Open sstronin opened 1 year ago
Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones See info in area-owners.md if you want to be subscribed.
Author: | sstronin |
---|---|
Assignees: | - |
Labels: | `area-System.Security`, `untriaged` |
Milestone: | - |
Do you have an example of an input that produces this behavior
The input is in the OP: https://github.com/dotnet/runtime/files/13031023/argument-exception.zip
@filipnavara Thanks for being better at reading than I am. I think I just saw that as part of the link to the docs page.
Description
Some invalid data passed into X509Certificate2(byte[] rawData) ctor produces System.ArgumentOutOfRangeException instead of System.Security.Cryptography.CryptographicException which we could expect following https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.x509certificate2.-ctor.
Reproduction Steps
Extract
argument-exception.cer
from argument-exception.zip and use the following constructor call.Expected behavior
instance of System.Security.Cryptography.CryptographicException is thrown
Actual behavior
System.ArgumentOutOfRangeException: Specified argument was out of the range of valid values. at System.Formats.Asn1.AsnValueReader.ReadSequence(Nullable
1 expectedTag) at System.Security.Cryptography.Asn1.Pkcs7.ContentInfoAsn.DecodeCore(AsnValueReader& reader, Asn1Tag expectedTag, ReadOnlyMemory
1 rebind, ContentInfoAsn& decoded) at System.Security.Cryptography.Asn1.Pkcs7.ContentInfoAsn.Decode(AsnValueReader& reader, Asn1Tag expectedTag, ReadOnlyMemory1 rebind, ContentInfoAsn& decoded) at System.Security.Cryptography.Asn1.Pkcs12.PfxAsn.DecodeCore(AsnValueReader& reader, Asn1Tag expectedTag, ReadOnlyMemory
1 rebind, PfxAsn& decoded) at System.Security.Cryptography.Asn1.Pkcs12.PfxAsn.Decode(AsnValueReader& reader, Asn1Tag expectedTag, ReadOnlyMemory1 rebind, PfxAsn& decoded) at Internal.Cryptography.Pal.UnixPkcs12Reader.ParsePkcs12(ReadOnlySpan
1 data) at Internal.Cryptography.Pal.OpenSslPkcs12Reader..ctor(ReadOnlySpan1 data) at Internal.Cryptography.Pal.OpenSslPkcs12Reader.TryRead(ReadOnlySpan
1 data, OpenSslPkcs12Reader& pkcs12Reader, Exception& openSslException, Boolean captureException) at Internal.Cryptography.Pal.PkcsFormatReader.TryReadPkcs12(ReadOnlySpan1 rawData, SafePasswordHandle password, Boolean single, Boolean ephemeralSpecified, Boolean readingFromFile, ICertificatePal& readPal, List
1& readCerts, Exception& openSslException) at Internal.Cryptography.Pal.OpenSslX509CertificateReader.FromBlob(ReadOnlySpan1 rawData, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(ReadOnlySpan
1 data)Regression?
found in NET Runtime 6.0.23
Known Workarounds
No response
Configuration
Linux x64
Other information
It seems either ParsePkcs12() or the documentation should be fixed to avoid unexpected behavior