[Mono-bugs] [Bug 76398][Nor] Changed - SymmetricTransform.TransformFinalBlock only works once.

bugzilla-daemon at bugzilla.ximian.com bugzilla-daemon at bugzilla.ximian.com
Mon Oct 10 22:07:39 EDT 2005 

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by sebastien at ximian.com.

http://bugzilla.ximian.com/show_bug.cgi?id=76398

--- shadow/76398	2005-10-10 11:10:35.000000000 -0400
+++ shadow/76398.tmp.18272	2005-10-10 22:07:39.000000000 -0400
@@ -1,14 +1,14 @@
 Bug#: 76398
 Product: Mono: Class Libraries
 Version: 1.1
 OS: SUSE 9.2
 OS Details: 
-Status: NEW   
-Resolution: 
-Severity: 
+Status: RESOLVED   
+Resolution: WONTFIX
+Severity: Unknown
 Priority: Normal
 Component: CORLIB
 AssignedTo: mono-bugs at ximian.com                            
 ReportedBy: JoergR at voelcker.com               
 QAContact: mono-bugs at ximian.com
 TargetMilestone: ---
@@ -40,6 +40,34 @@
 Runs with MS.NET.
 
 ------- Additional Comments From JoergR at voelcker.com  2005-10-10 11:10 -------
 Created an attachment (id=15895)
 Test Case
 
+
+------- Additional Comments From sebastien at ximian.com  2005-10-10 22:07 -------
+Yes this is a (known) difference between .NET and Mono. But depending
+on this behaviour as a _very_bad_ thing (i.e. that's looking for trouble).
+
+Why ? because the creation of cryptographic algorithms can be changed,
+without recompiling applications, by changing the file machine.config
+to point to a different implementation (e.g. hardware assisted
+cryptography, a bug in the default implementation - like MS changed
+the default SHA1 from SHA1CryptoServiceProvider to SHA1Managed for
+WSE1, ...).
+
+So ? Your sample code is "bad". There's no guarantee that another
+_legal_ transform implementation will "behave" exactly like the
+"original" one. There are two key "properties" here (a)
+CanReuseTransform (which is causing this "bug" as it returns true on
+MS and false on Mono) and (b) CanTransformMultipleBlock - and you
+can't be 100% sure of the value they return until you call them (it
+could change in a future version of the framework, between SP, when
+adding new software...).
+
+How to fix this ? 
+* the easy way is to use a CryptoStream - which will not use
+transforms in ways they do not support (e.g. reuse, multiple blocks); 
+or
+* call both properties (and adjust the code) before using any crypto
+transforms.
+

More information about the mono-bugs mailing list