From f835996af558a60b7337cc5075ef74512fd16af3 Mon Sep 17 00:00:00 2001 From: Jeremy Barton Date: Thu, 30 Jun 2016 11:29:51 -0700 Subject: [PATCH] Set KeySizeValue instead of doing gymnastics in LegalKeySizes. Commit migrated from https://github.com/dotnet/corefx/commit/cc0354ca6be9462ae4c94822de5b614f6cf915b7 --- .../src/System/Security/Cryptography/ECDsaCng.cs | 23 +----------------- .../System/Security/Cryptography/ECDsaOpenSsl.cs | 28 ++++------------------ .../src/System/Security/Cryptography/RSACng.cs | 21 +--------------- .../src/System/Security/Cryptography/RSAOpenSsl.cs | 22 +---------------- 4 files changed, 7 insertions(+), 87 deletions(-) diff --git a/src/libraries/Common/src/System/Security/Cryptography/ECDsaCng.cs b/src/libraries/Common/src/System/Security/Cryptography/ECDsaCng.cs index ea199f2..aedf289 100644 --- a/src/libraries/Common/src/System/Security/Cryptography/ECDsaCng.cs +++ b/src/libraries/Common/src/System/Security/Cryptography/ECDsaCng.cs @@ -13,8 +13,6 @@ namespace System.Security.Cryptography #endif public sealed partial class ECDsaCng : ECDsa { - private bool _skipKeySizeCheck; - #if !NETNATIVE /// /// Create an ECDsaCng algorithm with a named curve. @@ -83,32 +81,13 @@ namespace System.Security.Cryptography // it could be outside of the bounds that we currently represent as "legal key sizes". // Since that is our view into the underlying component it can be detached from the // component's understanding. If it said it has opened a key, and this is the size, trust it. - _skipKeySizeCheck = true; - - try - { - // Set base.KeySize directly, since we don't want to free the key - // (which we would do if the keysize changed on import) - base.KeySize = newKeySize; - } - finally - { - _skipKeySizeCheck = false; - } + KeySizeValue = newKeySize; } public override KeySizes[] LegalKeySizes { get { - if (_skipKeySizeCheck) - { - // When size limitations are in bypass, accept any positive integer. - // Many of them may not make sense (like 1), but we're just assigning - // the field to whatever value was provided by the native component. - return new[] { new KeySizes(minSize: 1, maxSize: int.MaxValue, skipSize: 1) }; - } - // Return the three sizes that can be explicitly set (for backwards compatibility) return new[] { new KeySizes(minSize: 256, maxSize: 384, skipSize: 128), diff --git a/src/libraries/Common/src/System/Security/Cryptography/ECDsaOpenSsl.cs b/src/libraries/Common/src/System/Security/Cryptography/ECDsaOpenSsl.cs index 12e18ba..75b0cce 100644 --- a/src/libraries/Common/src/System/Security/Cryptography/ECDsaOpenSsl.cs +++ b/src/libraries/Common/src/System/Security/Cryptography/ECDsaOpenSsl.cs @@ -20,7 +20,6 @@ namespace System.Security.Cryptography internal const string ECDSA_P521_OID_VALUE = "1.3.132.0.35"; // Also called nistP521or secP521r1 private Lazy _key; - private bool _skipKeySizeCheck; /// /// Create an ECDsaOpenSsl algorithm with a named curve. @@ -78,37 +77,18 @@ namespace System.Security.Cryptography // it could be outside of the bounds that we currently represent as "legal key sizes". // Since that is our view into the underlying component it can be detached from the // component's understanding. If it said it has opened a key, and this is the size, trust it. - _skipKeySizeCheck = true; - - try - { - // Set base.KeySize directly, since we don't want to free the key - // (which we would do if the keysize changed on import) - base.KeySize = newKeySize; - } - finally - { - _skipKeySizeCheck = false; - } + KeySizeValue = newKeySize; } public override KeySizes[] LegalKeySizes { get { - if (_skipKeySizeCheck) - { - // When size limitations are in bypass, accept any positive integer. - // Many of them may not make sense (like 1), but we're