From 2b4a4bcfcaacd3614936c4cddeee438907bfd780 Mon Sep 17 00:00:00 2001
From: Kevin Jones <kevin@vcsjones.com>
Date: Thu, 27 Jun 2024 00:41:45 -0400
Subject: [PATCH] Change X509CertificateLoader to wrap unsupported algorithms
 with a CryptographicException

---
 .../X509Certificates/X509CertificateLoader.Pkcs12.cs        | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/libraries/Common/src/System/Security/Cryptography/X509Certificates/X509CertificateLoader.Pkcs12.cs b/src/libraries/Common/src/System/Security/Cryptography/X509Certificates/X509CertificateLoader.Pkcs12.cs
index ccea2de41fc00..196af51bc4d91 100644
--- a/src/libraries/Common/src/System/Security/Cryptography/X509Certificates/X509CertificateLoader.Pkcs12.cs
+++ b/src/libraries/Common/src/System/Security/Cryptography/X509Certificates/X509CertificateLoader.Pkcs12.cs
@@ -647,6 +647,12 @@ internal ReadOnlyMemory<byte> DecryptSafeContents(
                         saveOffset,
                         written);
                 }
+                catch (PlatformNotSupportedException pnse)
+                {
+                    // May be thrown by PBE decryption if the platform does not support the algorithm.
+                    ThrowWithHResult(SR.Cryptography_Pfx_BadPassword, ERROR_INVALID_PASSWORD, pnse);
+                    throw; // This is unreachable because of the throw helper, but the compiler does not know that.
+                }
                 catch (CryptographicException e)
                 {
                     CryptographicOperations.ZeroMemory(