search

adoptium / aqa-tests

Home of test infrastructure for Adoptium builds
https://adoptium.net/aqavit
Apache License 2.0
133 stars 314 forks source link

JDK8 fips/TestTLS12 failure on Ubuntu 24.04 #5420

Open sxa opened 4 months ago

sxa commented 4 months ago

Passes on the RHEL6 machine according to https://github.com/adoptium/aqa-tests/issues/5233#issuecomment-2061207176 Noted as part of the pkcs11 failures when testing Ubuntu 24.04 and UBI8 although not specifically called out in the AL2023 testing: https://github.com/adoptium/infrastructure/issues/3614#issuecomment-2187110622 Performing new Grinder run at https://ci.adoptium.net/job/Grinder/10513 of jdk_security3_0 to check the output before adding more details. Related: PKCS11 test failures at https://github.com/adoptium/aqa-tests/issues/5380

Noting that the JDK11 test of the same name passes with Cannot resolve artifact, please check if JIB jar is present in classpath. Test skipped: failure during initialization `

sxa commented 4 months ago

JDK8 result: Stack trace: Execution failed:main' threw exception: java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ARGUMENTS_BAD`

Standard output ``` libsoftokn3 version not found, set to 0.0: /usr/lib/x86_64-linux-gnu/libsoftokn3.so SunPKCS11 provider: SunPKCS11-NSSKeyStore version 1.8 Sun JSSE provider (FIPS mode, crypto provider SunPKCS11-NSSKeyStore) rsaPlainPreMasterSecret: 03, 03, E9, E7, 74, B5, A3, F7, 1C, CA, 78, E9, DA, FD, 89, EC, 02, 7F, 33, FC, D0, 9F, 28, 7C, B0, 86, 25, B4, 77, 19, 79, FE, 41, 51, 16, 7B, CE, 89, F0, 45, BC, AD, C1, 1F, B1, DE, E0, 85, Master Secret (SunJCE): 88, 31, BC, E0, E3, 73, 42, 6B, 17, 8A, 52, EB, E6, CF, A3, BB, EB, 06, 0C, CF, C6, 56, 6A, A0, E9, D1, 7E, 07, D3, 47, F8, E6, 33, 1D, D4, C8, A3, 4C, BF, 3D, A6, 55, F4, A0, 38, DF, 89, 22, SunPKCS11 Authentication Code: 77, 6D, C5, CD, 51, F6, 2A, 4A, 88, C2, EE, CF, SunJCE Authentication Code: 77, 6D, C5, CD, 51, F6, 2A, 4A, 88, C2, EE, CF, Client -> Network 16, 03, 03, 00, 8B, 01, 00, 00, 87, 03, 03, 00, 0C, E5, 40, 01, 21, E4, 3E, D4, 46, 31, 0E, 9E, BA, A2, 7C, D3, 6C, 13, 20, 08, 05, 8F, 1A, 9A, 08, 2A, A2, EB, FA, 2C, 19, 00, 00, 02, 00, 3C, 01, 00, 00, 5C, 00, 0D, 00, 24, 00, 22, 04, 03, 05, 03, 06, 03, 08, 04, 08, 05, 08, 06, 08, 09, 08, 0A, 08, 0B, 04, 01, 05, 01, 06, 01, 03, 03, 03, 01, 02, 03, 02, 01, 02, 02, 00, 32, 00, 24, 00, 22, 04, 03, 05, 03, 06, 03, 08, 04, 08, 05, 08, 06, 08, 09, 08, 0A, 08, 0B, 04, 01, 05, 01, 06, 01, 03, 03, 03, 01, 02, 03, 02, 01, 02, 02, 00, 2B, 00, 03, 02, 03, 03, FF, 01, 00, 01, 00, Server -> Network Client -> Network Server -> Network 16, 03, 03, 03, 50, 02, 00, 00, 4D, 03, 03, 6B, D3, EE, F9, EE, 08, 8C, 19, 53, EA, 16, 80, 5E, 65, 7D, C7, 55, E6, 2B, 27, 5E, 24, 64, D5, 13, 38, D3, 59, 15, BA, B7, C2, 20, EC, 8B, 0F, 1C, 6F, C2, 64, 0B, 8A, 45, 73, EC, C8, 6F, 20, F6, 37, 52, C6, 60, 02, AB, 10, 27, A5, A5, 4E, 75, 