Skip to content

Some X25519 fixes for OpenSSL key handling#129338

Merged
vcsjones merged 4 commits into
dotnet:mainfrom
vcsjones:fix-x25519-exceptions-ossl111
Jun 12, 2026
Merged

Some X25519 fixes for OpenSSL key handling#129338
vcsjones merged 4 commits into
dotnet:mainfrom
vcsjones:fix-x25519-exceptions-ossl111

Conversation

@vcsjones

Copy link
Copy Markdown
Member

This makes a couple of fixes to the X25519 implementation.

  1. Our "Does this X25519 instance have an exportable key" check for OpenSSL did not work correct on OpenSSL 1.1.1. This is explained in the comments. This doesn't functionally fix anything, developers just get a better error.

  2. With X25519DiffieHellmanOpenSsl, we were guarding DeriveRawSecretAgreementCore with _hasPrivate. This is not right for the X25519DiffieHellmanOpenSsl implementation because we got the key handle from somewhere else, so we don't know if the private key is exportable or not. Instead we just have to let the provider tell us if the key agreement worked or not. We can still use this check for the PKCS#8 and private key exports.

vcsjones added 4 commits June 12, 2026 12:03
The "Does this EVP_PKEY contain an exportable private key" check for X25519 was slightly wrong for OpenSSL 1.1.1.
…enSsl during the secret agreement.

_hasPrivate tells us if the key contains an exportable private key. For the implementation methods, this is generally analogous to has "any" private key since they will go in to the default provider. However with X25519DiffieHellmanOpenSsl, we don't know if the private key is exportable because it might be in a provider that does not permit exporting the private key at all. All we can do in that case is let the provider tell us if the secret agreement worked or not.
@vcsjones vcsjones requested a review from bartonjs June 12, 2026 16:39
@vcsjones vcsjones self-assigned this Jun 12, 2026
Copilot AI review requested due to automatic review settings June 12, 2026 16:39
@dotnet-policy-service

Copy link
Copy Markdown
Contributor

Tagging subscribers to this area: @bartonjs, @vcsjones, @dotnet/area-system-security
See info in area-owners.md if you want to be subscribed.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR tightens X25519 key handling on the OpenSSL-backed implementation by making the “has private key” detection robust across OpenSSL versions (notably 1.1.1) and by letting OpenSSL be the source of truth for whether secret agreement is possible when the key originates from an external handle.

Changes:

  • Fix OpenSSL X25519 “has private” detection by always requesting the raw private key into a correctly-sized buffer (and cleansing it afterward), avoiding OpenSSL 1.1.1’s misleading NULL-buffer success behavior.
  • Update X25519DiffieHellmanOpenSsl to stop pre-guarding secret derivation on “exportable private” and only enforce that check for private-key export operations.
  • Relax public-key-only derive tests to accept any CryptographicException subtype (to accommodate OpenSSL-specific exception types).
Show a summary per file
File Description
src/native/libs/System.Security.Cryptography.Native/pal_evp_pkey_x25519.c Makes private-key presence detection robust on OpenSSL 1.1.1 by probing with a real buffer and cleansing it.
src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X25519DiffieHellmanOpenSsl.OpenSsl.cs Removes the derive-time exportability guard; keeps the check for export APIs via _hasExportablePrivate.
src/libraries/System.Security.Cryptography/tests/X25519DiffieHellmanBaseTests.cs Updates expectations for public-key-only derive to allow OpenSSL-specific CryptographicException subclasses.

Copilot's findings

  • Files reviewed: 3/3 changed files
  • Comments generated: 0

@vcsjones vcsjones enabled auto-merge (squash) June 12, 2026 18:18
@vcsjones vcsjones disabled auto-merge June 12, 2026 18:18
@vcsjones vcsjones enabled auto-merge (squash) June 12, 2026 18:19
@vcsjones vcsjones merged commit f82dc23 into dotnet:main Jun 12, 2026
124 of 126 checks passed
@dotnet-milestone-bot dotnet-milestone-bot Bot added this to the 11.0-preview6 milestone Jun 17, 2026
@vcsjones vcsjones deleted the fix-x25519-exceptions-ossl111 branch June 18, 2026 00:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants