From 9deca586997f96333fac757641a6651951318b47 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sat, 7 Mar 2026 13:57:18 +0000
Subject: [PATCH 1/5] Initial plan


From 15ca41bf1ac5c37ecc1af91138ed285a73bb9385 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sat, 7 Mar 2026 14:35:38 +0000
Subject: [PATCH 2/5] Replace AsnValueReader with ValueAsnReader and remove
 internal type

- Replace AsnValueReader with ValueAsnReader in NegotiateAuthenticationPal.ManagedSpnego.cs
- Replace AsnValueReader with ValueAsnReader in CompositeMLDsaTestHelpers.cs
- Extract AsnWriterExtensions to its own file
- Delete AsnValueReader.cs
- Update shared projitems to reference AsnWriterExtensions.cs
- Remove projitems import from System.Net.Security.csproj

Co-authored-by: vcsjones <361677+vcsjones@users.noreply.github.com>
---
 .../Cryptography/Asn1Reader/AsnValueReader.cs | 258 ------------------
 .../Asn1Reader/AsnWriterExtensions.cs         |  45 +++
 ...y.Cryptography.Asn1Reader.Shared.projitems |   4 +-
 .../CompositeMLDsaTestHelpers.cs              |   4 +-
 .../src/System.Net.Security.csproj            |   1 -
 ...egotiateAuthenticationPal.ManagedSpnego.cs |  12 +-
 6 files changed, 55 insertions(+), 269 deletions(-)
 delete mode 100644 src/libraries/Common/src/System/Security/Cryptography/Asn1Reader/AsnValueReader.cs
 create mode 100644 src/libraries/Common/src/System/Security/Cryptography/Asn1Reader/AsnWriterExtensions.cs

