSupported_CryptographyOpenSSL" xml:space="preserve">
<value>OpenSSL is not supported on this platform.</value>
</data>
Expand Down
2 changes: 2 additions & 0 deletions ...ries/System.Security.Cryptography.OpenSsl/src/System.Security.Cryptography.OpenSsl.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,8 @@
Link="Common\Interop\Unix\System.Security.Cryptography.Native\Interop.Initialization.cs" />
<Compile Include="$(CommonPath)Interop\Unix\System.Security.Cryptography.Native\Interop.OpenSslVersion.cs"
Link="Common\Interop\Unix\System.Security.Cryptography.Native\Interop.OpenSslVersion.cs" />
<Compile Include="$(CommonPath)Interop\Unix\System.Security.Cryptography.Native\Interop.OpenSslAvailable.cs"
Link="Common\Interop\Unix\System.Security.Cryptography.Native\Interop.OpenSslAvailable.cs" />
<Compile Include="$(CommonPath)Microsoft\Win32\SafeHandles\Asn1SafeHandles.Unix.cs"
Link="Common\Microsoft\Win32\SafeHandles\Asn1SafeHandles.Unix.cs" />
<Compile Include="$(CommonPath)Microsoft\Win32\SafeHandles\SafeBignumHandle.Unix.cs"
Expand Down
11 changes: 11 additions & 0 deletions ...aries/System.Security.Cryptography.OpenSsl/src/System/Security/Cryptography/DSAOpenSsl.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ public sealed partial class DSAOpenSsl : DSA
{
public DSAOpenSsl(DSAParameters parameters)
{
ThrowIfNotSupported();
// Make _key be non-null before calling ImportParameters
_key = new Lazy<SafeDsaHandle>();
ImportParameters(parameters);
Expand All @@ -31,6 +32,7 @@ public DSAOpenSsl(SafeEvpPKeyHandle pkeyHandle)
if (pkeyHandle.IsInvalid)
throw new ArgumentException(SR.Cryptography_OpenInvalidHandle, nameof(pkeyHandle));

ThrowIfNotSupported();
// If dsa is valid it has already been up-ref'd, so we can just use this handle as-is.
SafeDsaHandle key = Interop.Crypto.EvpPkeyGetDsa(pkeyHandle);
if (key.IsInvalid)
Expand All @@ -57,6 +59,7 @@ public DSAOpenSsl(IntPtr handle)
if (handle == IntPtr.Zero)
throw new ArgumentException(SR.Cryptography_OpenInvalidHandle, nameof(handle));

ThrowIfNotSupported();
SafeDsaHandle ecKeyHandle = SafeDsaHandle.DuplicateHandle(handle);
SetKey(ecKeyHandle);
}
Expand Down Expand Up @@ -89,5 +92,13 @@ public SafeEvpPKeyHandle DuplicateKeyHandle()
throw;
}
}

static partial void ThrowIfNotSupported()
{
if (!Interop.OpenSslNoInit.OpenSslIsAvailable)
{
throw new PlatformNotSupportedException(SR.Format(SR.Cryptography_AlgorithmNotSupported, nameof(DSAOpenSsl)));
}
}
}
}
10 changes: 10 additions & 0 deletions ....Security.Cryptography.OpenSsl/src/System/Security/Cryptography/ECDiffieHellmanOpenSsl.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ public ECDiffieHellmanOpenSsl(SafeEvpPKeyHandle pkeyHandle)
if (pkeyHandle.IsInvalid)
throw new ArgumentException(SR.Cryptography_OpenInvalidHandle, nameof(pkeyHandle));

ThrowIfNotSupported();
// If ecKey is valid it has already been up-ref'd, so we can just use this handle as-is.
SafeEcKeyHandle key = Interop.Crypto.EvpPkeyGetEcKey(pkeyHandle);
if (key.IsInvalid)
Expand Down Expand Up @@ -50,6 +51,7 @@ public ECDiffieHellmanOpenSsl(IntPtr handle)
if (handle == IntPtr.Zero)
throw new ArgumentException(SR.Cryptography_OpenInvalidHandle, nameof(handle));

