Test failure System.Security.Cryptography.X509Certificates.Tests.RevocationTests.DynamicRevocationTests.RevokeIntermediateWithInvalidRevocationName(pkiOptions: AllRevocation | IssuerAuthorityHasDesignatedOcspResponder)

[VincentBu]

Run: runtime-libraries-coreclr outerloop 20210926.3

Failed test:

net7.0-windows-Release-x64-CoreCLR_release-(Windows.Nano.1809.Amd64.Open)windows.10.amd64.serverrs5.open@mcr.microsoft.com/dotnet-buildtools/prereqs:nanoserver-1809-helix-amd64-08e8e40-20200107182504

- System.Security.Cryptography.X509Certificates.Tests.RevocationTests.DynamicRevocationTests.RevokeIntermediateWithInvalidRevocationName(pkiOptions: AllRevocation | IssuerAuthorityHasDesignatedOcspResponder)

Error message:

Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException : Unknown error (0xc0000001)


Stack trace
   at Internal.Cryptography.CngCommon.SignHash(SafeNCryptKeyHandle keyHandle, ReadOnlySpan`1 hash, AsymmetricPaddingMode paddingMode, Void* pPaddingInfo, Int32 estimatedSize) in /_/src/libraries/Common/src/Internal/Cryptography/CngCommon.SignVerify.cs:line 20
   at System.Security.Cryptography.RSAImplementation.RSACng.SignHash(Byte[] hash, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) in /_/src/libraries/Common/src/System/Security/Cryptography/RSACng.SignVerify.cs:line 97
   at System.Security.Cryptography.RSA.SignData(Byte[] data, Int32 offset, Int32 count, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) in /_/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/RSA.cs:line 174
   at System.Security.Cryptography.RSA.SignData(Byte[] data, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) in /_/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/RSA.cs:line 154
   at System.Security.Cryptography.X509Certificates.RSAPkcs1X509SignatureGenerator.SignData(Byte[] data, HashAlgorithmName hashAlgorithm) in /_/src/libraries/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates/RSAPkcs1X509SignatureGenerator.cs:line 22
   at System.Security.Cryptography.X509Certificates.CertificateRequest.Create(X500DistinguishedName issuerName, X509SignatureGenerator generator, DateTimeOffset notBefore, DateTimeOffset notAfter, ReadOnlySpan`1 serialNumber) in /_/src/libraries/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates/CertificateRequest.cs:line 692
   at System.Security.Cryptography.X509Certificates.CertificateRequest.CreateSelfSigned(DateTimeOffset notBefore, DateTimeOffset notAfter) in /_/src/libraries/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates/CertificateRequest.cs:line 338
   at System.Security.Cryptography.X509Certificates.Tests.Common.CertificateAuthority.BuildPrivatePki(PkiOptions pkiOptions, RevocationResponder& responder, CertificateAuthority& rootAuthority, CertificateAuthority[]& intermediateAuthorities, X509Certificate2& endEntityCert, Int32 intermediateAuthorityCount, String testName, Boolean registerAuthorities, Boolean pkiOptionsInSubject, String subjectName, Int32 keySize, X509ExtensionCollection extensions) in /_/src/libraries/Common/tests/System/Security/Cryptography/X509Certificates/CertificateAuthority.cs:line 834
   at System.Security.Cryptography.X509Certificates.Tests.RevocationTests.DynamicRevocationTests.BuildPrivatePki(PkiOptions pkiOptions, RevocationResponder& responder, CertificateAuthority& rootAuthority, CertificateAuthority& intermediateAuthority, X509Certificate2& endEntityCert, String testName, Boolean registerAuthorities, Boolean pkiOptionsInSubject) in /_/src/libraries/System.Security.Cryptography.X509Certificates/tests/RevocationTests/DynamicRevocationTests.cs:line 1595
   at System.Security.Cryptography.X509Certificates.Tests.RevocationTests.DynamicRevocationTests.SimpleTest(PkiOptions pkiOptions, RunSimpleTest callback, String callerName, Boolean pkiOptionsInTestName) in /_/src/libraries/System.Security.Cryptography.X509Certificates/tests/RevocationTests/DynamicRevocationTests.cs:line 1544
   at System.Security.Cryptography.X509Certificates.Tests.RevocationTests.DynamicRevocationTests.RevokeIntermediateWithInvalidRevocationName(PkiOptions pkiOptions) in /_/src/libraries/System.Security.Cryptography.X509Certificates/tests/RevocationTests/DynamicRevocationTests.cs:line 924

Tagging subscribers to this area: @bartonjs, @vcsjones, @krwq, @GrabYourPitchforks
See info in area-owners.md if you want to be subscribed.

