Bug 20667 - On Android, simultaneous calls to HttpClient.SendAsync() cause TLS certificate corruption
Summary: On Android, simultaneous calls to HttpClient.SendAsync() cause TLS certificat...
Status: RESOLVED FIXED
Alias: None
Product: Android
Classification: Xamarin
Component: BCL Class Libraries ()
Version: 4.12.4
Hardware: PC Mac OS
: Normal normal
Target Milestone: ---
Assignee: Marek Habersack
URL:
Depends on:
Blocks:
 
Reported: 2014-06-17 22:59 UTC by Brendan Zagaeski (Xamarin Team, assistant)
Modified: 2014-07-10 09:05 UTC (History)
2 users (show)

Tags:
Is this bug a regression?: ---
Last known good build:


Attachments
Test case (11.70 KB, application/zip)
2014-06-17 22:59 UTC, Brendan Zagaeski (Xamarin Team, assistant)
Details
Full stack trace from "Input data cannot be coded" exception (4.04 KB, text/plain)
2014-06-17 23:01 UTC, Brendan Zagaeski (Xamarin Team, assistant)
Details
Full stack trace from "Invalid certificate received" exception (3.81 KB, text/plain)
2014-06-17 23:01 UTC, Brendan Zagaeski (Xamarin Team, assistant)
Details


Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report on Developer Community or GitHub with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:
Status:
RESOLVED FIXED

Description Brendan Zagaeski (Xamarin Team, assistant) 2014-06-17 22:59:34 UTC
Created attachment 7100 [details]
Test case

On Android, simultaneous calls to HttpClient.SendAsync() cause TLS certificate corruption.

It appears that this is no longer an issue in Xamarin 3.1.198 for Visual Studio. The problem has a tricky dependence on timing, so in theory it _could_ somehow just be "accidentally" more difficult to trigger on 3.1.198, but the chances of that seem small, so hopefully it's fixed. I tried the reproduction steps at least 10 times on 3.1.198 without any errors.


## Version information

### Windows (problems)
Xamarin 3.0.56 (beta channel)

### Mac (problems)
Xamarin.Android 4.12.4 and 4.12.5

### Mac, iOS app (NO problems)
Xamarin.iOS 7.2.3.39

### Windows (NO problems)
Xamarin 3.1.198 (alpha channel)


## Probable duplicate bug
https://bugzilla.xamarin.com/show_bug.cgi?id=20316


## Possible duplicate bugs, but in desktop Mono
https://bugzilla.xamarin.com/show_bug.cgi?id=20167
https://bugzilla.xamarin.com/show_bug.cgi?id=20026

Both of these bugs include the same kind of corrupted hash algorithm values as seen in the results below. *But* I was *not* able to reproduce the problem in desktop Mono, even after adjusting my network connection to a "bad" setting via Apple's Network Link Conditioner preference pane.


If it turns out these really _are_ related, then there are at least two more bugs from desktop Mono that could also be related:
https://bugzilla.xamarin.com/show_bug.cgi?id=19010
https://bugzilla.xamarin.com/show_bug.cgi?id=18224



## Steps to reproduce

1. Build the attached test case, and debug it on device.

2. Tap the "Run requests" button.



## Results

Occasionally the requests will run without error, but usually the application will produce one or more of the following exceptions. Some are just printed to the Application Output and do not cause a crash, while others are caught as unhandled exceptions and force the program to exit.


### "Unsupported hash algorithm"

> ERROR building certificate chain: System.ArgumentException: certificate ---> System.Security.Cryptography.CryptographicException: Unsupported hash algorithm: 1..840.113549.1.1.5
>   at Mono.Security.Cryptography.PKCS1.HashNameFromOid (System.String oid, Boolean throwOnError) [0x00000] in <filename unknown>:0 
>   at Mono.Security.X509.X509Certificate.VerifySignature (System.Security.Cryptography.RSA rsa) [0x00000] in <filename unknown>:0 
>   at Mono.Security.X509.X509Certificate.VerifySignature (System.Security.Cryptography.AsymmetricAlgorithm aa) [0x00000] in <filename unknown>:0 
>   at System.Security.Cryptography.X509Certificates.X509Chain.IsSignedWith (System.Security.Cryptography.X509Certificates.X509Certificate2 signed, System.Security.Cryptography.AsymmetricAlgorithm pubkey) [0x00000] in <filename unknown>:0 
>   at System.Security.Cryptography.X509Certificates.X509Chain.Process (Int32 n) [0x00000] in <filename unknown>:0 
>   at System.Security.Cryptography.X509Certificates.X509Chain.ValidateChain (X509ChainStatusFlags flag) [0x00000] in <filename unknown>:0 
>   at System.Security.Cryptography.X509Certificates.X509Chain.Build (System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) [0x00000] in <filename unknown>:0 
>   --- End of inner exception stack trace ---
>   at System.Security.Cryptography.X509Certificates.X509Chain.Build (System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) [0x00000] in <filename unknown>:0 
>   at System.Net.ServicePointManager+ChainValidationHelper.ValidateChain (Mono.Security.X509.X509CertificateCollection certs) [0x00000] in <filename unknown>:0 


The number after "unsupported hash algorithm" can be any kind of corrupted value. Here are a few examples:

1.1.140.113549.1.1.5
1.2.150.113549.1.1.5
1.2.840.111149.1.1.5
1.2.840.113549.1.5.5
1.2.840.113549.1.8401.1
1.2.840.113549.1135491.1.5
1.2.840.113549.2.1.5
1.2.840.513549.1.1.5
2.2.840.113549.1.1.5
8.2.840.113549.1.1.5
11.2.840.111135.1.1.5


### "Unable to decode public key" due to null DSA property in the certificate

> ERROR building certificate chain: System.ArgumentException: certificate ---> System.Security.Cryptography.CryptographicException: Unable to decode public key. ---> System.NullReferenceException: Object reference not set to an instance of an object
>   at System.Security.Cryptography.X509Certificates.PublicKey..ctor (Mono.Security.X509.X509Certificate certificate) [0x000e0] in /Users/builder/data/lanes/monodroid-mlion-monodroid-4.12-series/41933531/source/mono/mcs/class/System/System.Security.Cryptography.X509Certificates/PublicKey.cs:108 
>   at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PublicKey () [0x00021] in /Users/builder/data/lanes/monodroid-mlion-monodroid-4.12-series/41933531/source/mono/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2.cs:266 
>   --- End of inner exception stack trace ---
>   at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PublicKey () [0x00043] in /Users/builder/data/lanes/monodroid-mlion-monodroid-4.12-series/41933531/source/mono/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Certificate2.cs:270 
>   at System.Security.Cryptography.X509Certificates.X509Chain.ValidateChain (X509ChainStatusFlags flag) [0x0004f] in /Users/builder/data/lanes/monodroid-mlion-monodroid-4.12-series/41933531/source/mono/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Chain.cs:501 
>   at System.Security.Cryptography.X509Certificates.X509Chain.Build (System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) [0x0001f] in /Users/builder/data/lanes/monodroid-mlion-monodroid-4.12-series/41933531/source/mono/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Chain.cs:120 
>   --- End of inner exception stack trace ---
>   at System.Security.Cryptography.X509Certificates.X509Chain.Build (System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) [0x0002c] in /Users/builder/data/lanes/monodroid-mlion-monodroid-4.12-series/41933531/source/mono/mcs/class/System/System.Security.Cryptography.X509Certificates/X509Chain.cs:123 
>   at System.Net.ServicePointManager+ChainValidationHelper.ValidateChain (Mono.Security.X509.X509CertificateCollection certs) [0x0009f] in /Users/builder/data/lanes/monodroid-mlion-monodroid-4.12-series/41933531/source/mono/mcs/class/System/System.Net/ServicePointManager.cs:452 


### "Input data cannot be coded as a valid certificate"

> UNHANDLED EXCEPTION: System.Net.WebException: Error: SendFailure (Error writing headers) ---> System.Net.WebException: Error writing headers ---> System.IO.IOException: The authentication or decryption has failed. ---> System.Security.Cryptography.CryptographicException: Input data cannot be coded as a valid certificate. ---> System.IndexOutOfRangeException: Array index is out of range.
>   at System.NumberFormatter.FastAppendDigits (Int32 val, Boolean force) [0x00000] in <filename unknown>:0 
>   at System.NumberFormatter.FastIntegerToString (Int32 value, IFormatProvider fp) [0x00000] in <filename unknown>:0 
>   at System.NumberFormatter.NumberToString (UInt64 value, IFormatProvider fp) [0x00000] in <filename unknown>:0 
>   at System.UInt64.ToString (IFormatProvider provider) [0x00000] in <filename unknown>:0 
>   at Mono.Security.ASN1Convert.ToOid (Mono.Security.ASN1 asn1) [0x00000] in <filename unknown>:0 
>   at Mono.Security.X509.X509Certificate.Parse (System.Byte[] data) [0x00000] in <filename unknown>:0 
[snip]