ThrowIfNotSupported();
SafeEcKeyHandle ecKeyHandle = SafeEcKeyHandle.DuplicateHandle(handle);
_key = new ECOpenSsl(ecKeyHandle);
KeySizeValue = _key.KeySize;
Expand Down Expand Up @@ -83,5 +85,13 @@ public SafeEvpPKeyHandle DuplicateKeyHandle()
throw;
}
}

static partial void ThrowIfNotSupported()
{
if (!Interop.OpenSslNoInit.OpenSslIsAvailable)
{
throw new PlatformNotSupportedException(SR.Format(SR.Cryptography_AlgorithmNotSupported, nameof(ECDiffieHellmanOpenSsl)));
}
}
}
}
10 changes: 10 additions & 0 deletions ...ies/System.Security.Cryptography.OpenSsl/src/System/Security/Cryptography/ECDsaOpenSsl.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ public ECDsaOpenSsl(SafeEvpPKeyHandle pkeyHandle)
if (pkeyHandle.IsInvalid)
throw new ArgumentException(SR.Cryptography_OpenInvalidHandle, nameof(pkeyHandle));

ThrowIfNotSupported();
// If ecKey is valid it has already been up-ref'd, so we can just use this handle as-is.
SafeEcKeyHandle key = Interop.Crypto.EvpPkeyGetEcKey(pkeyHandle);
if (key.IsInvalid)
Expand Down Expand Up @@ -50,6 +51,7 @@ public ECDsaOpenSsl(IntPtr handle)
if (handle == IntPtr.Zero)
throw new ArgumentException(SR.Cryptography_OpenInvalidHandle, nameof(handle));

ThrowIfNotSupported();
SafeEcKeyHandle ecKeyHandle = SafeEcKeyHandle.DuplicateHandle(handle);
_key = new ECOpenSsl(ecKeyHandle);
KeySizeValue = _key.KeySize;
Expand Down Expand Up @@ -83,5 +85,13 @@ public SafeEvpPKeyHandle DuplicateKeyHandle()
throw;
}
}

static partial void ThrowIfNotSupported()
{
if (!Interop.OpenSslNoInit.OpenSslIsAvailable)
{
throw new PlatformNotSupportedException(SR.Format(SR.Cryptography_AlgorithmNotSupported, nameof(ECDsaOpenSsl)));
}
}
}
}
12 changes: 12 additions & 0 deletions ...aries/System.Security.Cryptography.OpenSsl/src/System/Security/Cryptography/RSAOpenSsl.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ public sealed partial class RSAOpenSsl : RSA
{
public RSAOpenSsl(RSAParameters parameters)
{
ThrowIfNotSupported();

// Make _key be non-null before calling ImportParameters
_key = new Lazy<SafeEvpPKeyHandle>();
ImportParameters(parameters);
Expand All @@ -30,6 +32,7 @@ public RSAOpenSsl(IntPtr handle)
if (handle == IntPtr.Zero)
throw new ArgumentException(SR.Cryptography_OpenInvalidHandle, nameof(handle));

ThrowIfNotSupported();
SafeEvpPKeyHandle pkey = Interop.Crypto.EvpPKeyCreateRsa(handle);
Debug.Assert(!pkey.IsInvalid);

Expand All @@ -53,6 +56,7 @@ public RSAOpenSsl(SafeEvpPKeyHandle pkeyHandle)
if (pkeyHandle.IsInvalid)
throw new ArgumentException(SR.Cryptography_OpenInvalidHandle, nameof(pkeyHandle));

ThrowIfNotSupported();
SafeEvpPKeyHandle newKey = Interop.Crypto.EvpPKeyDuplicate(
pkeyHandle,
Interop.Crypto.EvpAlgorithmId.RSA);
Expand All @@ -69,5 +73,13 @@ public SafeEvpPKeyHandle DuplicateKeyHandle()
{
return Interop.Crypto.EvpPKeyDuplicate(GetKey(), Interop.Crypto.EvpAlgorithmId.RSA);
}

static partial void ThrowIfNotSupported()
{
if (!Interop.OpenSslNoInit.OpenSslIsAvailable)
{
throw new PlatformNotSupportedException(SR.Format(SR.Cryptography_AlgorithmNotSupported, nameof(RSAOpenSsl)));
}
}
}
}

0 comments on commit 2144431

Please sign in to comment.