[reflect] fix more usage of SHA1Managed for FIPS (#14)

In e9946684, I fixed the usage of `SHA1Managed` that I found from a stack trace while running `mkbundle.exe` on Windows. I found 3 more usages that needed to be fixed.
author: Jonathan Peppers <jonathan.peppers@gmail.com> 2019-10-03 18:34:41 +0300
committer: Alexander Köplinger <alex.koeplinger@outlook.com> 2019-10-03 18:34:41 +0300
commit: 9f805dcf8a87f46c0c5ef01e8468e92af2c2ef47 (patch)
tree: 86b69de6546e9f363c20ff647bf802d8b95cb689
parent: e9946684f05a4415e370c0298560c09d3c3a6973 (diff)
2 files changed, 72 insertions, 66 deletions
diff --git a/reflect/Emit/AssemblyBuilder.cs b/reflect/Emit/AssemblyBuilder.cs
index a1ba7177..349dfc1d 100644
--- a/reflect/Emit/AssemblyBuilder.cs
+++ b/reflect/Emit/AssemblyBuilder.cs
@@ -472,21 +472,23 @@ namespace IKVM.Reflection.Emit
 
 		private int AddFile(ModuleBuilder manifestModule, string fileName, int flags)
 		{
-			SHA1Managed hash = new SHA1Managed();
-			string fullPath = fileName;
-			if (dir != null)
-			{
-				fullPath = Path.Combine(dir, fileName);
-			}
-			using (FileStream fs = new FileStream(fullPath, FileMode.Open, FileAccess.Read))
+			using (var hash = SHA1.Create())
 			{
-				using (CryptoStream cs = new CryptoStream(Stream.Null, hash, CryptoStreamMode.Write))
+				string fullPath = fileName;
+				if (dir != null)
 				{
-					byte[] buf = new byte[8192];
-					ModuleWriter.HashChunk(fs, cs, buf, (int)fs.Length);
+					fullPath = Path.Combine(dir, fileName);
+				}
+				using (FileStream fs = new FileStream(fullPath, FileMode.Open, FileAccess.Read))
+				{
+					using (CryptoStream cs = new CryptoStream(Stream.Null, hash, CryptoStreamMode.Write))
+					{
+						byte[] buf = new byte[8192];
+						ModuleWriter.HashChunk(fs, cs, buf, (int)fs.Length);
+					}
 				}
+				return manifestModule.__AddModule(flags, Path.GetFileName(fileName), hash.Hash);
 			}
-			return manifestModule.__AddModule(flags, Path.GetFileName(fileName), hash.Hash);
 		}
 
 		public void AddResourceFile(string name, string fileName)
diff --git a/reflect/Writer/ModuleWriter.cs b/reflect/Writer/ModuleWriter.cs
index 1e880d58..8edaecf6 100644
--- a/reflect/Writer/ModuleWriter.cs
+++ b/reflect/Writer/ModuleWriter.cs
@@ -382,53 +382,55 @@ namespace IKVM.Reflection.Writer
 
 		private static void StrongName(Stream stream, StrongNameKeyPair keyPair, uint headerLength, uint textSectionFileOffset, uint strongNameSignatureFileOffset, uint strongNameSignatureLength)
 		{
-			SHA1Managed hash = new SHA1Managed();
-			using (CryptoStream cs = new CryptoStream(Stream.Null, hash, CryptoStreamMode.Write))
+			using (var hash = SHA1.Create())
 			{
+				using (CryptoStream cs = new CryptoStream(Stream.Null, hash, CryptoStreamMode.Write))
+				{
+					stream.Seek(0, SeekOrigin.Begin);
+					byte[] buf = new byte[8192];
+					HashChunk(stream, cs, buf, (int)headerLength);
+					stream.Seek(textSectionFileOffset, SeekOrigin.Begin);
+					HashChunk(stream, cs, buf, (int)(strongNameSignatureFileOffset - textSectionFileOffset));
+					stream.Seek(strongNameSignatureLength, SeekOrigin.Current);
+					HashChunk(stream, cs, buf, (int)(stream.Length - (strongNameSignatureFileOffset + strongNameSignatureLength)));
+				}
+				using (RSA rsa = keyPair.CreateRSA())
+				{
+					RSAPKCS1SignatureFormatter sign = new RSAPKCS1SignatureFormatter(rsa);
+					byte[] signature = sign.CreateSignature(hash);
+					Array.Reverse(signature);
+					if (signature.Length != strongNameSignatureLength)
+					{
+						throw new InvalidOperationException("Signature length mismatch");
+					}
+					stream.Seek(strongNameSignatureFileOffset, SeekOrigin.Begin);
+					stream.Write(signature, 0, signature.Length);
+				}
+
+				// compute the PE checksum
 				stream.Seek(0, SeekOrigin.Begin);
-				byte[] buf = new byte[8192];
-				HashChunk(stream, cs, buf, (int)headerLength);
-				stream.Seek(textSectionFileOffset, SeekOrigin.Begin);
-				HashChunk(stream, cs, buf, (int)(strongNameSignatureFileOffset - textSectionFileOffset));
-				stream.Seek(strongNameSignatureLength, SeekOrigin.Current);
-				HashChunk(stream, cs, buf, (int)(stream.Length - (strongNameSignatureFileOffset + strongNameSignatureLength)));
-			}
-			using (RSA rsa = keyPair.CreateRSA())
-			{
-				RSAPKCS1SignatureFormatter sign = new RSAPKCS1SignatureFormatter(rsa);
-				byte[] signature = sign.CreateSignature(hash);
-				Array.Reverse(signature);
-				if (signature.Length != strongNameSignatureLength)
+				int count = (int)stream.Length / 4;
+				BinaryReader br = new BinaryReader(stream);
+				long sum = 0;
+				for (int i = 0; i < count; i++)
 				{
-					throw new InvalidOperationException("Signature length mismatch");
+					sum += br.ReadUInt32();
+					int carry = (int)(sum >> 32);
+					sum &= 0xFFFFFFFFU;
+					sum += carry;
 				}
-				stream.Seek(strongNameSignatureFileOffset, SeekOrigin.Begin);
-				stream.Write(signature, 0, signature.Length);
-			}
+				while ((sum >> 16) != 0)
+				{
+					sum = (sum & 0xFFFF) + (sum >> 16);
+				}
+				sum += stream.Length;
 
-			// compute the PE checksum
-			stream.Seek(0, SeekOrigin.Begin);
-			int count = (int)stream.Length / 4;
-			BinaryReader br = new BinaryReader(stream);
-			long sum = 0;
-			for (int i = 0; i < count; i++)
-			{
-				sum += br.ReadUInt32();
-				int carry = (int)(sum >> 32);
-				sum &= 0xFFFFFFFFU;
-				sum += carry;
+				// write the PE checksum, note that it is always at offset 0xD8 in the file
+				ByteBuffer bb = new ByteBuffer(4);
+				bb.Write((int)sum);
+				stream.Seek(0xD8, SeekOrigin.Begin);
+				bb.WriteTo(stream);
 			}
-			while ((sum >> 16) != 0)
-			{
-				sum = (sum & 0xFFFF) + (sum >> 16);
-			}
-			sum += stream.Length;
-
-			// write the PE checksum, note that it is always at offset 0xD8 in the file
-			ByteBuffer bb = new ByteBuffer(4);
-			bb.Write((int)sum);
-			stream.Seek(0xD8, SeekOrigin.Begin);
-			bb.WriteTo(stream);
 		}
 
 		internal static void HashChunk(Stream stream, CryptoStream cs, byte[] buf, int length)
@@ -443,21 +445,23 @@ namespace IKVM.Reflection.Writer
 
 		private static Guid GenerateModuleVersionId(Stream stream)
 		{
-			SHA1Managed hash = new SHA1Managed();
-			using (CryptoStream cs = new CryptoStream(Stream.Null, hash, CryptoStreamMode.Write))
+			using (var hash = SHA1.Create())
 			{
-				stream.Seek(0, SeekOrigin.Begin);
-				byte[] buf = new byte[8192];
-				HashChunk(stream, cs, buf, (int)stream.Length);
-			}
-			byte[] bytes = new byte[16];
-			Buffer.BlockCopy(hash.Hash, 0, bytes, 0, bytes.Length);
-			// set GUID type to "version 4" (random)
-			bytes[7] &= 0x0F;
-			bytes[7] |= 0x40;
-			bytes[8] &= 0x3F;
-			bytes[8] |= 0x80;
-			return new Guid(bytes);
+				using (CryptoStream cs = new CryptoStream(Stream.Null, hash, CryptoStreamMode.Write))
+				{
+					stream.Seek(0, SeekOrigin.Begin);
+					byte[] buf = new byte[8192];
+					HashChunk(stream, cs, buf, (int)stream.Length);
+				}
+				byte[] bytes = new byte[16];
+				Buffer.BlockCopy(hash.Hash, 0, bytes, 0, bytes.Length);
+				// set GUID type to "version 4" (random)
+				bytes[7] &= 0x0F;
+				bytes[7] |= 0x40;
+				bytes[8] &= 0x3F;
+				bytes[8] |= 0x80;
+				return new Guid(bytes);
+			}
 		}
 	}
 }
author	Jonathan Peppers <jonathan.peppers@gmail.com>	2019-10-03 18:34:41 +0300
committer	Alexander Köplinger <alex.koeplinger@outlook.com>	2019-10-03 18:34:41 +0300
commit	9f805dcf8a87f46c0c5ef01e8468e92af2c2ef47 (patch)
tree	86b69de6546e9f363c20ff647bf802d8b95cb689
parent	e9946684f05a4415e370c0298560c09d3c3a6973 (diff)