Issue Details

---

Run: runtime-libraries-coreclr outerloop 20210926.3

Failed test:

net7.0-windows-Release-x64-CoreCLR_release-(Windows.Nano.1809.Amd64.Open)windows.10.amd64.serverrs5.open@mcr.microsoft.com/dotnet-buildtools/prereqs:nanoserver-1809-helix-amd64-08e8e40-20200107182504

- System.Security.Cryptography.X509Certificates.Tests.RevocationTests.DynamicRevocationTests.RevokeIntermediateWithInvalidRevocationName(pkiOptions: AllRevocation | IssuerAuthorityHasDesignatedOcspResponder)

Error message:

Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException : Unknown error (0xc0000001)


Stack trace
   at Internal.Cryptography.CngCommon.SignHash(SafeNCryptKeyHandle keyHandle, ReadOnlySpan`1 hash, AsymmetricPaddingMode paddingMode, Void* pPaddingInfo, Int32 estimatedSize) in /_/src/libraries/Common/src/Internal/Cryptography/CngCommon.SignVerify.cs:line 20
   at System.Security.Cryptography.RSAImplementation.RSACng.SignHash(Byte[] hash, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) in /_/src/libraries/Common/src/System/Security/Cryptography/RSACng.SignVerify.cs:line 97
   at System.Security.Cryptography.RSA.SignData(Byte[] data, Int32 offset, Int32 count, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) in /_/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/RSA.cs:line 174
   at System.Security.Cryptography.RSA.SignData(Byte[] data, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) in /_/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/RSA.cs:line 154
   at System.Security.Cryptography.X509Certificates.RSAPkcs1X509SignatureGenerator.SignData(Byte[] data, HashAlgorithmName hashAlgorithm) in /_/src/libraries/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates/RSAPkcs1X509SignatureGenerator.cs:line 22
   at System.Security.Cryptography.X509Certificates.CertificateRequest.Create(X500DistinguishedName issuerName, X509SignatureGenerator generator, DateTimeOffset notBefore, DateTimeOffset notAfter, ReadOnlySpan`1 serialNumber) in /_/src/libraries/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates/CertificateRequest.cs:line 692
   at System.Security.Cryptography.X509Certificates.CertificateRequest.CreateSelfSigned(DateTimeOffset notBefore, DateTimeOffset notAfter) in /_/src/libraries/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates/CertificateRequest.cs:line 338
   at System.Security.Cryptography.X509Certificates.Tests.Common.CertificateAuthority.BuildPrivatePki(PkiOptions pkiOptions, RevocationResponder& responder, CertificateAuthority& rootAuthority, CertificateAuthority[]& intermediateAuthorities, X509Certificate2& endEntityCert, Int32 intermediateAuthorityCount, String testName, Boolean registerAuthorities, Boolean pkiOptionsInSubject, String subjectName, Int32 keySize, X509ExtensionCollection extensions) in /_/src/libraries/Common/tests/System/Security/Cryptography/X509Certificates/CertificateAuthority.cs:line 834
   at System.Security.Cryptography.X509Certificates.Tests.RevocationTests.DynamicRevocationTests.BuildPrivatePki(PkiOptions pkiOptions, RevocationResponder& responder, CertificateAuthority& rootAuthority, CertificateAuthority& intermediateAuthority, X509Certificate2& endEntityCert, String testName, Boolean registerAuthorities, Boolean pkiOptionsInSubject) in /_/src/libraries/System.Security.Cryptography.X509Certificates/tests/RevocationTests/DynamicRevocationTests.cs:line 1595
   at System.Security.Cryptography.X509Certificates.Tests.RevocationTests.DynamicRevocationTests.SimpleTest(PkiOptions pkiOptions, RunSimpleTest callback, String callerName, Boolean pkiOptionsInTestName) in /_/src/libraries/System.Security.Cryptography.X509Certificates/tests/RevocationTests/DynamicRevocationTests.cs:line 1544
   at System.Security.Cryptography.X509Certificates.Tests.RevocationTests.DynamicRevocationTests.RevokeIntermediateWithInvalidRevocationName(PkiOptions pkiOptions) in /_/src/libraries/System.Security.Cryptography.X509Certificates/tests/RevocationTests/DynamicRevocationTests.cs:line 924

Author:	VincentBu
Assignees:	-
Labels:	area-System.Security, os-windows, arch-x64
Milestone:	-

[ericstj]

