[SuppressMessage("Microsoft.Security", "CA5350", Justification = "SHA1 used only for hashing purposes, not for crypto.")]
internal static string GetSecWebSocketAcceptString(string secWebSocketKey)
{
- string retVal;
+ string acceptString = string.Concat(secWebSocketKey, HttpWebSocket.SecWebSocketKeyGuid);
+ byte[] toHash = Encoding.UTF8.GetBytes(acceptString);
// SHA1 used only for hashing purposes, not for crypto. Check here for FIPS compat.
- using (SHA1 sha1 = SHA1.Create())
- {
- string acceptString = string.Concat(secWebSocketKey, HttpWebSocket.SecWebSocketKeyGuid);
- byte[] toHash = Encoding.UTF8.GetBytes(acceptString);
- retVal = Convert.ToBase64String(sha1.ComputeHash(toHash));
- }
-
- return retVal;
+ byte[] hash = SHA1.HashData(toHash);
+ return Convert.ToBase64String(hash);
}
// return value here signifies if a Sec-WebSocket-Protocol header should be returned by the server.
get
{
EnsureCertData();
-
- using (SHA1 hash = SHA1.Create())
- {
- return hash.ComputeHash(_certData.RawData);
- }
+ return SHA1.HashData(_certData.RawData);
}
}
// SubjectPublicKeyInfo block, and returns that.
//
// https://msdn.microsoft.com/en-us/library/windows/desktop/aa376079%28v=vs.85%29.aspx
-
- using (HashAlgorithm hash = SHA1.Create())
- {
- byte[] publicKeyInfoBytes = GetSubjectPublicKeyInfo(cert);
-
- certKeyId = hash.ComputeHash(publicKeyInfoBytes);
- }
+ byte[] publicKeyInfoBytes = GetSubjectPublicKeyInfo(cert);
+ certKeyId = SHA1.HashData(publicKeyInfoBytes);
}
return keyIdentifier.ContentsEqual(certKeyId);
// The .NET Foundation licenses this file to you under the MIT license.
using System;
+using System.Diagnostics;
using System.Formats.Asn1;
using System.Security.Cryptography;
using System.Security.Cryptography.Asn1;
AsnWriter writer = new AsnWriter(AsnEncodingRules.DER);
spki.Encode(writer);
- using (SHA1 hash = SHA1.Create())
+ byte[] rented = CryptoPool.Rent(writer.GetEncodedLength());
+
+ try
+ {
+ if (!writer.TryEncode(rented, out int bytesWritten))
+ {
+ Debug.Fail("TryEncode failed with a pre-allocated buffer");
+ throw new CryptographicException();
+ }
+
+ return SHA1.HashData(rented.AsSpan(0, bytesWritten));
+ }
+ finally
{
- return hash.ComputeHash(writer.Encode());
+ CryptoPool.Return(rented, clearSize: 0); // SubjectPublicKeyInfo is not sensitive.
}
}
return EncodeExtension(subjectKeyIdentifier);
}
+ [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Security", "CA5350", Justification = "SHA1 is required by RFC3280")]
private static byte[] GenerateSubjectKeyIdentifierFromPublicKey(PublicKey key, X509SubjectKeyIdentifierHashAlgorithm algorithm)
{
switch (algorithm)
{
case X509SubjectKeyIdentifierHashAlgorithm.Sha1:
- return ComputeSha1(key.EncodedKeyValue.RawData);
+ return SHA1.HashData(key.EncodedKeyValue.RawData);
case X509SubjectKeyIdentifierHashAlgorithm.ShortSha1:
{
- byte[] sha1 = ComputeSha1(key.EncodedKeyValue.RawData);
+ byte[] sha1 = SHA1.HashData(key.EncodedKeyValue.RawData);
// ShortSha1: The keyIdentifier is composed of a four bit type field with
// the value 0100 followed by the least significant 60 bits of the
}
}
- [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Security", "CA5350", Justification = "SHA1 is required by RFC3280")]
- private static byte[] ComputeSha1(byte[] data)
- {
- using (SHA1 sha1 = SHA1.Create())
- {
- return sha1.ComputeHash(data);
- }
- }
-
private string? _subjectKeyIdentifier;
private bool _decoded;
}