31, AC, 31, B9, 00, 3C, 00, 00, 05, FF, 01, 00, 01, 00, 0B, 00, 02, F7, 00, 02, F4, 00, 02, F1, 30, 82, 02, ED, 30, 82, 01, D5, A0, 03, 02, 01, 02, 02, 02, 0E, 42, 30, 0D, 06, 09, 2A, 86, 48, 86, F7, 0D, 01, 01, 0B, 05, 00, 30, 1F, 31, 1D, 30, 1B, 06, 03, 55, 04, 03, 13, 14, 52, 65, 64, 20, 48, 61, 74, 20, 54, 65, 73, 74, 20, 52, 6F, 6F, 74, 20, 43, 41, 30, 1E, 17, 0D, 31, 37, 31, 30, 33, 30, 32, 31, 33, 33, 35, 39, 5A, 17, 0D, 34, 32, 31, 30, 33, 30, 32, 31, 33, 33, 35, 39, 5A, 30, 1F, 31, 1D, 30, 1B, 06, 03, 55, 04, 03, 13, 14, 52, 65, 64, 20, 48, 61, 74, 20, 54, 65, 73, 74, 20, 52, 6F, 6F, 74, 20, 43, 41, 30, 82, 01, 22, 30, 0D, 06, 09, 2A, 86, 48, 86, F7, 0D, 01, 01, 01, 05, 00, 03, 82, 01, 0F, 00, 30, 82, 01, 0A, 02, 82, 01, 01, 00, C3, F3, 2C, 0F, C6, 60, 46, 4C, 78, C9, 93, 11, 65, B4, 81, 22, 64, 37, FC, 69, 59, 1A, 6A, 78, 79, B5, 44, CE, 6E, 1B, 64, 23, AF, 37, D5, 61, 21, B7, 8D, 4A, F4, 03, F7, 01, 9C, B0, 44, BB, 3F, DF, 2F, F6, FF, 25, 42, B5, F9, C7, 3E, A0, F4, B9, 05, 8E, 61, 3E, 78, 06, 5E, 89, 78, A4, 23, AC, B5, FF, D7, 73, AF, 60, 77, 0F, 62, CD, 31, BF, A3, 48, C2, BC, 9A, 06, A7, E8, D4, E7, C9, 85, 77, 37, 1C, EB, 8A, AF, 85, A5, AF, 31, E1, 72, 27, 7B, 1B, DD, 7F, C3, 1B, 0F, FF, 87, 97, 1C, 28, 57, 61, 3A, FC, 0C, 0D, 20, 3C, 38, 6F, DF, 99, 12, F0, CD, CC, 92, A2, 85, 15, 67, 60, 51, A9, F0, B9, 52, 08, 70, E6, 84, 0C, 1E, 0F, 27, CA, F0, 80, 5F, FB, 34, 69, 54, 78, 28, 3E, 36, 96, CA, B7, FF, B9, 76, 44, 18, 14, DA, 07, D0, A9, 46, B7, FC, 5E, 41, E5, C6, EE, EF, 40, F4, 8E, EC, F3, 33, 60, 69, 17, 3A, 79, BA, 87, CC, 1B, 4D, 25, 23, 21, 9D, EF, EB, 43, C2, A0, 97, 55, DF, F2, AF, A3, 72, D5, 6B, BC, 23, 0C, CF, AA, 7D, 5E, 64, 17, A3, 6B, 25, 72, 31, 42, 18, B0, 15, BF, 37, 38, 18, 27, 24, 04, D9, 96, 86, EE, 2B, 02, 03, 01, 00, 01, A3, 33, 30, 31, 30, 11, 06, 09, 60, 86, 48, 01, 86, F8, 42, 01, 01, 04, 04, 03, 02, 00, D5, 30, 0F, 06, 03, 55, 1D, 13, 04, 08, 30, 06, 01, 01, FF, 02, 01, 00, 30, 0B, 06, 03, 55, 1D, 0F, 04, 04, 03, 02, 01, FE, 30, 0D, 06, 09, 2A, 86, 48, 86, F7, 0D, 01, 01, 0B, 05, 00, 03, 82, 01, 01, 00, 20, 36, B6, CD, DA, 34, A3, 0C, 2B, 11, E9, FC, 3A, 2F, E5, 67, 44, 0F, CF, C3, 3F, DA, F5, 7E, E9, 43, F6, AE, 50, 61, 88, A8, 19, DB, 49, BB, 0B, 2D, BB, FB, D0, E7, 8A, BC, C4, 6C, 81, 0C, 14, 56, C9, 2E, 67, 16, 3F, 06, 2A, C2, 02, B4, A4, 1E, 55, B3, CF, 4B, 8F, F8, 2C, B4, 4A, 2F, 72, 11, 97, 79, 35, 30, F5, 22, FC, D1, C2, B5, 9F, 8C, 0D, 66, 85, E3, 33, DC, A6, AD, F1, 94, B2, 42, 53, E4, A7, 98, BB, 5B, 15, F6, F3, D9, 43, 12, 67, 5F, 2A, 34, 90, 41, 11, F6, 30, 45, DD, 91, 4E, EC, AC, D0, 76, 73, 45, 19, 06, 2A, 62, 4A, 83, 2C, 9F, 2C, 0F, 7B, EC, 4A, 0A, 39, 09, 39, AE, EE, 0A, EF, 02, 64, 62, C7, 26, 79, 1E, 29, 1B, 65, 9C, E1, 04, 7C, A9, 82, 50, 5D, F8, A9, 0F, 0D, 39, 43, 25, D9, CA, 8A, 5B, DC, B4, 97, A6, 0D, DD, 92, A6, B7, 8F, 88, 5D, 13, 4B, C7, 85, DA, B5, D5, B7, F0, 50, 18, C9, D8, 41, A6, 71, 2F, 