Imported Upstream version 4.8.0.309

Former-commit-id: 5f9c6ae75f295e057a7d2971f3a6df4656fa8850
2016-11-10 13:04:39 +00:00
parent ee1447783b
commit 94b2861243
4912 changed files with 390737 additions and 49310 deletions
--- a/mcs/class/referencesource/System.Data/System/Data/SqlClient/SqlClientSymmetricKey.cs
+++ b/mcs/class/referencesource/System.Data/System/Data/SqlClient/SqlClientSymmetricKey.cs
@ -15,10 +15,9 @@ namespace System.Data.SqlClient
    /// Base class containing raw key bytes for symmetric key algorithms. Some encryption algorithms can use the key directly while others derive sub keys from this.
    /// If an algorithm needs to derive more keys, have a derived class from this and use it in the corresponding encryption algorithm.
    /// </summary>
-    internal class SqlClientSymmetricKey
-    {
+    internal class SqlClientSymmetricKey {
        /// <summary>
-        /// DPAPI protected key
+        /// The underlying key material
        /// </summary>
        protected readonly byte[] _rootKey;

@ -26,8 +25,7 @@ namespace System.Data.SqlClient
        /// Constructor that initializes the root key.
        /// </summary>
        /// <param name="rootKey">root key</param>
-        internal SqlClientSymmetricKey(byte[] rootKey)
-        {
+        internal SqlClientSymmetricKey(byte[] rootKey) {
            // Key validation
            if (rootKey == null || rootKey.Length == 0) {
                throw SQL.NullColumnEncryptionKeySysErr();
@ -36,14 +34,24 @@ namespace System.Data.SqlClient
            _rootKey = rootKey;
        }

+        /// <summary>
+        /// Destructor that cleans up the key material.
+        /// This is a best effort approach since there are no guarantees around GC.
+        /// </summary>
+        ~SqlClientSymmetricKey() {
+            if (_rootKey != null) {
+                for (int i = 0; i < _rootKey.Length; i++) {
+                    _rootKey[i] = 0;
+                }
+            }
+        }
+
        /// <summary>
        /// Returns a copy of the plain text key
        /// This is needed for actual encryption/decryption.
        /// </summary>
-        internal virtual byte[] RootKey
-        {
-            get 
-            {
+        internal virtual byte[] RootKey {
+            get {
                return _rootKey; 
            }
        }
@ -52,8 +60,7 @@ namespace System.Data.SqlClient
        /// Computes SHA256 value of the plain text key bytes
        /// </summary>
        /// <returns>A string containing SHA256 hash of the root key</returns>
-        internal virtual string GetKeyHash()
-        {
+        internal virtual string GetKeyHash() {
            return SqlSecurityUtility.GetSHA256Hash(RootKey);
        }

@ -63,10 +70,7 @@ namespace System.Data.SqlClient
        /// <returns>
        /// Returns the length of the root key
        /// </returns>
-        internal virtual int Length()
-        {
-            // Note: DPAPI preserves the original byte length
-            // so for now, this is as same as returning the length of the raw key.
+        internal virtual int Length() {
            return _rootKey.Length;
        }
    }