### "Invalid certificate received from server"

> UNHANDLED EXCEPTION: System.Net.WebException: Error: SendFailure (Error writing headers) ---> System.Net.WebException: Error writing headers ---> System.IO.IOException: The authentication or decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: Invalid certificate received from server. Error code: 0xffffffff800b0106
>   at Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.RemoteValidation (Mono.Security.Protocol.Tls.ClientContext context, AlertDescription description) [0x00000] in <filename unknown>:0 
>   at Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.validateCertificates (Mono.Security.X509.X509CertificateCollection certificates) [0x00000] in <filename unknown>:0 
>   at Mono.Security.Protocol.Tls.Handshake.Client.TlsServerCertificate.ProcessAsTls1 () [0x00000] in <filename unknown>:0 
>   at Mono.Security.Protocol.Tls.Handshake.HandshakeMessage.Process () [0x00000] in <filename unknown>:0 
>   at Mono.Security.Protocol.Tls.ClientRecordProtocol.ProcessHandshakeMessage (Mono.Security.Protocol.Tls.TlsStream handMsg) [0x00000] in <filename unknown>:0 
>   at Mono.Security.Protocol.Tls.RecordProtocol.InternalReceiveRecordCallback (IAsyncResult asyncResult) [0x00000] in <filename unknown>:0 
[snip]

This looks similar to the stack trace from bug #16947.
Comment 1 Brendan Zagaeski (Xamarin Team, assistant) 2014-06-17 23:01:04 UTC
Created attachment 7101 [details]
Full stack trace from "Input data cannot be coded" exception
Comment 2 Brendan Zagaeski (Xamarin Team, assistant) 2014-06-17 23:01:45 UTC
Created attachment 7102 [details]
Full stack trace from "Invalid certificate received" exception
Comment 4 Ram Chandra 2014-06-18 06:42:32 UTC
I have checked this issue with attached sample and I am able to reproduce this issue.

Steps to reproduce

1. Open the attached sample on XS
2. Press the "Run request" button
3. Exception will be display on "application output" window.

When I deploy the attached project some times I am not getting any exception but some XS writes different type of exception(mentioned below) on "application output".Most frequent exception is "Unsupported hash algorithm".

Case1. "Unsupported hash algorithm"
Stack Trace: https://gist.github.com/saurabh360/a9f635aa389864e42443

Case2. "Input data cannot be coded as a valid certificate"
Stack Trace: https://gist.github.com/saurabh360/7da0bb29760234e4e3e7

Case3. "Unable to decode public key."
Stack Trace: https://gist.github.com/saurabh360/13bef22c2294ad9afd99

Case4: "The server stopped the handshake."
Stack Trace: https://gist.github.com/saurabh360/4ea2dd78a38defcb07cb

Environment Info

=== Xamarin Studio ===

Version 5.0.1 (build 3)
Installation UUID: 6ea47b0d-1852-4aaf-808d-373ff0a5002b
Runtime:
	Mono 3.4.0 ((no/63569a7)
	GTK+ 2.24.23 (Raleigh theme)

	Package version: 304000205

=== Apple Developer Tools ===

Xcode 5.1 (5084)
Build 5B130a

=== Xamarin.Android ===

Version: 4.12.4 (Trial Edition)
Android SDK: /Users/jatin66/Desktop/Backup/android-sdk-macosx
	Supported Android versions:
		1.6   (API level 4)
		2.1   (API level 7)
		2.2   (API level 8)
		2.3   (API level 10)
		3.1   (API level 12)
		3.2   (API level 13)
		4.0   (API level 14)
		4.0.3 (API level 15)
		4.1   (API level 16)
		4.2   (API level 17)
		4.3   (API level 18)
		4.4   (API level 19)
Java SDK: /usr
java version "1.7.0_25"
Java(TM) SE Runtime Environment (build 1.7.0_25-b15)
Java HotSpot(TM) 64-Bit Server VM (build 23.25-b01, mixed mode)

=== Xamarin.iOS ===

Version: 7.2.3.39 (Trial Edition)
Hash: fc6f56b
Branch: 
Build date: 2014-05-19 19:10:29-0400

=== Xamarin.Mac ===

Xamarin.Mac: 1.8.0.8

=== Build Information ===

Release ID: 500010003
Git revision: f94ee866936d25105704eb63728ad5a981eda0a4
Build date: 2014-06-04 12:19:12-04
Xamarin addins: 1a6044e8321ea07e03a56b5381951686c82fed8b

=== Operating System ===

Mac OS X 10.9.2
Darwin Jatin66s-iMac.local 13.1.0 Darwin Kernel Version 13.1.0
    Thu Jan 16 19:40:37 PST 2014
    root:xnu-2422.90.20~2/RELEASE_X86_64 x86_64
Comment 5 Marek Habersack 2014-07-10 09:05:13 UTC
I can't reproduce any of the issues mentioned above. I tried with the tip of master and all of the tests always succeed. It appears the bug has been fixed as a by-product of another fix.