2A, EF, C7, 17, EC, 67, D8, 07, F0, AD, EB, 9E, D0, E8, 14, 0F, 15, 51, A1, E4, F3, 85, A8, 4A, 81, C0, F2, A6, 66, 52, 3C, 9C, CC, 84, 78, 1D, CA, 43, 8F, 61, 76, F4, 20, 20, 9F, 80, B2, 84, 0E, 00, 00, 00, Client -> Network 16, 03, 03, 01, 06, 10, 00, 01, 02, 01, 00, 04, AC, 26, 28, F2, 85, 1B, 9E, B6, DD, A3, 43, 91, 14, 59, 6F, 51, 2E, DD, 77, 86, D6, B4, 7B, 22, B8, BA, 0D, 3D, 45, D2, 51, D1, 2B, 5F, A1, E9, 86, 82, D0, F2, 3B, 35, 0E, D5, E6, F2, CD, 7B, 8A, 09, B8, 6E, B0, 0D, 88, 8B, 1D, 70, C3, 2A, 3E, 03, 24, 90, FD, C9, 30, 23, 58, 82, 10, C3, 60, 1A, 35, 1D, DC, 30, 28, 66, 4F, 68, D6, E3, 22, 97, A5, EF, 5A, 6F, 4A, 36, 6C, B0, AB, 19, B2, F8, BE, 65, C6, 9F, 23, 34, 9E, CD, 41, A9, D5, 60, 9C, 46, 67, 8B, 82, 64, 56, 82, 3E, A1, 7B, 9F, 6F, F0, 67, C3, 06, BF, DC, 7E, C1, 5F, 8F, 98, 54, 40, D2, 11, 75, C8, 69, 2D, 4A, F8, 0E, B0, A4, CE, A9, 56, 1B, 4A, 98, DD, EC, DF, 2F, 73, BA, 09, CE, 22, 0D, 7C, 1C, CC, F4, 59, 6F, 33, 92, 53, A3, BD, 0E, C4, F5, 02, D1, 88, E8, 67, 5E, AE, 11, 38, C5, 0F, 85, AF, 9B, AA, BA, D9, 16, E1, 96, 93, 5B, AB, B6, CC, 40, 07, 8E, 43, 25, 1E, 1D, B8, 77, AA, 16, C9, 25, DF, 57, 1E, 28, C6, CD, 04, 5D, 74, 17, 21, DA, 78, E7, CD, 98, 65, 6C, 17, 8C, D1, 3E, 96, D0, E6, 67, 5D, A9, 95, 98, 87, 66, B8, B3, 4F, 8C, EE, ED, A2, 6C, Server -> Network Client -> Network 14, 03, 03, 00, 01, 01, Server -> Network Client -> Network 16, 03, 03, 00, 50, 39, 58, 22, A6, 83, 67, B6, B9, 2A, 7B, D9, B5, B5, 4F, C9, 20, 06, 76, 1A, 3B, 7B, F8, C0, 74, 5E, 09, CB, E8, A6, 1C, 04, F0, 3C, A8, 1C, DA, B4, 8A, 30, AD, B2, ED, C0, FB, BF, 6C, 16, 0E, 34, FF, CD, 22, E8, 44, E9, D7, 75, CC, 94, 8A, AD, E0, 66, 32, 1C, 49, 79, 53, EA, C7, 50, 6C, 6B, 2F, D9, 66, 5F, 6C, 02, 6C, Server -> Network Client -> Network Server -> Network 14, 03, 03, 00, 01, 01, Client -> Network Server -> Network 16, 03, 03, 00, 50, B3, 29, A8, 6D, CD, 21, 18, 96, 28, 0D, 34, 98, 75, 0E, C0, AE, 26, 25, 57, E8, D0, A7, 77, 61, 61, 57, 30, D8, 4E, 96, 61, F2, 3E, 85, 01, 93, 0D, C7, 6D, FE, 56, A7, 97, 7E, 70, 9D, D1, 07, D3, AA, AF, A6, 3F, E8, 46, C1, 44, AE, 26, 9F, 68, D7, DD, DC, 07, 3D, 3F, 5C, 82, D7, E2, 8A, DE, DA, C1, AF, 3E, 13, EE, 1A, Client -> Network 17, 03, 03, 00, 50, 82, A4, 66, F9, 42, 21, 06, FC, 74, C6, 15, FE, 98, F3, 35, 4B, 76, 8D, D0, 59, E2, A8, CE, D0, 03, F6, 76, 53, 94, 47, 1F, 66, 42, 5D, 19, 4F, 3E, A3, 1E, E9, AE, 5B, F3, 8D, 34, 50, 27, 51, D8, 88, 39, 98, D9, 0B, 39, 43, CF, 91, 7B, E1, 9D, 62, 1B, F4, 40, 57, 53, 39, 59, CB, E3, DE, 9B, 24, 91, C9, AE, 9C, 20, 76, Server -> Network 17, 03, 03, 00, 50, DB, CA, 03, F2, 86, 7B, C7, 0C, 9D, 3D, 43, F9, A4, 28, 35, A3, 40, E9, AB, 87, 03, 12, 1E, 54, 39, D9, EC, 16, FB, B5, 32, E2, 35, CD, 5C, E9, AD, A6, 15, C7, 4C, A0, 8F, 5D, BC, 6E, 82, 70, 2A, 77, 18, F7, 57, 28, 79, 6A, A1, 67, 04, FF, 7B, 05, 9F, 02, 95, B1, 4D, 20, 3D, 48, C4, FC, 53, 2D, 25, 27, 72, EC, E2, 25, Client -> Network 16, 03, 03, 00, 8B, 01, 00, 00, 87, 03, 03, F1, 6E, 23, 38, C3, 2D, DD, FD, 56, E1, C8, FE, 1F, 63, D1, 11, BD, 6D, C2, E8, FA, 77, 2C, 72, CD, 16, 72, 1A, E9, 23, DA, 92, 00, 00, 02, 00, 67, 01, 00, 00, 5C, 00, 0D, 00, 24, 00, 22, 04, 03, 05, 03, 06, 03, 08, 04, 08, 05, 08, 06, 08, 09, 08, 0A, 08, 0B, 04, 01, 05, 01, 06, 01, 03, 03, 03, 01, 02, 03, 02, 01, 02, 02, 00, 32, 00, 24, 00, 22, 04, 03, 05, 03, 06, 03, 08, 04, 08, 05, 08, 06, 08, 09, 08, 0A, 08, 0B, 04, 01, 05, 01, 06, 01, 03, 03, 03, 01, 02, 03, 02, 01, 02, 02, 00, 2B, 00, 03, 02, 03, 03, FF, 01, 00, 01, 00, Server -> Network ```
Standard error ``` java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ARGUMENTS_BAD at sun.security.pkcs11.P11KeyPairGenerator.generateKeyPair(P11KeyPairGenerator.java:422) at java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:697) at sun.security.ssl.DHKeyExchange$DHEPossession.generateDHKeyPair(DHKeyExchange.java:181) at sun.security.ssl.DHKeyExchange$DHEPossession.(DHKeyExchange.java:139) at sun.security.ssl.DHKeyExchange$DHEPossessionGenerator.createPossession(DHKeyExchange.java:389) at sun.security.ssl.SSLKeyExchange$T12KeyAgreement.createPossession(SSLKeyExchange.java:376) at sun.security.ssl.SSLKeyExchange.createPossessions(SSLKeyExchange.java:89) at sun.security.ssl.ServerHello$T12ServerHelloProducer.chooseCipherSuite(ServerHello.java:433) at sun.security.ssl.ServerHello$T12ServerHelloProducer.produce(ServerHello.java:296) at sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:421) at sun.security.ssl.ClientHello$T12ClientHelloConsumer.consume(ClientHello.java:1009) at sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:716) at sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:682) at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377) at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444) at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:981) at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:968) at java.security.AccessController.doPrivileged(Native Method) at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:915) at TestTLS12$testTLS12SunPKCS11Communication.runDelegatedTasks(TestTLS12.java:363) at TestTLS12$testTLS12SunPKCS11Communication.run(TestTLS12.java:312) at TestTLS12.main(TestTLS12.java:92) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:127) at java.lang.Thread.run(Thread.java:750) Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ARGUMENTS_BAD at sun.security.pkcs11.wrapper.PKCS11.C_GenerateKeyPair(Native Method) at sun.security.pkcs11.P11KeyPairGenerator.generateKeyPair(P11KeyPairGenerator.java:414) ... 27 more JavaTest Message: Test threw exception: java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ARGUMENTS_BAD JavaTest Message: shutting down test STATUS:Failed.`main' threw exception: java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ARGUMENTS_BAD ```
sxa commented 4 months ago

