From 2aaca94efc9920879544023277f2374bef2b72f4 Mon Sep 17 00:00:00 2001 From: Genevieve Warren <24882762+gewarren@users.noreply.github.com> Date: Mon, 26 Oct 2020 14:58:07 -0700 Subject: [PATCH 1/3] add feedbacksize breaking change --- docs/core/compatibility/3.1-5.0.md | 5 ++ docs/core/compatibility/cryptography.md | 5 ++ .../tripledes-default-feedback-size-change.md | 56 +++++++++++++++++++ 3 files changed, 66 insertions(+) create mode 100644 includes/core-changes/cryptography/5.0/tripledes-default-feedback-size-change.md diff --git a/docs/core/compatibility/3.1-5.0.md b/docs/core/compatibility/3.1-5.0.md index eabc866044bfb..437b0994caae8 100644 --- a/docs/core/compatibility/3.1-5.0.md +++ b/docs/core/compatibility/3.1-5.0.md @@ -338,11 +338,16 @@ If you're migrating from version 3.1 of .NET Core, ASP.NET Core, or EF Core to v ## Cryptography +- [Default FeedbackSize value for instances created by TripleDES.Create changed](#default-feedbacksize-value-for-instances-created-by-tripledescreate-changed) - [Instantiating default implementations of cryptographic abstractions is not supported](#instantiating-default-implementations-of-cryptographic-abstractions-is-not-supported) - [Default TLS cipher suites for .NET on Linux](#default-tls-cipher-suites-for-net-on-linux) - [System.Security.Cryptography APIs not supported on Blazor WebAssembly](#systemsecuritycryptography-apis-not-supported-on-blazor-webassembly) - [System.Security.Cryptography.Oid is functionally init-only](#systemsecuritycryptographyoid-is-functionally-init-only) +[!INCLUDE [tripledes-default-feedback-size-change](../../../includes/core-changes/cryptography/5.0/tripledes-default-feedback-size-change.md)] + +*** + [!INCLUDE [instantiating-default-implementations-of-cryptographic-abstractions-not-supported](../../../includes/core-changes/cryptography/5.0/instantiating-default-implementations-of-cryptographic-abstractions-not-supported.md)] *** diff --git a/docs/core/compatibility/cryptography.md b/docs/core/compatibility/cryptography.md index 26f10e7a2546a..e4350efc2d871 100644 --- a/docs/core/compatibility/cryptography.md +++ b/docs/core/compatibility/cryptography.md @@ -9,6 +9,7 @@ The following breaking changes are documented on this page: | Breaking change | Version introduced | | - | :-: | +| [Default FeedbackSize value for instances created by TripleDES.Create changed](#default-feedbacksize-value-for-instances-created-by-tripledescreate-changed) | 5.0 | | [Instantiating default implementations of cryptographic abstractions is not supported](#instantiating-default-implementations-of-cryptographic-abstractions-is-not-supported) | 5.0 | | [Default TLS cipher suites for .NET on Linux](#default-tls-cipher-suites-for-net-on-linux) | 5.0 | | [System.Security.Cryptography APIs not supported on Blazor WebAssembly](#systemsecuritycryptography-apis-not-supported-on-blazor-webassembly) | 5.0 | @@ -22,6 +23,10 @@ The following breaking changes are documented on this page: ## .NET 5.0 +[!INCLUDE [tripledes-default-feedback-size-change](../../../includes/core-changes/cryptography/5.0/tripledes-default-feedback-size-change.md)] + +*** + [!INCLUDE [instantiating-default-implementations-of-cryptographic-abstractions-not-supported](../../../includes/core-changes/cryptography/5.0/instantiating-default-implementations-of-cryptographic-abstractions-not-supported.md)] *** diff --git a/includes/core-changes/cryptography/5.0/tripledes-default-feedback-size-change.md b/includes/core-changes/cryptography/5.0/tripledes-default-feedback-size-change.md new file mode 100644 index 0000000000000..24d925855bf62 --- /dev/null +++ b/includes/core-changes/cryptography/5.0/tripledes-default-feedback-size-change.md @@ -0,0 +1,56 @@ +### Default FeedbackSize value for instances created by TripleDES.Create changed + +The default value for the property on the instance returned from has changed from 64 to 8 to make migration from .NET Framework easier. This property, unless used directly in caller code, is used only when the property is . + +Support for the CFB mode was first added to .NET for the 5.0 RC1 release, so only .NET 5.0 RC1 and .NET 5.0 RC2 applications should be impactec. + +#### Change description + +In .NET Core and .NET 5.0 previous pre-release versions of .NET 5.0, `TripleDES.Create().FeedbackSize` has a default value of 64. Starting in the RTM version of .NET 5.0, `TripleDES.Create().FeedbackSize` has a default value of 8. + +#### Reason for change + +In .NET Framework, the base class defaults the value of to 64, but the class overwrites the default to 8. When the property was introduced to .NET Core in version 2.0, this same behavior was preserved. However, in .NET Framework, returns an instance of , so the default value from the algorithm factory is 8. For .NET Core and .NET 5+, the algorithm factory returns a non-public implementation, which, until now, had a default value of 64. + +Changing the implementation class' value to 8 allows for applications written for .NET Framework that specified the cipher mode as but didn't explicitly assign the