Subject: | |
From: | |
Reply To: | |
Date: | Fri, 2 Oct 2020 21:29:19 +0000 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
With the help of some friends in the community I believe we've got this
solved : https://bugzilla.redhat.com/show_bug.cgi?id=1884793
On Fri, 2020-10-02 at 15:57 +0000, Patrick Riehecky wrote:
> Anyone out there seen these types of build issues in the past?
>
> IKE CLASS_1563 seems to fail self test. The other key sizes test out
> just fine.
>
> My attempts to trace down why it is raising an error of
> SEC_ERROR_INVALID_ARGS haven't been all that helpful...
>
> It feels like a key sizing issue, but not one I've been able to track
> down.
>
>
> [----------] 66 tests from FipsDhCases/SoftokenFipsDhValidate
> [ RUN ] FipsDhCases/SoftokenFipsDhValidate.DhVectors/0
> Test:IKE 1536
> param_type: IKE_APPROVED, key_class: CLASS_1536
> p: [192]
> ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74...
> g: [1] 02
> q: [0]
> pub_key: [0]
> softoken_gtest.cc:553: Failure
> Expected: (nullptr) != (priv_key.get()), actual: (nullptr) vs
> NULL
> PK11_GenerateKeyPair failed: SEC_ERROR_INVALID_ARGS
> softoken_gtest.cc:555: Failure
> Expected: (nullptr) != (pub_tmp), actual: (nullptr) vs NULL
> softoken_gtest.cc:897: Failure
> Expected equality of these values:
> SECSuccess
> Which is: 0
> rv
> Which is: -1
> Test(IKE 1536) failed
>
> <snip>
>
> [ FAILED ] FipsDhCases/SoftokenFipsDhValidate.DhVectors/0,
> where GetParam() = 112-byte object <44-CF 45-00 00-00 00-00 00-00 00-
> 00
> 00-00 00-00 20-4D 46-00 00-00 00-00 C0-00 00-00 00-00 00-00 00-00 00-
> 00
> 00-00 00-00 A1-D4 45-00 00-00 00-00 01-00 00-00 00-00 00-00 00-00 00-
> 00
> 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-
> 00
> 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 01-00 00-
> 00
> 00-00 00-00> (189 ms)
> Test:IKE 1536 with subprime
> param_type: IKE_APPROVED, key_class: CLASS_1536
> p: [192]
> ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74...
> g: [1] 02
> q: [192]
> 7fffffffffffffffe487ed5110b4611a62633145c06e0e68948127044533e63a...
> pub_key: [0]
> softoken_gtest.cc:553: Failure
> Expected: (nullptr) != (priv_key.get()), actual: (nullptr) vs
> NULL
> PK11_GenerateKeyPair failed: SEC_ERROR_INVALID_ARGS
> softoken_gtest.cc:555: Failure
> Expected: (nullptr) != (pub_tmp), actual: (nullptr) vs NULL
> softoken_gtest.cc:897: Failure
> Expected equality of these values:
> SECSuccess
> Which is: 0
> rv
> Which is: -1
> Test(IKE 1536 with subprime) failed
> [ FAILED ] FipsDhCases/SoftokenFipsDhValidate.DhVectors/11,
> where GetParam() = 112-byte object <28-CD 45-00 00-00 00-00 00-00 00-
> 00
> 00-00 00-00 20-4D 46-00 00-00 00-00 C0-00 00-00 00-00 00-00 00-00 00-
> 00
> 00-00 00-00 A1-D4 45-00 00-00 00-00 01-00 00-00 00-00 00-00 00-00 00-
> 00
> 00-00 00-00 60-10 46-00 00-00 00-00 C0-00 00-00 00-00 00-00 00-00 00-
> 00
> 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 01-00 00-
> 00
> 00-00 00-00> (204 ms)
>
>
> For the curious, I've attached the mock logs. Note: the extracted
> archive content is over 80Mb.
>
> Upstream test patch :
> https://hg.mozilla.org/projects/nss/rev/0be91fa2217a
>
> The nss-3.53.1-3.el7_9 sources can be pulled down from
> https://git.centos.org/rpms/nss/tree/c7 with the centos-git-common
> tools.
>
> Pat
|
|
|