Merge pull request #104395 from dotnet/merge/release/8.0-to-release/8…

….0-staging

[automated] Merge branch 'release/8.0' => 'release/8.0-staging'

.github/workflows/inter-branch-merge-flow.yml

@@ -0,0 +1,13 @@
+name: Inter-branch merge workflow
+on:
+  push:
+    branches:
+      - release/**
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  Merge:
+    uses: dotnet/arcade/.github/workflows/inter-branch-merge-base.yml@main

eng/Versions.props

@@ -136,6 +136,8 @@
     <SystemSecurityCryptographyOpenSslVersion>5.0.0</SystemSecurityCryptographyOpenSslVersion>
     <SystemSecurityPrincipalWindowsVersion>5.0.0</SystemSecurityPrincipalWindowsVersion>
     <SystemSecurityPermissionsVersion>7.0.0</SystemSecurityPermissionsVersion>
+    <!-- The JSON version that's present in minimum MSBuild / VS version that this release is supported on -->
+    <SystemTextJsonToolsetVersion>7.0.3</SystemTextJsonToolsetVersion>
     <SystemTextJsonVersion>8.0.0-rc.1.23406.6</SystemTextJsonVersion>
     <SystemRuntimeCompilerServicesUnsafeVersion>6.0.0</SystemRuntimeCompilerServicesUnsafeVersion>
     <SystemThreadingAccessControlVersion>7.0.0</SystemThreadingAccessControlVersion>

src/coreclr/debug/createdump/createdump.h

@@ -151,6 +151,9 @@ extern MINIDUMP_TYPE GetMiniDumpType(DumpType dumpType);
 
 #ifdef HOST_WINDOWS
 extern std::string GetLastErrorString();
+extern DWORD GetTempPathWrapper(IN DWORD nBufferLength, OUT LPSTR lpBuffer);
+#else
+#define GetTempPathWrapper GetTempPathA
 #endif
 extern void printf_status(const char* format, ...);
 extern void printf_error(const char* format, ...);

src/coreclr/debug/createdump/createdumpmain.cpp

@@ -205,7 +205,7 @@ int createdump_main(const int argc, const char* argv[])
     ArrayHolder<char> tmpPath = new char[MAX_LONGPATH];
     if (options.DumpPathTemplate == nullptr)
     {
-        if (::GetTempPathA(MAX_LONGPATH, tmpPath) == 0)
+        if (GetTempPathWrapper(MAX_LONGPATH, tmpPath) == 0)
         {
             printf_error("GetTempPath failed\n");
             return -1;

src/coreclr/debug/createdump/createdumpwindows.cpp

@@ -135,3 +135,38 @@ GetLastErrorString()
     return result;
 }
 
+
+typedef DWORD(WINAPI *pfnGetTempPathA)(DWORD nBufferLength, LPSTR  lpBuffer);
+
+static volatile pfnGetTempPathA
+g_pfnGetTempPathA = nullptr;
+
+
+DWORD
+GetTempPathWrapper(
+    IN DWORD nBufferLength,
+    OUT LPSTR lpBuffer)
+{
+    if (g_pfnGetTempPathA == nullptr)
+    {
+        HMODULE hKernel32 = LoadLibraryExW(L"kernel32.dll", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32);
+
+        pfnGetTempPathA pLocalGetTempPathA = NULL;
+        if (hKernel32 != NULL)
+        {
+            // store to thread local variable to prevent data race
+            pLocalGetTempPathA = (pfnGetTempPathA)::GetProcAddress(hKernel32, "GetTempPath2A");
+        }
+
+        if (pLocalGetTempPathA == NULL) // method is only available with Windows 10 Creators Update or later
+        {
+            g_pfnGetTempPathA = &GetTempPathA;
+        }
+        else
+        {
+            g_pfnGetTempPathA = pLocalGetTempPathA;
+        }
+    }
+
+    return g_pfnGetTempPathA(nBufferLength, lpBuffer);
+}

src/coreclr/inc/longfilepathwrappers.h

@@ -59,10 +59,6 @@ SearchPathWrapper(
     _Out_opt_ LPWSTR * lpFilePart
     );
 
-DWORD WINAPI GetTempPathWrapper(
-    SString& lpBuffer
-    );
-
 DWORD
 GetModuleFileNameWrapper(
     _In_opt_ HMODULE hModule,

src/coreclr/inc/winwrap.h

@@ -204,9 +204,6 @@
 //Can not use extended syntax
 #define WszGetFullPathName     GetFullPathNameW
 
-//Long Files will not work on these till redstone
-#define WszGetTempPath         GetTempPathWrapper
-
 //APIS which have a buffer as an out parameter
 #define WszGetEnvironmentVariable GetEnvironmentVariableWrapper
 #define WszSearchPath          SearchPathWrapper

src/coreclr/utilcode/longfilepathwrappers.cpp

@@ -184,47 +184,6 @@ GetModuleFileNameWrapper(
     return ret;
 }
 
-DWORD WINAPI GetTempPathWrapper(
-    SString& lpBuffer
-    )
-{
-    CONTRACTL
-    {
-        NOTHROW;
-    }
-    CONTRACTL_END;
-
-    HRESULT hr = S_OK;
-    DWORD ret = 0;
-    DWORD lastError = 0;
-
-    EX_TRY
-    {
-        //Change the behaviour in Redstone to retry
-        COUNT_T size = MAX_LONGPATH;
-
-        ret = GetTempPathW(
-            size,
-            lpBuffer.OpenUnicodeBuffer(size - 1)
-            );
-
-        lastError = GetLastError();
-        lpBuffer.CloseBuffer(ret);
-    }
-    EX_CATCH_HRESULT(hr);
-
-    if (hr != S_OK)
-    {
-        SetLastError(hr);
-    }
-    else if (ret == 0)
-    {
-        SetLastError(lastError);
-    }
-
-    return ret;
-}
-
 DWORD WINAPI GetEnvironmentVariableWrapper(
     _In_opt_  LPCTSTR lpName,
     _Out_opt_ SString&  lpBuffer

src/installer/managed/Microsoft.NET.HostModel/Microsoft.NET.HostModel.csproj

@@ -22,7 +22,7 @@
   <ItemGroup>
     <!-- we need to keep the version of System.Reflection.Metadata in sync with dotnet/msbuild and dotnet/sdk -->
     <PackageReference Include="System.Reflection.Metadata" Version="6.0.0" />
-    <PackageReference Include="System.Text.Json" Version="$(SystemTextJsonVersion)" />
+    <PackageReference Include="System.Text.Json" Version="$(SystemTextJsonToolsetVersion)" />
   </ItemGroup>
 
   <ItemGroup>

src/libraries/Common/src/System/Security/Cryptography/DSAKeyFormatHelper.cs

@@ -25,16 +25,6 @@ internal static void ReadDsaPrivateKey(
                 throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding);
             }
 
-            DssParms parms = DssParms.Decode(algId.Parameters.Value, AsnEncodingRules.BER);
-
-            ret = new DSAParameters
-            {
-                P = parms.P.ToByteArray(isUnsigned: true, isBigEndian: true),
-                Q = parms.Q.ToByteArray(isUnsigned: true, isBigEndian: true),
-            };
-
-            ret.G = parms.G.ExportKeyParameter(ret.P.Length);
-
             BigInteger x;
 
             try
@@ -57,6 +47,34 @@ internal static void ReadDsaPrivateKey(
                 throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding, e);
             }
 
+            DssParms parms = DssParms.Decode(algId.Parameters.Value, AsnEncodingRules.BER);
+
+            // Sanity checks from FIPS 186-4 4.1/4.2.  Since FIPS 186-5 withdrew DSA/DSS
+            // these will never change again.
+            //
+            // This technically allows a non-standard combination of 1024-bit P and 256-bit Q,
+            // but that will get filtered out by the underlying provider.
+            // These checks just prevent obviously bad data from wasting work on reinterpretation.
+
+            if (parms.P.Sign < 0 ||
+                parms.Q.Sign < 0 ||
+                !IsValidPLength(parms.P.GetBitLength()) ||
+                !IsValidQLength(parms.Q.GetBitLength()) ||
+                parms.G <= 1 ||
+                parms.G >= parms.P ||
+                x <= 1 ||
+                x >= parms.Q)
+            {
+                throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding);
+            }
+
+            ret = new DSAParameters
+            {
+                P = parms.P.ToByteArray(isUnsigned: true, isBigEndian: true),
+                Q = parms.Q.ToByteArray(isUnsigned: true, isBigEndian: true),
+            };
+
+            ret.G = parms.G.ExportKeyParameter(ret.P.Length);
             ret.X = x.ExportKeyParameter(ret.Q.Length);
 
             // The public key is not contained within the format, calculate it.
@@ -69,6 +87,11 @@ internal static void ReadDsaPublicKey(
             in AlgorithmIdentifierAsn algId,
             out DSAParameters ret)
         {
+            if (!algId.Parameters.HasValue)
+            {
+                throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding);
+            }
+
             BigInteger y;
 
             try
@@ -88,13 +111,27 @@ internal static void ReadDsaPublicKey(
                 throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding, e);
             }
 
-            if (!algId.Parameters.HasValue)
+            DssParms parms = DssParms.Decode(algId.Parameters.Value, AsnEncodingRules.BER);
+
+            // Sanity checks from FIPS 186-4 4.1/4.2.  Since FIPS 186-5 withdrew DSA/DSS
+            // these will never change again.
+            //
+            // This technically allows a non-standard combination of 1024-bit P and 256-bit Q,
+            // but that will get filtered out by the underlying provider.
+            // These checks just prevent obviously bad data from wasting work on reinterpretation.
+
+            if (parms.P.Sign < 0 ||
+                parms.Q.Sign < 0 ||
+                !IsValidPLength(parms.P.GetBitLength()) ||
+                !IsValidQLength(parms.Q.GetBitLength()) ||
+                parms.G <= 1 ||
+                parms.G >= parms.P ||
+                y <= 1 ||
+                y >= parms.P)
             {
                 throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding);
             }
 
-            DssParms parms = DssParms.Decode(algId.Parameters.Value, AsnEncodingRules.BER);
-
             ret = new DSAParameters
             {
                 P = parms.P.ToByteArray(isUnsigned: true, isBigEndian: true),
@@ -105,6 +142,25 @@ internal static void ReadDsaPublicKey(
             ret.Y = y.ExportKeyParameter(ret.P.Length);
         }
 
+        private static bool IsValidPLength(long pBitLength)
+        {
+            return pBitLength switch
+            {
+                // FIPS 186-3/186-4
+                1024 or 2048 or 3072 => true,
+                // FIPS 186-1/186-2
+                >= 512 and < 1024 => pBitLength % 64 == 0,
+                _ => false,
+            };
+        }
+
+        private static bool IsValidQLength(long qBitLength)
+        {
+            // FIPS 186-1/186-2 only allows 160
+            // FIPS 186-3/186-4 allow 160/224/256
+            return qBitLength is 160 or 224 or 256;
+        }
+
         internal static void ReadSubjectPublicKeyInfo(
             ReadOnlySpan<byte> source,
             out int bytesRead,