diff --git a/src/libraries/Common/src/System/Security/Cryptography/CngPkcs8.cs b/src/libraries/Common/src/System/Security/Cryptography/CngPkcs8.cs index e6d6ef01972eb2..a563e4f4f4104d 100644 --- a/src/libraries/Common/src/System/Security/Cryptography/CngPkcs8.cs +++ b/src/libraries/Common/src/System/Security/Cryptography/CngPkcs8.cs @@ -198,8 +198,7 @@ internal static unsafe Pkcs8Response ImportEncryptedPkcs8PrivateKey( } finally { - CryptographicOperations.ZeroMemory(decryptedSpan); - CryptoPool.Return(decrypted.Array!); + CryptoPool.Return(decrypted); } } catch (AsnContentException e) @@ -277,8 +276,7 @@ internal static unsafe Pkcs8Response ImportEncryptedPkcs8PrivateKey( } finally { - CryptographicOperations.ZeroMemory(decryptedSpan); - CryptoPool.Return(decrypted.Array!, clearSize: 0); + CryptoPool.Return(decrypted); } } } diff --git a/src/libraries/Common/src/System/Security/Cryptography/KeyFormatHelper.Encrypted.cs b/src/libraries/Common/src/System/Security/Cryptography/KeyFormatHelper.Encrypted.cs index b4d07d7366aff6..8e96369bca9178 100644 --- a/src/libraries/Common/src/System/Security/Cryptography/KeyFormatHelper.Encrypted.cs +++ b/src/libraries/Common/src/System/Security/Cryptography/KeyFormatHelper.Encrypted.cs @@ -189,20 +189,19 @@ private static AsnWriter WriteEncryptedPkcs8( out string encryptionAlgorithmOid, out bool isPkcs12); - byte[]? encryptedRent = null; Span encryptedSpan = default; AsnWriter? writer = null; - try - { - Debug.Assert(cipher.BlockSize <= 128, $"Encountered unexpected block size: {cipher.BlockSize}"); - Span iv = stackalloc byte[cipher.BlockSize / 8]; - Span salt = stackalloc byte[16]; + Debug.Assert(cipher.BlockSize <= 128, $"Encountered unexpected block size: {cipher.BlockSize}"); + Span iv = stackalloc byte[cipher.BlockSize / 8]; + Span salt = stackalloc byte[16]; - // We need at least one block size beyond the input data size. - encryptedRent = CryptoPool.Rent( - checked(pkcs8Writer.GetEncodedLength() + (cipher.BlockSize / 8))); + // We need at least one block size beyond the input data size. + byte[] encryptedRent = CryptoPool.Rent( + checked(pkcs8Writer.GetEncodedLength() + (cipher.BlockSize / 8))); + try + { RandomNumberGenerator.Fill(salt); int written = PasswordBasedEncryption.Encrypt( @@ -242,7 +241,7 @@ private static AsnWriter WriteEncryptedPkcs8( finally { CryptographicOperations.ZeroMemory(encryptedSpan); - CryptoPool.Return(encryptedRent!, clearSize: 0); + CryptoPool.Return(encryptedRent, clearSize: 0); cipher.Dispose(); } @@ -348,8 +347,7 @@ internal static AsnWriter ReencryptPkcs8( } finally { - CryptographicOperations.ZeroMemory(decrypted); - CryptoPool.Return(decrypted.Array!, clearSize: 0); + CryptoPool.Return(decrypted); } } @@ -385,8 +383,7 @@ internal static AsnWriter ReencryptPkcs8( } finally { - CryptographicOperations.ZeroMemory(decrypted); - CryptoPool.Return(decrypted.Array!, clearSize: 0); + CryptoPool.Return(decrypted); } } } diff --git a/src/libraries/Common/src/System/Security/Cryptography/RSAAndroid.cs b/src/libraries/Common/src/System/Security/Cryptography/RSAAndroid.cs index ae8d49719643ea..6f5a3c88fba10f 100644 --- a/src/libraries/Common/src/System/Security/Cryptography/RSAAndroid.cs +++ b/src/libraries/Common/src/System/Security/Cryptography/RSAAndroid.cs @@ -84,12 +84,11 @@ public override byte[] Decrypt(byte[] data, RSAEncryptionPadding padding) SafeRsaHandle key = GetKey(); int rsaSize = Interop.AndroidCrypto.RsaSize(key); - byte[]? buf = null; Span destination = default; + byte[] buf = CryptoPool.Rent(rsaSize); try { - buf = CryptoPool.Rent(rsaSize); destination = new Span(buf, 0, rsaSize); if (!TryDecrypt(key, data, destination, rsaPadding, oaepProcessor, out int bytesWritten)) @@ -103,7 +102,7 @@ public override byte[] Decrypt(byte[] data, RSAEncryptionPadding padding) finally { CryptographicOperations.ZeroMemory(destination); - CryptoPool.Return(buf!, clearSize: 0); + CryptoPool.Return(buf, clearSize: 0); } } diff --git a/src/libraries/Common/src/System/Security/Cryptography/RSAOpenSsl.cs b/src/libraries/Common/src/System/Security/Cryptography/RSAOpenSsl.cs index d6d66c78ae1d48..718059a602236b 100644 --- a/src/libraries/Common/src/System/Security/Cryptography/RSAOpenSsl.cs +++ b/src/libraries/Common/src/System/Security/Cryptography/RSAOpenSsl.cs @@ -87,12 +87,11 @@ public override byte[] Decrypt(byte[] data, RSAEncryptionPadding padding) ValidatePadding(padding); SafeEvpPKeyHandle key = GetKey(); int rsaSize = Interop.Crypto.EvpPKeySize(key); - byte[]? buf = null; Span destination = default; + byte[] buf = CryptoPool.Rent(rsaSize); try { - buf = CryptoPool.Rent(rsaSize); destination = new Span(buf, 0, rsaSize); int bytesWritten = Decrypt(key, data, destination, padding); @@ -101,7 +100,7 @@ public override byte[] Decrypt(byte[] data, RSAEncryptionPadding padding) finally { CryptographicOperations.ZeroMemory(destination); - CryptoPool.Return(buf!, clearSize: 0); + CryptoPool.Return(buf, clearSize: 0); } } diff --git a/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Pkcs8PrivateKeyInfo.cs b/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Pkcs8PrivateKeyInfo.cs index 57d5c6cbc00bdc..8d9678d21490b1 100644 --- a/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Pkcs8PrivateKeyInfo.cs +++ b/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Pkcs8PrivateKeyInfo.cs @@ -197,8 +197,7 @@ public static Pkcs8PrivateKeyInfo DecryptAndDecode( } finally { - CryptographicOperations.ZeroMemory(decryptedMemory.Span); - CryptoPool.Return(decrypted.Array!, clearSize: 0); + CryptoPool.Return(decrypted); } } @@ -229,8 +228,7 @@ public static Pkcs8PrivateKeyInfo DecryptAndDecode( } finally { - CryptographicOperations.ZeroMemory(decryptedMemory.Span); - CryptoPool.Return(decrypted.Array!, clearSize: 0); + CryptoPool.Return(decrypted); } } diff --git a/src/libraries/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/UnixPkcs12Reader.cs b/src/libraries/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/UnixPkcs12Reader.cs index bf6cb9ce630d0e..b227a05667773f 100644 --- a/src/libraries/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/UnixPkcs12Reader.cs +++ b/src/libraries/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/UnixPkcs12Reader.cs @@ -786,7 +786,7 @@ private AsymmetricAlgorithm LoadKey(SafeBagAsn safeBag, ReadOnlySpan passw } finally { - CryptoPool.Return(decrypted.Array!, clearSize: decrypted.Count); + CryptoPool.Return(decrypted); } }