Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unnecessary cryptographic derived types obsoletions #52303

Merged
31 commits merged into from
May 11, 2021
Merged

Unnecessary cryptographic derived types obsoletions #52303

31 commits merged into from
May 11, 2021

Conversation

annchous
Copy link
Contributor

@annchous annchous commented May 5, 2021

Close #46934

I have questions that I need your help to resolve:

  • Building libraries fails with the following errors:
...\src\libraries\System.Security.Cryptography.Algorithms\src\System\Security\Cryptography\CryptoConfig.cs(123,46): error SYSLIB0021: "AesManaged" is obsolete: 'Derived cryptographic types are obsolete.' [...\src\libraries\System.Security.Cryptography.Algorithms\src\System.Security.Cryptography.Algorithms.csproj]
...\src\libraries\System.Security.Cryptography.Algorithms\src\System\Security\Cryptography\CryptoConfig.cs(124,49): error SYSLIB0021: "SHA256Managed" is obsolete: 'Derived cryptographic types are obsolete.' [...\src\libraries\System.Security.Cryptography.Algorithms\src\System.Security.Cryptography.Algorithms.csproj]
...\src\libraries\System.Security.Cryptography.Algorithms\src\System\Security\Cryptography\CryptoConfig.cs(125,49): error SYSLIB0021: "SHA384Managed" is obsolete: 'Derived cryptographic types are obsolete.' [...\src\libraries\System.Security.Cryptography.Algorithms\src\System.Security.Cryptography.Algorithms.csproj]
...\src\libraries\System.Security.Cryptography.Algorithms\src\System\Security\Cryptography\CryptoConfig.cs(126,49): error SYSLIB0021: "SHA512Managed" is obsolete: 'Derived cryptographic types are obsolete.' [...\src\libraries\System.Security.Cryptography.Algorithms\src\System.Security.Cryptography.Algorithms.csproj]
...\src\libraries\System.Security.Cryptography.Csp\src\System\Security\Cryptography\PasswordDeriveBytes.cs(45,98): error SYSLIB0021: "SHA1CryptoServiceProvider" is obsolete: 'Derived cryptographic types are obsolete.' [...\src\libraries\System.Security.Cryptography.Csp\src\System.Security.Cryptography.Csp.csproj]
...\src\libraries\System.Security.Cryptography.Csp\src\System\Security\Cryptography\PasswordDeriveBytes.cs(50,98): error SYSLIB0021: "SHA1CryptoServiceProvider" is obsolete: 'Derived cryptographic types are obsolete.' [...\src\libraries\System.Security.Cryptography.Csp\src\System.Security.Cryptography.Csp.csproj]

So, what should I do with obsolete classes here

[DynamicDependency(DynamicallyAccessedMemberTypes.PublicParameterlessConstructor, typeof(SHA1CryptoServiceProvider))]

[DynamicDependency(DynamicallyAccessedMemberTypes.PublicParameterlessConstructor, typeof(SHA1CryptoServiceProvider))]

and here?

  • Tests fail. I suppose it can be fixed by marking with
#pragma warning disable SYSLIB0021
#pragma warning restore SYSLIB0021

content in test files for classes now marked as obsolete.
But for System.Security.Cryptography.Csp there is a CreateTransformCompat class which also uses the classes now marked as obsolete.
The same problem exists in System.Security.Cryptography.Algorithms for individual tests and for CryptoConfigTests.

@dotnet-issue-labeler
Copy link

Note regarding the new-api-needs-documentation label:

This serves as a reminder for when your PR is modifying a ref *.cs file and adding/modifying public APIs, to please make sure the API implementation in the src *.cs file is documented with triple slash comments, so the PR reviewers can sign off that change.

@ghost
Copy link

ghost commented May 5, 2021

Tagging subscribers to this area: @bartonjs, @vcsjones, @krwq, @GrabYourPitchforks
See info in area-owners.md if you want to be subscribed.

Issue Details

Close #46934

I have questions that I need your help to resolve:

