Add an IntPtr constructor to RSAOpenSsl.

OpenSSL doesn't have the same notion of key addressing as Windows (via structures such as CspParameters), so the ability to use a hardware key is currently non-existent. With this change it improves to "if you do the P/Invokes to get the correct RSA*, pass us the pointer and the rest of the managed cryptography stack can use it".

This also empowers X509Certificates Unix implementation to use the existing key handle to instantiate the RSAOpenSsl object, rather than having to run through ExportParameters/ImportParameters.

Author: bartonjs

src/Common/src/Interop/Unix/libcrypto/Interop.Rsa.cs

@@ -21,6 +21,10 @@ internal static partial class libcrypto
         [DllImport(Libraries.LibCrypto)]
         internal static unsafe extern SafeRsaHandle d2i_RSAPublicKey(IntPtr zero, byte** ppin, int len);
 
+        [DllImport(Libraries.LibCrypto)]
+        [return: MarshalAs(UnmanagedType.Bool)]
+        internal static extern bool RSA_up_ref(IntPtr rsa);
+
         [DllImport(Libraries.LibCrypto)]
         internal static extern void RSA_free(IntPtr rsa);
 

src/Common/src/Microsoft/Win32/SafeHandles/SafeRsaHandle.Unix.cs

@@ -2,6 +2,7 @@
 // Licensed under the MIT license. See LICENSE file in the project root for full license information.
 
 using System;
+using System.Diagnostics;
 using System.Security;
 using System.Runtime.InteropServices;
 
@@ -26,5 +27,22 @@ public override bool IsInvalid
         {
             get { return handle == IntPtr.Zero; }
         }
+
+        internal static SafeRsaHandle DuplicateHandle(IntPtr handle)
+        {
+            Debug.Assert(handle != IntPtr.Zero);
+
+            // Reliability: Allocate the SafeHandle before calling RSA_up_ref so
+            // that we don't lose a tracked reference in low-memory situations.
+            SafeRsaHandle safeHandle = new SafeRsaHandle();
+
+            if (!Interop.libcrypto.RSA_up_ref(handle))
+            {
+                throw Interop.libcrypto.CreateOpenSslCryptographicException();
+            }
+
+            safeHandle.SetHandle(handle);
+            return safeHandle;
+        }
     }
 }

src/System.Security.Cryptography.OpenSsl/src/System/Security/Cryptography/RSAOpenSsl.cs

@@ -12,6 +12,8 @@ namespace System.Security.Cryptography
 {
     public sealed class RSAOpenSsl : RSA
     {
+        private const int BitsPerByte = 8;
+
         // 65537 (0x10001) in big-endian form
         private static readonly byte[] s_defaultExponent = { 0x01, 0x00, 0x01 };
 
@@ -45,6 +47,31 @@ public RSAOpenSsl(RSAParameters parameters)
             ImportParameters(parameters);
         }
 
+        /// <summary>
+        /// Create an RSAOpenSsl from an existing <see cref="IntPtr"/> whose value is an
+        /// existing OpenSSL <c>RSA*</c>.
+        /// </summary>
+        /// <remarks>
+        /// This method will increase the reference count of the <c>RSA*</c>, the caller should
+        /// continue to manage the lifetime of their reference.
+        /// </remarks>
+        /// <param name="handle">A pointer to an OpenSSL <c>RSA*</c></param>
+        /// <exception cref="ArgumentException"><paramref name="handle" /> is invalid</exception>
+        public RSAOpenSsl(IntPtr handle)
+        {
+            if (handle == IntPtr.Zero)
+                throw new ArgumentException(SR.Cryptography_OpenInvalidHandle, "handle");
+
+            _legalKeySizesValue = new[] { s_legalKeySizes };
+
+            SafeRsaHandle rsaHandle = SafeRsaHandle.DuplicateHandle(handle);
+
+            // Set base.KeySize to avoid throwing an extra Lazy at the GC when
+            // using something other than the default keysize.
+            base.KeySize = BitsPerByte * Interop.libcrypto.RSA_size(rsaHandle);
+            _key = new Lazy<SafeRsaHandle>(() => rsaHandle);
+        }
+
         public override int KeySize
         {
             set
@@ -224,7 +251,7 @@ public override unsafe void ImportParameters(RSAParameters parameters)
 
             // Set base.KeySize directly, since we don't want to free the key
             // (which we would do if the keysize changed on import)
-            base.KeySize = 8 * Interop.libcrypto.RSA_size(key);
+            base.KeySize = BitsPerByte * Interop.libcrypto.RSA_size(key);
         }
 
         protected override void Dispose(bool disposing)