-
Notifications
You must be signed in to change notification settings - Fork 5.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
.NET 10 Preview 1 breaking changes batch #44625
base: main
Are you sure you want to change the base?
Conversation
docs/core/compatibility/cryptography/10.0/rfc2898derivebytes-constructors.md
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not finished, but some comments for now.
--- | ||
# SYSLIB0060: Rfc2898DeriveBytes constructors are obsolete | ||
|
||
Starting in .NET 10, all of the constructors on <xref:System.Security.Cryptography.Rfc2898DeriveBytes?displayProperty=nameWithType> are obsolete. Referencing this event in code generates warning `SYSLIB0060` at compile time. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Starting in .NET 10, all of the constructors on <xref:System.Security.Cryptography.Rfc2898DeriveBytes?displayProperty=nameWithType> are obsolete. Referencing this event in code generates warning `SYSLIB0060` at compile time. | |
Starting in .NET 10, all of the constructors on <xref:System.Security.Cryptography.Rfc2898DeriveBytes?displayProperty=nameWithType> are obsolete. Calling these constructors in code generates warning `SYSLIB0060` at compile time. |
|
||
## Reason for obsoletion | ||
|
||
The instance-based implementation of PBKDF2, which <xref:System.Security.Cryptography.Rfc2898DeriveBytes?displayProperty=nameWithType> provides, offers a non-standard usage by "streaming" bytes back by allowing successive calls to `GetBytes`. This is not the intended use of PBKDF2, the algorithm should be used as a one-shot. The one-shot functionality exists as the static method <xref:System.Security.Cryptography.Rfc2898DeriveBytes.Pbkdf2*?displayProperty=nameWithType> and should be used instead of instantiating <xref:System.Security.Cryptography.Rfc2898DeriveBytes?displayProperty=nameWithType>. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The instance-based implementation of PBKDF2, which <xref:System.Security.Cryptography.Rfc2898DeriveBytes?displayProperty=nameWithType> provides, offers a non-standard usage by "streaming" bytes back by allowing successive calls to `GetBytes`. This is not the intended use of PBKDF2, the algorithm should be used as a one-shot. The one-shot functionality exists as the static method <xref:System.Security.Cryptography.Rfc2898DeriveBytes.Pbkdf2*?displayProperty=nameWithType> and should be used instead of instantiating <xref:System.Security.Cryptography.Rfc2898DeriveBytes?displayProperty=nameWithType>. | |
The instance-based implementation of PBKDF2, which <xref:System.Security.Cryptography.Rfc2898DeriveBytes?displayProperty=nameWithType> provides, offers a non-standard usage by "streaming" bytes back by allowing successive calls to `GetBytes`. This is not the intended use of PBKDF2; the algorithm should be used as a one-shot. The one-shot functionality exists as the static method <xref:System.Security.Cryptography.Rfc2898DeriveBytes.Pbkdf2*?displayProperty=nameWithType> and should be used instead of instantiating <xref:System.Security.Cryptography.Rfc2898DeriveBytes?displayProperty=nameWithType>. |
--- | ||
# X500DistinguishedName validation is stricter | ||
|
||
Starting in .NET 10, the <xref:System.Security.Cryptography.X509Certificates.X500DistinguishedName.%23ctor*> constructor that accepts a string-encoded distinguished name may reject previously accepted invalid input or encode it differently on non-Windows systems. This aligns with encoding specifications and Windows behavior. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Starting in .NET 10, the <xref:System.Security.Cryptography.X509Certificates.X500DistinguishedName.%23ctor*> constructor that accepts a string-encoded distinguished name may reject previously accepted invalid input or encode it differently on non-Windows systems. This aligns with encoding specifications and Windows behavior. | |
Starting in .NET 10, the <xref:System.Security.Cryptography.X509Certificates.X500DistinguishedName.%23ctor*> constructor that accepts a string-encoded distinguished name might reject previously accepted invalid input or encode it differently on non-Windows systems. This aligns with encoding specifications and Windows behavior. |
|
||
## Previous behavior | ||
|
||
