Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Some Cryptography tests fail on RHEL 9 arm64. #64816

Closed
tmds opened this issue Feb 4, 2022 · 7 comments
Closed

Some Cryptography tests fail on RHEL 9 arm64. #64816

tmds opened this issue Feb 4, 2022 · 7 comments
Labels
area-System.Security untriaged New issue has not been triaged by the area owner

Comments

@tmds
Copy link
Member

tmds commented Feb 4, 2022
edited
Loading

ExtraAttributes_WeirdXMLNS and TestKeyTransEncryptedKey_RsaAlgorithms fail on RHEL 9 arm64.

The tests passed on our CI machine against c12bea8 and fail against 8b94165 so it may be a recent regression.

  • ExtraAttributes_WeirdXMLNS failure:
<test name="System.Security.Cryptography.Xml.Tests.Signature_ArbitraryElements.ExtraAttributes_WeirdXMLNS" type="System.Security.Cryptography.Xml.Tests.Signature_ArbitraryElements" method="ExtraAttributes_WeirdXMLNS" time="0.0779715" result="Fail">
  <failure exception-type="System.Security.Cryptography.CryptographicException">
    <message><![CDATA[System.Security.Cryptography.CryptographicException : An error occurred parsing the Modulus and Exponent elements\n---- Interop+Crypto+OpenSslCryptographicException : error:03000072:digital envelope routines::decode error]]></message>
    <stack-trace><![CDATA[   at System.Security.Cryptography.Xml.RSAKeyValue.LoadXml(XmlElement value) in /home/tester/runtime/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/RSAKeyValue.cs:line 128
   at System.Security.Cryptography.Xml.KeyInfo.LoadXml(XmlElement value) in /home/tester/runtime/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/KeyInfo.cs:line 104
   at System.Security.Cryptography.Xml.Signature.LoadXml(XmlElement value) in /home/tester/runtime/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/Signature.cs:line 190
   at System.Security.Cryptography.Xml.SignedXml.LoadXml(XmlElement value) in /home/tester/runtime/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/SignedXml.cs:line 219
   at System.Security.Cryptography.Xml.Tests.Helpers.VerifyCryptoExceptionOnLoad(String xml, Boolean loadXmlThrows) in /home/tester/runtime/src/libraries/System.Security.Cryptography.Xml/tests/SignedXml_Helpers.cs:line 24
   at System.Security.Cryptography.Xml.Tests.Signature_ArbitraryElements.ExtraAttributes_WeirdXMLNS() in /home/tester/runtime/src/libraries/System.Security.Cryptography.Xml/tests/Signature_ArbitraryElements.cs:line 43
----- Inner Stack Trace -----
   at Interop.Crypto.DecodeSubjectPublicKeyInfo(ReadOnlySpan`1 source, EvpAlgorithmId algorithmId) in /home/tester/runtime/src/libraries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.EvpPkey.cs:line 78
   at System.Security.Cryptography.RSAOpenSsl.ImportSubjectPublicKeyInfo(ReadOnlySpan`1 source, Boolean checkAlgorithm, Int32& bytesRead) in /home/tester/runtime/src/libraries/Common/src/System/Security/Cryptography/RSAOpenSsl.cs:line 551
   at System.Security.Cryptography.RSAOpenSsl.ImportParameters(RSAParameters parameters) in /home/tester/runtime/src/libraries/Common/src/System/Security/Cryptography/RSAOpenSsl.cs:line 482
   at System.Security.Cryptography.RSAWrapper.ImportParameters(RSAParameters parameters) in /home/tester/runtime/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/RSAWrapper.cs:line 49
   at System.Security.Cryptography.Xml.RSAKeyValue.LoadXml(XmlElement value) in /home/tester/runtime/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/RSAKeyValue.cs:line 120]]></stack-trace>
  </failure>
</test>
  • TestKeyTransEncryptedKey_RsaAlgorithms failure:
<test name="System.Security.Cryptography.Pkcs.EnvelopedCmsTests.Tests.KeyTransRecipientInfoRsaPaddingModeTests.TestKeyTransEncryptedKey_RsaAlgorithms(encryptionPadding: null, expectedOid: \&quot;1.2.840.113549.1.1.1\&quot;, expectedParameters: [])" type="System.Security.Cryptography.Pkcs.EnvelopedCmsTests.Tests.KeyTransRecipientInfoRsaPaddingModeTests" method="TestKeyTransEncryptedKey_RsaAlgorithms" time="0.0520013" result="Fail">
  <failure exception-type="Interop+Crypto+OpenSslCryptographicException">
