dotnet
diff --git a/‎src/libraries/Common/src/System/Security/Cryptography/DSAKeyFormatHelper.cs
Lines changed: 69 additions & 13 deletions b/‎src/libraries/Common/src/System/Security/Cryptography/DSAKeyFormatHelper.cs
Lines changed: 69 additions & 13 deletions
diff --git a/‎src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyFileTests.cs
Lines changed: 146 additions & 0 deletions b/‎src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/DSA/DSAKeyFileTests.cs
Lines changed: 146 additions & 0 deletions
diff --git a/‎src/libraries/System.Formats.Asn1/src/Resources/Strings.resx
Lines changed: 3 additions & 0 deletions b/‎src/libraries/System.Formats.Asn1/src/Resources/Strings.resx
Lines changed: 3 additions & 0 deletions
diff --git a/‎src/libraries/System.Formats.Asn1/src/System.Formats.Asn1.csproj
Lines changed: 6 additions & 0 deletions b/‎src/libraries/System.Formats.Asn1/src/System.Formats.Asn1.csproj
Lines changed: 6 additions & 0 deletions
diff --git a/‎src/libraries/System.Formats.Asn1/src/System/Formats/Asn1/AsnDecoder.Oid.cs
Lines changed: 53 additions & 0 deletions b/‎src/libraries/System.Formats.Asn1/src/System/Formats/Asn1/AsnDecoder.Oid.cs
Lines changed: 53 additions & 0 deletions
@@ -25,16 +25,6 @@ internal static void ReadDsaPrivateKey(
                 throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding);
             }
 
-            DssParms parms = DssParms.Decode(algId.Parameters.Value, AsnEncodingRules.BER);
-
-            ret = new DSAParameters
-            {
-                P = parms.P.ToByteArray(isUnsigned: true, isBigEndian: true),
-                Q = parms.Q.ToByteArray(isUnsigned: true, isBigEndian: true),
-            };
-
-            ret.G = parms.G.ExportKeyParameter(ret.P.Length);
-
             BigInteger x;
 
             try
@@ -57,6 +47,34 @@ internal static void ReadDsaPrivateKey(
                 throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding, e);
             }
 
+            DssParms parms = DssParms.Decode(algId.Parameters.Value, AsnEncodingRules.BER);
+
+            // Sanity checks from FIPS 186-4 4.1/4.2.  Since FIPS 186-5 withdrew DSA/DSS
+            // these will never change again.
+            //
+            // This technically allows a non-standard combination of 1024-bit P and 256-bit Q,
+            // but that will get filtered out by the underlying provider.
+            // These checks just prevent obviously bad data from wasting work on reinterpretation.
+
+            if (parms.P.Sign < 0 ||
+                parms.Q.Sign < 0 ||
+                !IsValidPLength(parms.P.GetBitLength()) ||
+                !IsValidQLength(parms.Q.GetBitLength()) ||
+                parms.G <= 1 ||
+                parms.G >= parms.P ||
+                x <= 1 ||
+                x >= parms.Q)
+            {
+                throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding);
+            }
+
+            ret = new DSAParameters
+            {
+                P = parms.P.ToByteArray(isUnsigned: true, isBigEndian: true),
+                Q = parms.Q.ToByteArray(isUnsigned: true, isBigEndian: true),
+            };
+
+            ret.G = parms.G.ExportKeyParameter(ret.P.Length);
             ret.X = x.ExportKeyParameter(ret.Q.Length);
 
             // The public key is not contained within the format, calculate it.
@@ -69,6 +87,11 @@ internal static void ReadDsaPublicKey(
             in AlgorithmIdentifierAsn algId,
             out DSAParameters ret)
         {
+            if (!algId.Parameters.HasValue)
+            {
+                throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding);
+            }
+
             BigInteger y;
 
             try
@@ -88,13 +111,27 @@ internal static void ReadDsaPublicKey(
                 throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding, e);
             }
 
-            if (!algId.Parameters.HasValue)
+            DssParms parms = DssParms.Decode(algId.Parameters.Value, AsnEncodingRules.BER);
+
+            // Sanity checks from FIPS 186-4 4.1/4.2.  Since FIPS 186-5 withdrew DSA/DSS
+            // these will never change again.
+            //
+            // This technically allows a non-standard combination of 1024-bit P and 256-bit Q,
+            // but that will get filtered out by the underlying provider.
+            // These checks just prevent obviously bad data from wasting work on reinterpretation.
+
+            if (parms.P.Sign < 0 ||
+                parms.Q.Sign < 0 ||
+                !IsValidPLength(parms.P.GetBitLength()) ||
+                !IsValidQLength(parms.Q.GetBitLength()) ||
+                parms.G <= 1 ||
+                parms.G >= parms.P ||
+                y <= 1 ||
+                y >= parms.P)
             {
                 throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding);
             }
 
-            DssParms parms = DssParms.Decode(algId.Parameters.Value, AsnEncodingRules.BER);
-
             ret = new DSAParameters
             {
                 P = parms.P.ToByteArray(isUnsigned: true, isBigEndian: true),
@@ -105,6 +142,25 @@ internal static void ReadDsaPublicKey(
             ret.Y = y.ExportKeyParameter(ret.P.Length);
         }
 
+        private static bool IsValidPLength(long pBitLength)
+        {
+            return pBitLength switch
+            {
+                // FIPS 186-3/186-4
+                1024 or 2048 or 3072 => true,
+                // FIPS 186-1/186-2
+                >= 512 and < 1024 => pBitLength % 64 == 0,
+                _ => false,
+            };
+        }
+
+        private static bool IsValidQLength(long qBitLength)
+        {
+            // FIPS 186-1/186-2 only allows 160
+            // FIPS 186-3/186-4 allow 160/224/256
+            return qBitLength is 160 or 224 or 256;
+        }
+
         internal static void ReadSubjectPublicKeyInfo(
             ReadOnlySpan<byte> source,
             out int bytesRead,
 
@@ -1,6 +1,8 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Formats.Asn1;
+using System.Numerics;
 using System.Security.Cryptography.Encryption.RC2.Tests;
 using System.Text;
 using Test.Cryptography;
@@ -302,6 +304,150 @@ public static void ReadWriteDsa2048SubjectPublicKeyInfo()
                 DSATestData.GetDSA2048Params());
         }
 