diff --git a/src/libraries/Common/src/System/Security/Cryptography/Asn1Reader/AsnValueReader.cs b/src/libraries/Common/src/System/Security/Cryptography/Asn1Reader/AsnValueReader.cs
deleted file mode 100644
index ea9c1c3c7cadae..00000000000000
--- a/src/libraries/Common/src/System/Security/Cryptography/Asn1Reader/AsnValueReader.cs
+++ /dev/null
@@ -1,258 +0,0 @@
-// Licensed to the .NET Foundation under one or more agreements.
-// The .NET Foundation licenses this file to you under the MIT license.
-
-using System.Numerics;
-using System.Security.Cryptography;
-
-namespace System.Formats.Asn1
-{
-    internal ref struct AsnValueReader
-    {
-        private static readonly byte[] s_singleByte = new byte[1];
-
-        private ReadOnlySpan<byte> _span;
-        private readonly AsnEncodingRules _ruleSet;
-
-        internal AsnValueReader(ReadOnlySpan<byte> span, AsnEncodingRules ruleSet)
-        {
-            _span = span;
-            _ruleSet = ruleSet;
-        }
-
-        internal bool HasData => !_span.IsEmpty;
-
-        internal void ThrowIfNotEmpty()
-        {
-            if (!_span.IsEmpty)
-            {
-                new AsnReader(s_singleByte, _ruleSet).ThrowIfNotEmpty();
-            }
-        }
-
-        internal Asn1Tag PeekTag()
-        {
-            return Asn1Tag.Decode(_span, out _);
-        }
-
-        internal ReadOnlySpan<byte> PeekContentBytes()
-        {
-            AsnDecoder.ReadEncodedValue(
-                _span,
-                _ruleSet,
-                out int contentOffset,
-                out int contentLength,
-                out _);
-
-            return _span.Slice(contentOffset, contentLength);
-        }
-
-        internal ReadOnlySpan<byte> PeekEncodedValue()
-        {
-            AsnDecoder.ReadEncodedValue(_span, _ruleSet, out _, out _, out int consumed);
-            return _span.Slice(0, consumed);
-        }
-
-        internal ReadOnlySpan<byte> ReadEncodedValue()
-        {
-            ReadOnlySpan<byte> value = PeekEncodedValue();
-            _span = _span.Slice(value.Length);
-            return value;
-        }
-
-        internal bool ReadBoolean(Asn1Tag? expectedTag = default)
-        {
-            bool ret = AsnDecoder.ReadBoolean(_span, _ruleSet, out int consumed, expectedTag);
-            _span = _span.Slice(consumed);
-            return ret;
-        }
-
-        internal BigInteger ReadInteger(Asn1Tag? expectedTag = default)
-        {
-            BigInteger ret = AsnDecoder.ReadInteger(_span, _ruleSet, out int consumed, expectedTag);
-            _span = _span.Slice(consumed);
-            return ret;
-        }
-
-        internal bool TryReadInt32(out int value, Asn1Tag? expectedTag = default)
-        {
-            bool ret = AsnDecoder.TryReadInt32(_span, _ruleSet, out value, out int consumed, expectedTag);
-            _span = _span.Slice(consumed);
-            return ret;
-        }
-
-        internal ReadOnlySpan<byte> ReadIntegerBytes(Asn1Tag? expectedTag = default)
-        {
-            ReadOnlySpan<byte> ret = AsnDecoder.ReadIntegerBytes(_span, _ruleSet, out int consumed, expectedTag);
-            _span = _span.Slice(consumed);
-            return ret;
-        }
-
-        internal bool TryReadPrimitiveBitString(
-            out int unusedBitCount,
-            out ReadOnlySpan<byte> value,
-            Asn1Tag? expectedTag = default)
-        {
-            bool ret = AsnDecoder.TryReadPrimitiveBitString(
-                _span,
-                _ruleSet,
-                out unusedBitCount,
-                out value,
-                out int consumed,
-                expectedTag);
-
-            _span = _span.Slice(consumed);
-            return ret;
-        }
-
-        internal byte[] ReadBitString(out int unusedBitCount, Asn1Tag? expectedTag = default)
-        {
-            byte[] ret = AsnDecoder.ReadBitString(
-                _span,
-                _ruleSet,
-                out unusedBitCount,
-                out int consumed,
-                expectedTag);
-
-            _span = _span.Slice(consumed);
-            return ret;
-        }
-
-        internal TFlagsEnum ReadNamedBitListValue<TFlagsEnum>(Asn1Tag? expectedTag = default) where TFlagsEnum : Enum
-        {
-            TFlagsEnum ret = AsnDecoder.ReadNamedBitListValue<TFlagsEnum>(_span, _ruleSet, out int consumed, expectedTag);
-            _span = _span.Slice(consumed);
-            return ret;
-        }
-
-        internal bool TryReadPrimitiveOctetString(
-            out ReadOnlySpan<byte> value,
-            Asn1Tag? expectedTag = default)
-        {
-            bool ret = AsnDecoder.TryReadPrimitiveOctetString(
-                _span,
-                _ruleSet,
-                out value,
-                out int consumed,
-                expectedTag);
-
-            _span = _span.Slice(consumed);
-            return ret;
-        }
-
-        internal byte[] ReadOctetString(Asn1Tag? expectedTag = default)
-        {
-            byte[] ret = AsnDecoder.ReadOctetString(
-                _span,
-                _ruleSet,
-                out int consumed,
-                expectedTag);
-
-            _span = _span.Slice(consumed);
-            return ret;
-        }
-
-        internal string ReadObjectIdentifier(Asn1Tag? expectedTag = default)
-        {
-            string ret = AsnDecoder.ReadObjectIdentifier(_span, _ruleSet, out int consumed, expectedTag);
-            _span = _span.Slice(consumed);
-            return ret;
-        }
-
-        internal AsnValueReader ReadSequence(Asn1Tag? expectedTag = default)
-        {
-            AsnDecoder.ReadSequence(
-                _span,
-                _ruleSet,
-                out int contentOffset,
-                out int contentLength,
-                out int bytesConsumed,
-                expectedTag);
-
-            ReadOnlySpan<byte> content = _span.Slice(contentOffset, contentLength);
-            _span = _span.Slice(bytesConsumed);
-            return new AsnValueReader(content, _ruleSet);
-        }
-
-        internal AsnValueReader ReadSetOf(Asn1Tag? expectedTag = default, bool skipSortOrderValidation = false)
-        {
-            AsnDecoder.ReadSetOf(
-                _span,
-                _ruleSet,
-                out int contentOffset,
-                out int contentLength,
-                out int bytesConsumed,
-                skipSortOrderValidation: skipSortOrderValidation,
-                expectedTag: expectedTag);
-
-            ReadOnlySpan<byte> content = _span.Slice(contentOffset, contentLength);
-            _span = _span.Slice(bytesConsumed);
-            return new AsnValueReader(content, _ruleSet);
-        }
-
-        internal DateTimeOffset ReadUtcTime(Asn1Tag? expectedTag = default)
-        {
-            DateTimeOffset ret = AsnDecoder.ReadUtcTime(_span, _ruleSet, out int consumed, expectedTag: expectedTag);
-            _span = _span.Slice(consumed);
-            return ret;
-        }
-
-        internal DateTimeOffset ReadGeneralizedTime(Asn1Tag? expectedTag = default)
-        {
-            DateTimeOffset ret = AsnDecoder.ReadGeneralizedTime(_span, _ruleSet, out int consumed, expectedTag);
-            _span = _span.Slice(consumed);
-            return ret;
-        }
-
-        internal string ReadCharacterString(UniversalTagNumber encodingType, Asn1Tag? expectedTag = default)
-        {
-            string ret = AsnDecoder.ReadCharacterString(_span, _ruleSet, encodingType, out int consumed, expectedTag);
-            _span = _span.Slice(consumed);
-            return ret;
-        }
-
-        internal TEnum ReadEnumeratedValue<TEnum>(Asn1Tag? expectedTag = null) where TEnum : Enum
-        {
-            TEnum ret = AsnDecoder.ReadEnumeratedValue<TEnum>(_span, _ruleSet, out int consumed, expectedTag);
-            _span = _span.Slice(consumed);
-            return ret;
-        }
-    }
-
-    internal static class AsnWriterExtensions
-    {
-        internal static void WriteEncodedValueForCrypto(
-            this AsnWriter writer,
-            ReadOnlySpan<byte> value)
-        {
-            try
-            {
-                writer.WriteEncodedValue(value);
-            }
-            catch (ArgumentException e)
-            {
-                throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding, e);
-            }
-        }
-
-        internal static void WriteObjectIdentifierForCrypto(
-            this AsnWriter writer,
-            string value)
-        {
-            try
-            {
-                writer.WriteObjectIdentifier(value);
-            }
-            catch (ArgumentException e)
-            {
-                throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding, e);
-            }
-        }
-
-        internal static ArraySegment<byte> RentAndEncode(this AsnWriter writer)
-        {
-            byte[] rented = CryptoPool.Rent(writer.GetEncodedLength());
-            int written = writer.Encode(rented);
-            return new ArraySegment<byte>(rented, 0, written);
-        }
-    }
-}
diff --git a/src/libraries/Common/src/System/Security/Cryptography/Asn1Reader/AsnWriterExtensions.cs b/src/libraries/Common/src/System/Security/Cryptography/Asn1Reader/AsnWriterExtensions.cs
new file mode 100644
index 00000000000000..9a66da46117f4c
--- /dev/null
+++ b/src/libraries/Common/src/System/Security/Cryptography/Asn1Reader/AsnWriterExtensions.cs
@@ -0,0 +1,45 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System.Security.Cryptography;
+
+namespace System.Formats.Asn1
+{
+    internal static class AsnWriterExtensions
+    {
+        internal static void WriteEncodedValueForCrypto(
+            this AsnWriter writer,
+            ReadOnlySpan<byte> value)
+        {
+            try
+            {
+                writer.WriteEncodedValue(value);
+            }
+            catch (ArgumentException e)
+            {
+                throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding, e);
+            }
+        }
+
+        internal static void WriteObjectIdentifierForCrypto(
+            this AsnWriter writer,
+            string value)
+        {
+            try
+            {
+                writer.WriteObjectIdentifier(value);
+            }
+            catch (ArgumentException e)
+            {
+                throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding, e);
+            }
+        }
+
+        internal static ArraySegment<byte> RentAndEncode(this AsnWriter writer)
+        {
+            byte[] rented = CryptoPool.Rent(writer.GetEncodedLength());
+            int written = writer.Encode(rented);
+            return new ArraySegment<byte>(rented, 0, written);
+        }
+    }
+}
diff --git a/src/libraries/Common/src/System/Security/Cryptography/Asn1Reader/System.Security.Cryptography.Asn1Reader.Shared.projitems b/src/libraries/Common/src/System/Security/Cryptography/Asn1Reader/System.Security.Cryptography.Asn1Reader.Shared.projitems
index 518a8c66f4b6b8..e2a20586b826db 100644
--- a/src/libraries/Common/src/System/Security/Cryptography/Asn1Reader/System.Security.Cryptography.Asn1Reader.Shared.projitems
+++ b/src/libraries/Common/src/System/Security/Cryptography/Asn1Reader/System.Security.Cryptography.Asn1Reader.Shared.projitems
@@ -9,8 +9,8 @@
     </Compile>
   </ItemDefinitionGroup>
   <ItemGroup>
-    <Compile Include="$(MSBuildThisFileDirectory)AsnValueReader.cs">
-      <Link>Common\System\Security\Cryptography\Asn1Reader\AsnValueReader.cs</Link>
+    <Compile Include="$(MSBuildThisFileDirectory)AsnWriterExtensions.cs">
+      <Link>Common\System\Security\Cryptography\Asn1Reader\AsnWriterExtensions.cs</Link>
     </Compile>
   </ItemGroup>
 </Project>
diff --git a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/CompositeMLDsa/CompositeMLDsaTestHelpers.cs b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/CompositeMLDsa/CompositeMLDsaTestHelpers.cs
index 1a1622f3a2bc8c..3ccadf5a25a89e 100644
--- a/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/CompositeMLDsa/CompositeMLDsaTestHelpers.cs
+++ b/src/libraries/Common/tests/System/Security/Cryptography/AlgorithmImplementations/CompositeMLDsa/CompositeMLDsaTestHelpers.cs
@@ -563,8 +563,8 @@ private static RSAParameters RSAParametersFromRawPrivateKey(ReadOnlySpan<byte> k
         {
             RSAParameters parameters = default;
 
-            AsnValueReader reader = new AsnValueReader(key, AsnEncodingRules.BER);
-            AsnValueReader sequenceReader = reader.ReadSequence(Asn1Tag.Sequence);
+            ValueAsnReader reader = new ValueAsnReader(key, AsnEncodingRules.BER);
+            ValueAsnReader sequenceReader = reader.ReadSequence(Asn1Tag.Sequence);
 
             if (!sequenceReader.TryReadInt32(out int version))
             {
diff --git a/src/libraries/System.Net.Security/src/System.Net.Security.csproj b/src/libraries/System.Net.Security/src/System.Net.Security.csproj
index fe26b4a0a12905..2b8d8f496f72b2 100644
--- a/src/libraries/System.Net.Security/src/System.Net.Security.csproj
+++ b/src/libraries/System.Net.Security/src/System.Net.Security.csproj
@@ -23,7 +23,6 @@
     <GenAPIExcludeApiList>ReferenceAssemblyExclusions.txt</GenAPIExcludeApiList>
   </PropertyGroup>
 
-  <Import Project="$(CommonPath)System\Security\Cryptography\Asn1Reader\System.Security.Cryptography.Asn1Reader.Shared.projitems" Condition="'$(TargetPlatformIdentifier)' != '' and '$(TargetPlatformIdentifier)' != 'windows'" />
 
   <ItemGroup>
     <Compile Include="System\Security\Authentication\ExtendedProtection\ExtendedProtectionPolicy.cs" />
diff --git a/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.ManagedSpnego.cs b/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.ManagedSpnego.cs
index 1ddb004769037f..ad860ec7595f5b 100644
--- a/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.ManagedSpnego.cs
+++ b/src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.ManagedSpnego.cs
@@ -222,8 +222,8 @@ private IEnumerable<KeyValuePair<string, string>> EnumerateMechanisms()
 
                 try
                 {
-                    AsnValueReader reader = new AsnValueReader(challenge, AsnEncodingRules.DER);
-                    AsnValueReader challengeReader = reader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, (int)NegotiationToken.NegTokenResp));
+                    ValueAsnReader reader = new ValueAsnReader(challenge, AsnEncodingRules.DER);
+                    ValueAsnReader challengeReader = reader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, (int)NegotiationToken.NegTokenResp));
                     reader.ThrowIfNotEmpty();
 
                     // NegTokenResp ::= SEQUENCE {
@@ -245,28 +245,28 @@ private IEnumerable<KeyValuePair<string, string>> EnumerateMechanisms()
 
                     if (challengeReader.HasData && challengeReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, (int)NegTokenResp.NegState)))
                     {
-                        AsnValueReader valueReader = challengeReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, (int)NegTokenResp.NegState));
+                        ValueAsnReader valueReader = challengeReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, (int)NegTokenResp.NegState));
                         state = valueReader.ReadEnumeratedValue<NegState>();
                         valueReader.ThrowIfNotEmpty();
                     }
 
                     if (challengeReader.HasData && challengeReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, (int)NegTokenResp.SupportedMech)))
                     {
-                        AsnValueReader valueReader = challengeReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, (int)NegTokenResp.SupportedMech));
+                        ValueAsnReader valueReader = challengeReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, (int)NegTokenResp.SupportedMech));
                         mech = valueReader.ReadObjectIdentifier();
                         valueReader.ThrowIfNotEmpty();
                     }
 
                     if (challengeReader.HasData && challengeReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, (int)NegTokenResp.ResponseToken)))
                     {
-                        AsnValueReader valueReader = challengeReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, (int)NegTokenResp.ResponseToken));
+                        ValueAsnReader valueReader = challengeReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, (int)NegTokenResp.ResponseToken));
                         blob = valueReader.ReadOctetString();
                         valueReader.ThrowIfNotEmpty();
                     }
 
                     if (challengeReader.HasData && challengeReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, (int)NegTokenResp.MechListMIC)))
                     {
-                        AsnValueReader valueReader = challengeReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, (int)NegTokenResp.MechListMIC));
+                        ValueAsnReader valueReader = challengeReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, (int)NegTokenResp.MechListMIC));
                         mechListMIC = valueReader.ReadOctetString();
                         valueReader.ThrowIfNotEmpty();
                     }

From 8b8c3a2958267901f54b5810e3b0b057bde2b5ea Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sat, 7 Mar 2026 14:36:25 +0000
Subject: [PATCH 3/5] Fix extra blank line in System.Net.Security.csproj

Co-authored-by: vcsjones <361677+vcsjones@users.noreply.github.com>
---
 src/libraries/System.Net.Security/src/System.Net.Security.csproj | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/libraries/System.Net.Security/src/System.Net.Security.csproj b/src/libraries/System.Net.Security/src/System.Net.Security.csproj
index 2b8d8f496f72b2..a96d618ed070ab 100644
--- a/src/libraries/System.Net.Security/src/System.Net.Security.csproj
+++ b/src/libraries/System.Net.Security/src/System.Net.Security.csproj
@@ -23,7 +23,6 @@
     <GenAPIExcludeApiList>ReferenceAssemblyExclusions.txt</GenAPIExcludeApiList>
   </PropertyGroup>
 
-
   <ItemGroup>
     <Compile Include="System\Security\Authentication\ExtendedProtection\ExtendedProtectionPolicy.cs" />
     <Compile Include="System\Security\Authentication\ExtendedProtection\ServiceNameCollection.cs" />

From 85de9db19145c82c9a791bc8ba6d4d91d5dd02af Mon Sep 17 00:00:00 2001
From: Kevin Jones <kevin@vcsjones.com>
Date: Mon, 9 Mar 2026 11:18:12 -0400
Subject: [PATCH 4/5] Yeet RentAndEncode

---
 .../Asn1Reader/AsnWriterExtensions.cs         |  7 ---
 .../Security/Cryptography/RSAOpenSsl.cs       | 47 +++++--------------
 2 files changed, 12 insertions(+), 42 deletions(-)

diff --git a/src/libraries/Common/src/System/Security/Cryptography/Asn1Reader/AsnWriterExtensions.cs b/src/libraries/Common/src/System/Security/Cryptography/Asn1Reader/AsnWriterExtensions.cs
index 9a66da46117f4c..24e659930319af 100644
--- a/src/libraries/Common/src/System/Security/Cryptography/Asn1Reader/AsnWriterExtensions.cs
+++ b/src/libraries/Common/src/System/Security/Cryptography/Asn1Reader/AsnWriterExtensions.cs
@@ -34,12 +34,5 @@ internal static void WriteObjectIdentifierForCrypto(
                 throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding, e);
             }
         }
-
-        internal static ArraySegment<byte> RentAndEncode(this AsnWriter writer)
-        {
-            byte[] rented = CryptoPool.Rent(writer.GetEncodedLength());
-            int written = writer.Encode(rented);
-            return new ArraySegment<byte>(rented, 0, written);
-        }
     }
 }
diff --git a/src/libraries/Common/src/System/Security/Cryptography/RSAOpenSsl.cs b/src/libraries/Common/src/System/Security/Cryptography/RSAOpenSsl.cs
index 331594af026fc5..4c69763709e631 100644
--- a/src/libraries/Common/src/System/Security/Cryptography/RSAOpenSsl.cs
+++ b/src/libraries/Common/src/System/Security/Cryptography/RSAOpenSsl.cs
@@ -453,30 +453,18 @@ public override void ImportParameters(RSAParameters parameters)
             if (parameters.D != null)
             {
                 AsnWriter writer = RSAKeyFormatHelper.WritePkcs8PrivateKey(parameters);
-                ArraySegment<byte> pkcs8 = writer.RentAndEncode();
-
-                try
-                {
-                    ImportPkcs8PrivateKey(pkcs8, checkAlgorithm: false, out _);
-                }
-                finally
+                writer.Encode(this, static (RSAOpenSsl rsa, ReadOnlySpan<byte> pkcs8) =>
                 {
-                    CryptoPool.Return(pkcs8);
-                }
+                    rsa.ImportPkcs8PrivateKey(pkcs8, checkAlgorithm: false, out _);
+                });
             }
             else
             {
                 AsnWriter writer = RSAKeyFormatHelper.WriteSubjectPublicKeyInfo(parameters);
-                ArraySegment<byte> spki = writer.RentAndEncode();
-
-                try
+                writer.Encode(this, static (RSAOpenSsl rsa, ReadOnlySpan<byte> spki) =>
                 {
-                    ImportSubjectPublicKeyInfo(spki, checkAlgorithm: false, out _);
-                }
-                finally
-                {
-                    CryptoPool.Return(spki);
-                }
+                    rsa.ImportSubjectPublicKeyInfo(spki, checkAlgorithm: false, out _);
+                });
             }
         }
 
@@ -501,16 +489,10 @@ public override void ImportRSAPublicKey(ReadOnlySpan<byte> source, out int bytes
             }
 
             AsnWriter writer = RSAKeyFormatHelper.WriteSubjectPublicKeyInfo(source.Slice(0, read));
-            ArraySegment<byte> spki = writer.RentAndEncode();
-
-            try
-            {
-                ImportSubjectPublicKeyInfo(spki, checkAlgorithm: false, out _);
-            }
-            finally
+            writer.Encode(this, static (RSAOpenSsl rsa, ReadOnlySpan<byte> spki) =>
             {
-                CryptoPool.Return(spki);
-            }
+                rsa.ImportSubjectPublicKeyInfo(spki, checkAlgorithm: false, out _);
+            });
 
             bytesRead = read;
         }
@@ -617,16 +599,11 @@ public override void ImportRSAPrivateKey(ReadOnlySpan<byte> source, out int byte
             }
 
             AsnWriter writer = RSAKeyFormatHelper.WritePkcs8PrivateKey(source.Slice(0, read));
-            ArraySegment<byte> pkcs8 = writer.RentAndEncode();
 
-            try
+            writer.Encode(this, static (RSAOpenSsl rsa, ReadOnlySpan<byte> pkcs8) =>
             {
-                ImportPkcs8PrivateKey(pkcs8, checkAlgorithm: false, out _);
-            }
-            finally
-            {
-                CryptoPool.Return(pkcs8);
-            }
+                rsa.ImportPkcs8PrivateKey(pkcs8, checkAlgorithm: false, out _);
+            });
 
             bytesRead = read;
         }

From 568b8d98a237a8e6e9aea06f56e8c65fb61542fa Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 9 Mar 2026 15:52:17 +0000
Subject: [PATCH 5/5] Move AsnWriterExtensions.cs from Asn1Reader to AsnWriter
 directory

Moved the file and projitems to a new AsnWriter directory since having
writer extensions in an Asn1Reader directory was confusing. Updated all
5 csproj imports to reference the new location.

Co-authored-by: vcsjones <361677+vcsjones@users.noreply.github.com>
---
 .../{Asn1Reader => AsnWriter}/AsnWriterExtensions.cs            | 0
 .../System.Security.Cryptography.AsnWriter.Shared.projitems}    | 2 +-
 .../src/Microsoft.Bcl.Cryptography.csproj                       | 2 +-
 .../tests/Microsoft.Bcl.Cryptography.Tests.csproj               | 2 +-
 .../src/System.Security.Cryptography.Pkcs.csproj                | 2 +-
 .../src/System.Security.Cryptography.csproj                     | 2 +-
 .../tests/System.Security.Cryptography.Tests.csproj             | 2 +-
 7 files changed, 6 insertions(+), 6 deletions(-)
 rename src/libraries/Common/src/System/Security/Cryptography/{Asn1Reader => AsnWriter}/AsnWriterExtensions.cs (100%)
 rename src/libraries/Common/src/System/Security/Cryptography/{Asn1Reader/System.Security.Cryptography.Asn1Reader.Shared.projitems => AsnWriter/System.Security.Cryptography.AsnWriter.Shared.projitems} (81%)

