Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kmac.IsSupported returns different value in RemoteExecutor #100412

Closed
vcsjones opened this issue Mar 28, 2024 · 2 comments · Fixed by #100419
Closed

Kmac.IsSupported returns different value in RemoteExecutor #100412

vcsjones opened this issue Mar 28, 2024 · 2 comments · Fixed by #100419
Labels
area-System.Security
Milestone
9.0.0

Comments

@vcsjones
Copy link
Member

vcsjones commented Mar 28, 2024
edited
Loading

Consider this unit test:

[ConditionalFact(typeof(RemoteExecutor), nameof(RemoteExecutor.IsSupported))]
public void IsSupportedInRemoteExecutor()
{
    Assert.True(Kmac128.IsSupported);

    RemoteExecutor.Invoke(static () =>
    {
        return Kmac128.IsSupported ? RemoteExecutor.SuccessExitCode : 0;
    }).Dispose();
}

On a system with OpenSSL 3, this will fail in the remote executor. This is peculiar, because the assert outside of the remote executor passes, but then fails in the remote executor. When run in the remote executor, in

runtime/src/libraries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.EVP.MacAlgs.cs

Lines 15 to 16 in a5b9a6a

internal static SafeEvpMacHandle? Kmac128 { get; } = EvpMacFetch(HashAlgorithmNames.KMAC128);
internal static SafeEvpMacHandle? Kmac256 { get; } = EvpMacFetch(HashAlgorithmNames.KMAC256);

The properties are null, implying the EvpMacFetch got a haveFeature of 0.

We should investigate the cause of this as there are only two options.

  1. It is a bug in RemoteExecutor and it should be fixed.
  2. It is a bug in how we are resolving the EVP_MAC and it should be fixed.
@vcsjones vcsjones added this to the 9.0.0 milestone Mar 28, 2024
@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

@vcsjones vcsjones mentioned this issue Mar 28, 2024
Merged
@vcsjones
Copy link
Member Author

It is a bug in how we are resolving the EVP_MAC and it should be fixed.

It was that one.

@github-actions github-actions bot locked and limited conversation to collaborators Apr 28, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
area-System.Security
Projects
None yet
Milestone
9.0.0
Development

Successfully merging a pull request may close this issue.

Fix initialization by KMAC vcsjones/runtime
1 participant
@vcsjones