With the help of some friends in the community I believe we've got this solved : https://bugzilla.redhat.com/show_bug.cgi?id=1884793 On Fri, 2020-10-02 at 15:57 +0000, Patrick Riehecky wrote: > Anyone out there seen these types of build issues in the past? > > IKE CLASS_1563 seems to fail self test. The other key sizes test out > just fine. > > My attempts to trace down why it is raising an error of > SEC_ERROR_INVALID_ARGS haven't been all that helpful... > > It feels like a key sizing issue, but not one I've been able to track > down. > > > [----------] 66 tests from FipsDhCases/SoftokenFipsDhValidate > [ RUN ] FipsDhCases/SoftokenFipsDhValidate.DhVectors/0 > Test:IKE 1536 > param_type: IKE_APPROVED, key_class: CLASS_1536 > p: [192] > ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74... > g: [1] 02 > q: [0] > pub_key: [0] > softoken_gtest.cc:553: Failure > Expected: (nullptr) != (priv_key.get()), actual: (nullptr) vs > NULL > PK11_GenerateKeyPair failed: SEC_ERROR_INVALID_ARGS > softoken_gtest.cc:555: Failure > Expected: (nullptr) != (pub_tmp), actual: (nullptr) vs NULL > softoken_gtest.cc:897: Failure > Expected equality of these values: > SECSuccess > Which is: 0 > rv > Which is: -1 > Test(IKE 1536) failed > > <snip> > > [ FAILED ] FipsDhCases/SoftokenFipsDhValidate.DhVectors/0, > where GetParam() = 112-byte object <44-CF 45-00 00-00 00-00 00-00 00- > 00 > 00-00 00-00 20-4D 46-00 00-00 00-00 C0-00 00-00 00-00 00-00 00-00 00- > 00 > 00-00 00-00 A1-D4 45-00 00-00 00-00 01-00 00-00 00-00 00-00 00-00 00- > 00 > 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00- > 00 > 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 01-00 00- > 00 > 00-00 00-00> (189 ms) > Test:IKE 1536 with subprime > param_type: IKE_APPROVED, key_class: CLASS_1536 > p: [192] > ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74... > g: [1] 02 > q: [192] > 7fffffffffffffffe487ed5110b4611a62633145c06e0e68948127044533e63a... > pub_key: [0] > softoken_gtest.cc:553: Failure > Expected: (nullptr) != (priv_key.get()), actual: (nullptr) vs > NULL > PK11_GenerateKeyPair failed: SEC_ERROR_INVALID_ARGS > softoken_gtest.cc:555: Failure > Expected: (nullptr) != (pub_tmp), actual: (nullptr) vs NULL > softoken_gtest.cc:897: Failure > Expected equality of these values: > SECSuccess > Which is: 0 > rv > Which is: -1 > Test(IKE 1536 with subprime) failed > [ FAILED ] FipsDhCases/SoftokenFipsDhValidate.DhVectors/11, > where GetParam() = 112-byte object <28-CD 45-00 00-00 00-00 00-00 00- > 00 > 00-00 00-00 20-4D 46-00 00-00 00-00 C0-00 00-00 00-00 00-00 00-00 00- > 00 > 00-00 00-00 A1-D4 45-00 00-00 00-00 01-00 00-00 00-00 00-00 00-00 00- > 00 > 00-00 00-00 60-10 46-00 00-00 00-00 C0-00 00-00 00-00 00-00 00-00 00- > 00 > 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 01-00 00- > 00 > 00-00 00-00> (204 ms) > > > For the curious, I've attached the mock logs. Note: the extracted > archive content is over 80Mb. > > Upstream test patch : > https://hg.mozilla.org/projects/nss/rev/0be91fa2217a > > The nss-3.53.1-3.el7_9 sources can be pulled down from > https://git.centos.org/rpms/nss/tree/c7 with the centos-git-common > tools. > > Pat