From ba11a169046f79ad19cefb0705350ed01762ebde Mon Sep 17 00:00:00 2001
From: Kevin Jones <kevin@vcsjones.com>
Date: Tue, 12 May 2026 23:02:11 -0400
Subject: [PATCH 1/2] Fix doubling of rental for PKCS#8 exports.

---
 src/libraries/Common/src/System/Security/Cryptography/MLDsa.cs  | 1 +
 src/libraries/Common/src/System/Security/Cryptography/MLKem.cs  | 1 +
 src/libraries/Common/src/System/Security/Cryptography/SlhDsa.cs | 1 +
 3 files changed, 3 insertions(+)

diff --git a/src/libraries/Common/src/System/Security/Cryptography/MLDsa.cs b/src/libraries/Common/src/System/Security/Cryptography/MLDsa.cs
index c7cdfbf1370bfa..ccf270bf419833 100644
--- a/src/libraries/Common/src/System/Security/Cryptography/MLDsa.cs
+++ b/src/libraries/Common/src/System/Security/Cryptography/MLDsa.cs
@@ -2150,6 +2150,7 @@ private TResult ExportPkcs8PrivateKeyCallback<TResult>(ExportPkcs8PrivateKeyFunc
 
             while (!TryExportPkcs8PrivateKeyCore(buffer, out written))
             {
+                size = buffer.Length;
                 CryptoPool.Return(buffer);
                 size = checked(size * 2);
                 buffer = CryptoPool.Rent(size);
diff --git a/src/libraries/Common/src/System/Security/Cryptography/MLKem.cs b/src/libraries/Common/src/System/Security/Cryptography/MLKem.cs
index 94116f8b7f6985..7a8c377cfb77cc 100644
--- a/src/libraries/Common/src/System/Security/Cryptography/MLKem.cs
+++ b/src/libraries/Common/src/System/Security/Cryptography/MLKem.cs
@@ -1804,6 +1804,7 @@ private TResult ExportPkcs8PrivateKeyCallback<TResult>(ExportPkcs8PrivateKeyFunc
 
             while (!TryExportPkcs8PrivateKeyCore(buffer, out written))
             {
+                size = buffer.Length;
                 CryptoPool.Return(buffer);
                 size = checked(size * 2);
                 buffer = CryptoPool.Rent(size);
diff --git a/src/libraries/Common/src/System/Security/Cryptography/SlhDsa.cs b/src/libraries/Common/src/System/Security/Cryptography/SlhDsa.cs
index 9d3892fc926521..c22659afdb3cc3 100644
--- a/src/libraries/Common/src/System/Security/Cryptography/SlhDsa.cs
+++ b/src/libraries/Common/src/System/Security/Cryptography/SlhDsa.cs
@@ -1959,6 +1959,7 @@ private TResult ExportPkcs8PrivateKeyCallback<TResult>(ExportPkcs8PrivateKeyFunc
 
             while (!TryExportPkcs8PrivateKeyCore(buffer, out written))
             {
+                size = buffer.Length;
                 CryptoPool.Return(buffer);
                 size = checked(size * 2);
                 buffer = CryptoPool.Rent(size);

From 9cf89a2176e865a240406d0c421da3db8ff6f05d Mon Sep 17 00:00:00 2001
From: Kevin Jones <kevin@vcsjones.com>
Date: Wed, 13 May 2026 01:54:10 -0400
Subject: [PATCH 2/2] Fix X25519, too

---
 .../src/System/Security/Cryptography/X25519DiffieHellman.cs      | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X25519DiffieHellman.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X25519DiffieHellman.cs
index 03d8e582b777ce..837b8d9e566081 100644
--- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X25519DiffieHellman.cs
+++ b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X25519DiffieHellman.cs
@@ -1375,6 +1375,7 @@ private TResult ExportPkcs8PrivateKeyCallback<TResult>(Func<ReadOnlySpan<byte>,
 
             while (!TryExportPkcs8PrivateKeyCore(buffer, out written))
             {
+                size = buffer.Length;
                 CryptoPool.Return(buffer);
                 size = checked(size * 2);
                 buffer = CryptoPool.Rent(size);