Different behaviour between using-statement and using-declaration in C# 8.0

[kalaskarsanket]

---

Issue moved from microsoft/dotnet#1250

• Please respond to @Xenyr.

---

From @Xenyr on Tuesday, September 15, 2020 9:12:04 PM

The using-declaration suggests to be interpreted as a one-line alternative when using IDisposables inside a function, without functional deviations compared to the use of using-statements.
However, when it comes to the Aes-Class example displayed on https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.aes?view=netframework-4.8, exchanging the using-statements with using-declarations doesn't result in the same functionality, as tested on my side.

This applies e.g. to the EncryptStringToBytes_Aes function. It is implemented within the example as follows:

static byte[] EncryptStringToBytes_Aes(string plainText, byte[] Key, byte[] IV)
{
    // Check arguments.
    if (plainText == null || plainText.Length <= 0)
        throw new ArgumentNullException("plainText");
    if (Key == null || Key.Length <= 0)
        throw new ArgumentNullException("Key");
    if (IV == null || IV.Length <= 0)
        throw new ArgumentNullException("IV");
    byte[] encrypted;
    // Create an Aes object
    // with the specified key and IV.
    using (Aes aesAlg = Aes.Create())
    {
        aesAlg.Key = Key;
        aesAlg.IV = IV;

        // Create an encryptor to perform the stream transform.
        ICryptoTransform encryptor = aesAlg.CreateEncryptor(aesAlg.Key, aesAlg.IV);

        // Create the streams used for encryption.
        using (MemoryStream msEncrypt = new MemoryStream())
        {
            using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
            {
                using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))
                {
                    // Write all data to the stream.
                    swEncrypt.Write(plainText);
                }
                encrypted = msEncrypt.ToArray();
            }
        }
    }
    // Return the encrypted bytes from the memory stream.
    return encrypted;
}

In my opinion, this may be re-written in C# 8.0 as follows, which knowingly extends the resource lifetime of swEncrypt:

static byte[] EncryptStringToBytes_Aes(string plainText, byte[] Key, byte[] IV)
{
    // Check arguments.
    if (plainText == null || plainText.Length <= 0)
        throw new ArgumentNullException("plainText");
    if (Key == null || Key.Length <= 0)
        throw new ArgumentNullException("Key");
    if (IV == null || IV.Length <= 0)
        throw new ArgumentNullException("IV");
    byte[] encrypted;

    // Create an Aes object
    // with the specified key and IV.
    using Aes aesAlg = Aes.Create();
    aesAlg.Key = Key;
    aesAlg.IV = IV;

    // Create an encryptor to perform the stream transform.
    ICryptoTransform encryptor = aesAlg.CreateEncryptor(aesAlg.Key, aesAlg.IV);

    // Create the streams used for encryption.
    using MemoryStream msEncrypt = new MemoryStream();
    using CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write);
    using StreamWriter swEncrypt = new StreamWriter(csEncrypt);
    // Write all data to the stream.
    swEncrypt.Write(plainText);
    encrypted = msEncrypt.ToArray();

    // Return the encrypted bytes from the memory stream.
    return encrypted;
}

In the first variant, working with using-statements, the code writes the plain text to the stream writer, which then is encrypted being referenced by the crypto stream which itself is referenced by the memory stream. The byte array returned therefore contains the data as expected.
However, in the second variant, the memory stream is never updated. While the writing operation to the stream writer still seems to be working as expected (the char buffer of the stream is being updated accordingly), the crypto and memory stream always contain a buffer with a length of 0.
Interestingly, considering a third variant, the update of the buffer only fails if the life time of the swEncrypt parameter is being extended. For example, following code still works as expected:

static byte[] EncryptStringToBytes_Aes(string plainText, byte[] Key, byte[] IV)
{
    // Check arguments.
    if (plainText == null || plainText.Length <= 0)
        throw new ArgumentNullException("plainText");
    if (Key == null || Key.Length <= 0)
        throw new ArgumentNullException("Key");
    if (IV == null || IV.Length <= 0)
        throw new ArgumentNullException("IV");
    byte[] encrypted;

    // Create an Aes object
    // with the specified key and IV.
    using (Aes aesAlg = Aes.Create());
    aesAlg.Key = Key;
    aesAlg.IV = IV;

    // Create an encryptor to perform the stream transform.
    ICryptoTransform encryptor = aesAlg.CreateEncryptor(aesAlg.Key, aesAlg.IV);

    // Create the streams used for encryption.
    using MemoryStream msEncrypt = new MemoryStream();
    using CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write);
    using (StreamWriter swEncrypt = new StreamWriter(csEncrypt)) {
        // Write all data to the stream.
        swEncrypt.Write(plainText);
    }

    encrypted = msEncrypt.ToArray();
    // Return the encrypted bytes from the memory stream.
    return encrypted;
}

This fact also begs the question, if the issue mentioned might not rather be related to the earlier disposal of the swEncrypt variable when working with using-statements than to the usage of using-declarations themselves.

For a simplified reproducibility, here are my environment settings:
Project template: WPF App
Target framework: .NET Framework 4.8
Build platform: Any CPU with x86 preferred
Language version: C# 8.0
The stated function is called from an asynchronous context.

Is this a known issue, done purposely when using a CryptoStream to ensure security, or yet unknown?

[CyrusNajmabadi]

In my opinion, this may be re-written in C# 8.0 as follows,

Tihs is incorrect. Your rewritten form is equivalent to the broken code:

static byte[] EncryptStringToBytes_Aes(string plainText, byte[] Key, byte[] IV)
{
    // Check arguments.
    if (plainText == null || plainText.Length <= 0)
        throw new ArgumentNullException("plainText");
    if (Key == null || Key.Length <= 0)
        throw new ArgumentNullException("Key");
    if (IV == null || IV.Length <= 0)
        throw new ArgumentNullException("IV");
    byte[] encrypted;

    // Create an Aes object
    // with the specified key and IV.
    using (Aes aesAlg = Aes.Create())
    {
      aesAlg.Key = Key;
      aesAlg.IV = IV;

      // Create an encryptor to perform the stream transform.
      ICryptoTransform encryptor = aesAlg.CreateEncryptor(aesAlg.Key, aesAlg.IV);

      // Create the streams used for encryption.
      using (MemoryStream msEncrypt = new MemoryStream())
      using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
      using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))
      {
        // Write all data to the stream.
        swEncrypt.Write(plainText);
        encrypted = msEncrypt.ToArray();

       // Return the encrypted bytes from the memory stream.
      return encrypted;
    }
  }
}

Hopefully now you can see why your converted form is not correct.