diff --git a/src/libraries/Common/src/System/Security/Cryptography/RSAAndroid.cs b/src/libraries/Common/src/System/Security/Cryptography/RSAAndroid.cs index 6f5a3c88fba10..409b8297d2f5b 100644 --- a/src/libraries/Common/src/System/Security/Cryptography/RSAAndroid.cs +++ b/src/libraries/Common/src/System/Security/Cryptography/RSAAndroid.cs @@ -381,6 +381,53 @@ public override void ImportParameters(RSAParameters parameters) ValidateParameters(ref parameters); ThrowIfDisposed(); + if (parameters.Exponent == null || parameters.Modulus == null) + { + throw new CryptographicException(SR.Cryptography_InvalidRsaParameters); + } + + if (parameters.D == null) + { + if (parameters.P != null || + parameters.DP != null || + parameters.Q != null || + parameters.DQ != null || + parameters.InverseQ != null) + { + throw new CryptographicException(SR.Cryptography_InvalidRsaParameters); + } + } + else + { + if (parameters.P == null || + parameters.DP == null || + parameters.Q == null || + parameters.DQ == null || + parameters.InverseQ == null) + { + throw new CryptographicException(SR.Cryptography_InvalidRsaParameters); + } + + // Half, rounded up. + int halfModulusLength = (parameters.Modulus.Length + 1) / 2; + + // The same checks are done by RSACryptoServiceProvider on import (when building the key blob) + // Historically RSACng let CNG handle this (reporting NTE_NOT_SUPPORTED), but on RS1 CNG let the + // import succeed, then on private key use (e.g. signing) it would report NTE_INVALID_PARAMETER. + // + // Doing the check here prevents the state in RS1 where the Import succeeds, but corrupts the key, + // and makes for a friendlier exception message. + if (parameters.D.Length != parameters.Modulus.Length || + parameters.P.Length != halfModulusLength || + parameters.Q.Length != halfModulusLength || + parameters.DP.Length != halfModulusLength || + parameters.DQ.Length != halfModulusLength || + parameters.InverseQ.Length != halfModulusLength) + { + throw new CryptographicException(SR.Cryptography_InvalidRsaParameters); + } + } + SafeRsaHandle key = Interop.AndroidCrypto.RsaCreate(); bool imported = false; diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyGeneration.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyGeneration.cs index bb65dd3d95017..d26dce7b36712 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyGeneration.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyGeneration.cs @@ -24,14 +24,12 @@ public static void VerifyDefaultKeySize_Fips186_2() } [ConditionalFact(nameof(SupportsKeyGeneration))] - [ActiveIssue("https://github.com/dotnet/runtime/issues/50580", TestPlatforms.Android)] public static void GenerateMinKey() { GenerateKey(dsa => GetMin(dsa.LegalKeySizes)); } [ConditionalFact(nameof(SupportsKeyGeneration), nameof(HasSecondMinSize))] - [ActiveIssue("https://github.com/dotnet/runtime/issues/50580", TestPlatforms.Android)] public static void GenerateSecondMinKey() { GenerateKey(dsa => GetSecondMin(dsa.LegalKeySizes)); diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/RSAXml.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/RSAXml.cs index 0427e190772b5..4885b02b231e0 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/RSAXml.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/RSA/RSAXml.cs @@ -1340,7 +1340,6 @@ public static void FromInvalidXml() } [Fact] - [ActiveIssue("https://github.com/dotnet/runtime/issues/29515", TestPlatforms.OSX | TestPlatforms.Android)] public static void FromNonsenseXml() { // This is DiminishedDPParameters XML, but with a P that is way too long.