Detect presence of OpenSSL for AEAD algorithms on macOS

This makes the IsSupported values for AesCcm and AesGcm return false on macOS when the
OpenSSL shim library can't find a suitable OpenSSL, and makes AesCcm/AesGcm throw an
informative exception in those cases.

Additionally it fixes the IsSupported on ChaCha/Poly to not tear down the process when
OpenSSL isn't found on macOS.

Co-authored-by: Filip Navara <filip.navara@gmail.com>

Author: vcsjones

src/libraries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.OpenSslAvailable.cs

@@ -0,0 +1,19 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System;
+using System.Runtime.InteropServices;
+
+internal static partial class Interop
+{
+    internal static class OpenSslNoInit
+    {
+        [DllImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_OpenSslAvailable")]
+        private static extern int OpenSslAvailable();
+
+        private static readonly Lazy<bool> s_openSslAvailable =
+            new Lazy<bool>(() => OpenSslAvailable() != 0);
+
+        internal static bool OpenSslIsAvailable => s_openSslAvailable.Value;
+    }
+}

src/libraries/Common/tests/TestUtilities/System/PlatformDetection.Unix.cs

@@ -101,6 +101,8 @@ public static string LibcVersion
             }
         }
 
+        public static bool OpenSslPresentOnSystem => !IsBrowser && Interop.OpenSslNoInit.OpenSslIsAvailable;
+
         private static Version s_opensslVersion;
         private static Version GetOpenSslVersion()
         {

src/libraries/Common/tests/TestUtilities/TestUtilities.csproj

@@ -64,6 +64,8 @@
   <ItemGroup>
     <Compile Include="$(CommonPath)Interop\Unix\System.Security.Cryptography.Native\Interop.Initialization.cs"
              Link="Common\Interop\Unix\System.Security.Cryptography.Native\Interop.Initialization.cs" />
+    <Compile Include="$(CommonPath)Interop\Unix\System.Security.Cryptography.Native\Interop.OpenSslAvailable.cs"
+             Link="Common\Interop\Unix\System.Security.Cryptography.Native\Interop.OpenSslAvailable.cs" />
     <Compile Include="$(CommonPath)Interop\Unix\System.Security.Cryptography.Native\Interop.OpenSslVersion.cs"
              Link="Common\Interop\Unix\System.Security.Cryptography.Native\Interop.OpenSslVersion.cs" />
     <Compile Include="$(CommonPath)Interop\Unix\System.Security.Cryptography.Native\Interop.OpenSslGetProtocolSupport.cs"

src/libraries/Native/Unix/System.Security.Cryptography.Native/entrypoints.c

@@ -213,6 +213,7 @@ static const Entry s_cryptoNative[] =
     DllImportEntry(CryptoNative_ObjTxt2Obj)
     DllImportEntry(CryptoNative_OcspRequestDestroy)
     DllImportEntry(CryptoNative_OcspResponseDestroy)
+    DllImportEntry(CryptoNative_OpenSslAvailable)
     DllImportEntry(CryptoNative_Pbkdf2)
     DllImportEntry(CryptoNative_PemReadBioPkcs7)
     DllImportEntry(CryptoNative_PemReadBioX509Crl)

src/libraries/Native/Unix/System.Security.Cryptography.Native/openssl.c

@@ -1319,6 +1319,17 @@ static int32_t EnsureOpenSsl11Initialized()
 
 #endif
 
+int32_t CryptoNative_OpenSslAvailable()
+{
+#ifdef FEATURE_DISTRO_AGNOSTIC_SSL
+    // OpenLibrary will attempt to open libssl. DlOpen will handle
+    // the case of it already being open and dlclose the duplicate
+    return OpenLibrary();
+#else
+    return 1;
+#endif
+}
+
 int32_t CryptoNative_EnsureOpenSslInitialized()
 {
     // If portable then decide which OpenSSL we are, and call the right one.

src/libraries/Native/Unix/System.Security.Cryptography.Native/openssl.h

@@ -74,3 +74,5 @@ PALEXPORT int32_t CryptoNative_EnsureOpenSslInitialized(void);
 PALEXPORT int64_t CryptoNative_OpenSslVersionNumber(void);
 
 PALEXPORT void CryptoNative_RegisterLegacyAlgorithms(void);
+
+PALEXPORT int32_t CryptoNative_OpenSslAvailable(void);

src/libraries/Native/Unix/System.Security.Cryptography.Native/opensslshim.c

@@ -5,7 +5,6 @@
 #include <assert.h>
 #include <dlfcn.h>
 #include <stdio.h>
-#include <stdbool.h>
 #include <string.h>
 
 #include "opensslshim.h"
@@ -51,7 +50,7 @@ static void DlOpen(const char* libraryName)
     }
 }
 
-static bool OpenLibrary()
+int OpenLibrary()
 {
     // If there is an override of the version specified using the CLR_OPENSSL_VERSION_OVERRIDE
     // env variable, try to load that first.
@@ -124,7 +123,14 @@ static bool OpenLibrary()
         DlOpen(MAKELIB("8"));
     }
 
-    return libssl != NULL;
+    if (libssl != NULL)
+    {
+        return 1;
+    }
+    else
+    {
+        return 0;
+    }
 }
 
 void InitializeOpenSSLShim(void)

src/libraries/Native/Unix/System.Security.Cryptography.Native/opensslshim.h

@@ -95,6 +95,7 @@ void ERR_put_error(int32_t lib, int32_t func, int32_t reason, const char* file,
 #define NEED_OPENSSL_1_1 true
 #define NEED_OPENSSL_3_0 true
 
+int OpenLibrary(void);
 void InitializeOpenSSLShim(void);
 
 #if !HAVE_OPENSSL_EC2M

src/libraries/System.Security.Cryptography.Algorithms/src/System.Security.Cryptography.Algorithms.csproj

@@ -586,6 +586,8 @@
              Link="Common\System\Security\Cryptography\ECDiffieHellmanDerivation.cs" />
   </ItemGroup>
   <ItemGroup Condition="'$(TargetsUnix)' == 'true' and '$(UseAndroidCrypto)' != 'true'">
+    <Compile Include="$(CommonPath)Interop\Unix\System.Security.Cryptography.Native\Interop.OpenSslAvailable.cs"
+             Link="Common\Interop\Unix\System.Security.Cryptography.Native\Interop.OpenSslAvailable.cs" />
     <Compile Include="$(CommonPath)Interop\Unix\System.Security.Cryptography.Native\Interop.EVP.Cipher.cs"
              Link="Common\Interop\Unix\System.Security.Cryptography.Native\Interop.EVP.Cipher.cs" />
     <Compile Include="System\Security\Cryptography\AesCcm.Unix.cs" />

src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/AesCcm.Android.cs

@@ -11,6 +11,8 @@ public sealed partial class AesCcm
     {
         private byte[] _key;
 
+        public static bool IsSupported => true;
+
         [MemberNotNull(nameof(_key))]
         private void ImportKey(ReadOnlySpan<byte> key)
         {