Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ensure proper cleanup of key files when not persisting them #109731

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Ensure proper cleanup of key files when not persisting them #109731

wants to merge 5 commits into from
+541 −2

Conversation

bartonjs
Copy link
Member

Code inspection suggested that keys imported into the CNG MachineKey store from PFXImportCertStore were not getting properly cleaned up. This change adds tests that prove that supposition, and then fixes the bug so they pass.

@bartonjs
Ensure proper cleanup of key files when not persisting them
423f109 
Code inspection suggested that keys imported into the CNG MachineKey store
from PFXImportCertStore were not getting properly cleaned up.  This change
adds tests that prove that supposition, and then fixes the bug so they pass.
@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

vcsjones
vcsjones reviewed Nov 12, 2024
View reviewed changes
...libraries/System.Security.Cryptography/tests/X509Certificates/X509FilesystemTests.Windows.cs Outdated Show resolved Hide resolved
...libraries/System.Security.Cryptography/tests/X509Certificates/X509FilesystemTests.Windows.cs Outdated Show resolved Hide resolved
...libraries/System.Security.Cryptography/tests/X509Certificates/X509FilesystemTests.Windows.cs Outdated Show resolved Hide resolved
...libraries/System.Security.Cryptography/tests/X509Certificates/X509FilesystemTests.Windows.cs Outdated Show resolved Hide resolved
...libraries/System.Security.Cryptography/tests/X509Certificates/X509FilesystemTests.Windows.cs Outdated Show resolved Hide resolved
...libraries/System.Security.Cryptography/tests/X509Certificates/X509FilesystemTests.Windows.cs Show resolved Hide resolved
@bartonjs
Support systems that have never had CAPI-DSS
b7f2c78
@bartonjs
Review feedback
73da9ea 
* Bump keysize to 2048
  * This caused the tests to be too slow, so reuse 6 random keys for all of them
* Remove the random ordering in machine-or-user for defaultkeyset (try both ways)
* Remove incorrect copy/paste comment
* Remove bad nullable annotation
This was referenced Nov 13, 2024
Open
Open
@build-analysis build-analysis bot mentioned this pull request Nov 14, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vcsjones vcsjones vcsjones approved these changes

Assignees

@bartonjs bartonjs

Labels
area-System.Security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bartonjs @vcsjones