  • Building libraries fails with the following errors:
...\src\libraries\System.Security.Cryptography.Algorithms\src\System\Security\Cryptography\CryptoConfig.cs(123,46): error SYSLIB0021: "AesManaged" is obsolete: 'Derived cryptographic types are obsolete.' [...\src\libraries\System.Security.Cryptography.Algorithms\src\System.Security.Cryptography.Algorithms.csproj]
...\src\libraries\System.Security.Cryptography.Algorithms\src\System\Security\Cryptography\CryptoConfig.cs(124,49): error SYSLIB0021: "SHA256Managed" is obsolete: 'Derived cryptographic types are obsolete.' [...\src\libraries\System.Security.Cryptography.Algorithms\src\System.Security.Cryptography.Algorithms.csproj]
...\src\libraries\System.Security.Cryptography.Algorithms\src\System\Security\Cryptography\CryptoConfig.cs(125,49): error SYSLIB0021: "SHA384Managed" is obsolete: 'Derived cryptographic types are obsolete.' [...\src\libraries\System.Security.Cryptography.Algorithms\src\System.Security.Cryptography.Algorithms.csproj]
...\src\libraries\System.Security.Cryptography.Algorithms\src\System\Security\Cryptography\CryptoConfig.cs(126,49): error SYSLIB0021: "SHA512Managed" is obsolete: 'Derived cryptographic types are obsolete.' [...\src\libraries\System.Security.Cryptography.Algorithms\src\System.Security.Cryptography.Algorithms.csproj]
...\src\libraries\System.Security.Cryptography.Csp\src\System\Security\Cryptography\PasswordDeriveBytes.cs(45,98): error SYSLIB0021: "SHA1CryptoServiceProvider" is obsolete: 'Derived cryptographic types are obsolete.' [...\src\libraries\System.Security.Cryptography.Csp\src\System.Security.Cryptography.Csp.csproj]
...\src\libraries\System.Security.Cryptography.Csp\src\System\Security\Cryptography\PasswordDeriveBytes.cs(50,98): error SYSLIB0021: "SHA1CryptoServiceProvider" is obsolete: 'Derived cryptographic types are obsolete.' [...\src\libraries\System.Security.Cryptography.Csp\src\System.Security.Cryptography.Csp.csproj]

So, what should I do with obsolete classes here

[DynamicDependency(DynamicallyAccessedMemberTypes.PublicParameterlessConstructor, typeof(SHA1CryptoServiceProvider))]

[DynamicDependency(DynamicallyAccessedMemberTypes.PublicParameterlessConstructor, typeof(SHA1CryptoServiceProvider))]

and here?

  • Tests fail. I suppose it can be fixed by marking with
#pragma warning disable SYSLIB0021
#pragma warning restore SYSLIB0021

content in test files for classes now marked as obsolete.
But for System.Security.Cryptography.Csp there is a CreateTransformCompat class which also uses the classes now marked as obsolete.
The same problem exists in System.Security.Cryptography.Algorithms for individual tests and for CryptoConfigTests.

Author: annchous
Assignees: -
Labels:

area-System.Security, new-api-needs-documentation

Milestone: -

@bartonjs
Copy link
Member

bartonjs commented May 5, 2021

For PasswordDeriveBytes and CryptoConfig, just pragma suppress around their usages.

For the System.Security.Cryptography.Algorithms.Tests and System.Security.Cryptography.Csp.Tests libraries, NoWarn in the csproj.

@annchous
Copy link
Contributor Author

annchous commented May 5, 2021

For PasswordDeriveBytes and CryptoConfig, just pragma suppress around their usages.

For the System.Security.Cryptography.Algorithms.Tests and System.Security.Cryptography.Csp.Tests libraries, NoWarn in the csproj.

@bartonjs thanks for the instructions, it helped. I also added documentation for the new obsoletion :)

@@ -1,6 +1,7 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<TargetFrameworks>$(NetCoreAppCurrent)</TargetFrameworks>
<NoWarn>$(NoWarn);SYSLIB0021</NoWarn>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can't think of a reason why System.Runtime.Serialization.Xml.Tests would need the NoWarn.

If it's explicitly testing serialization for one of the obsoleted types, a pragma around that/those test(s) is more appropriate. Otherwise, it would probably be a place that's doing the old/wrong pattern that should be updated to better code.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The problem was here.
According to the errors the problematic lines are

static MD5CryptoServiceProvider md5 = null; // <--- line 211

and

if (md5 == null)
  md5 = new MD5CryptoServiceProvider(); // <--- line 270

The method using this type:

private static string GetNamespacesDigest(string namespaces)

What then needs to be done?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well, this code is just an example of the bad pattern. So we should fix it 😄

  • Change the field type from MD5CryptoServiceProvider to MD5
  • Change the ctor call to MD5.Create()

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see, thanks for the instructions 🙂 Just fixed!

