How do I load an assembly with BouncyCastle.crypto.dll dependency into SQL Server 2014?

1

With VS2017, I have created a SQL CLR dll (for SQL Server 2014) that indirectly uses BouncyCastle.Crypto.dll, but am unable to CREATE ASSEMBLY for it. It gives a warning (I hope) but fails with

Msg 10332, Level 16, State 1, Line 85
Assembly "BouncyCastle.Crypto" was built using version v1.1.4322 of the .NET Framework. SQL Server currently uses version v4.0.30319.

Msg 6218, Level 16, State 2, Line 90
CREATE ASSEMBLY for assembly 'SqlClrBits' failed because assembly 'BouncyCastle.Crypto' failed verification. Check if the referenced assemblies are up-to-date and trusted (for external_access or unsafe) to execute in the database. CLR Verifier error messages if any will follow this message
[ : Org.BouncyCastle.OpenSsl.PemReader::ReadObject][mdToken=0x6002e46][offset 0x00000024] The 'this' parameter to the call must be the calling method's 'this' parameter.
[ : Org.BouncyCastle.OpenSsl.PemReader::ReadObject][mdToken=0x6002e46][offset 0x00000102] The 'this' parameter to the call must be the calling method's 'this' parameter.

I have successfully loaded it before (pre-BouncyCastle), which required

CREATE ASYMMETRIC KEY MyKey ... FROM EXECUTABLE FILE ... 
CREATE LOGIN MyUser FROM ASYMMETRIC KEY MyKey 
GRANT EXTERNAL ACCESS ASSEMBLY TO MyUser 

I have also reluctantly run

ALTER DATABASE MyDb SET TRUSTWORTHY ON

I have even done CREATE ASSEMBLY for BouncyCastle.Crypto in its own right. So .. how do I load my SQL CLR assembly into SQL Server?

.net
sql-server
sql-server-2014
bouncycastle
sqlclr
asked on Stack Overflow Apr 11, 2017 by brewmanz • edited Apr 19, 2017 by Solomon Rutzky

1 Answer

1

When you get a SQLCLR error stating, "failed verification", then most likely you need to mark that Assembly as UNSAFE. And here you will probably need to mark both BouncyCastle.Crypto.dll and your Assembly that references it as UNSAFE.

Also, you will need to test this with multiple sessions calling this code at the exact same time. It is unclear as to the full extent of what BouncyCastle is doing, and it might be doing things that assume more separation per process, as opposed to SQL Server's CLR host which is an App Domain shared across all sessions.

answered on Stack Overflow Apr 14, 2017 by Solomon Rutzky

User contributions licensed under CC BY-SA 3.0