Fix random OpenSSL::Cipher::CipherErrors/iv argument errors

[bfreese]

This fixes defect in which encrypted_attributes state is shared across all instances due to shallow copy which causes random OpenSSL::Cipher::CipherErrors or iv argument errors during concurrent encrypts/decrypts under load.

An example (might need to increase thread count to replicate):

def concurrent_test(threads = 5)
  threads.times do
    Thread.new do
      begin
        2000.times do
          customer = Customer.new
          customer.ssn = '123456789'
          other_customer = Customer.new(encrypted_ssn: customer.encrypted_ssn, encrypted_ssn_iv: customer.encrypted_ssn_iv)
          customer.ssn = '555006666'
          other_customer.ssn
        end
      rescue => e
        puts "ERROR: #{e.inspect}"
      end
    end
  end
end

[amrocco]

@saghaulor Any reason this hasn't been merged in yet, outside of not having had the time? I believe this is also at the root of the issue being described here: #323

[amrocco]

@bfreese Has this solution been working well for you?

[bfreese]

@amrocco We have been running this code in production for the last 3 months and have not seen any errors.

[amrocco]

@bfreese This fix worked like a charm, thanks so much! You're a lifesaver.

I'm curious about how you debugged this issue and arrived at your solution?

[taltcher]

We are also experiencing the same issue, and receive periodic must specify an iv error. Do you have an estimation when the PR will be merged?

[mgerst]

We are experiencing this issue as well. Are there plans to cut a release soon (see also #348)? In the mean time has anyone had any luck safely running off master?

[bfreese]

We are experiencing this issue as well. Are there plans to cut a release soon (see also #348)? In the mean time has anyone had any luck safely running off master?

@mgerst We've been running off master in production for several months with no issues.

[ericrowley]

Does anyone know when they plan to get a release? We are still seeing this issue on our end.

[ayufan]

@saghaulor Do you plan to push a new tag with a new release including that fix? This seems to be critical (introducing data corruption) and breaking for multiple people (including us, GitLab) for multi-threaded environments.

[formigarafa]

FYI, This does not solve "must specify iv" error. See #344

[saghaulor]

I'll try to push a release this weekend. I apologize for the long pause.

[snovity]

Would be nice to get this fix out, it is affecting our prod environment because we use sidekiq and threads.