-
Notifications
You must be signed in to change notification settings - Fork 4.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Obsolete HMACSHA1 constructor with useManagedSha1
#53875
Comments
Tagging subscribers to this area: @bartonjs, @vcsjones, @krwq, @GrabYourPitchforks Issue DetailsBackground and Motivation
Proposed APInamespace System.Security.Cryptography {
public class HMACSHA1 : HMAC {
+ [Obsolete("HMACSHA1 always uses the algorithm implementation provided by the platform. Use the constructor without the useManagedSha1 parameter.")]
[EditorBrowsable(EditorBrowsableState.Never)]
public HMACSHA1(byte[] key, bool useManagedSha1);
}
} An analyzer could be made to update call sites to change simple invocations of the constructor like
|
Can we also use this opportunity to obsolete |
Makes sense. I updated the proposal. Maybe it makes more sense for the obsolete to just be on the setter, but I opted to do the whole property since any application that is getting the value and perhaps making a decision from the getter might need to be updated. |
Looks good as proposed.
namespace System.Security.Cryptography {
public class HMACSHA1 : HMAC {
+ [Obsolete("HMACSHA1 always uses the algorithm implementation provided by the platform. Use the constructor without the useManagedSha1 parameter.")]
[EditorBrowsable(EditorBrowsableState.Never)]
public HMACSHA1(byte[] key, bool useManagedSha1);
}
public class HMACSHA384 : HMAC {
+ [Obsolete("Producing legacy HMAC values is no longer supported.")]
public bool ProduceLegacyHmacValues { get; set; }
}
public class HMACSHA512 : HMAC {
+ [Obsolete("Producing legacy HMAC values is no longer supported.")]
public bool ProduceLegacyHmacValues { get; set; }
}
} |
It does not; only HMACs with a 1024-bit block size had the particular bug in .NET Framework that resulted in these compatibility properties. |
@vcsjones Did you want this assigned to you? |
@GrabYourPitchforks I can at least do that much now :-). Will start this one after the X.509 obsoletions. |
Background and Motivation
HMACSHA1
has a constructor that the other HMACSHA2/MD5 classes don't, which is to accept a boolean indicating ifSHA1Managed
should be used as the underlying hash. As of .NET Core, the HMAC implementations are not managed themselves anymore, but instead defer to the platform. As such theuseManagedSha1
parameter is ignored.Proposed API
An analyzer could be made to update call sites to change simple invocations of the constructor like
new HMACSHA1(key_expression, false)
andnew HMACSHA1(key_expression, true)
tonew HMACSHA1(key_expression)
.The text was updated successfully, but these errors were encountered: