Imported Upstream version 5.10.0.47

Former-commit-id: d0813289fa2d35e1f8ed77530acb4fb1df441bc0
2018-01-24 17:04:36 +00:00
parent 88ff76fe28
commit e46a49ecf1
5927 changed files with 226314 additions and 129848 deletions
--- a/external/corefx/src/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/OpenSslX509ChainProcessor.cs
+++ b/external/corefx/src/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/OpenSslX509ChainProcessor.cs
@@ -418,6 +418,8 @@ namespace Internal.Cryptography.Pal
                    extraStore,
                    userIntermediateCerts,
                    systemIntermediateCerts,
+                    userRootCerts,
+                    systemRootCerts,
                };

                while (toProcess.Count > 0)
--- a/external/corefx/src/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates/CertificateRequest.cs
+++ b/external/corefx/src/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates/CertificateRequest.cs
@@ -204,7 +204,7 @@ namespace System.Security.Cryptography.X509Certificates
        }

        /// <summary>
-        /// Create an ASN.1 DER-encoded PKCS#10 CertificationRequest object representating the current state
+        /// Create an ASN.1 DER-encoded PKCS#10 CertificationRequest object representing the current state
        /// of this object.
        /// </summary>
        /// <returns>A DER-encoded certificate signing request.</returns>
@@ -250,7 +250,7 @@ namespace System.Security.Cryptography.X509Certificates
        }

        /// <summary>
-        /// Create an ASN.1 DER-encoded PKCS#10 CertificationRequest representating the current state
+        /// Create an ASN.1 DER-encoded PKCS#10 CertificationRequest representing the current state
        /// of this object using the provided signature generator.
        /// </summary>
        /// <param name="signatureGenerator">
--- a/external/corefx/src/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates/ECDsaX509SignatureGenerator.cs
+++ b/external/corefx/src/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates/ECDsaX509SignatureGenerator.cs
@@ -53,8 +53,8 @@ namespace System.Security.Cryptography.X509Certificates
            int segmentLength = ieeeFormat.Length / 2;

            return DerEncoder.ConstructSequence(
-                DerEncoder.SegmentedEncodeUnsignedInteger(ieeeFormat, 0, segmentLength),
-                DerEncoder.SegmentedEncodeUnsignedInteger(ieeeFormat, segmentLength, segmentLength));
+                DerEncoder.SegmentedEncodeUnsignedInteger(new ReadOnlySpan<byte>(ieeeFormat, 0, segmentLength)),
+                DerEncoder.SegmentedEncodeUnsignedInteger(new ReadOnlySpan<byte>(ieeeFormat, segmentLength, segmentLength)));
        }

        protected override PublicKey BuildPublicKey()
--- a/external/corefx/src/System.Security.Cryptography.X509Certificates/tests/CertTests.cs
+++ b/external/corefx/src/System.Security.Cryptography.X509Certificates/tests/CertTests.cs
@@ -116,7 +116,7 @@ namespace System.Security.Cryptography.X509Certificates.Tests

            // High Sierra fails to build a chain for a self-signed certificate with revocation enabled.
            // https://github.com/dotnet/corefx/issues/21875
-            if (!PlatformDetection.IsMacOsHighSierra)
+            if (!PlatformDetection.IsMacOsHighSierraOrHigher)
            {
                using (var microsoftDotComRoot = new X509Certificate2(TestData.MicrosoftDotComRootBytes))
                {
--- a/external/corefx/src/System.Security.Cryptography.X509Certificates/tests/ChainTests.cs
+++ b/external/corefx/src/System.Security.Cryptography.X509Certificates/tests/ChainTests.cs
@@ -5,6 +5,7 @@
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
+using System.Runtime.InteropServices;
 using System.Text;
 using System.Threading;
 using Xunit;
@@ -14,7 +15,6 @@ namespace System.Security.Cryptography.X509Certificates.Tests
    public static class ChainTests
    {
        internal static bool CanModifyStores { get; } = TestEnvironmentConfiguration.CanModifyStores;
-        internal static bool CanBuildSelfSignedChainReliably { get; } = !PlatformDetection.IsMacOsHighSierra;

        private static bool TrustsMicrosoftDotComRoot
        {
@@ -165,7 +165,7 @@ namespace System.Security.Cryptography.X509Certificates.Tests
            Assert.Equal(IntPtr.Zero, chain.ChainContext);
        }

-        [ConditionalFact(nameof(CanBuildSelfSignedChainReliably))]
+        [Fact]
        public static void TestResetMethod()
        {
            using (var sampleCert = new X509Certificate2(TestData.DssCer))
@@ -630,5 +630,48 @@ namespace System.Security.Cryptography.X509Certificates.Tests
            using (var chain = X509Chain.Create())
                Assert.NotNull(chain);
        }
+
+        [Fact]
+        public static void InvalidSelfSignedSignature()
+        {
+            X509ChainStatusFlags expectedFlags;
+
+            if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+            {
+                expectedFlags = X509ChainStatusFlags.NotSignatureValid;
+            }
+            else if (RuntimeInformation.IsOSPlatform(OSPlatform.OSX))
+            {
+                expectedFlags = X509ChainStatusFlags.UntrustedRoot;
+            }
+            else
+            {
+                expectedFlags =
+                    X509ChainStatusFlags.NotSignatureValid |
+                    X509ChainStatusFlags.UntrustedRoot;
+            }
+
+            byte[] certBytes = (byte[])TestData.MicrosoftDotComRootBytes.Clone();
+            // The signature goes up to the very last byte, so flip some bits in it.
+            certBytes[certBytes.Length - 1] ^= 0xFF;
+
+            using (var cert = new X509Certificate2(certBytes))
+            using (ChainHolder holder = new ChainHolder())
+            {
+                X509Chain chain = holder.Chain;
+                X509ChainPolicy policy = chain.ChainPolicy;
+                policy.VerificationTime = cert.NotBefore.AddDays(3);
+                policy.RevocationMode = X509RevocationMode.NoCheck;
+
+                chain.Build(cert);
+
+                X509ChainStatusFlags allFlags =
+                    chain.ChainStatus.Select(cs => cs.Status).Aggregate(
+                        X509ChainStatusFlags.NoError,
+                        (a, b) => a | b);
+
+                Assert.Equal(expectedFlags, allFlags);
+            }
+        }
    }
 }
--- a/external/corefx/src/System.Security.Cryptography.X509Certificates/tests/System.Security.Cryptography.X509Certificates.Tests.csproj
+++ b/external/corefx/src/System.Security.Cryptography.X509Certificates/tests/System.Security.Cryptography.X509Certificates.Tests.csproj
@@ -5,7 +5,6 @@
    <ProjectGuid>{A28B0064-EFB2-4B77-B97C-DECF5DAB074E}</ProjectGuid>
    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
    <DefineConstants Condition="'$(TargetGroup)'=='netcoreapp'">$(DefineConstants);netcoreapp</DefineConstants>
-    <ILCBuildType Condition="'$(TargetGroup)' == 'uap'">chk</ILCBuildType>
  </PropertyGroup>
  <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'netcoreapp-OSX-Debug|AnyCPU'" />
  <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'netcoreapp-OSX-Release|AnyCPU'" />
@@ -55,9 +54,6 @@
    <Compile Include="$(CommonTestPath)\System\Security\Cryptography\ByteUtils.cs">
      <Link>CommonTest\System\Security\Cryptography\ByteUtils.cs</Link>
    </Compile>
-    <Compile Include="$(CommonTestPath)\System\PlatformDetection.cs">
-      <Link>CommonTest\System\PlatformDetection.cs</Link>
-    </Compile>
    <Compile Include="ImportTests.cs" />
    <Compile Include="$(CommonTestPath)\System\Runtime\Serialization\Formatters\BinaryFormatterHelpers.cs">
      <Link>Common\System\Runtime\Serialization\Formatters\BinaryFormatterHelpers.cs</Link>