System.EntryPointNotFoundException when calling KeyDerivation.Pbkdf2 on Windows Server Standard FE

Question

System.EntryPointNotFoundException when calling KeyDerivation.Pbkdf2 on Windows Server Standard FE

Closed this issue 8 years ago · 4 comments

I use Microsoft.AspNetCore.Cryptography.KeyDerivation.KeyDerivation.Pbkdf2 as part of an ASP.Net 4.5.2 web application. When that application is served using Windows Server Standard FE, then I get the following exception:

System.EntryPointNotFoundException: Unable to find an entry point named BCryptDeriveKeyPBKDF2 in DLL bcrypt.dll.

The server does have a bcrypt.dll, but an old one. From https://msdn.microsoft.com/en-us/library/windows/desktop/dd433795(v=vs.85).aspx I can see that the BCryptDeriveKeyPBKDF2 function is only supported since Windows Server 2008 R2.

I would expect ManagedPbkdf2Provider to be used instead of Win7Pbkdf2Provider on a Windows Server older than 2008 R2. OSVersionUtil.GetOSVersion() only checks for the existence of BCryptKeyDerivation to return Win8OrLater, but returns Win7OrLater as soon as a bcrypt.dll was found. As a result Win7Pbkdf2Provider is used regardless of whether bcrypt.dll has the BCryptDeriveKeyPBKDF2 function.

This could be fixed by adding another OSVersion enum value for the general OSVersionUtil.IsWindows case and leave Win7OrLater for when BCryptDeriveKeyPBKDF2 exists. Then Pbkdf2Util.GetPbkdf2Provider could use a new OSVersionUtil.IsWindows7OrLater check to decide if it should use the Win7Pbkdf2Provider.

Answer 1 · 2016-07-19T20:19:26.000Z

I don't think we support anything older than Windows Server 2008 R2

Answer 2 · 2016-07-22T17:23:37.000Z

@Th3BlackShadow What's your OS version?

Answer 3 · 2016-07-23T15:48:53.000Z

@muratg Sadly I only wrote down that it was a Windows Server Standard FE. That is what it said in the system configuration window. Since it is pre Windows Server 2008 R2 I assume the version number would be 6.0. Since it was concerning a customer server I cannot log back in to verify.

In the mean time I have downloaded the source and compiled a new version for that customer. It uses ManagedPbkdf2Provider when BCryptDeriveKeyPBKDF2 does not exist and that worked for them.

I would understand it if you do not want to add extra code to support a Windows version that is older than what the project requires.

Answer 4 · 2016-07-25T17:12:44.000Z

@Th3BlackShadow Thanks. Unfortunately pre Windows Server 2008 R2 is not supported by the platform.