Previous versions of .NET on non-Windows systems would permit incorrect distinguished names or encode them in a way not permitted by X.520 encoding rules. The <xref:System.Security.Cryptography.X509Certificates.X500DistinguishedNameFlags.ForceUTF8Encoding?displayProperty=nameWithType> flag would force components to use a UTF8String even if it was not a valid representation. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Previous versions of .NET on non-Windows systems would permit incorrect distinguished names or encode them in a way not permitted by X.520 encoding rules. The <xref:System.Security.Cryptography.X509Certificates.X500DistinguishedNameFlags.ForceUTF8Encoding?displayProperty=nameWithType> flag would force components to use a UTF8String even if it was not a valid representation. | |
Previous versions of .NET on non-Windows systems permitted incorrect distinguished names or encoded them in a way not permitted by X.520 encoding rules. The <xref:System.Security.Cryptography.X509Certificates.X500DistinguishedNameFlags.ForceUTF8Encoding?displayProperty=nameWithType> flag forced components to use a UTF8String even if it wasn't a valid representation. |
|
||
## New behavior | ||
|
||
Starting in .NET 10, components violating encoding rules will throw a `CryptographicException` on non-Windows systems, matching Windows behavior. The <xref:System.Security.Cryptography.X509Certificates.X500DistinguishedNameFlags.ForceUTF8Encoding?displayProperty=nameWithType> flag will only UTF-8 encode components when permissible. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Starting in .NET 10, components violating encoding rules will throw a `CryptographicException` on non-Windows systems, matching Windows behavior. The <xref:System.Security.Cryptography.X509Certificates.X500DistinguishedNameFlags.ForceUTF8Encoding?displayProperty=nameWithType> flag will only UTF-8 encode components when permissible. | |
Starting in .NET 10, components that violate encoding rules throw a `CryptographicException` on non-Windows systems, matching Windows behavior. The <xref:System.Security.Cryptography.X509Certificates.X500DistinguishedNameFlags.ForceUTF8Encoding?displayProperty=nameWithType> flag only UTF-8 encodes components when permissible. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've always included an Affected APIs section, and just put N/A if there are none. There's a tool that reads these files and it might expect that section.
@@ -0,0 +1,57 @@ | |||
--- | |||
title: "Breaking change: Renamed parameter in HtmlElement.InsertAdjacentElement" | |||
description: Learn about the .NET 10 Preview 1 breaking change in core .NET libraries where the parameter `orient` was renamed to `orientation`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
description: Learn about the .NET 10 Preview 1 breaking change in core .NET libraries where the parameter `orient` was renamed to `orientation`. | |
description: Learn about the .NET 10 Preview 1 breaking change in Windows Forms where the parameter `orient` was renamed to `orientation`. |
@@ -0,0 +1,32 @@ | |||
--- | |||
title: "Breaking change: Environment variable renamed to DOTNET_ICU_VERSION_OVERRIDE" | |||
description: Learn about the .NET 10 breaking change in core .NET libraries where the environment variable CLR_ICU_VERSION_OVERRIDE was renamed to DOTNET_ICU_VERSION_OVERRIDE. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
description: Learn about the .NET 10 breaking change in core .NET libraries where the environment variable CLR_ICU_VERSION_OVERRIDE was renamed to DOTNET_ICU_VERSION_OVERRIDE. | |
description: Learn about the .NET 10 breaking change in globalization where the environment variable CLR_ICU_VERSION_OVERRIDE was renamed to DOTNET_ICU_VERSION_OVERRIDE. |
@@ -0,0 +1,58 @@ | |||
--- | |||
title: "Breaking change: X500DistinguishedName validation is stricter" | |||
description: Learn about the .NET 10 breaking change in core .NET libraries where X500DistinguishedName validation is stricter. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
description: Learn about the .NET 10 breaking change in core .NET libraries where X500DistinguishedName validation is stricter. | |
description: Learn about the .NET 10 breaking change in cryptography where X500DistinguishedName validation is stricter. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You need to list the affected APIs for each in the Affected APIs section.
Collection of breaking changes for .NET 10 Preview 1.
Fixes #44403
Fixes #44500
Fixes #44282
Fixes #43952
Fixes #43885
Fixes #43828
Fixes #43303
Fixes #43284
Fixes #43156
Fixes #42558
Fixes #42027
Internal previews
Toggle expand/collapse