just assigning - // the field to whatever value was provided by the native component. - return new[] { new KeySizes(minSize: 1, maxSize: int.MaxValue, skipSize: 1) }; - } - // Return the three sizes that can be explicitly set (for backwards compatibility) return new[] { - new KeySizes(minSize: 256, maxSize: 384, skipSize: 128), - new KeySizes(minSize: 521, maxSize: 521, skipSize: 0), - }; + new KeySizes(minSize: 256, maxSize: 384, skipSize: 128), + new KeySizes(minSize: 521, maxSize: 521, skipSize: 0), + }; } } diff --git a/src/libraries/Common/src/System/Security/Cryptography/RSACng.cs b/src/libraries/Common/src/System/Security/Cryptography/RSACng.cs index 24e95b8..83305d1 100644 --- a/src/libraries/Common/src/System/Security/Cryptography/RSACng.cs +++ b/src/libraries/Common/src/System/Security/Cryptography/RSACng.cs @@ -13,8 +13,6 @@ namespace System.Security.Cryptography #endif public sealed partial class RSACng : RSA { - private bool _skipKeySizeCheck; - /// /// Create an RSACng algorithm with a random 2048 bit key pair. /// @@ -40,14 +38,6 @@ namespace System.Security.Cryptography { get { - if (_skipKeySizeCheck) - { - // When size limitations are in bypass, accept any positive integer. - // Many of them may not make sense (like 1), but we're just assigning - // the field to whatever value was provided by the native component. - return new[] { new KeySizes(minSize: 1, maxSize: int.MaxValue, skipSize: 1) }; - } - // See https://msdn.microsoft.com/en-us/library/windows/desktop/bb931354(v=vs.85).aspx return new KeySizes[] { @@ -83,16 +73,7 @@ namespace System.Security.Cryptography // create a 384-bit RSA key, which we consider too small to be legal. It can also create // a 1032-bit RSA key, which we consider illegal because it doesn't match our 64-bit // alignment requirement. (In both cases Windows loads it just fine) - _skipKeySizeCheck = true; - - try - { - KeySize = newKeySize; - } - finally - { - _skipKeySizeCheck = false; - } + KeySizeValue = newKeySize; } } #if INTERNAL_ASYMMETRIC_IMPLEMENTATIONS diff --git a/src/libraries/Common/src/System/Security/Cryptography/RSAOpenSsl.cs b/src/libraries/Common/src/System/Security/Cryptography/RSAOpenSsl.cs index 89c84fe..23860a3 100644 --- a/src/libraries/Common/src/System/Security/Cryptography/RSAOpenSsl.cs +++ b/src/libraries/Common/src/System/Security/Cryptography/RSAOpenSsl.cs @@ -30,7 +30,6 @@ namespace System.Security.Cryptography private static readonly byte[] s_defaultExponent = { 0x01, 0x00, 0x01 }; private Lazy _key; - private bool _skipKeySizeCheck; public RSAOpenSsl() : this(2048) @@ -66,32 +65,13 @@ namespace System.Security.Cryptography // it could be outside of the bounds that we currently represent as "legal key sizes". // Since that is our view into the underlying component it can be detached from the // component's understanding. If it said it has opened a key, and this is the size, trust it. - _skipKeySizeCheck = true; - - try - { - // Set base.KeySize directly, since we don't want to free the key - // (which we would do if the keysize changed on import) - base.KeySize = newKeySize; - } - finally - { - _skipKeySizeCheck = false; - } + KeySizeValue = newKeySize; } public override KeySizes[] LegalKeySizes { get { - if (_skipKeySizeCheck) - { - // When size limitations are in bypass, accept any positive integer. - // Many of them may not make sense (like 1), but we're just assigning - // the field to whatever value was provided by the native component. - return new[] { new KeySizes(minSize: 1, maxSize: int.MaxValue, skipSize: 1) }; - } - // OpenSSL seems to accept answers of all sizes. // Choosing a non-multiple of 8 would make some calculations misalign // (like assertions of (output.Length * 8) == KeySize). -- 2.7.4