X509Store.Add Fails On Ubuntu 22.04 in FIPS Mode #111560
Description
Description
Calling X509Store.Add(X509Certificate2 certificate) in .NET 8 on Ubuntu 22.04 in FIPS Mode fails with an OpenSslCryptographicException due to 3DES/SHA-1 being unsupported in FIPS mode. It appears the underlying issue is in the OpenSslDirectoryBasedStoreProvider used by X509Store on Linux systems. Instead of delegating certificate storage to an OS-level store/keychain, it appears this implementation is storing the certificate and key on the filesystem in PFX format. This export uses 3DES/SHA-1, which to the best of my knowledge is disallowed in FIPS 140-3, which Ubuntu 22.04 complies with.
Reproduction Steps
async Task ImportWithStreams(Stream certificateStream, Stream keyStream,
CancellationToken cancellationToken = default)
{
// Assume both Stream parameters are for PEM-formatted text.
var certPem = await new StreamReader(certificateStream).ReadToEndAsync(cancellationToken);
var keyPem = await new StreamReader(keyStream).ReadToEndAsync(cancellationToken);
var privateKey = RSA.Create();
privateKey.ImportFromPem(keyPem);
var certificate = new X509Certificate2(Encoding.UTF8.GetBytes(certPem))
.CopyWithPrivateKey(privateKey);
var store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite);
store.Add(certificate); // Fails
}Expected behavior
X509Store.Add should succeed on Ubuntu 22.04 using a FIPS-supported algorithm like AES/SHA-256.
Actual behavior
Stack Trace:
Unhandled exception: Interop+Crypto+OpenSslCryptographicException: error:0308010C:digital envelope routines::unsupported
at Interop.Crypto.CheckValidOpenSslHandle(SafeHandle handle)
at System.Security.Cryptography.TripleDesImplementation.CreateTransform(Byte[] rgbKey, Byte[] rgbIV, Boolean encrypting)
at System.Security.Cryptography.PasswordBasedEncryption.Encrypt(ReadOnlySpan`1 password, ReadOnlySpan`1 passwordBytes, SymmetricAlgorithm cipher, Boolean isPkcs12, AsnWriter source, PbeParameters pbeParameters, ReadOnlySpan`1 salt, Byte[] destination, Span`1 ivDest)
at System.Security.Cryptography.KeyFormatHelper.WriteEncryptedPkcs8(ReadOnlySpan`1 password, ReadOnlySpan`1 passwordBytes, AsnWriter pkcs8Writer, PbeParameters pbeParameters)
at System.Security.Cryptography.RSA.TryExportEncryptedPkcs8PrivateKey(ReadOnlySpan`1 password, PbeParameters pbeParameters, Span`1 destination, Int32& bytesWritten)
at System.Security.Cryptography.AsymmetricAlgorithm.ExportArray[T](ReadOnlySpan`1 password, PbeParameters pbeParameters, TryExportPbe`1 exporter)
at System.Security.Cryptography.X509Certificates.UnixExportProvider.BuildBags(ICertificatePalCore certPal, ReadOnlySpan`1 passwordSpan, AsnWriter tmpWriter, CertBagAsn[] certBags, AttributeAsn[] certAttrs, SafeBagAsn[] keyBags, Int32& certIdx, Int32& keyIdx)
at System.Security.Cryptography.X509Certificates.UnixExportProvider.ExportPfx(SafePasswordHandle password)
at System.Security.Cryptography.X509Certificates.OpenSslX509CertificateReader.Export(X509ContentType contentType, SafePasswordHandle password)
at System.Security.Cryptography.X509Certificates.X509Certificate.Export(X509ContentType contentType, String password)
at System.Security.Cryptography.X509Certificates.OpenSslDirectoryBasedStoreProvider.AddCertToStore(ICertificatePal certPal)
at System.Security.Cryptography.X509Certificates.OpenSslDirectoryBasedStoreProvider.Add(ICertificatePal certPal)
at **REDACTED CALLING CODE**
Regression?
No response
Known Workarounds
No response
Configuration
.NET 8
Ubuntu 22.04 in FIPS mode
Other information
See: OpenSslDirectoryBasedStoreProvider.AddCertToStore(ICertificatePal certPal)
When OpenSslExportProvider.ExportPkcs8 calls ExportEncryptedPkcs8PrivateKey on the selected algorithm, it passes in s_windowsPbe, hard-coded parameters that are disallowed in FIPS 140-3:
https://github.com/dotnet/runtime/blob/6c58f7992cfd628a53d9b90f258ac123cb803644/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/OpenSslExportProvider.cs#L42C1-L42C2
Possibly related issues: