System.Security.Cryptography.CryptographicException; bug in .NET 1.1 ?

[andrew]

Hi,
I have a web service application written in C# .NET 1.1 using
MD5CryptoServiceProvider.ComputeHash(Byte[])

The problem is that after a while(web service processes requests) the call
throws CryptographicException "the parameter is incorrect"

Here's the stack trace:

System.Security.Cryptography.CryptographicException: The parameter is
incorrect.

at System.Security.Cryptography.MD5CryptoServiceProvider._HashData(IntPtr
hHash, Byte[] rgbData, Int32 ibStart, Int32 cbSize)

at System.Security.Cryptography.MD5CryptoServiceProvider.HashCore(Byte[]
rgb, Int32 ibStart, Int32 cbSize)

at System.Security.Cryptography.HashAlgorithm.ComputeHash(Byte[] buffer)



I googled a bit and I found similar (at least the same exception appearing
after a while for no reason) but I also found a KB link:

http://support.microsoft.com/kb/922542

but this is related to BizTalk and the condition that "The .NET assembly
uses the HashMembershipCondition class in the System.Security.Policy
namespace.".

The question is if this is a known bug or something else might happen ?

The code is just a simple singleton class with static data:



public class Encryption

{

static protected MD5CryptoServiceProvider md5;

public static byte[] EncryptionKey = new byte[] { ... };

public static byte[] EncryptionIV = new byte[] { ... };

static Encryption()

{

// Initialize objects

// md5 is used for generating hashes

md5 = new MD5CryptoServiceProvider();

}

static public string Hash(byte[] content)

{

// Compute hash

byte[] rawHash = md5.ComputeHash(content);
<------------------- throws exception

// Convert to base 64

string hash = Convert.ToBase64String(rawHash);

return hash;

}



Thank you.

 

[Jon Skeet [C# MVP]]

I have a web service application written in C# .NET 1.1 using
MD5CryptoServiceProvider.ComputeHash(Byte[])

The problem is that after a while(web service processes requests) the call
throws CryptographicException "the parameter is incorrect"

Can you produce a short but complete program which demonstrates the
problem?
Your code doesn't show what content you're trying to pass it - a null
reference, for example.

Jon

 

[andrew]

I forgot to mention that Im using ASP.NET 1.1.4322 and .NET 1.1 SP1

Meanwhile i found this old KB also: http://support.microsoft.com/kb/319014
but it says it applies to ASP .NET 1.0 i think it should be fixed now.

 

[andrew]

When the exception is thrown, I stepped into the debugger and the data is
valid.
As I said, the code runs fine but after a while it throws at each call the
CryptographicException.

I have a web service application written in C# .NET 1.1 using
MD5CryptoServiceProvider.ComputeHash(Byte[])

The problem is that after a while(web service processes requests) the
call
throws CryptographicException "the parameter is incorrect"

Can you produce a short but complete program which demonstrates the
problem?
Your code doesn't show what content you're trying to pass it - a null
reference, for example.

Jon

 

[Jon Skeet [C# MVP]]

When the exception is thrown, I stepped into the debugger and the data is
valid.
As I said, the code runs fine but after a while it throws at each call the
CryptographicException.

Does this only occur under heavy load?

You might try serializing the calls to the hashing - use a lock around
the call. If it's due to a race condition, that could sort it out.

Jon

 

[andrew]

I cannot say if its really a heavy load. It happens after some time.
I start 4 test client applications each one making requests on the web
service. The web service code includes that cryptographic class.

I cant say this is heavy load. If this is not working here, on programming
stage, it sure wont work on the production.

Meanwhile i found a similar post from some time ago about the same problem
on .NET 1.1
http://www.derkeiler.com/Newsgroups/microsoft.public.dotnet.security/2003-08/0260.html
The guy says this problem can be reproduced. It appears after a large number
of encryption.

A simple fix would be as suggested in the post to recreate the object (it
seems that it had the same behaviour as mine, reusing the provider
instance).

need to know if this a true known bug on .NET 1.1 because I want to
actually know the cause.

thanks.

 

[Jon Skeet [C# MVP]]

A simple fix would be as suggested in the post to recreate the object (it
seems that it had the same behaviour as mine, reusing the provider
instance).

need to know if this a true known bug on .NET 1.1 because I want to
actually know the cause.

Well, the KB article referred to in the original post suggested that
it was indeed a bug in .NET 1.1, a race condition in the hashing
object.

Jon

 

[andrew]

The KB article had some requirements in order for the bug to be applicable.
One which my code does not meet:

"The .NET assembly uses the HashMembershipCondition class in the
System.Security.Policy namespace."

Is there a place (online resource) with all known recognized by MS .NET bugs
?

 

[Jon Skeet [C# MVP]]

The KB article had some requirements in order for the bug to be applicable.

Well, when applied to BizTalk, yes.

One which my code does not meet:

"The .NET assembly uses the HashMembershipCondition class in the
System.Security.Policy namespace."

I suspect that's only when the method of discovery of the bug is
BizTalk.

Is there a place (online resource) with all known recognized by MS .NET bugs
?

Not that I know of. connect.microsoft.com is a place to search and
report bugs, but it won't have all of them.

Jon