property, to continue to function on .NET 5. + +#### Version introduced + +5.0 RTM + +#### Recommended action + +Applications that encrypted or decrypted data in .NET 5.0 RC1 or .NET 5.0 RC2 under the following conditions do so with CFB64: + +- With a instance from . +- Using the default value for . +- With the property set to . + +In order to maintain this behavior, you'll need to explicitly assign the property to `64`. + +Not all `TripleDES` implementations use the same default for . We recommend that if you use the cipher mode on instances, you should always explicitly assign the property value. + +```csharp +TripleDES cipher = TripleDES.Create(); +cipher.Mode = CipherMode.CFB; +// Explicitly set the FeedbackSize for CFB to control between CFB8 and CFB64. +cipher.FeedbackSize = 8; +``` + +#### Category + +- Cryptography + +#### Affected APIs + +- +- + + From f332972210dfced414ef09ccd3070be0bb4791d5 Mon Sep 17 00:00:00 2001 From: Genevieve Warren <24882762+gewarren@users.noreply.github.com> Date: Mon, 26 Oct 2020 15:17:29 -0700 Subject: [PATCH 2/3] review on staging --- .../5.0/tripledes-default-feedback-size-change.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/includes/core-changes/cryptography/5.0/tripledes-default-feedback-size-change.md b/includes/core-changes/cryptography/5.0/tripledes-default-feedback-size-change.md index 24d925855bf62..13ba448bbd818 100644 --- a/includes/core-changes/cryptography/5.0/tripledes-default-feedback-size-change.md +++ b/includes/core-changes/cryptography/5.0/tripledes-default-feedback-size-change.md @@ -1,12 +1,12 @@ ### Default FeedbackSize value for instances created by TripleDES.Create changed -The default value for the property on the instance returned from has changed from 64 to 8 to make migration from .NET Framework easier. This property, unless used directly in caller code, is used only when the property is . +The default value for the property on the instances returned from has changed from 64 to 8 to make migration from .NET Framework easier. This property, unless used directly in caller code, is used only when the property is . -Support for the CFB mode was first added to .NET for the 5.0 RC1 release, so only .NET 5.0 RC1 and .NET 5.0 RC2 applications should be impactec. +Support for the mode was first added to .NET for the 5.0 RC1 release, so only .NET 5.0 RC1 and .NET 5.0 RC2 applications should be impacted by this change. #### Change description -In .NET Core and .NET 5.0 previous pre-release versions of .NET 5.0, `TripleDES.Create().FeedbackSize` has a default value of 64. Starting in the RTM version of .NET 5.0, `TripleDES.Create().FeedbackSize` has a default value of 8. +In .NET Core and previous pre-release versions of .NET 5.0, `TripleDES.Create().FeedbackSize` has a default value of 64. Starting in the RTM version of .NET 5.0, `TripleDES.Create().FeedbackSize` has a default value of 8. #### Reason for change @@ -20,13 +20,13 @@ Changing the implementation class' #### Recommended action -Applications that encrypted or decrypted data in .NET 5.0 RC1 or .NET 5.0 RC2 under the following conditions do so with CFB64: +Applications that encrypt or decrypt data in the RC1 or RC2 versions of .NET 5.0 do so with CFB64, when the following conditions are met: - With a instance from . - Using the default value for . - With the property set to . -In order to maintain this behavior, you'll need to explicitly assign the property to `64`. +To maintain this behavior, assign the property to `64`. Not all `TripleDES` implementations use the same default for . We recommend that if you use the cipher mode on instances, you should always explicitly assign the property value. From d86ac1319ac569470aa324a110e1f62a0f942aca Mon Sep 17 00:00:00 2001 From: Genevieve Warren <24882762+gewarren@users.noreply.github.com> Date: Mon, 26 Oct 2020 16:32:45 -0700 Subject: [PATCH 3/3] update to single --- .../cryptography/5.0/tripledes-default-feedback-size-change.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/core-changes/cryptography/5.0/tripledes-default-feedback-size-change.md b/includes/core-changes/cryptography/5.0/tripledes-default-feedback-size-change.md index 13ba448bbd818..281aa7315286a 100644 --- a/includes/core-changes/cryptography/5.0/tripledes-default-feedback-size-change.md +++ b/includes/core-changes/cryptography/5.0/tripledes-default-feedback-size-change.md @@ -1,6 +1,6 @@ ### Default FeedbackSize value for instances created by TripleDES.Create changed -The default value for the property on the instances returned from has changed from 64 to 8 to make migration from .NET Framework easier. This property, unless used directly in caller code, is used only when the property is . +The default value for the property on the instance returned from has changed from 64 to 8 to make migration from .NET Framework easier. This property, unless used directly in caller code, is used only when the property is . Support for the mode was first added to .NET for the 5.0 RC1 release, so only .NET 5.0 RC1 and .NET 5.0 RC2 applications should be impacted by this change.