    <message><![CDATA[Interop+Crypto+OpenSslCryptographicException : error:03000072:digital envelope routines::decode error]]></message>
    <stack-trace><![CDATA[   at Interop.Crypto.DecodeSubjectPublicKeyInfo(ReadOnlySpan`1 source, EvpAlgorithmId algorithmId) in /home/tester/runtime/src/libraries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.EvpPkey.cs:line 78
   at System.Security.Cryptography.RSAOpenSsl.ImportSubjectPublicKeyInfo(ReadOnlySpan`1 source, Boolean checkAlgorithm, Int32& bytesRead) in /home/tester/runtime/src/libraries/Common/src/System/Security/Cryptography/RSAOpenSsl.cs:line 551
   at System.Security.Cryptography.RSAOpenSsl.ImportRSAPublicKey(ReadOnlySpan`1 source, Int32& bytesRead) in /home/tester/runtime/src/libraries/Common/src/System/Security/Cryptography/RSAOpenSsl.cs:line 516
   at System.Security.Cryptography.X509Certificates.OpenSslX509Encoder.BuildRsaPublicKey(Byte[] encodedData) in /home/tester/runtime/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/OpenSslX509Encoder.cs:line 269
   at System.Security.Cryptography.X509Certificates.OpenSslX509Encoder.DecodePublicKey(Oid oid, Byte[] encodedKeyValue, Byte[] encodedParameters, ICertificatePal certificatePal) in /home/tester/runtime/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/OpenSslX509Encoder.cs:line 36
   at System.Security.Cryptography.X509Certificates.CertificateExtensionsCommon.GetPublicKey[T](X509Certificate2 certificate, Predicate`1 matchesConstraints) in /home/tester/runtime/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/CertificateExtensionsCommon.cs:line 32
   at System.Security.Cryptography.X509Certificates.RSACertificateExtensions.GetRSAPublicKey(X509Certificate2 certificate) in /home/tester/runtime/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/RSACertificateExtensions.cs:line 19
   at Internal.Cryptography.Pal.AnyOS.ManagedPkcsPal.MakeKtri(Byte[] cek, CmsRecipient recipient, Boolean& v0Recipient) in /home/tester/runtime/src/libraries/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Pal/AnyOS/ManagedPal.KeyTrans.cs:line 171
   at Internal.Cryptography.Pal.AnyOS.ManagedPkcsPal.Encrypt(CmsRecipientCollection recipients, ContentInfo contentInfo, AlgorithmIdentifier contentEncryptionAlgorithm, X509Certificate2Collection originatorCerts, CryptographicAttributeObjectCollection unprotectedAttributes, Byte[] encryptedContent, Byte[] cek, Byte[] parameterBytes) in /home/tester/runtime/src/libraries/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Pal/AnyOS/ManagedPal.Encrypt.cs:line 112
   at Internal.Cryptography.Pal.AnyOS.ManagedPkcsPal.Encrypt(CmsRecipientCollection recipients, ContentInfo contentInfo, AlgorithmIdentifier contentEncryptionAlgorithm, X509Certificate2Collection originatorCerts, CryptographicAttributeObjectCollection unprotectedAttributes) in /home/tester/runtime/src/libraries/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Pal/AnyOS/ManagedPal.Encrypt.cs:line 36
   at System.Security.Cryptography.Pkcs.EnvelopedCms.Encrypt(CmsRecipientCollection recipients) in /home/tester/runtime/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/EnvelopedCms.cs:line 109
   at System.Security.Cryptography.Pkcs.EnvelopedCms.Encrypt(CmsRecipient recipient) in /home/tester/runtime/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/EnvelopedCms.cs:line 92
   at System.Security.Cryptography.Pkcs.EnvelopedCmsTests.Tests.KeyTransRecipientInfoRsaPaddingModeTests.EncodeKeyTransl_Rsa2048(RSAEncryptionPadding encryptionPadding, CertLoader loader) in /home/tester/runtime/src/libraries/System.Security.Cryptography.Pkcs/tests/EnvelopedCms/KeyTransRecipientInfoRsaPaddingModeTests.cs:line 72
   at System.Security.Cryptography.Pkcs.EnvelopedCmsTests.Tests.KeyTransRecipientInfoRsaPaddingModeTests.TestKeyTransEncryptedKey_RsaAlgorithms(RSAEncryptionPadding encryptionPadding, String expectedOid, Byte[] expectedParameters) in /home/tester/runtime/src/libraries/System.Security.Cryptography.Pkcs/tests/EnvelopedCms/KeyTransRecipientInfoRsaPaddingModeTests.cs:line 21]]></stack-trace>
  </failure>
</test>

