Add cryptographic operation counts to prevent process crashes

vcsjones · vcsjones · commit ec2d8053acd1 · 2024-04-30T16:30:28.000-04:00
diff --git a/src/libraries/System.Security.Cryptography/src/Resources/Strings.resx b/src/libraries/System.Security.Cryptography/src/Resources/Strings.resx
@@ -273,6 +273,9 @@
   <data name="Cryptography_CipherModeNotSupported" xml:space="preserve">
     <value>The specified CipherMode '{0}' is not supported.</value>
   </data>
+  <data name="Cryptography_ConcurrentUseNotSupported" xml:space="preserve">
+    <value>Concurrent operations from multiple threads on this type are not supported.</value>
+  </data>
   <data name="Cryptography_CngKeyWrongAlgorithm" xml:space="preserve">
     <value>This key is for algorithm '{0}'. Expected '{1}'.</value>
   </data>
diff --git a/src/libraries/System.Security.Cryptography/src/System.Security.Cryptography.csproj b/src/libraries/System.Security.Cryptography/src/System.Security.Cryptography.csproj
@@ -817,6 +817,7 @@
     <Compile Include="System\Security\Cryptography\CapiHelper.Unix.cs" />
     <Compile Include="System\Security\Cryptography\ChaCha20Poly1305.OpenSsl.cs" />
     <Compile Include="System\Security\Cryptography\Cng.NotSupported.cs" />
+    <Compile Include="System\Security\Cryptography\ConcurrencyBlock.cs" />
     <Compile Include="System\Security\Cryptography\CspKeyContainerInfo.NotSupported.cs" />
     <Compile Include="System\Security\Cryptography\DESCryptoServiceProvider.Unix.cs" />
     <Compile Include="System\Security\Cryptography\DesImplementation.OpenSsl.cs" />
@@ -977,6 +978,7 @@
     <Compile Include="System\Security\Cryptography\CapiHelper.Shared.cs" />
     <Compile Include="System\Security\Cryptography\CapiHelper.Unix.cs" />
     <Compile Include="System\Security\Cryptography\Cng.NotSupported.cs" />
+    <Compile Include="System\Security\Cryptography\ConcurrencyBlock.NoOp.cs" />
     <Compile Include="System\Security\Cryptography\CspKeyContainerInfo.NotSupported.cs" />
     <Compile Include="System\Security\Cryptography\ChaCha20Poly1305.Android.cs" />
     <Compile Include="System\Security\Cryptography\DESCryptoServiceProvider.Unix.cs" />
diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/ConcurrencyBlock.NoOp.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/ConcurrencyBlock.NoOp.cs
@@ -0,0 +1,40 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System.Threading;
+
+namespace System.Security.Cryptography
+{
+    internal struct ConcurrencyBlock
+    {
+        private int _count;
+
+        internal static Scope Enter(ref ConcurrencyBlock block)
+        {
+            int count = Interlocked.Increment(ref block._count);
+
+            if (count != 1)
+            {
+                Interlocked.Decrement(ref block._count);
+                throw new CryptographicException(SR.Cryptography_ConcurrentUseNotSupported);
+            }
+
+            return new Scope(ref block._count);
+        }
+
+        internal ref struct Scope
+        {
+            private ref int _parentCount;
+
+            internal Scope(ref int parentCount)
+            {
+                _parentCount = ref parentCount;
+            }
+
+            internal void Dispose()
+            {
+                Interlocked.Decrement(ref _parentCount);
+            }
+        }
+    }
+}
diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/ConcurrencyBlock.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/ConcurrencyBlock.cs
@@ -0,0 +1,25 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System.Threading;
+
+namespace System.Security.Cryptography
+{
+    internal struct ConcurrencyBlock
+    {
+        internal static Scope Enter(ref ConcurrencyBlock block)
+        {
+            _ = block;
+            return default;
+        }
+
+        internal ref struct Scope
+        {
+#pragma warning disable CA1822 // Member can be marked static
+            internal void Dispose()
+            {
+            }
+#pragma warning restore CA1822
+        }
+    }
+}
diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/HashProviderDispenser.OpenSsl.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/HashProviderDispenser.OpenSsl.cs
@@ -102,6 +102,7 @@ private sealed class EvpHashProvider : HashProvider
         {
             private readonly LiteHash _liteHash;
             private bool _running;
+            private ConcurrencyBlock _block;
 
             public EvpHashProvider(string hashAlgorithmId)
             {
@@ -110,21 +111,30 @@ public EvpHashProvider(string hashAlgorithmId)
 
