LISTSERV - SCIENTIFIC-LINUX-DEVEL Archives

With the help of some friends in the community I believe we've got this
solved : https://bugzilla.redhat.com/show_bug.cgi?id=1884793

On Fri, 2020-10-02 at 15:57 +0000, Patrick Riehecky wrote:
> Anyone out there seen these types of build issues in the past?
> 
> IKE CLASS_1563 seems to fail self test.  The other key sizes test out
> just fine.
> 
> My attempts to trace down why it is raising an error  of
> SEC_ERROR_INVALID_ARGS haven't been all that helpful...
> 
> It feels like a key sizing issue, but not one I've been able to track
> down.
> 
> 
>         [----------] 66 tests from FipsDhCases/SoftokenFipsDhValidate
>         [ RUN      ] FipsDhCases/SoftokenFipsDhValidate.DhVectors/0
>         Test:IKE 1536
>         param_type: IKE_APPROVED, key_class: CLASS_1536
>         p: [192]
> ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74...
>         g: [1] 02
>         q: [0]
>         pub_key: [0]
>         softoken_gtest.cc:553: Failure
>         Expected: (nullptr) != (priv_key.get()), actual: (nullptr) vs
> NULL
>         PK11_GenerateKeyPair failed: SEC_ERROR_INVALID_ARGS
>         softoken_gtest.cc:555: Failure
>         Expected: (nullptr) != (pub_tmp), actual: (nullptr) vs NULL
>         softoken_gtest.cc:897: Failure
>         Expected equality of these values:
>           SECSuccess
>             Which is: 0
>           rv
>             Which is: -1
>         Test(IKE 1536) failed
> 
>         <snip>
> 
>         [  FAILED  ] FipsDhCases/SoftokenFipsDhValidate.DhVectors/0,
> where GetParam() = 112-byte object <44-CF 45-00 00-00 00-00 00-00 00-
> 00 
> 00-00 00-00 20-4D 46-00 00-00 00-00 C0-00 00-00 00-00 00-00 00-00 00-
> 00 
> 00-00 00-00 A1-D4 45-00 00-00 00-00 01-00 00-00 00-00 00-00 00-00 00-
> 00 
> 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-
> 00 
> 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 01-00 00-
> 00 
> 00-00 00-00> (189 ms)
>         Test:IKE 1536 with subprime
>         param_type: IKE_APPROVED, key_class: CLASS_1536
>         p: [192]
> ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74...
>         g: [1] 02
>         q: [192]
> 7fffffffffffffffe487ed5110b4611a62633145c06e0e68948127044533e63a...
>         pub_key: [0]
>         softoken_gtest.cc:553: Failure
>         Expected: (nullptr) != (priv_key.get()), actual: (nullptr) vs
> NULL
>         PK11_GenerateKeyPair failed: SEC_ERROR_INVALID_ARGS
>         softoken_gtest.cc:555: Failure
>         Expected: (nullptr) != (pub_tmp), actual: (nullptr) vs NULL
>         softoken_gtest.cc:897: Failure
>         Expected equality of these values:
>           SECSuccess
>             Which is: 0
>           rv
>             Which is: -1
>         Test(IKE 1536 with subprime) failed
>         [  FAILED  ] FipsDhCases/SoftokenFipsDhValidate.DhVectors/11,
> where GetParam() = 112-byte object <28-CD 45-00 00-00 00-00 00-00 00-
> 00 
> 00-00 00-00 20-4D 46-00 00-00 00-00 C0-00 00-00 00-00 00-00 00-00 00-
> 00 
> 00-00 00-00 A1-D4 45-00 00-00 00-00 01-00 00-00 00-00 00-00 00-00 00-
> 00 
> 00-00 00-00 60-10 46-00 00-00 00-00 C0-00 00-00 00-00 00-00 00-00 00-
> 00 
> 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 00-00 01-00 00-
> 00 
> 00-00 00-00> (204 ms)
> 
> 
> For the curious, I've attached the mock logs.  Note: the extracted
> archive content is over 80Mb.
> 
> Upstream test patch : 
> https://hg.mozilla.org/projects/nss/rev/0be91fa2217a
> 
> The nss-3.53.1-3.el7_9 sources can be pulled down from 
> https://git.centos.org/rpms/nss/tree/c7 with the centos-git-common
> tools.
> 
> Pat