cc @bartonjs @vcsjones
@dotnet-issue-labeler dotnet-issue-labeler bot added area-System.Security untriaged New issue has not been triaged by the area owner labels Feb 4, 2022
@ghost
Copy link

ghost commented Feb 4, 2022

Tagging subscribers to this area: @dotnet/area-system-security, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

ExtraAttributes_WeirdXMLNS and TestKeyTransEncryptedKey_RsaAlgorithms fail on RHEL 9 arm64.

The test passed on our CI machine against c12bea8 and fail against 8b94165 so it may be a recent regression.

  • ExtraAttributes_WeirdXMLNS failure:
<test name="System.Security.Cryptography.Xml.Tests.Signature_ArbitraryElements.ExtraAttributes_WeirdXMLNS" type="System.Security.Cryptography.Xml.Tests.Signature_ArbitraryElements" method="ExtraAttributes_WeirdXMLNS" time="0.0779715" result="Fail">
  <failure exception-type="System.Security.Cryptography.CryptographicException">
    <message><![CDATA[System.Security.Cryptography.CryptographicException : An error occurred parsing the Modulus and Exponent elements\n---- Interop+Crypto+OpenSslCryptographicException : error:03000072:digital envelope routines::decode error]]></message>
    <stack-trace><![CDATA[   at System.Security.Cryptography.Xml.RSAKeyValue.LoadXml(XmlElement value) in /home/tester/runtime/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/RSAKeyValue.cs:line 128
   at System.Security.Cryptography.Xml.KeyInfo.LoadXml(XmlElement value) in /home/tester/runtime/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/KeyInfo.cs:line 104
   at System.Security.Cryptography.Xml.Signature.LoadXml(XmlElement value) in /home/tester/runtime/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/Signature.cs:line 190
   at System.Security.Cryptography.Xml.SignedXml.LoadXml(XmlElement value) in /home/tester/runtime/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/SignedXml.cs:line 219
   at System.Security.Cryptography.Xml.Tests.Helpers.VerifyCryptoExceptionOnLoad(String xml, Boolean loadXmlThrows) in /home/tester/runtime/src/libraries/System.Security.Cryptography.Xml/tests/SignedXml_Helpers.cs:line 24
   at System.Security.Cryptography.Xml.Tests.Signature_ArbitraryElements.ExtraAttributes_WeirdXMLNS() in /home/tester/runtime/src/libraries/System.Security.Cryptography.Xml/tests/Signature_ArbitraryElements.cs:line 43
----- Inner Stack Trace -----
   at Interop.Crypto.DecodeSubjectPublicKeyInfo(ReadOnlySpan`1 source, EvpAlgorithmId algorithmId) in /home/tester/runtime/src/libraries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.EvpPkey.cs:line 78
   at System.Security.Cryptography.RSAOpenSsl.ImportSubjectPublicKeyInfo(ReadOnlySpan`1 source, Boolean checkAlgorithm, Int32& bytesRead) in /home/tester/runtime/src/libraries/Common/src/System/Security/Cryptography/RSAOpenSsl.cs:line 551
   at System.Security.Cryptography.RSAOpenSsl.ImportParameters(RSAParameters parameters) in /home/tester/runtime/src/libraries/Common/src/System/Security/Cryptography/RSAOpenSsl.cs:line 482
   at System.Security.Cryptography.RSAWrapper.ImportParameters(RSAParameters parameters) in /home/tester/runtime/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/RSAWrapper.cs:line 49
   at System.Security.Cryptography.Xml.RSAKeyValue.LoadXml(XmlElement value) in /home/tester/runtime/src/libraries/System.Security.Cryptography.Xml/src/System/Security/Cryptography/Xml/RSAKeyValue.cs:line 120]]></stack-trace>
  </failure>
</test>
  • TestKeyTransEncryptedKey_RsaAlgorithms failure:
<test name="System.Security.Cryptography.Pkcs.EnvelopedCmsTests.Tests.KeyTransRecipientInfoRsaPaddingModeTests.TestKeyTransEncryptedKey_RsaAlgorithms(encryptionPadding: null, expectedOid: \&quot;1.2.840.113549.1.1.1\&quot;, expectedParameters: [])" type="System.Security.Cryptography.Pkcs.EnvelopedCmsTests.Tests.KeyTransRecipientInfoRsaPaddingModeTests" method="TestKeyTransEncryptedKey_RsaAlgorithms" time="0.0520013" result="Fail">
  <failure exception-type="Interop+Crypto+OpenSslCryptographicException">