diff --git a/src/libraries/Common/src/System/Security/Cryptography/Asn1Reader/AsnWriterExtensions.cs b/src/libraries/Common/src/System/Security/Cryptography/AsnWriter/AsnWriterExtensions.cs
similarity index 100%
rename from src/libraries/Common/src/System/Security/Cryptography/Asn1Reader/AsnWriterExtensions.cs
rename to src/libraries/Common/src/System/Security/Cryptography/AsnWriter/AsnWriterExtensions.cs
diff --git a/src/libraries/Common/src/System/Security/Cryptography/Asn1Reader/System.Security.Cryptography.Asn1Reader.Shared.projitems b/src/libraries/Common/src/System/Security/Cryptography/AsnWriter/System.Security.Cryptography.AsnWriter.Shared.projitems
similarity index 81%
rename from src/libraries/Common/src/System/Security/Cryptography/Asn1Reader/System.Security.Cryptography.Asn1Reader.Shared.projitems
rename to src/libraries/Common/src/System/Security/Cryptography/AsnWriter/System.Security.Cryptography.AsnWriter.Shared.projitems
index e2a20586b826db..2ebe3a4c150ab7 100644
--- a/src/libraries/Common/src/System/Security/Cryptography/Asn1Reader/System.Security.Cryptography.Asn1Reader.Shared.projitems
+++ b/src/libraries/Common/src/System/Security/Cryptography/AsnWriter/System.Security.Cryptography.AsnWriter.Shared.projitems
@@ -10,7 +10,7 @@
   </ItemDefinitionGroup>
   <ItemGroup>
     <Compile Include="$(MSBuildThisFileDirectory)AsnWriterExtensions.cs">
-      <Link>Common\System\Security\Cryptography\Asn1Reader\AsnWriterExtensions.cs</Link>
+      <Link>Common\System\Security\Cryptography\AsnWriter\AsnWriterExtensions.cs</Link>
     </Compile>
   </ItemGroup>
 </Project>
diff --git a/src/libraries/Microsoft.Bcl.Cryptography/src/Microsoft.Bcl.Cryptography.csproj b/src/libraries/Microsoft.Bcl.Cryptography/src/Microsoft.Bcl.Cryptography.csproj
index aeae1c55ea7cc0..6670adf751a160 100644
--- a/src/libraries/Microsoft.Bcl.Cryptography/src/Microsoft.Bcl.Cryptography.csproj
+++ b/src/libraries/Microsoft.Bcl.Cryptography/src/Microsoft.Bcl.Cryptography.csproj
@@ -21,7 +21,7 @@
   </PropertyGroup>
 
   <Import Project="$(CommonPath)System\Security\Cryptography\Asn1\AsnXml.targets" Condition="'$(BuildX509Loader)' == 'true'" />
-  <Import Project="$(CommonPath)System\Security\Cryptography\Asn1Reader\System.Security.Cryptography.Asn1Reader.Shared.projitems" Condition="'$(BuildX509Loader)' == 'true' or '$(BuildPqc)' == 'true' " />
+  <Import Project="$(CommonPath)System\Security\Cryptography\AsnWriter\System.Security.Cryptography.AsnWriter.Shared.projitems" Condition="'$(BuildX509Loader)' == 'true' or '$(BuildPqc)' == 'true' " />
 
   <ItemGroup>
     <Compile Include="$(CommonPath)System\Experimentals.cs"
diff --git a/src/libraries/Microsoft.Bcl.Cryptography/tests/Microsoft.Bcl.Cryptography.Tests.csproj b/src/libraries/Microsoft.Bcl.Cryptography/tests/Microsoft.Bcl.Cryptography.Tests.csproj
index 5c4ce5f6439beb..45a19414d760e1 100644
--- a/src/libraries/Microsoft.Bcl.Cryptography/tests/Microsoft.Bcl.Cryptography.Tests.csproj
+++ b/src/libraries/Microsoft.Bcl.Cryptography/tests/Microsoft.Bcl.Cryptography.Tests.csproj
@@ -11,7 +11,7 @@
   </PropertyGroup>
 
   <Import Project="$(CommonPath)System\Security\Cryptography\Asn1\AsnXml.targets" />
-  <Import Project="$(CommonPath)System\Security\Cryptography\Asn1Reader\System.Security.Cryptography.Asn1Reader.Shared.projitems" />
+  <Import Project="$(CommonPath)System\Security\Cryptography\AsnWriter\System.Security.Cryptography.AsnWriter.Shared.projitems" />
 