+        [Fact]
+        [SkipOnPlatform(TestPlatforms.OSX, "DSASecurityTransforms goes straight to OS, has different failure mode")]
+        public static void ImportNonsensePublicParameters()
+        {
+            AsnWriter writer = new AsnWriter(AsnEncodingRules.DER);
+
+            DSAParameters validParameters = DSATestData.GetDSA2048Params();
+            BigInteger p = new BigInteger(validParameters.P, true, true);
+            BigInteger q = new BigInteger(validParameters.Q, true, true);
+            BigInteger g = new BigInteger(validParameters.G, true, true);
+            BigInteger y = new BigInteger(validParameters.Y, true, true);
+
+            using (DSA dsa = DSAFactory.Create())
+            {
+                // 1 < y < p, 1 < g < p, q is 160/224/256 bits
+                // p is 512..1024 % 64, or 1024/2048/3072 bits
+                ImportSPKI(dsa, p, q, g, p, writer);
+                ImportSPKI(dsa, p, q, g, BigInteger.One, writer);
+                ImportSPKI(dsa, p, q, g, BigInteger.MinusOne, writer);
+                ImportSPKI(dsa, p, q, p, y, writer);
+                ImportSPKI(dsa, p, q, -g, y, writer);
+                ImportSPKI(dsa, p, q, BigInteger.One, y, writer);
+                ImportSPKI(dsa, p, q, BigInteger.MinusOne, y, writer);
+                ImportSPKI(dsa, p, q << 1, g, y, writer);
+                ImportSPKI(dsa, p, q >> 1, g, y, writer);
+                ImportSPKI(dsa, p, -q, g, y, writer);
+                ImportSPKI(dsa, p >> 1, q, g, y, writer);
+                ImportSPKI(dsa, p << 1, q, g, y, writer);
+                ImportSPKI(dsa, BigInteger.One << 4095, q, 2, 97, writer);
+            }
+
+            static void ImportSPKI(
+                DSA key,
+                BigInteger p,
+                BigInteger q,
+                BigInteger g,
+                BigInteger y,
+                AsnWriter writer)
+            {
+                writer.Reset();
+                writer.WriteInteger(y);
+                byte[] encodedPublicKey = writer.Encode();
+                writer.Reset();
+
+                using (writer.PushSequence())
+                {
+                    using (writer.PushSequence())
+                    {
+                        writer.WriteObjectIdentifier("1.2.840.10040.4.1");
+
+                        using (writer.PushSequence())
+                        {
+                            writer.WriteInteger(p);
+                            writer.WriteInteger(q);
+                            writer.WriteInteger(g);
+                        }
+                    }
+
+                    writer.WriteBitString(encodedPublicKey);
+                }
+
+                byte[] spki = writer.Encode();
+                writer.Reset();
+
+                AssertExtensions.ThrowsContains<CryptographicException>(
+                    () => key.ImportSubjectPublicKeyInfo(spki, out _),
+                    "corrupted");
+            }
+        }
+
+        [Fact]
+        public static void ImportNonsensePrivateParameters()
+        {
+            AsnWriter writer = new AsnWriter(AsnEncodingRules.DER);
+
+            DSAParameters validParameters = DSATestData.GetDSA2048Params();
+            BigInteger p = new BigInteger(validParameters.P, true, true);
+            BigInteger q = new BigInteger(validParameters.Q, true, true);
+            BigInteger g = new BigInteger(validParameters.G, true, true);
+            BigInteger x = new BigInteger(validParameters.X, true, true);
+
+            using (DSA dsa = DSAFactory.Create())
+            {
+                // 1 < x < q, 1 < g < p, q is 160/224/256 bits
+                // p is 512..1024 % 64, or 1024/2048/3072 bits
+                ImportPkcs8(dsa, p, q, g, q, writer);
+                ImportPkcs8(dsa, p, q, g, BigInteger.One, writer);
+                // x = -1 gets re-interpreted as x = 255 because of a CAPI compat issue.
+                //ImportPkcs8(dsa, p, q, g, BigInteger.MinusOne, writer);
+                ImportPkcs8(dsa, p, q, g, -x, writer);
+                ImportPkcs8(dsa, p, q, p, x, writer);
+                ImportPkcs8(dsa, p, q, -g, x, writer);
+                ImportPkcs8(dsa, p, q, BigInteger.One, x, writer);
+                ImportPkcs8(dsa, p, q, BigInteger.MinusOne, x, writer);
+                ImportPkcs8(dsa, p, q << 1, g, x, writer);
+                ImportPkcs8(dsa, p, q >> 1, g, x, writer);
+                ImportPkcs8(dsa, p >> 1, q, g, x, writer);
+                ImportPkcs8(dsa, p << 1, q, g, x, writer);
+                ImportPkcs8(dsa, -q, q, g, x, writer);
+                ImportPkcs8(dsa, BigInteger.One << 4095, q, 2, 97, writer);
+                ImportPkcs8(dsa, -p, q, g, x, writer);
+            }
+
+            static void ImportPkcs8(
+                DSA key,
+                BigInteger p,
+                BigInteger q,
+                BigInteger g,
+                BigInteger x,
+                AsnWriter writer)
+            {
+                writer.Reset();
+
+                using (writer.PushSequence())
+                {
+                    writer.WriteInteger(0);
+
+                    using (writer.PushSequence())
+                    {
+                        writer.WriteObjectIdentifier("1.2.840.10040.4.1");
+
+                        using (writer.PushSequence())
+                        {
+                            writer.WriteInteger(p);
+                            writer.WriteInteger(q);
+                            writer.WriteInteger(g);
+                        }
+                    }
+
+                    using (writer.PushOctetString())
+                    {
+                        writer.WriteInteger(x);
+                    }
+                }
+
+                byte[] pkcs8 = writer.Encode();
+                writer.Reset();
+
+                AssertExtensions.ThrowsContains<CryptographicException>(
+                    () => key.ImportPkcs8PrivateKey(pkcs8, out _),
+                    "corrupted");
+            }
+        }
+
         [Fact]
         public static void NoFuzzySubjectPublicKeyInfo()
         {
 
@@ -144,6 +144,9 @@
   <data name="ContentException_NamedBitListValueTooBig" xml:space="preserve">
     <value>The encoded named bit list value is larger than the value size of the '{0}' enum.</value>
   </data>
+  <data name="ContentException_OidTooBig" xml:space="preserve">
+    <value>The encoded object identifier (OID) exceeds the limits supported by this library. Supported OIDs are limited to 64 arcs and each subidentifier is limited to a 128-bit value.</value>
+  </data>
   <data name="ContentException_PrimitiveEncodingRequired" xml:space="preserve">
     <value>The encoded value uses a constructed encoding, which is invalid for '{0}' values.</value>
   </data>
 
@@ -4,6 +4,8 @@
     <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
     <DefineConstants>$(DefineConstants);CP_NO_ZEROMEMORY</DefineConstants>
     <IsPackable>true</IsPackable>
+    <GeneratePackageOnBuild>true</GeneratePackageOnBuild>
+    <ServicingVersion>1</ServicingVersion>
     <PackageDescription>Provides classes that can read and write the ASN.1 BER, CER, and DER data formats.
 
 Commonly Used Types:
@@ -12,6 +14,9 @@ System.Formats.Asn1.AsnWriter</PackageDescription>
   </PropertyGroup>
 
   <ItemGroup>
+    <Compile Include="$(CommonPath)System\LocalAppContextSwitches.Common.cs">
+      <Link>Common\System\LocalAppContextSwitches.Common.cs</Link>
+    </Compile>
     <Compile Include="$(CommonPath)System\Security\Cryptography\CryptoPool.cs">
       <Link>Common\System\Security\Cryptography\CryptoPool.cs</Link>
     </Compile>
@@ -49,6 +54,7 @@ System.Formats.Asn1.AsnWriter</PackageDescription>
     <Compile Include="System\Formats\Asn1\AsnWriter.SetOf.cs" />
     <Compile Include="System\Formats\Asn1\AsnWriter.Text.cs" />
     <Compile Include="System\Formats\Asn1\AsnWriter.UtcTime.cs" />
+    <Compile Include="System\Formats\Asn1\LocalAppContextSwitches.cs" />
     <Compile Include="System\Formats\Asn1\SetOfValueComparer.cs" />
     <Compile Include="System\Formats\Asn1\TagClass.cs" />
     <Compile Include="System\Formats\Asn1\UniversalTagNumber.cs" />
 
@@ -90,15 +90,55 @@ private static void ReadSubIdentifier(
                 throw new AsnContentException();
             }
 
+            // Set semanticBits to a value such that on the first
+            // iteration of the loop it becomes the correct value.
+            // So each entry here is [real semantic bits for this value] - 7.
+            int semanticBits = source[0] switch
+            {
+                >= 0b1100_0000 => 0,
+                >= 0b1010_0000 => -1,
+                >= 0b1001_0000 => -2,
+                >= 0b1000_1000 => -3,
+                >= 0b1000_0100 => -4,
+                >= 0b1000_0010 => -5,
+                >= 0b1000_0001 => -6,
+                _ => 0,
+            };
+
             // First, see how long the segment is
             int end = -1;
             int idx;
 
+            // None of T-REC-X.660-201107, T-REC-X.680-201508, or T-REC-X.690-201508
+            // have any recommendations for a minimum (or maximum) size of a
+            // sub-identifier.
+            //
+            // T-REC-X.667-201210 (and earlier versions) discuss the no-registration-
+            // required UUID space at 2.25.{UUID}, where UUIDs are defined as 128-bit
+            // values. This gives us a minimum lower bound of 128-bit.
+            //
+            // Windows Crypt32 has historically only supported 64-bit values, and
+            // the "size limitations" FAQ on oid-info.com says that the largest arc
+            // value is a 39-digit value that corresponds to a 2.25.UUID value.
+            //
+            // So, until something argues for a bigger number, our bit-limit is 128.
+            const int MaxAllowedBits = 128;
+
             for (idx = 0; idx < source.Length; idx++)
             {
                 // If the high bit isn't set this marks the end of the sub-identifier.
                 bool endOfIdentifier = (source[idx] & 0x80) == 0;
 
+                if (!LocalAppContextSwitches.AllowAnySizeOid)
+                {
+                    semanticBits += 7;
+
+                    if (semanticBits > MaxAllowedBits)
+                    {
+                        throw new AsnContentException(SR.ContentException_OidTooBig);
+                    }
+                }
+
                 if (endOfIdentifier)
                 {
                     end = idx;
@@ -265,8 +305,21 @@ private static string ReadObjectIdentifier(ReadOnlySpan<byte> contents)
 
             contents = contents.Slice(bytesRead);
 
+            const int MaxArcs = 64;
+            int remainingArcs = MaxArcs - 2;
+
             while (!contents.IsEmpty)
             {
+                if (!LocalAppContextSwitches.AllowAnySizeOid)
+                {
+                    if (remainingArcs <= 0)
+                    {
+                        throw new AsnContentException(SR.ContentException_OidTooBig);
+                    }
+
+                    remainingArcs--;
+                }
+
                 ReadSubIdentifier(contents, out bytesRead, out smallValue, out largeValue);
                 // Exactly one should be non-null.
                 Debug.Assert((smallValue == null) != (largeValue == null));