             public override void AppendHashData(ReadOnlySpan<byte> data)
             {
-                _liteHash.Append(data);
-                _running = true;
+                using (ConcurrencyBlock.Enter(ref _block))
+                {
+                    _liteHash.Append(data);
+                    _running = true;
+                }
             }
 
             public override int FinalizeHashAndReset(Span<byte> destination)
             {
-                int written = _liteHash.Finalize(destination);
-                _liteHash.Reset();
-                _running = false;
-                return written;
+                using (ConcurrencyBlock.Enter(ref _block))
+                {
+                    int written = _liteHash.Finalize(destination);
+                    _liteHash.Reset();
+                    _running = false;
+                    return written;
+                }
             }
 
             public override int GetCurrentHash(Span<byte> destination)
             {
-                return _liteHash.Current(destination);
+                using (ConcurrencyBlock.Enter(ref _block))
+                {
+                    return _liteHash.Current(destination);
+                }
             }
 
             public override int HashSizeInBytes => _liteHash.HashSizeInBytes;
@@ -139,10 +149,13 @@ public override void Dispose(bool disposing)
 
             public override void Reset()
             {
-                if (_running)
+                using (ConcurrencyBlock.Enter(ref _block))
                 {
-                    _liteHash.Reset();
-                    _running = false;
+                    if (_running)
+                    {
+                        _liteHash.Reset();
+                        _running = false;
+                    }
                 }
             }
         }
@@ -151,6 +164,7 @@ private sealed class HmacHashProvider : HashProvider
         {
             private readonly LiteHmac _liteHmac;
             private bool _running;
+            private ConcurrencyBlock _block;
 
             public HmacHashProvider(string hashAlgorithmId, ReadOnlySpan<byte> key)
             {
@@ -159,21 +173,30 @@ public HmacHashProvider(string hashAlgorithmId, ReadOnlySpan<byte> key)
 
             public override void AppendHashData(ReadOnlySpan<byte> data)
             {
-                _liteHmac.Append(data);
-                _running = true;
+                using (ConcurrencyBlock.Enter(ref _block))
+                {
+                    _liteHmac.Append(data);
+                    _running = true;
+                }
             }
 
             public override int FinalizeHashAndReset(Span<byte> destination)
             {
-                int written = _liteHmac.Finalize(destination);
-                _liteHmac.Reset();
-                _running = false;
-                return written;
+                using (ConcurrencyBlock.Enter(ref _block))
+                {
+                    int written = _liteHmac.Finalize(destination);
+                    _liteHmac.Reset();
+                    _running = false;
+                    return written;
+                }
             }
 
             public override int GetCurrentHash(Span<byte> destination)
             {
-                return _liteHmac.Current(destination);
+                using (ConcurrencyBlock.Enter(ref _block))
+                {
+                    return _liteHmac.Current(destination);
+                }
             }
 
             public override int HashSizeInBytes => _liteHmac.HashSizeInBytes;
@@ -188,10 +211,13 @@ public override void Dispose(bool disposing)
 
             public override void Reset()
             {
-                if (_running)
+                using (ConcurrencyBlock.Enter(ref _block))
                 {
-                    _liteHmac.Reset();
-                    _running = false;
+                    if (_running)
+                    {
+                        _liteHmac.Reset();
+                        _running = false;
+                    }
                 }
             }
         }

Original file line number	Diff line number	Diff line change
`@@ -102,6 +102,7 @@ private sealed class EvpHashProvider : HashProvider`
`102`	`102`	`{`
`103`	`103`	`private readonly LiteHash _liteHash;`
`104`	`104`	`private bool _running;`
	`105`	`+ private ConcurrencyBlock _block;`
`105`	`106`
`106`	`107`	`public EvpHashProvider(string hashAlgorithmId)`
`107`	`108`	`{`
`@@ -110,21 +111,30 @@ public EvpHashProvider(string hashAlgorithmId)`
`110`	`111`
`111`	`112`	`public override void AppendHashData(ReadOnlySpan<byte> data)`
`112`	`113`	`{`
`113`		`- _liteHash.Append(data);`
`114`		`- _running = true;`
	`114`	`+ using (ConcurrencyBlock.Enter(ref _block))`
	`115`	`+ {`
	`116`	`+ _liteHash.Append(data);`
	`117`	`+ _running = true;`
	`118`	`+ }`
`115`	`119`	`}`
`116`	`120`
`117`	`121`	`public override int FinalizeHashAndReset(Span<byte> destination)`
`118`	`122`	`{`
`119`		`- int written = _liteHash.Finalize(destination);`
`120`		`- _liteHash.Reset();`
`121`		`- _running = false;`
`122`		`- return written;`
	`123`	`+ using (ConcurrencyBlock.Enter(ref _block))`
	`124`	`+ {`
	`125`	`+ int written = _liteHash.Finalize(destination);`
	`126`	`+ _liteHash.Reset();`
	`127`	`+ _running = false;`
	`128`	`+ return written;`
	`129`	`+ }`
`123`	`130`	`}`
`124`	`131`
`125`	`132`	`public override int GetCurrentHash(Span<byte> destination)`
`126`	`133`	`{`
`127`		`- return _liteHash.Current(destination);`
	`134`	`+ using (ConcurrencyBlock.Enter(ref _block))`
	`135`	`+ {`
	`136`	`+ return _liteHash.Current(destination);`
	`137`	`+ }`
`128`	`138`	`}`
`129`	`139`
`130`	`140`	`public override int HashSizeInBytes => _liteHash.HashSizeInBytes;`
`@@ -139,10 +149,13 @@ public override void Dispose(bool disposing)`
`139`	`149`
`140`	`150`	`public override void Reset()`
`141`	`151`	`{`
`142`		`- if (_running)`
	`152`	`+ using (ConcurrencyBlock.Enter(ref _block))`
`143`	`153`	`{`
`144`		`- _liteHash.Reset();`
`145`		`- _running = false;`
	`154`	`+ if (_running)`
	`155`	`+ {`
	`156`	`+ _liteHash.Reset();`
	`157`	`+ _running = false;`
	`158`	`+ }`
`146`	`159`	`}`
`147`	`160`	`}`
`148`	`161`	`}`
`@@ -151,6 +164,7 @@ private sealed class HmacHashProvider : HashProvider`
`151`	`164`	`{`
`152`	`165`	`private readonly LiteHmac _liteHmac;`
`153`	`166`	`private bool _running;`
	`167`	`+ private ConcurrencyBlock _block;`
`154`	`168`
`155`	`169`	`public HmacHashProvider(string hashAlgorithmId, ReadOnlySpan<byte> key)`
`156`	`170`	`{`
`@@ -159,21 +173,30 @@ public HmacHashProvider(string hashAlgorithmId, ReadOnlySpan<byte> key)`
`159`	`173`
`160`	`174`	`public override void AppendHashData(ReadOnlySpan<byte> data)`
`161`	`175`	`{`
`162`		`- _liteHmac.Append(data);`
`163`		`- _running = true;`
	`176`	`+ using (ConcurrencyBlock.Enter(ref _block))`
	`177`	`+ {`
	`178`	`+ _liteHmac.Append(data);`
	`179`	`+ _running = true;`
	`180`	`+ }`
`164`	`181`	`}`
`165`	`182`
`166`	`183`	`public override int FinalizeHashAndReset(Span<byte> destination)`
`167`	`184`	`{`
`168`		`- int written = _liteHmac.Finalize(destination);`
`169`		`- _liteHmac.Reset();`
`170`		`- _running = false;`
`171`		`- return written;`
	`185`	`+ using (ConcurrencyBlock.Enter(ref _block))`
	`186`	`+ {`
	`187`	`+ int written = _liteHmac.Finalize(destination);`
	`188`	`+ _liteHmac.Reset();`
	`189`	`+ _running = false;`
	`190`	`+ return written;`
	`191`	`+ }`
`172`	`192`	`}`
`173`	`193`
`174`	`194`	`public override int GetCurrentHash(Span<byte> destination)`
`175`	`195`	`{`
`176`		`- return _liteHmac.Current(destination);`
	`196`	`+ using (ConcurrencyBlock.Enter(ref _block))`
	`197`	`+ {`
	`198`	`+ return _liteHmac.Current(destination);`
	`199`	`+ }`
`177`	`200`	`}`
`178`	`201`
`179`	`202`	`public override int HashSizeInBytes => _liteHmac.HashSizeInBytes;`
`@@ -188,10 +211,13 @@ public override void Dispose(bool disposing)`
`188`	`211`
`189`	`212`	`public override void Reset()`
`190`	`213`	`{`
`191`		`- if (_running)`
	`214`	`+ using (ConcurrencyBlock.Enter(ref _block))`
`192`	`215`	`{`
`193`		`- _liteHmac.Reset();`
`194`		`- _running = false;`
	`216`	`+ if (_running)`
	`217`	`+ {`
	`218`	`+ _liteHmac.Reset();`
	`219`	`+ _running = false;`
	`220`	`+ }`
`195`	`221`	`}`
`196`	`222`	`}`
`197`	`223`	`}`