Skip to content

[Breaking change]: SafeEvpPKeyHandle.DuplicateHandle up-refs the handle #42034

New issue
New issue
Closed
#42018
Closed
[Breaking change]: SafeEvpPKeyHandle.DuplicateHandle up-refs the handle#42034
#42018
Assignees
gewarren
Labels
📌 seQUESTeredIdentifies that an issue has been imported into Quest.breaking-changeIndicates a .NET Core breaking changein-prThis issue will be closed (fixed) by an active pull request.
@krwq

Description

@krwq
krwq
opened on Aug 5, 2024

Description

With the work to enable OpenSSL providers support, a change was made to the System.Security.Cryptography.SafeEvpPKeyHandle.DuplicateHandle method, impacting the System.Security.Cryptography.ECDsaOpenSsl and System.Security.Cryptography.RSAOpenSsl constructors that have overloads with System.Security.Cryptography.SafeEvpPKeyHandle causing that external modifications of the passed-in handle will also affect handle stored in the instances of those classes.

Version

.NET 9 Preview 7

Previous behavior

  • System.Security.Cryptography.SafeEvpPKeyHandle.DuplicateHandle created a new EVP_PKEY instance
  • Modifications to the duplicated key (i.e. through direct calls to OpenSSL APIs) did not impact the original key
  • SafeEvpPKeyHandle.DuplicateHandle is called by the constructors of ECDsaOpenSsl and RSAOpenSsl taking SafeEvpPKeyHandle

New behavior

DuplicateHandle increments the reference count of the existing EVP_PKEY and returns a handle to the same key, causing that external calls to OpenSSL APIs which modify EVP_PKEY will also affect instances of duplicated SafeEvpPKeyHandle which include ECDsaOpenSsl and RSAOpenSsl instances created from such handles.

Type of breaking change

  • Binary incompatible: Existing binaries might encounter a breaking change in behavior, such as failure to load or execute, and if so, require recompilation.
  • Source incompatible: When recompiled using the new SDK or component or to target the new runtime, existing source code might require source changes to compile successfully.
  • Behavioral change: Existing binaries might behave differently at run time.

Reason for change

Recommended action

Avoid modifications of EVP_PKEY passed in to .NET APIs. If modifications to EVP_PKEY can't be avoided user should create a copy of EVP_PKEY on their own (i.e. copy parameters into the new EVP_PKEY instance).

Feature area

Cryptography

Affected APIs

  • System.Security.Cryptography.SafeEvpPKeyHandle.DuplicateHandle

DuplicateHandle is called by following public .NET APIs making them also affected:

  • System.Security.Cryptography.ECDsaOpenSsl..ctor(System.Security.Cryptography.SafeEvpPKeyHandle)
  • System.Security.Cryptography.RSAOpenSsl..ctor(System.Security.Cryptography.SafeEvpPKeyHandle)

Everything taking RSA or ECDsa instances originating from SafeEvpPKeyHandle will also be affected.

Associated WorkItem - 294097

Metadata

Metadata

Assignees

Labels

📌 seQUESTeredIdentifies that an issue has been imported into Quest.breaking-changeIndicates a .NET Core breaking changein-prThis issue will be closed (fixed) by an active pull request.

Type

No type

Projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions