Bug 53860 - Decryption sometimes return a bad result when running it in a multi-threaded manner.
Summary: Decryption sometimes return a bad result when running it in a multi-threaded ...
Status: RESOLVED INVALID
Alias: None
Product: Class Libraries
Classification: Mono
Component: System.Security ()
Version: master
Hardware: All All
: --- normal
Target Milestone: Untriaged
Assignee: Katelyn Gadd
URL:
Depends on:
Blocks:
 
Reported: 2017-03-23 14:53 UTC by Mathieu Morrissette
Modified: 2017-04-20 15:56 UTC (History)
2 users (show)

Tags:
Is this bug a regression?: ---
Last known good build:


Attachments
Project to reproduce the issue. (It's a xamarin.ios project) (12.19 KB, application/zip)
2017-03-23 14:53 UTC, Mathieu Morrissette
Details


Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report on GitHub or Developer Community with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:
Status:
RESOLVED INVALID

Description Mathieu Morrissette 2017-03-23 14:53:23 UTC
Created attachment 20760 [details]
Project to reproduce the issue. (It's a xamarin.ios project)

Hi,

When decrypting many strings in a multi-threaded manner using a TripleDESCryptoServiceProvider. Some of them are not decrypted correctly. I tested the code on windows and I haven't been able to reproduce the issue.

I'm using the latest version of xamarin cycle 9 ( Everything stable ). I've included a test project ( xamarin.ios ) to reproduce the issue. It happens on both the simulator and a device.

=== Xamarin Studio Community ===

Version 6.2 (build 1829)
Installation UUID: 924d7cc2-484a-44fb-ae6d-8ae6e20572d9
Runtime:
	Mono 4.8.0 (mono-4.8.0-branch/e4a3cf3) (64-bit)
	GTK+ 2.24.23 (Raleigh theme)

	Package version: 408000495

=== NuGet ===

Version: 3.5.0.0

=== Xamarin.Profiler ===

Version: 1.2.1
Location: /Applications/Xamarin Profiler.app/Contents/MacOS/Xamarin Profiler

=== Apple Developer Tools ===

Xcode 8.2.1 (11766.1)
Build 8C1002

=== Xamarin.iOS ===

Version: 10.4.0.128 (Xamarin Studio Community)
Hash: ba11e48
Branch: cycle9
Build date: 2017-03-10 08:48:04-0500

=== Xamarin Android Player ===

Not Installed

=== Xamarin.Mac ===

Version: 3.0.0.398 (Xamarin Studio Community)

=== Xamarin Inspector ===

Version: 1.1.2.0
Hash: cdc01b9
Branch: 1.1-release
Build date: Wed, 22 Feb 2017 23:24:11 GMT

=== Build Information ===

Release ID: 602001829
Git revision: 3a28108feb03a6384702c96ffc8c548121cdf37c
Build date: 2017-03-12 06:55:23-04
Xamarin addins: 295d27f8dcdde049a1807a76c888fc0a6557357d
Build lane: monodevelop-lion-cycle9

=== Operating System ===

Mac OS X 10.12.3
Darwin Macs-MacBook-Pro-2.local 16.4.0 Darwin Kernel Version 16.4.0
    Thu Dec 22 22:53:21 PST 2016
    root:xnu-3789.41.3~3/RELEASE_X86_64 x86_64
Comment 1 Katelyn Gadd 2017-04-19 00:55:37 UTC
Can you explain the purpose of all the retry logic and catch blocks in your test project? Is that just scaffolding you have to try to recover from failures in Mono that don't ever occur on Windows?
Comment 2 Katelyn Gadd 2017-04-19 03:04:32 UTC
I did some research and I don't believe your example code is valid - is it possible an error was introduced when you created the test project that doesn't exist in your real application? If so, please let me know and I can investigate this further.

The way the crypto API is being used in this test project is not correct because the triple DES provider and its encryptor/decryptor are not thread-safe. You can find information to this effect on MSDN:
https://msdn.microsoft.com/en-us/library/system.security.cryptography.tripledescryptoserviceprovider(v=vs.110).aspx
I have investigated and MSDN's information appears to be correct for both the Windows .NET Runtime and for Mono.

The right approach here is to have unique encryptor/decryptor instances for each thread. You could manage these using ThreadLocal<T> ( https://msdn.microsoft.com/en-us/library/dd642243(v=vs.110).aspx ) if you liked. Note that if you are using a non-ECB decryptor/encryptor this might not be enough, but since you're using ECB that should solve the problem for you.
Comment 3 Mathieu Morrissette 2017-04-20 15:56:07 UTC
Hi,

In our real app, we reuse the encryptor/decryptor for performance reason. We decrypt many thousands strings. I know that it is not thread safe but since it was working on a windows platform using .net. ( Never had any issues ). I assumed something was not working as intended in mono.