From 44841049babc809b45d461a17cb69d450b7db563 Mon Sep 17 00:00:00 2001 From: Jeremy Barton Date: Thu, 2 Oct 2025 16:48:00 -0700 Subject: [PATCH 1/2] Limit the use of a pointer to the lexical scope of the target --- .../StorePal.Windows.Export.cs | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/StorePal.Windows.Export.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/StorePal.Windows.Export.cs index 142e54e90d6dfa..e3a8822f6e225b 100644 --- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/StorePal.Windows.Export.cs +++ b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/StorePal.Windows.Export.cs @@ -109,20 +109,20 @@ private unsafe byte[] ExportPkcs12Core(Pkcs12ExportPbeParameters? exportParamete Interop.Crypt32.PKCS12_PBES2_EXPORT_PARAMS* exportParams = null; PbeParameters? reEncodeParameters = null; + char* PKCS12_PBES2_ALG_AES256_SHA256 = stackalloc char[] { 'A', 'E', 'S', '2', '5', '6', '-', 'S', 'H', 'A', '2', '5', '6', '\0' }; + Interop.Crypt32.PKCS12_PBES2_EXPORT_PARAMS specifiedParams = new() + { + dwSize = (uint)Marshal.SizeOf(), + hNcryptDescriptor = 0, + pwszPbes2Alg = PKCS12_PBES2_ALG_AES256_SHA256, + }; + if (exportParameters is Pkcs12ExportPbeParameters.Pbes2Aes256Sha256 or Pkcs12ExportPbeParameters.Default) { if (s_supportsAes256Sha256) { flags |= Interop.Crypt32.PFXExportFlags.PKCS12_EXPORT_PBES2_PARAMS; - // PKCS12_PBES2_ALG_AES256_SHA256 - char* algStr = stackalloc char[] { 'A', 'E', 'S', '2', '5', '6', '-', 'S', 'H', 'A', '2', '5', '6', '\0' }; - Interop.Crypt32.PKCS12_PBES2_EXPORT_PARAMS p = new() - { - dwSize = (uint)Marshal.SizeOf(), - hNcryptDescriptor = 0, - pwszPbes2Alg = algStr, - }; - exportParams = &p; + exportParams = &specifiedParams; } else { From 64a5c41456b40387a0bac1e857e067b55260c4cf Mon Sep 17 00:00:00 2001 From: Jeremy Barton Date: Fri, 3 Oct 2025 09:31:35 -0700 Subject: [PATCH 2/2] Update src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/StorePal.Windows.Export.cs Co-authored-by: Jan Kotas --- .../Cryptography/X509Certificates/StorePal.Windows.Export.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/StorePal.Windows.Export.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/StorePal.Windows.Export.cs index e3a8822f6e225b..9cacc8bde3f252 100644 --- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/StorePal.Windows.Export.cs +++ b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/StorePal.Windows.Export.cs @@ -112,7 +112,7 @@ private unsafe byte[] ExportPkcs12Core(Pkcs12ExportPbeParameters? exportParamete char* PKCS12_PBES2_ALG_AES256_SHA256 = stackalloc char[] { 'A', 'E', 'S', '2', '5', '6', '-', 'S', 'H', 'A', '2', '5', '6', '\0' }; Interop.Crypt32.PKCS12_PBES2_EXPORT_PARAMS specifiedParams = new() { - dwSize = (uint)Marshal.SizeOf(), + dwSize = (uint)sizeof(Interop.Crypt32.PKCS12_PBES2_EXPORT_PARAMS), hNcryptDescriptor = 0, pwszPbes2Alg = PKCS12_PBES2_ALG_AES256_SHA256, };