diff --git a/src/libraries/Common/src/System/Security/Cryptography/ECCng.ImportExport.NamedCurve.cs b/src/libraries/Common/src/System/Security/Cryptography/ECCng.ImportExport.NamedCurve.cs index 5dd46b4213c4af..52802f1ff30265 100644 --- a/src/libraries/Common/src/System/Security/Cryptography/ECCng.ImportExport.NamedCurve.cs +++ b/src/libraries/Common/src/System/Security/Cryptography/ECCng.ImportExport.NamedCurve.cs @@ -152,40 +152,29 @@ internal static SafeNCryptKeyHandle ImportKeyBlob( using (SafeUnicodeStringHandle safeCurveName = new SafeUnicodeStringHandle(curveName)) { - Interop.BCrypt.BCryptBufferDesc desc = default; - Interop.BCrypt.BCryptBuffer buff = default; - - IntPtr descPtr = IntPtr.Zero; - IntPtr buffPtr = IntPtr.Zero; - try + unsafe { - descPtr = Marshal.AllocHGlobal(Marshal.SizeOf(desc)); - buffPtr = Marshal.AllocHGlobal(Marshal.SizeOf(buff)); + Interop.BCrypt.BCryptBufferDesc desc = default; + Interop.BCrypt.BCryptBuffer buff = default; + buff.cbBuffer = (curveName.Length + 1) * 2; // Add 1 for null terminator buff.BufferType = Interop.BCrypt.CngBufferDescriptors.NCRYPTBUFFER_ECC_CURVE_NAME; buff.pvBuffer = safeCurveName.DangerousGetHandle(); - Marshal.StructureToPtr(buff, buffPtr, false); desc.cBuffers = 1; - desc.pBuffers = buffPtr; + desc.pBuffers = (IntPtr)(&buff); desc.ulVersion = Interop.BCrypt.BCRYPTBUFFER_VERSION; - Marshal.StructureToPtr(desc, descPtr, false); errorCode = Interop.NCrypt.NCryptImportKey( provider, IntPtr.Zero, blobType, - descPtr, + (IntPtr)(&desc), out keyHandle, ref MemoryMarshal.GetReference(keyBlob), keyBlob.Length, 0); } - finally - { - Marshal.FreeHGlobal(descPtr); - Marshal.FreeHGlobal(buffPtr); - } } if (errorCode != ErrorCode.ERROR_SUCCESS) diff --git a/src/libraries/Common/src/System/Security/Cryptography/MLKem.Windows.cs b/src/libraries/Common/src/System/Security/Cryptography/MLKem.Windows.cs index a5993593f43c92..380a0104d5e7f6 100644 --- a/src/libraries/Common/src/System/Security/Cryptography/MLKem.Windows.cs +++ b/src/libraries/Common/src/System/Security/Cryptography/MLKem.Windows.cs @@ -26,7 +26,7 @@ private protected unsafe void ReadCngMLKemBlob( throw new CryptographicException(); } - int blobHeaderSize = Marshal.SizeOf(); + int blobHeaderSize = sizeof(BCRYPT_MLKEM_KEY_BLOB); int keySize = checked((int)blob->cbKey); if (keySize != destination.Length) diff --git a/src/libraries/Common/src/System/Security/Cryptography/PqcBlobHelpers.cs b/src/libraries/Common/src/System/Security/Cryptography/PqcBlobHelpers.cs index 566234e5bec251..21d2e00a78a6c6 100644 --- a/src/libraries/Common/src/System/Security/Cryptography/PqcBlobHelpers.cs +++ b/src/libraries/Common/src/System/Security/Cryptography/PqcBlobHelpers.cs @@ -216,7 +216,7 @@ internal delegate TReturn EncodeMLKemBlobCallback( string blobKind, ReadOnlySpan blob); - internal static TReturn EncodeMLKemBlob( + internal static unsafe TReturn EncodeMLKemBlob( KeyBlobMagicNumber kind, MLKemAlgorithm algorithm, ReadOnlySpan key, @@ -230,7 +230,7 @@ internal static TReturn EncodeMLKemBlob( // try to accommodate them. const int MaxKeyStackSize = 128; string parameterSet = GetMLKemParameterSet(algorithm); - int blobHeaderSize = Marshal.SizeOf(); + int blobHeaderSize = sizeof(BCRYPT_MLKEM_KEY_BLOB); int parameterSetMarshalLength = (parameterSet.Length + 1) * 2; int blobSize = blobHeaderSize + @@ -246,15 +246,12 @@ internal static TReturn EncodeMLKemBlob( { buffer.Clear(); - unsafe + fixed (byte* pBuffer = buffer) { - fixed (byte* pBuffer = buffer) - { - BCRYPT_MLKEM_KEY_BLOB* blob = (BCRYPT_MLKEM_KEY_BLOB*)pBuffer; - blob->dwMagic = kind; - blob->cbParameterSet = (uint)parameterSetMarshalLength; - blob->cbKey = (uint)key.Length; - } + BCRYPT_MLKEM_KEY_BLOB* blob = (BCRYPT_MLKEM_KEY_BLOB*)pBuffer; + blob->dwMagic = kind; + blob->cbParameterSet = (uint)parameterSetMarshalLength; + blob->cbKey = (uint)key.Length; } // This won't write the null byte, but we zeroed the whole buffer earlier. diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/ChainPal.Windows.BuildChain.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/ChainPal.Windows.BuildChain.cs index 9c141bb8f0bd75..8bbdf3482400ba 100644 --- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/ChainPal.Windows.BuildChain.cs +++ b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/ChainPal.Windows.BuildChain.cs @@ -36,7 +36,7 @@ internal sealed partial class ChainPal : IDisposable, IChainPal using (SafeCertStoreHandle extraStoreHandle = ConvertStoreToSafeHandle(extraStore)) { Interop.Crypt32.CERT_CHAIN_PARA chainPara = default; - chainPara.cbSize = Marshal.SizeOf(); + chainPara.cbSize = sizeof(Interop.Crypt32.CERT_CHAIN_PARA); int applicationPolicyCount; using (SafeHandle applicationPolicyOids = applicationPolicy!.ToLpstrArray(out applicationPolicyCount)) @@ -88,12 +88,15 @@ private static SafeChainEngineHandle GetChainEngine( if (trustMode == X509ChainTrustMode.CustomRootTrust) { // Need to get a valid SafeCertStoreHandle otherwise the default stores will be trusted - using (SafeCertStoreHandle customTrustStoreHandle = ConvertStoreToSafeHandle(customTrustStore, true)) + unsafe { - Interop.Crypt32.CERT_CHAIN_ENGINE_CONFIG customChainEngine = default; - customChainEngine.cbSize = Marshal.SizeOf(); - customChainEngine.hExclusiveRoot = customTrustStoreHandle.DangerousGetHandle(); - chainEngineHandle = Interop.crypt32.CertCreateCertificateChainEngine(ref customChainEngine); + using (SafeCertStoreHandle customTrustStoreHandle = ConvertStoreToSafeHandle(customTrustStore, true)) + { + Interop.Crypt32.CERT_CHAIN_ENGINE_CONFIG customChainEngine = default; + customChainEngine.cbSize = sizeof(Interop.Crypt32.CERT_CHAIN_ENGINE_CONFIG); + customChainEngine.hExclusiveRoot = customTrustStoreHandle.DangerousGetHandle(); + chainEngineHandle = Interop.crypt32.CertCreateCertificateChainEngine(ref customChainEngine); + } } } else