Skip to content

Avoid rooting cryptography through ZipArchive on browser#130688

Open
alinpahontu2912 with Copilot wants to merge 6 commits into
mainfrom
copilot/fix-ziparchive-password-support
Open

Avoid rooting cryptography through ZipArchive on browser#130688
alinpahontu2912 with Copilot wants to merge 6 commits into
mainfrom
copilot/fix-ziparchive-password-support

Conversation

Copilot AI commented Jul 14, 2026

Copy link
Copy Markdown
Contributor

Using ZipArchive on browser-wasm unnecessarily retained System.Security.Cryptography, increasing trimmed application size even though WinZip AES is unsupported there.

Changes

  • Exclude WinZip AES implementation files and the cryptography project reference from browser builds.
  • Provide browser-specific WinZip AES stubs that continue throwing PlatformNotSupportedException.
  • Keep ZipCrypto supported by removing its cryptography dependency:
    • Generate header randomness with Guid.NewGuid().
    • Clear pooled password buffers with Array.Clear.
  • Add coverage ensuring browser ZipCrypto remains functional and the wasm dependency closure excludes System.Security.Cryptography.

Copilot AI and others added 2 commits July 14, 2026 13:30
Co-authored-by: alinpahontu2912 <56953855+alinpahontu2912@users.noreply.github.com>
Co-authored-by: alinpahontu2912 <56953855+alinpahontu2912@users.noreply.github.com>
Copilot AI self-assigned this Jul 14, 2026
Copilot AI review requested due to automatic review settings July 14, 2026 14:01
Copilot AI removed the request for review from Copilot July 14, 2026 14:01
@azure-pipelines

Copy link
Copy Markdown
Azure Pipelines:
Successfully started running 3 pipeline(s).
12 pipeline(s) were filtered out due to trigger conditions.
There may be pipelines that require an authorized user to comment /azp run to run.

@dotnet-policy-service

Copy link
Copy Markdown
Contributor

Tagging subscribers to 'arch-wasm': @lewing, @pavelsavara
See info in area-owners.md if you want to be subscribed.

@pavelsavara
pavelsavara temporarily deployed to copilot-pat-pool July 15, 2026 08:28 — with GitHub Actions Inactive
Co-authored-by: alinpahontu2912 <56953855+alinpahontu2912@users.noreply.github.com>
Copilot AI requested review from Copilot and removed request for Copilot July 15, 2026 08:34
Co-authored-by: alinpahontu2912 <56953855+alinpahontu2912@users.noreply.github.com>
Copilot AI requested review from Copilot and removed request for Copilot July 15, 2026 08:48
Co-authored-by: alinpahontu2912 <56953855+alinpahontu2912@users.noreply.github.com>
Copilot AI requested review from Copilot and removed request for Copilot July 15, 2026 08:53
Copilot AI review requested due to automatic review settings July 15, 2026 12:12
@alinpahontu2912
alinpahontu2912 marked this pull request as ready for review July 15, 2026 12:13
@azure-pipelines

Copy link
Copy Markdown
Azure Pipelines:
Successfully started running 3 pipeline(s).
12 pipeline(s) were filtered out due to trigger conditions.
There may be pipelines that require an authorized user to comment /azp run to run.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adjusts System.IO.Compression to avoid pulling in System.Security.Cryptography when using ZipArchive on browser-wasm, by conditionally excluding WinZip AES implementation (unsupported on browser) and removing the cryptography dependency from the ZipCrypto path. It also adds test coverage to help ensure the browser build output no longer shows cryptography-related native interop artifacts.

Changes:

  • Add browser-only WinZip AES stubs (throwing PlatformNotSupportedException) and conditionally exclude the WinZip AES implementation + cryptography project reference for browser builds.
  • Remove ZipCrypto’s dependency on System.Security.Cryptography (switch header “randomness” and pooled-buffer clearing implementation).
  • Add tests validating browser ZipCrypto decryption and asserting the browser wasm build output doesn’t include cryptography-related pinvoke entries.

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
src/mono/wasm/Wasm.Build.Tests/NativeBuildTests.cs Adds an assertion that the generated pinvoke table doesn’t contain cryptography-related entries for the ZipArchive interop scenario.
src/libraries/System.IO.Compression/tests/ZipArchive/zip_ReadTests.cs Adds a Browser-specific theory to validate ZipCrypto decryption still works on Browser.
src/libraries/System.IO.Compression/src/System/IO/Compression/ZipCryptoStream.cs Removes System.Security.Cryptography usage by changing buffer clearing and header byte generation.
src/libraries/System.IO.Compression/src/System/IO/Compression/ZipArchiveEntry.cs Broadens encryption-stream locals to Stream (supports browser stubbing of WinZip AES type).
src/libraries/System.IO.Compression/src/System/IO/Compression/ZipArchiveEntry.Async.cs Broadens encryption-stream locals to Stream for the same reason in async paths.
src/libraries/System.IO.Compression/src/System/IO/Compression/WinZipAes.PlatformNotSupported.cs Introduces browser-only stubs for WinZip AES APIs that throw PlatformNotSupportedException.
src/libraries/System.IO.Compression/src/System.IO.Compression.csproj Conditions WinZip AES sources + System.Security.Cryptography reference away from browser builds; includes browser stub file.
src/libraries/System.IO.Compression/src/Resources/Strings.resx Minor resource formatting adjustment near the WinZip AES browser PNSE string.

Comment on lines +7 to +12
namespace System.IO.Compression
{
internal readonly struct WinZipAesKeyMaterial;

internal static class WinZipAesStream
{

@rzikm rzikm left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See comment about RNG, I believe we need security/cryptography SMEs to chime in

<data name="WinZipEncryptionNotSupportedOnBrowser" xml:space="preserve">
<value>WinZip AES encryption is not supported on the browser platform.</value>
</data>

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This whitespace change should be reverted

Comment on lines +152 to +154
Span<byte> randomBytes = stackalloc byte[16];
Guid.NewGuid().TryWriteBytes(randomBytes);
randomBytes.Slice(0, 10).CopyTo(header);

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Guid does guarantee uniqueness, not randomness, so I don't think this is good.

Since ZipCrypto is broken anyway, maybe using Random.Shared.NextBytes is good enough here to avoid rooting System.Security.Cryptography dll. Maybe keep using RandomNumberGenerator on non-browser platforms?

cc @bartonjs, @GrabYourPitchforks for opinions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

arch-wasm WebAssembly architecture area-System.IO.Compression os-browser Browser variant of arch-wasm

Projects

None yet

Development

Successfully merging this pull request may close these issues.

6 participants