diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/AndroidCertificatePal.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/AndroidCertificatePal.cs index f75879604e3f2..30a6cdbce3c29 100644 --- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/AndroidCertificatePal.cs +++ b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/AndroidCertificatePal.cs @@ -118,8 +118,9 @@ ref MemoryMarshal.GetReference(rawData), private static AndroidCertificatePal ReadPkcs12(ReadOnlySpan rawData, SafePasswordHandle password, bool ephemeralSpecified) { - using (var reader = new AndroidPkcs12Reader(rawData)) + using (var reader = new AndroidPkcs12Reader()) { + reader.ParsePkcs12(rawData); reader.Decrypt(password, ephemeralSpecified); UnixPkcs12Reader.CertAndKey certAndKey = reader.GetSingleCert(); diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/AndroidPkcs12Reader.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/AndroidPkcs12Reader.cs index a22e15530798f..10800a71d537b 100644 --- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/AndroidPkcs12Reader.cs +++ b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/AndroidPkcs12Reader.cs @@ -11,17 +11,17 @@ namespace System.Security.Cryptography.X509Certificates { internal sealed class AndroidPkcs12Reader : UnixPkcs12Reader { - internal AndroidPkcs12Reader(ReadOnlySpan data) + internal AndroidPkcs12Reader() { - ParsePkcs12(data); } public static bool IsPkcs12(ReadOnlySpan data) { try { - using (var reader = new AndroidPkcs12Reader(data)) + using (var reader = new AndroidPkcs12Reader()) { + reader.ParsePkcs12(data); return true; } } diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/AppleCertificatePal.Pkcs12.iOS.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/AppleCertificatePal.Pkcs12.iOS.cs index 26a1f569abe17..baa791d59f34e 100644 --- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/AppleCertificatePal.Pkcs12.iOS.cs +++ b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/AppleCertificatePal.Pkcs12.iOS.cs @@ -14,8 +14,9 @@ private static AppleCertificatePal ImportPkcs12( SafePasswordHandle password, bool ephemeralSpecified) { - using (ApplePkcs12Reader reader = new ApplePkcs12Reader(rawData)) + using (ApplePkcs12Reader reader = new ApplePkcs12Reader()) { + reader.ParsePkcs12(rawData); reader.Decrypt(password, ephemeralSpecified); return ImportPkcs12(reader.GetSingleCert()); } diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/AppleCertificatePal.Pkcs12.macOS.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/AppleCertificatePal.Pkcs12.macOS.cs index 118f7067691e6..6e329434278de 100644 --- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/AppleCertificatePal.Pkcs12.macOS.cs +++ b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/AppleCertificatePal.Pkcs12.macOS.cs @@ -15,8 +15,9 @@ private static AppleCertificatePal ImportPkcs12( bool exportable, SafeKeychainHandle keychain) { - using (ApplePkcs12Reader reader = new ApplePkcs12Reader(rawData)) + using (ApplePkcs12Reader reader = new ApplePkcs12Reader()) { + reader.ParsePkcs12(rawData); reader.Decrypt(password, ephemeralSpecified: false); UnixPkcs12Reader.CertAndKey certAndKey = reader.GetSingleCert(); diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/ApplePkcs12Reader.iOS.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/ApplePkcs12Reader.iOS.cs index 5900a979ed83c..e493436e01d7b 100644 --- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/ApplePkcs12Reader.iOS.cs +++ b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/ApplePkcs12Reader.iOS.cs @@ -10,9 +10,8 @@ namespace System.Security.Cryptography.X509Certificates { internal sealed class ApplePkcs12Reader : UnixPkcs12Reader { - internal ApplePkcs12Reader(ReadOnlySpan data) + internal ApplePkcs12Reader() { - ParsePkcs12(data); } protected override ICertificatePalCore ReadX509Der(ReadOnlyMemory data) diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/ApplePkcs12Reader.macOS.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/ApplePkcs12Reader.macOS.cs index 7c1121a6c86ac..8f3274d15d232 100644 --- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/ApplePkcs12Reader.macOS.cs +++ b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/ApplePkcs12Reader.macOS.cs @@ -11,9 +11,8 @@ namespace System.Security.Cryptography.X509Certificates { internal sealed class ApplePkcs12Reader : UnixPkcs12Reader { - internal ApplePkcs12Reader(ReadOnlySpan data) + internal ApplePkcs12Reader() { - ParsePkcs12(data); } protected override ICertificatePalCore ReadX509Der(ReadOnlyMemory data) diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/OpenSslPkcs12Reader.