From 1d0f6346030e5c01a69e6e3659c3238ab7e5e857 Mon Sep 17 00:00:00 2001
From: David Hook <dgh@bouncycastle.org>
Date: Mon, 31 May 2021 08:54:59 +1000
Subject: github #172 - added blowfish init check on key size

---
 crypto/src/crypto/engines/BlowfishEngine.cs |  9 +++++++--
 crypto/test/src/crypto/test/BlowfishTest.cs | 23 +++++++++++++++++++++++
 2 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/crypto/src/crypto/engines/BlowfishEngine.cs b/crypto/src/crypto/engines/BlowfishEngine.cs
index e38f4e8f6..1b3dd9743 100644
--- a/crypto/src/crypto/engines/BlowfishEngine.cs
+++ b/crypto/src/crypto/engines/BlowfishEngine.cs
@@ -421,7 +421,12 @@ namespace Org.BouncyCastle.Crypto.Engines
 
         private void SetKey(byte[] key)
         {
-            /*
+			if (key.Length < 4 || key.Length > 56)
+			{
+				throw new ArgumentException("key length must be in range 32 to 448 bits");
+			}
+
+			/*
             * - comments are from _Applied Crypto_, Schneier, p338
             * please be careful comparing the two, AC numbers the
             * arrays from 1, the enclosed code from 0.
@@ -430,7 +435,7 @@ namespace Org.BouncyCastle.Crypto.Engines
             * Initialise the S-boxes and the P-array, with a fixed string
             * This string contains the hexadecimal digits of pi (3.141...)
             */
-            Array.Copy(KS0, 0, S0, 0, SBOX_SK);
+			Array.Copy(KS0, 0, S0, 0, SBOX_SK);
             Array.Copy(KS1, 0, S1, 0, SBOX_SK);
             Array.Copy(KS2, 0, S2, 0, SBOX_SK);
             Array.Copy(KS3, 0, S3, 0, SBOX_SK);
diff --git a/crypto/test/src/crypto/test/BlowfishTest.cs b/crypto/test/src/crypto/test/BlowfishTest.cs
index 780dd3abd..b940d13ac 100644
--- a/crypto/test/src/crypto/test/BlowfishTest.cs
+++ b/crypto/test/src/crypto/test/BlowfishTest.cs
@@ -40,6 +40,29 @@ namespace Org.BouncyCastle.Crypto.Tests
         {
             string resultText = Perform().ToString();
 
+            BlowfishEngine blowfish = new BlowfishEngine();
+
+            // key range check
+            try
+            {
+                blowfish.Init(true, new KeyParameter(new byte[1]));
+                Fail("no exception");
+            }
+            catch (ArgumentException e)
+            {
+                Assert.AreEqual("key length must be in range 32 to 448 bits", e.Message);
+            }
+
+            try
+            {
+                blowfish.Init(true, new KeyParameter(new byte[59]));
+                Fail("no exception");
+            }
+            catch (ArgumentException e)
+            {
+                Assert.AreEqual("key length must be in range 32 to 448 bits", e.Message);
+            }
+
             Assert.AreEqual(Name + ": Okay", resultText);
         }
 
-- 
cgit 1.4.1