   <ItemGroup>
     <Compile Include="$(CommonPath)Interop\Windows\BCrypt\Interop.Blobs.cs"
diff --git a/src/libraries/System.Security.Cryptography.Pkcs/src/System.Security.Cryptography.Pkcs.csproj b/src/libraries/System.Security.Cryptography.Pkcs/src/System.Security.Cryptography.Pkcs.csproj
index 59e67ad0997f38..19cc655555f692 100644
--- a/src/libraries/System.Security.Cryptography.Pkcs/src/System.Security.Cryptography.Pkcs.csproj
+++ b/src/libraries/System.Security.Cryptography.Pkcs/src/System.Security.Cryptography.Pkcs.csproj
@@ -25,7 +25,7 @@ System.Security.Cryptography.Pkcs.EnvelopedCms</PackageDescription>
   </PropertyGroup>
 
   <Import Project="$(CommonPath)System\Security\Cryptography\Asn1\AsnXml.targets" Condition="'$(IsPartialFacadeAssembly)' != 'true'" />
-  <Import Project="$(CommonPath)System\Security\Cryptography\Asn1Reader\System.Security.Cryptography.Asn1Reader.Shared.projitems" Condition="'$(IsPartialFacadeAssembly)' != 'true'" />
+  <Import Project="$(CommonPath)System\Security\Cryptography\AsnWriter\System.Security.Cryptography.AsnWriter.Shared.projitems" Condition="'$(IsPartialFacadeAssembly)' != 'true'" />
 
   <ItemGroup Condition="'$(IsPartialFacadeAssembly)' != 'true'">
     <!-- API types (platform independent) -->
diff --git a/src/libraries/System.Security.Cryptography/src/System.Security.Cryptography.csproj b/src/libraries/System.Security.Cryptography/src/System.Security.Cryptography.csproj
index 2a7ddd85d7f045..c0df094935c129 100644
--- a/src/libraries/System.Security.Cryptography/src/System.Security.Cryptography.csproj
+++ b/src/libraries/System.Security.Cryptography/src/System.Security.Cryptography.csproj
@@ -22,7 +22,7 @@
   </PropertyGroup>
 
   <Import Project="$(CommonPath)System\Security\Cryptography\Asn1\AsnXml.targets" Condition="'$(GeneratePlatformNotSupportedAssemblyMessage)' == ''" />
-  <Import Project="$(CommonPath)System\Security\Cryptography\Asn1Reader\System.Security.Cryptography.Asn1Reader.Shared.projitems" Condition="'$(GeneratePlatformNotSupportedAssemblyMessage)' == ''" />
+  <Import Project="$(CommonPath)System\Security\Cryptography\AsnWriter\System.Security.Cryptography.AsnWriter.Shared.projitems" Condition="'$(GeneratePlatformNotSupportedAssemblyMessage)' == ''" />
 
   <ItemGroup Condition="'$(GeneratePlatformNotSupportedAssemblyMessage)' == ''">
     <Compile Include="$(CommonPath)DisableRuntimeMarshalling.cs"
diff --git a/src/libraries/System.Security.Cryptography/tests/System.Security.Cryptography.Tests.csproj b/src/libraries/System.Security.Cryptography/tests/System.Security.Cryptography.Tests.csproj
index 12bdec3a60f84f..dd8864117bc665 100644
--- a/src/libraries/System.Security.Cryptography/tests/System.Security.Cryptography.Tests.csproj
+++ b/src/libraries/System.Security.Cryptography/tests/System.Security.Cryptography.Tests.csproj
@@ -20,7 +20,7 @@
     <XUnitUseRandomizedTestOrderer>true</XUnitUseRandomizedTestOrderer>
   </PropertyGroup>
   <Import Project="$(CommonPath)System\Security\Cryptography\Asn1\AsnXml.targets" />
-  <Import Project="$(CommonPath)System\Security\Cryptography\Asn1Reader\System.Security.Cryptography.Asn1Reader.Shared.projitems" />
+  <Import Project="$(CommonPath)System\Security\Cryptography\AsnWriter\System.Security.Cryptography.AsnWriter.Shared.projitems" />
   <ItemGroup>
     <AsnXml Include="$(CommonPath)System\Security\Cryptography\Asn1\AlgorithmIdentifierAsn.xml">
       <Link>Common\System\Security\Cryptography\Asn1\AlgorithmIdentifierAsn.xml</Link>