Similar callstack here:
https://helixre8s23ayyeko0k025g8.blob.core.windows.net/dotnet-runtime-refs-pull-59808-merge-0918eaae8cf74e7fbd/System.Security.Cryptography.X509Certificates.Tests/1/console.78640950.log?sv=2019-07-07&se=2021-10-21T13%3A46%3A03Z&sr=c&sp=rl&sig=Il1gl0%2Bp8nCEYVSwr2CbQXp4CJuS7rl7l3aMyRog3Kg%3D

Same pipeline (nano) in case that's interesting:
net7.0-windows-Debug-x64-CoreCLR_release-(Windows.Nano.1809.Amd64.Open)windows.10.amd64.serverrs5.open@mcr.microsoft.com/dotnet-buildtools/prereqs:nanoserver-1809-helix-amd64-08e8e40-20200107182504

   System.Security.Cryptography.X509Certificates.Tests.DynamicChainTests.BuildInvalidSignatureTwice(endEntityErrors: NotTimeValid | NotSignatureValid, intermediateErrors: NotTimeValid, rootErrors: UntrustedRoot) [FAIL]
      Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException : Unknown error (0xc0000001)
      Stack Trace:
        /_/src/libraries/Common/src/Internal/Cryptography/CngCommon.SignVerify.cs(41,0): at Internal.Cryptography.CngCommon.SignHash(SafeNCryptKeyHandle keyHandle, ReadOnlySpan`1 hash, AsymmetricPaddingMode paddingMode, Void* pPaddingInfo, Int32 estimatedSize)
        /_/src/libraries/Common/src/System/Security/Cryptography/RSACng.SignVerify.cs(81,0): at System.Security.Cryptography.RSAImplementation.RSACng.SignHash(Byte[] hash, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding)
        /_/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/RSA.cs(179,0): at System.Security.Cryptography.RSA.SignData(Byte[] data, Int32 offset, Int32 count, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding)
        /_/src/libraries/System.Security.Cryptography.Algorithms/src/System/Security/Cryptography/RSA.cs(157,0): at System.Security.Cryptography.RSA.SignData(Byte[] data, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding)
        /_/src/libraries/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates/RSAPkcs1X509SignatureGenerator.cs(22,0): at System.Security.Cryptography.X509Certificates.RSAPkcs1X509SignatureGenerator.SignData(Byte[] data, HashAlgorithmName hashAlgorithm)
        /_/src/libraries/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates/CertificateRequest.cs(692,0): at System.Security.Cryptography.X509Certificates.CertificateRequest.Create(X500DistinguishedName issuerName, X509SignatureGenerator generator, DateTimeOffset notBefore, DateTimeOffset notAfter, ReadOnlySpan`1 serialNumber)
        /_/src/libraries/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates/CertificateRequest.cs(577,0): at System.Security.Cryptography.X509Certificates.CertificateRequest.Create(X500DistinguishedName issuerName, X509SignatureGenerator generator, DateTimeOffset notBefore, DateTimeOffset notAfter, Byte[] serialNumber)
        /_/src/libraries/System.Security.Cryptography.X509Certificates/tests/TestDataGenerator.cs(150,0): at System.Security.Cryptography.X509Certificates.Tests.TestDataGenerator.MakeTestChain(ReadOnlySpan`1 keys, Span`1 certs, IEnumerable`1 endEntityExtensions, IEnumerable`1 intermediateExtensions, IEnumerable`1 rootExtensions, String testName)
        /_/src/libraries/System.Security.Cryptography.X509Certificates/tests/TestDataGenerator.cs(32,0): at System.Security.Cryptography.X509Certificates.Tests.TestDataGenerator.MakeTestChain3(X509Certificate2& endEntityCert, X509Certificate2& intermediateCert, X509Certificate2& rootCert, IEnumerable`1 endEntityExtensions, IEnumerable`1 intermediateExtensions, IEnumerable`1 rootExtensions, String testName)
        /_/src/libraries/System.Security.Cryptography.X509Certificates/tests/DynamicChainTests.cs(77,0): at System.Security.Cryptography.X509Certificates.Tests.DynamicChainTests.BuildInvalidSignatureTwice(X509ChainStatusFlags endEntityErrors, X509ChainStatusFlags intermediateErrors, X509ChainStatusFlags rootErrors)

[vcsjones]

WindowsCryptographicException : Unknown error (0xc0000001)

@ericstj your call stack and the one in the original issue comment is essentially a duplicate of #29683. This has been a long running issue that is external to Windows.

[bartonjs]

Yep, good old STATUS_UNSUCCESSFUL.