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/OpenSslPkcs12Reader.cs index 7ce3eb5f31973..c0a4616273c04 100644 --- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/OpenSslPkcs12Reader.cs +++ b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/OpenSslPkcs12Reader.cs @@ -9,9 +9,8 @@ namespace System.Security.Cryptography.X509Certificates { internal sealed class OpenSslPkcs12Reader : UnixPkcs12Reader { - private OpenSslPkcs12Reader(ReadOnlySpan data) + private OpenSslPkcs12Reader() { - ParsePkcs12(data); } protected override ICertificatePalCore ReadX509Der(ReadOnlyMemory data) @@ -89,7 +88,8 @@ private static bool TryRead( try { - pkcs12Reader = new OpenSslPkcs12Reader(data); + pkcs12Reader = new OpenSslPkcs12Reader(); + pkcs12Reader.ParsePkcs12(data); return true; } catch (CryptographicException e) diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/StorePal.Android.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/StorePal.Android.cs index 0c3e92bfd94cc..962287bc2630e 100644 --- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/StorePal.Android.cs +++ b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/StorePal.Android.cs @@ -118,8 +118,9 @@ private static ICertificatePal[] ReadPkcs12Collection( SafePasswordHandle password, bool ephemeralSpecified) { - using (var reader = new AndroidPkcs12Reader(rawData)) + using (var reader = new AndroidPkcs12Reader()) { + reader.ParsePkcs12(rawData); reader.Decrypt(password, ephemeralSpecified); ICertificatePal[] certs = new ICertificatePal[reader.GetCertCount()]; diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/StorePal.iOS.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/StorePal.iOS.cs index ae90eabcf23a6..edccc0b79e337 100644 --- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/StorePal.iOS.cs +++ b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/StorePal.iOS.cs @@ -46,10 +46,11 @@ private static ILoaderPal FromBlob(ReadOnlySpan rawData, SafePasswordHandl if (contentType == X509ContentType.Pkcs12) { X509Certificate.EnforceIterationCountLimit(ref rawData, readingFromFile, password.PasswordProvided); - ApplePkcs12Reader reader = new ApplePkcs12Reader(rawData); + ApplePkcs12Reader reader = new ApplePkcs12Reader(); try { + reader.ParsePkcs12(rawData); reader.Decrypt(password, ephemeralSpecified); return new ApplePkcs12CertLoader(reader, password); } diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/StorePal.macOS.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/StorePal.macOS.cs index af87c145119b0..b424e971b09e4 100644 --- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/StorePal.macOS.cs +++ b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/StorePal.macOS.cs @@ -72,10 +72,11 @@ private static ApplePkcs12CertLoader ImportPkcs12( bool ephemeralSpecified, SafeKeychainHandle keychain) { - ApplePkcs12Reader reader = new ApplePkcs12Reader(rawData); + ApplePkcs12Reader reader = new ApplePkcs12Reader(); try { + reader.ParsePkcs12(rawData); reader.Decrypt(password, ephemeralSpecified); return new ApplePkcs12CertLoader(reader, keychain, password, exportable); } diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/UnixPkcs12Reader.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/UnixPkcs12Reader.cs index b4f39384cf0e3..d8fe618c507d5 100644 --- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/UnixPkcs12Reader.cs +++ b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/UnixPkcs12Reader.cs @@ -30,7 +30,7 @@ internal abstract class UnixPkcs12Reader : IDisposable protected abstract ICertificatePalCore ReadX509Der(ReadOnlyMemory data); protected abstract AsymmetricAlgorithm LoadKey(ReadOnlyMemory safeBagBagValue); - protected void ParsePkcs12(ReadOnlySpan data) + internal void ParsePkcs12(ReadOnlySpan data) { try { @@ -42,10 +42,24 @@ protected void ParsePkcs12(ReadOnlySpan data) unsafe { - IntPtr tmpPtr = Marshal.AllocHGlobal(encodedData.Length); - Span tmpSpan = new Span((byte*)tmpPtr, encodedData.Length); - encodedData.CopyTo(tmpSpan); - _tmpManager = new PointerMemoryManager((void*)tmpPtr, encodedData.Length); + IntPtr tmpPtr = IntPtr.Zero; + + try + { + tmpPtr = Marshal.AllocHGlobal(encodedData.Length); + Span tmpSpan = new Span((byte*)tmpPtr, encodedData.Length); + encodedData.CopyTo(tmpSpan); + _tmpManager = new PointerMemoryManager((void*)tmpPtr, encodedData.Length); + } + catch + { + if (tmpPtr != IntPtr.Zero) + { + Marshal.FreeHGlobal(tmpPtr); + } + + throw; + } } ReadOnlyMemory tmpMemory = _tmpManager.Memory;