Closed AtkinsonHD closed 3 years ago
ycrumeyrolle
commented
3 years ago It might be probably on cryptography methods, but I do not have Windows 2012 available for reproducing the issue.
The stack trace may help to identify the part that cause this exception.
Your application is targeting net5?
ycrumeyrolle
commented
3 years ago Also what signature algorithm and/or encryption algorithm are you using?
AtkinsonHD
commented
3 years ago It might be probably on cryptography methods, but I do not have Windows 2012 available for reproducing the issue.
The stack trace may help to identify the part that cause this exception.
Your application is targeting net5?
I though it might be the cryptography, I have been forcing updates to machine in question, thinking it might be an outdated cipher suite. I have wrapped some more logging around it, the reason the original stack trace was making no sense was because it was blowing out with an object reference error straight after, as below.
net5.0 (win-x64) also tried (win-x86) , (portable)
Error
Operation is not supported on this platform.
Stack
at System.Runtime.Intrinsics.X86.Aes.KeygenAssist(Vector128`1 value, Byte control)
at JsonWebToken.Internal.Aes128EncryptionKeys..ctor(ReadOnlySpan`1 key)
at JsonWebToken.Internal.Aes128BlockEncryptor..ctor(ReadOnlySpan`1 key)
at JsonWebToken.Internal.AesKeyWrapper..ctor(SymmetricJwk key, EncryptionAlgorithm encryptionAlgorithm, KeyManagementAlgorithm algorithm)
at JsonWebToken.SymmetricJwk.CreateKeyWrapper(EncryptionAlgorithm encryptionAlgorithm, KeyManagementAlgorithm algorithm)
at JsonWebToken.Jwk.TryGetKeyWrapper(EncryptionAlgorithm encryptionAlgorithm, KeyManagementAlgorithm algorithm, KeyWrapper& keyWrapper)
at JsonWebToken.EncryptedJwtDescriptor`1.EncryptToken(ReadOnlySpan`1 payload, IBufferWriter`1 output)
at JsonWebToken.JweDescriptor`1.Encode(EncodingContext context)
at JsonWebToken.JwtWriter.WriteToken(JwtDescriptor descriptor, IBufferWriter`1 output)
at JsonWebToken.JwtWriter.WriteTokenString(JwtDescriptor descriptor)
at LicensingAuthToken.Controllers.AuthController.Get(String token)Also what signature algorithm and/or encryption algorithm are you using?
Signature Algorithm is HmacSha256 Encryption Algorithm is Aes128CbcHmacSha256 Key Management Algorithm is Aes128KW
ycrumeyrolle
commented
3 years ago OK I see the problem, but not the root cause. Windows 2012 may not support AES instruction set. However there is a check before using this feature, and it should fallback to the AES Cng implementation, which is available on Windows platforms since Windows 2008.
There is way to force the feature flag via this environment variable:
SET COMPlus_EnableAES=0
Can you give try ?
I suspect a bug with System.Runtime.Intrinsics.X86.Aes.IsSupported incorrectly used. I will look on this side and if we can provide an hotfix.
AtkinsonHD
commented
3 years ago There is way to force the feature flag via this environment variable:
SET COMPlus_EnableAES=0Can you give try ?
Tried setting it as an environment system variable in Windows still the same.
ycrumeyrolle
commented
3 years ago Thanks ! The bug is identified, the hotfix should be ready soon.
ycrumeyrolle
commented
3 years ago Fix available on NuGet: https://www.nuget.org/packages/JsonWebToken/
AtkinsonHD
commented
3 years ago Pulled it down earlier, working perfectly now, thank you for the very prompt fix.
When the code hits JwtWriter.WriteTokenString() on a Windows Server 2012 R2, I get the following error but no other information.
Operation is not supported on this platform.Stack trace doesn't seam to be much help,
The code is running fine on a number of other servers, all server have the "Microsoft .NET Core 5.00 Windows Server Hosting" installed all other functions appear to working fine.
Other Windows server including a 2012 R2 , 2016 and 2019 appear to be fine, any ideas how to narrow this problem down?