[Mono-dev] Possible Crypto bug found...

Sebastien Pouliot sebastien.pouliot at gmail.com
Thu Jul 19 21:29:33 EDT 2007


Hello,

This is a known "issue". The sample code doesn't check for
ICryptoTransform.CanReuseTransform and this value is different between
Mono and MS.

Actually the code is somewhat dangerous as you can't be sure what
implementation will be used at runtime, because implementation can be
remapped using CryptoConfig. This means that someone else (with a custom
machine.config could be using another Rijndael implementation and the
code would fail under MS runtime too).

<note-to-self>a gendarme rule to check for this would be
nice</note-to-self>

Sebastien

On Thu, 2007-07-19 at 12:21 -0500, Stutzman, JL Jason @ IS wrote:
> Using the sample code found below:
> 
> http://www.obviex.com/samples/EncryptionWithSalt.aspx
> 
> In the sample there is a loop that encrypts and decrypts several times.
> If I add an extra encrypt in the loop before doing a decrypt:
> 
> cipherText = rijndaelKey.Encrypt(plainText);
> cipherText = rijndaelKey.Encrypt(plainText);
> 
> then the Decrypt throws and exception on mono (which is not exactly
> relevant, just pointing to the real problem):
> 
> System.OverflowException: Number overflow.
>   at <0x00000> <unknown method>
>   at (wrapper managed-to-native)
> System.Object:__icall_wrapper_mono_array_new_specific (intptr,int)
>   at RijndaelEnhanced.DecryptToBytes (System.Byte[] cipherTextBytes)
> [0x00000] 
>   at RijndaelEnhanced.Decrypt (System.Byte[] cipherTextBytes) [0x00000] 
>   at RijndaelEnhancedTest.Main (System.String[] args) [0x00000] 
> 
> However if I recreate the encryptor and decryptor each time, the sample
> works.
> 
> What seems to be happening is that the decryptor is not working
> properly. The reason for this error is that the array trying to be
> created is a negative size :)...but that is because the salt length is
> greater than the decrypted size. My point is that the sample is showing
> differences between the two runtimes.
> 
> On MS I don't have to recreate the encryptor/decryptor each time. Is
> this known? Is the goal for crypto stuff to work the same as MS?
> 
> 
> Jae
> _______________________________________________
> Mono-devel-list mailing list
> Mono-devel-list at lists.ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-devel-list




More information about the Mono-devel-list mailing list