    <message><![CDATA[Interop+Crypto+OpenSslCryptographicException : error:03000072:digital envelope routines::decode error]]></message>
    <stack-trace><![CDATA[   at Interop.Crypto.DecodeSubjectPublicKeyInfo(ReadOnlySpan`1 source, EvpAlgorithmId algorithmId) in /home/tester/runtime/src/libraries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.EvpPkey.cs:line 78
   at System.Security.Cryptography.RSAOpenSsl.ImportSubjectPublicKeyInfo(ReadOnlySpan`1 source, Boolean checkAlgorithm, Int32& bytesRead) in /home/tester/runtime/src/libraries/Common/src/System/Security/Cryptography/RSAOpenSsl.cs:line 551
   at System.Security.Cryptography.RSAOpenSsl.ImportRSAPublicKey(ReadOnlySpan`1 source, Int32& bytesRead) in /home/tester/runtime/src/libraries/Common/src/System/Security/Cryptography/RSAOpenSsl.cs:line 516
   at System.Security.Cryptography.X509Certificates.OpenSslX509Encoder.BuildRsaPublicKey(Byte[] encodedData) in /home/tester/runtime/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/OpenSslX509Encoder.cs:line 269
   at System.Security.Cryptography.X509Certificates.OpenSslX509Encoder.DecodePublicKey(Oid oid, Byte[] encodedKeyValue, Byte[] encodedParameters, ICertificatePal certificatePal) in /home/tester/runtime/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/OpenSslX509Encoder.cs:line 36
   at System.Security.Cryptography.X509Certificates.CertificateExtensionsCommon.GetPublicKey[T](X509Certificate2 certificate, Predicate`1 matchesConstraints) in /home/tester/runtime/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/CertificateExtensionsCommon.cs:line 32
   at System.Security.Cryptography.X509Certificates.RSACertificateExtensions.GetRSAPublicKey(X509Certificate2 certificate) in /home/tester/runtime/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/RSACertificateExtensions.cs:line 19
   at Internal.Cryptography.Pal.AnyOS.ManagedPkcsPal.MakeKtri(Byte[] cek, CmsRecipient recipient, Boolean& v0Recipient) in /home/tester/runtime/src/libraries/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Pal/AnyOS/ManagedPal.KeyTrans.cs:line 171
   at Internal.Cryptography.Pal.AnyOS.ManagedPkcsPal.Encrypt(CmsRecipientCollection recipients, ContentInfo contentInfo, AlgorithmIdentifier contentEncryptionAlgorithm, X509Certificate2Collection originatorCerts, CryptographicAttributeObjectCollection unprotectedAttributes, Byte[] encryptedContent, Byte[] cek, Byte[] parameterBytes) in /home/tester/runtime/src/libraries/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Pal/AnyOS/ManagedPal.Encrypt.cs:line 112
   at Internal.Cryptography.Pal.AnyOS.ManagedPkcsPal.Encrypt(CmsRecipientCollection recipients, ContentInfo contentInfo, AlgorithmIdentifier contentEncryptionAlgorithm, X509Certificate2Collection originatorCerts, CryptographicAttributeObjectCollection unprotectedAttributes) in /home/tester/runtime/src/libraries/System.Security.Cryptography.Pkcs/src/Internal/Cryptography/Pal/AnyOS/ManagedPal.Encrypt.cs:line 36
   at System.Security.Cryptography.Pkcs.EnvelopedCms.Encrypt(CmsRecipientCollection recipients) in /home/tester/runtime/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/EnvelopedCms.cs:line 109
   at System.Security.Cryptography.Pkcs.EnvelopedCms.Encrypt(CmsRecipient recipient) in /home/tester/runtime/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/EnvelopedCms.cs:line 92
   at System.Security.Cryptography.Pkcs.EnvelopedCmsTests.Tests.KeyTransRecipientInfoRsaPaddingModeTests.EncodeKeyTransl_Rsa2048(RSAEncryptionPadding encryptionPadding, CertLoader loader) in /home/tester/runtime/src/libraries/System.Security.Cryptography.Pkcs/tests/EnvelopedCms/KeyTransRecipientInfoRsaPaddingModeTests.cs:line 72
   at System.Security.Cryptography.Pkcs.EnvelopedCmsTests.Tests.KeyTransRecipientInfoRsaPaddingModeTests.TestKeyTransEncryptedKey_RsaAlgorithms(RSAEncryptionPadding encryptionPadding, String expectedOid, Byte[] expectedParameters) in /home/tester/runtime/src/libraries/System.Security.Cryptography.Pkcs/tests/EnvelopedCms/KeyTransRecipientInfoRsaPaddingModeTests.cs:line 21]]></stack-trace>
  </failure>
</test>

