Imported Upstream version 4.6.0.125

Former-commit-id: a2155e9bd80020e49e72e86c44da02a8ac0e57a4
2016-08-03 10:59:49 +00:00
parent a569aebcfd
commit e79aa3c0ed
17047 changed files with 3137615 additions and 392334 deletions
--- a/mcs/class/referencesource/System.ServiceModel/System/ServiceModel/Security/SecurityUtilsEx.cs
+++ b/mcs/class/referencesource/System.ServiceModel/System/ServiceModel/Security/SecurityUtilsEx.cs
@ -0,0 +1,71 @@
+//------------------------------------------------------------
+// Copyright (c) Microsoft Corporation.  All rights reserved.
+//------------------------------------------------------------
+
+using System.Security;
+using System.Security.Permissions;
+using Microsoft.Win32;
+using System.Runtime;
+
+namespace System.ServiceModel.Security
+{
+    static class SecurityUtilsEx
+    {
+        static int fipsAlgorithmPolicy = -1;
+
+        // Federal Information Processing Standards Publications
+        // at http://www.itl.nist.gov/fipspubs/geninfo.htm
+        // Note: this is copied from System.IdentityModel.SecurityUtilsEx.RequiresFipsCompliance.
+        internal static bool RequiresFipsCompliance
+        {
+            [Fx.Tag.SecurityNote(Critical = "Calls an UnsafeNativeMethod and a Critical method (GetFipsAlgorithmPolicyKeyFromRegistry).",
+                Safe = "Processes the return and just returns a bool, which is safe.")]
+            [SecuritySafeCritical]
+            get
+            {
+                if (fipsAlgorithmPolicy == -1)
+                {
+                    if (OSEnvironmentHelper.IsVistaOrGreater)
+                    {
+                        bool fipsEnabled;
+#pragma warning suppress 56523 //  we check for the return code of the method instead of calling GetLastWin32Error
+                        bool readPolicy = (System.ServiceModel.Channels.UnsafeNativeMethods.ERROR_SUCCESS == System.ServiceModel.Channels.UnsafeNativeMethods.BCryptGetFipsAlgorithmMode(out fipsEnabled));
+
+                        if (readPolicy && fipsEnabled)
+                            fipsAlgorithmPolicy = 1;
+                        else
+                            fipsAlgorithmPolicy = 0;
+                    }
+                    else
+                    {
+                        fipsAlgorithmPolicy = GetFipsAlgorithmPolicyKeyFromRegistry();
+                        if (fipsAlgorithmPolicy != 1)
+                            fipsAlgorithmPolicy = 0;
+                    }
+                }
+                return fipsAlgorithmPolicy == 1;
+            }
+        }
+
+        const string fipsPolicyRegistryKey = @"System\CurrentControlSet\Control\Lsa";
+
+        [Fx.Tag.SecurityNote(Critical = "Asserts to get a value from the registry.")]
+        [SecurityCritical]
+        [RegistryPermission(SecurityAction.Assert, Read = @"HKEY_LOCAL_MACHINE\" + fipsPolicyRegistryKey)]
+        static int GetFipsAlgorithmPolicyKeyFromRegistry()
+        {
+            int fipsAlgorithmPolicy = -1;
+            using (RegistryKey fipsAlgorithmPolicyKey = Registry.LocalMachine.OpenSubKey(fipsPolicyRegistryKey, false))
+            {
+                if (fipsAlgorithmPolicyKey != null)
+                {
+                    object data = fipsAlgorithmPolicyKey.GetValue("FIPSAlgorithmPolicy");
+                    if (data != null)
+                        fipsAlgorithmPolicy = (int)data;
+                }
+            }
+            return fipsAlgorithmPolicy;
+        }
+    }
+
+}