Copy link
Member

@jeffhandley jeffhandley left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for working on this @annchous! 💯

@@ -70,6 +70,7 @@ The PR that reveals the implementation of the `<IncludeInternalObsoleteAttribute
| __`SYSLIB0018`__ | ReflectionOnly loading is not supported and throws PlatformNotSupportedException. |
| __`SYSLIB0019`__ | RuntimeEnvironment members SystemConfigurationFile, GetRuntimeInterfaceAsIntPtr, and GetRuntimeInterfaceAsObject are no longer supported and throw PlatformNotSupportedException. |
| __`SYSLIB0020`__ | JsonSerializerOptions.IgnoreNullValues is obsolete. To ignore null values when serializing, set DefaultIgnoreCondition to JsonIgnoreCondition.WhenWritingNull. |
| __`SYSLIB0021`__ | Derived cryptographic types are obsolete. |
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When possible, the message should also indicate what should be done to resolve the warning. Is the following accurate, @bartonjs?

Suggested change
| __`SYSLIB0021`__ | Derived cryptographic types are obsolete. |
| __`SYSLIB0021`__ | Derived cryptographic types are obsolete. Use the Create method on the underlying type instead. |

When this is changed, it will need to be updated in Obsoletions.cs and the ref sources too.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's technically correct. I don't know if "underlying type" is the best wording, but I can't come up with an obviously better one.

  • "algorithm's abstract class"
  • "abstract class representing the algorithm"
  • "base type"

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@gewarren do you have a suggestion for a message better than this?

Derived cryptographic types are obsolete. Use the Create method on the underlying type instead.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd suggest "...Use the Create method on the base type instead."

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd suggest "...Use the Create method on the base type instead."

@jeffhandley apply this?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes please. Thanks!

Side note -- I'm sorry about the trouble with the project file; I hope you didn't mind that I pushed commits to fix it. Since that was an existing issue unrelated to your changes, I didn't want to burden you with fixing that up. I'm glad this PR uncovered it though!

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Side note -- I'm sorry about the trouble with the project file; I hope you didn't mind that I pushed commits to fix it. Since that was an existing issue unrelated to your changes, I didn't want to burden you with fixing that up. I'm glad this PR uncovered it though!

It's okay, of course I was not against helping with the resolution of problems in the project file! Finished with the documentation :)

src/libraries/Directory.Build.targets Outdated Show resolved Hide resolved
@jeffhandley jeffhandley added the breaking-change Issue or PR that represents a breaking API or functional change over a prerelease. label May 6, 2021
@jeffhandley
Copy link
Member

My PR (#52366) caused merge conflicts. I'll resolve them and push to your branch.

Copy link
Member

@jeffhandley jeffhandley left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, pending @gewarren's feedback on the message.

@jeffhandley
Copy link
Member

Commit f8067e9 is causing an error because of Obsoletions not being defined for the browser build. This seems to have been a result of the csproj file having a bunch of duplication between <ItemGroup Condition="'$(TargetsBrowser)' != 'true'"> and <ItemGroup Condition=" '$(TargetsBrowser)' == 'true'">, which was an existing problem.

I'm going to push another commit that de-dupes the contents from those item groups to make this file more maintainable.

@jeffhandley
Copy link
Member

I need to mark this as no-merge for a little bit. We want to get out ahead of some upstream breaks this is going to cause in https://github.com/dotnet/aspnetcore. I'll merge this PR once we have aspnetcore fixed to use the new recommendations.

@jeffhandley jeffhandley added the NO-MERGE The PR is not ready for merge yet (see discussion for detailed reasons) label May 7, 2021
@jeffhandley
Copy link
Member

dotnet/aspnetcore#32511 was merged, clearing the way for this PR to get merged. Thank you for this contribution, @annchous! I'm going to set the PR to auto-merge once the CI passes with the latest changes from main merged in.

@jeffhandley jeffhandley added auto-merge and removed NO-MERGE The PR is not ready for merge yet (see discussion for detailed reasons) labels May 10, 2021
@ghost
Copy link

ghost commented May 10, 2021

Hello @jeffhandley!

Because this pull request has the auto-merge label, I will be glad to assist with helping to merge this pull request once all check-in policies pass.

p.s. you can customize the way I help with merging this pull request, such as holding this pull request until a specific person approves. Simply @mention me (@msftbot) and give me an instruction to get started! Learn more here.

@jeffhandley
Copy link
Member

It looks like my merge from main (done using the GitHub UI) brought back duplicate Obsoletions.cs inclusions. I'll fix it up shortly.

@jeffhandley
Copy link
Member

One of the "Libraries Test Run release mono Linux x64 Debug" test failures was #44689. Rerunning since others looked to be connectivity-related.

@ghost ghost merged commit ebcd102 into dotnet:main May 11, 2021
@karelz karelz added this to the 6.0.0 milestone May 20, 2021
@ghost ghost locked as resolved and limited conversation to collaborators Jun 19, 2021
This pull request was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
area-System.Security breaking-change Issue or PR that represents a breaking API or functional change over a prerelease.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Obsolete unnecessary cryptographic derived types
5 participants