cc @bartonjs @vcsjones

Author: tmds
Assignees: -
Labels:

area-System.Security, untriaged
Milestone: -

@tmds
Copy link
Member Author

tmds commented Feb 4, 2022

The tests pass on x64.

@vcsjones
Copy link
Member

vcsjones commented Feb 4, 2022

That's interesting, because when I was looking at #63624 I was using ARM64 and didn't see those failures. I'll try to reproduce.

@vcsjones
Copy link
Member

vcsjones commented Feb 4, 2022

Hmmm. I cannot reproduce this on ARM64 Fedora 36 / Rawhide, specifically Linux fedora 5.16.0-60.fc36.aarch64.

I think my Rawhide build is a little old so I will try updating it.

@tmds
Copy link
Member Author

tmds commented Feb 4, 2022

Thanks for taking a look @vcsjones.

I launched a new build. All tests passed with 0a3531e.

Let's wait and see what the test results are in the coming week before investigating further.

@vcsjones
Copy link
Member

vcsjones commented Feb 4, 2022
edited
Loading

Let's wait and see what the test results are in the coming week before investigating further.

That'd be great because it appears I just got my Fedora 36 VM in an unbootable state. 😅 (entirely my fault)

@tmds
Copy link
Member Author

tmds commented Feb 16, 2022

I haven't seen these test failures again. I'm closing the ticket.

@tmds tmds closed this as completed Feb 16, 2022
@ghost ghost locked as resolved and limited conversation to collaborators Mar 18, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
area-System.Security untriaged New issue has not been triaged by the area owner
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vcsjones @tmds