2004-02-26 Sebastien Pouliot <sebastien@ximian.com>

	* DES.cs: Same fix as for SymmetricAlgorithm (get_Key is
	overridden to check for weak keys). Also ensured that no weak keys
	would be generated.
	* SymmetricAlgorithm.cs: Return a copy of the key (and IV) so it
	doesn't get destroyed when dispose is called (in this case the key
	zeroization is the caller's responsability). Match MS implementation.
	* TripleDES.cs: Same fix as for SymmetricAlgorithm (get_Key is
	overridden to check for weak keys). Fix bugzilla #54868.

svn path=/trunk/mcs/; revision=23484

diff --git a/mcs/class/corlib/System.Security.Cryptography/ChangeLog b/mcs/class/corlib/System.Security.Cryptography/ChangeLog
index 0544373a05b35927c16c1b65d663985941d2e86d..206b6ea285f5552cacc898f6b50581eeba8667fb 100644 (file)
--- a/mcs/class/corlib/System.Security.Cryptography/ChangeLog
+++ b/mcs/class/corlib/System.Security.Cryptography/ChangeLog
@@ -1,3 +1,14 @@
+2004-02-26  Sebastien Pouliot  <sebastien@ximian.com>
+
+       * DES.cs: Same fix as for SymmetricAlgorithm (get_Key is 
+       overridden to check for weak keys). Also ensured that no weak keys
+       would be generated.
+       * SymmetricAlgorithm.cs: Return a copy of the key (and IV) so it 
+       doesn't get destroyed when dispose is called (in this case the key
+       zeroization is the caller's responsability). Match MS implementation.
+       * TripleDES.cs: Same fix as for SymmetricAlgorithm (get_Key is 
+       overridden to check for weak keys). Fix bugzilla #54868.
+
 2004-02-12  Sebastien Pouliot  <sebastien@ximian.com>
 
        * CryptoStream.cs: Remove the _blockSize assumptions because some 

diff --git a/mcs/class/corlib/System.Security.Cryptography/DES.cs b/mcs/class/corlib/System.Security.Cryptography/DES.cs
index 16cc456f1f067aa53efd5f7a106032ac3b628457..8069cf3a7e877cb402b235a4d0a9e1cc408f2082 100644 (file)
--- a/mcs/class/corlib/System.Security.Cryptography/DES.cs
+++ b/mcs/class/corlib/System.Security.Cryptography/DES.cs
@@ -2,10 +2,11 @@
 // System.Security.Cryptography.DES
 //
 // Author:
-//   Sergey Chaban (serge@wildwestsoftware.com)
-//   Sebastien Pouliot (spouliot@motus.com)
+//     Sergey Chaban (serge@wildwestsoftware.com)
+//     Sebastien Pouliot <sebastien@ximian.com>
 //
 // Portions (C) 2002 Motus Technologies Inc. (http://www.motus.com)
+// (C) 2004 Novell (http://www.novell.com)
 //
 
 using System;
@@ -105,13 +106,22 @@ public abstract class DES : SymmetricAlgorithm {
        }
 
        public override byte[] Key {
-               get { return base.Key; }
+               get {
+                       if (KeyValue == null) {
+                               // generate keys as long as we get weak or semi-weak keys
+                               GenerateKey ();
+                               while (IsWeakKey (KeyValue) || IsSemiWeakKey (KeyValue))
+                                       GenerateKey ();
+                       }
+                       return (byte[]) KeyValue.Clone ();
+               }
                set {
                        if (value == null)
                                throw new ArgumentNullException ();
                        if (IsWeakKey (value) || IsSemiWeakKey (value))
                                throw new CryptographicException ();
-                       base.Key = value;
+
+                       KeyValue = (byte[]) value.Clone ();
                }
        }
 

diff --git a/mcs/class/corlib/System.Security.Cryptography/SymmetricAlgorithm.cs b/mcs/class/corlib/System.Security.Cryptography/SymmetricAlgorithm.cs
index be429bc0dbf28be4146977715ff00b5eafb0a543..e73567f53fe581460403c66061d149d063851648 100755 (executable)
--- a/mcs/class/corlib/System.Security.Cryptography/SymmetricAlgorithm.cs
+++ b/mcs/class/corlib/System.Security.Cryptography/SymmetricAlgorithm.cs
@@ -3,9 +3,10 @@
 //
 // Authors:
 //   Thomas Neidhart (tome@sbox.tugraz.at)
-//   Sebastien Pouliot (spouliot@motus.com)
+//   Sebastien Pouliot <sebastien@ximian.com>
 //
 // Portions (C) 2002, 2003 Motus Technologies Inc. (http://www.motus.com)
+// (C) 2004 Novell (http://www.novell.com)
 //
 
 using System;
@@ -110,7 +111,7 @@ namespace System.Security.Cryptography {
                                if (this.IVValue == null)
                                        GenerateIV();
 
-                               return this.IVValue;
+                               return (byte[]) this.IVValue.Clone ();
                        }
                        set {
                                if (value == null)
@@ -131,7 +132,7 @@ namespace System.Security.Cryptography {
                                if (this.KeyValue == null)
                                        GenerateKey();
 
-                               return this.KeyValue;
+                               return (byte[]) this.KeyValue.Clone ();
                        }
                        set {
                                if (value == null)

diff --git a/mcs/class/corlib/System.Security.Cryptography/TripleDES.cs b/mcs/class/corlib/System.Security.Cryptography/TripleDES.cs
index 33be945b723248807e56294f0058e633f85654a8..2a6815715a66fc8113563843fa59618a9a0fa9f5 100644 (file)
--- a/mcs/class/corlib/System.Security.Cryptography/TripleDES.cs
+++ b/mcs/class/corlib/System.Security.Cryptography/TripleDES.cs
@@ -2,9 +2,10 @@
 // TripleDES.cs: Handles TripleDES (abstract class)
 //
 // Author:
-//     Sebastien Pouliot (spouliot@motus.com)
+//     Sebastien Pouliot <sebastien@ximian.com>
 //
 // (C) 2002, 2003 Motus Technologies Inc. (http://www.motus.com)
+// (C) 2004 Novell (http://www.novell.com)
 //
 
 using System;
@@ -43,7 +44,7 @@ public abstract class TripleDES : SymmetricAlgorithm {
                                while (IsWeakKey (KeyValue))
                                        GenerateKey ();
                        }
-                       return KeyValue;
+                       return (byte[]) KeyValue.Clone ();
                }
                set { 
                        if (value == null)