System.Security.Cryptography.Cng.Tests.ECDsaCngPkcs8Tests.NoPlaintextExportAllowsEncryptedPkcs8 fails on Windows.Nano.1809.Amd64.Open

[buyaa-n]

Build Information

Build: https://dev.azure.com/dnceng-public/cbb18261-c48f-4abb-8651-8cdcb5474649/_build/results?buildId=403942
Build error leg or test failing: System.Security.Cryptography.Cng.Tests.ECDsaCngPkcs8Tests.NoPlaintextExportAllowsEncryptedPkcs8
Pull request: #91961

Error Message

Fill the error message using step by step known issues guidance.

{
  "ErrorMessage": "ASN1 corrupted data",
  "ErrorPattern": "",
  "BuildRetry": false,
  "ExcludeConsoleLog": false
}

From failure log:

    System.Security.Cryptography.Cng.Tests.ECDsaCngPkcs8Tests.NoPlaintextExportAllowsEncryptedPkcs8(algorithm: TripleDes3KeyPkcs12) [FAIL]
      System.Security.Cryptography.CryptographicException : ASN1 corrupted data.
      Stack Trace:
        /_/src/libraries/Common/src/System/Security/Cryptography/EccKeyFormatHelper.cs(149,0): at System.Security.Cryptography.EccKeyFormatHelper.FromECPrivateKey(ECPrivateKey key, AlgorithmIdentifierAsn& algId, ECParameters& ret)
        /_/src/libraries/Common/src/System/Security/Cryptography/CngPkcs8.cs(407,0): at System.Security.Cryptography.CngPkcs8.RewritePkcs8ECPrivateKeyWithZeroPublicKey(ReadOnlySpan`1 source)
        /_/src/libraries/Common/src/System/Security/Cryptography/CngPkcs8.cs(257,0): at System.Security.Cryptography.CngPkcs8.ImportEncryptedPkcs8PrivateKey(ReadOnlySpan`1 password, ReadOnlySpan`1 source, Int32& bytesRead)
        /_/src/libraries/Common/src/System/Security/Cryptography/ECDsaCng.ImportExport.cs(158,0): at System.Security.Cryptography.ECDsaCng.ImportEncryptedPkcs8PrivateKey(ReadOnlySpan`1 password, ReadOnlySpan`1 source, Int32& bytesRead)
        /_/src/libraries/System.Security.Cryptography.Cng/tests/CngPkcs8Tests.cs(66,0): at System.Security.Cryptography.Cng.Tests.CngPkcs8Tests`1.NoPlaintextExportAllowsEncryptedPkcs8(PbeEncryptionAlgorithm algorithm)
           at InvokeStub_CngPkcs8Tests`1.NoPlaintextExportAllowsEncryptedPkcs8(Object, Span`1)
           at System.Reflection.MethodBaseInvoker.InvokeWithOneArg(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)

Known issue validation

Build: 🔎 https://dev.azure.com/dnceng-public/public/_build/results?buildId=403942
Error message validated: ASN1 corrupted data
Result validation: ✅ Known issue matched with the provided build.
Validation performed at: 9/12/2023 11:23:57 PM UTC

Report

Summary

24-Hour Hit Count	7-Day Hit Count	1-Month Count
0	0	0

[ghost]

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

---

Build Information

Build: https://dev.azure.com/dnceng-public/cbb18261-c48f-4abb-8651-8cdcb5474649/_build/results?buildId=403942
Build error leg or test failing: System.Security.Cryptography.Cng.Tests.ECDsaCngPkcs8Tests.NoPlaintextExportAllowsEncryptedPkcs8
Pull request: #91961

Error Message

Fill the error message using step by step known issues guidance.

{
  "ErrorMessage": "ASN1 corrupted data",
  "ErrorPattern": "",
  "BuildRetry": false,
  "ExcludeConsoleLog": false
}

From failure log:

    System.Security.Cryptography.Cng.Tests.ECDsaCngPkcs8Tests.NoPlaintextExportAllowsEncryptedPkcs8(algorithm: TripleDes3KeyPkcs12) [FAIL]
      System.Security.Cryptography.CryptographicException : ASN1 corrupted data.
      Stack Trace:
        /_/src/libraries/Common/src/System/Security/Cryptography/EccKeyFormatHelper.cs(149,0): at System.Security.Cryptography.EccKeyFormatHelper.FromECPrivateKey(ECPrivateKey key, AlgorithmIdentifierAsn& algId, ECParameters& ret)
        /_/src/libraries/Common/src/System/Security/Cryptography/CngPkcs8.cs(407,0): at System.Security.Cryptography.CngPkcs8.RewritePkcs8ECPrivateKeyWithZeroPublicKey(ReadOnlySpan`1 source)
        /_/src/libraries/Common/src/System/Security/Cryptography/CngPkcs8.cs(257,0): at System.Security.Cryptography.CngPkcs8.ImportEncryptedPkcs8PrivateKey(ReadOnlySpan`1 password, ReadOnlySpan`1 source, Int32& bytesRead)
        /_/src/libraries/Common/src/System/Security/Cryptography/ECDsaCng.ImportExport.cs(158,0): at System.Security.Cryptography.ECDsaCng.ImportEncryptedPkcs8PrivateKey(ReadOnlySpan`1 password, ReadOnlySpan`1 source, Int32& bytesRead)
        /_/src/libraries/System.Security.Cryptography.Cng/tests/CngPkcs8Tests.cs(66,0): at System.Security.Cryptography.Cng.Tests.CngPkcs8Tests`1.NoPlaintextExportAllowsEncryptedPkcs8(PbeEncryptionAlgorithm algorithm)
           at InvokeStub_CngPkcs8Tests`1.NoPlaintextExportAllowsEncryptedPkcs8(Object, Span`1)
           at System.Reflection.MethodBaseInvoker.InvokeWithOneArg(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)

Author:	buyaa-n
Assignees:	-
Labels:	area-System.Security, blocking-clean-ci, Known Build Error
Milestone:	-

[adamsitnik]

@vcsjones could it be a product bug?

[vcsjones]

I'll take a look in the next few days.

[vcsjones]

This falls in to the "I don't see how this can happen" unless a Win32 API did something particularly strange. Given that this has failed once, and it was on Windows Nano, I am inclined to believe we will have a hard time reproducing it.

I only single out Windows Nano because the Crypto APIs tend to fall over when they are resource starved which we've observed happens more commonly in CI.

We can wait until the error ages out of the 1-month bucket to see if it occurs again.

[adamsitnik]

We can wait until the error ages out of the 1-month bucket to see if it occurs again.

Sounds good to me 👍

[vcsjones]

This hasn't failed in 30 days and I can't reproduce it. I can make guesses as to what happened, but they'd only be guesses.

I am going to close this for now as it is not actionable. We can re-open this if it starts occurring again or get a reliable repro.