Also fails in the same way on Debian12: https://ci.adoptium.net/job/Grinder/10528/consoleFull

sxa commented 4 months ago

Series of tests with a CUSTOM_TARGET of sun/nio/cs/TestCharsetMapping.java sun/nio/cs/TestIBMBugs.java sun/nio/cs/TestCharsetMapping.java sun/nio/cs/TestIBMBugs.java sun/security/pkcs11/ec/TestCurves.java sun/security/pkcs11/Provider/Login.sh sun/security/pkcs11/Secmod/AddPrivateKey.java sun/security/pkcs11/Secmod/GetPrivateKey.java sun/security/pkcs11/Secmod/JksSetPrivateKey.java sun/security/pkcs11/Secmod/LoadKeystore.java sun/security/pkcs11/Secmod/TrustAnchors.java sun/security/tools/keytool/autotest.sh sun/security/pkcs11/ec/TestCurves.java sun/security/pkcs11/Provider/Login.sh sun/security/pkcs11/Secmod/AddPrivateKey.java sun/security/pkcs11/Secmod/GetPrivateKey.java sun/security/pkcs11/Secmod/JksSetPrivateKey.java sun/security/pkcs11/Secmod/LoadKeystore.java sun/security/pkcs11/Secmod/TrustAnchors.java sun/security/tools/keytool/autotest.sh sun/security/pkcs11/fips/TestTLS12.java to cover the issues linked in the titles of this table

Grinder machine sun/nio/cs pkcs11 TestTLS12 autotest
10530 Ubu24.04 (P)
10531 AL2023
10532 Debian12
10533 UBI9
10534 UBI8
10535 Fedora39
10536 AL2023
10537 Ubu22.04
10538 Ubu20.04
10540 Ubu24.04
10541 Ubu16.04
10542 CentOS7
10543 RHEL8 (P)
sxa commented 4 months ago

Noting that the TestTLS12 tests were excluded for Linux/ppc64le ONLY at https://github.com/adoptium/aqa-tests/pull/4652/files As per that issue - on Linux/ppc64le they fail on a centos74 system but pass on Ubuntu 20.04 (which is not consistent with the x64 failure in the table above)

EDIT: Test on Ubuntu 20.04/ppc64le is skipped with Test skipped: TLS 1.2 mechanisms not supported by current SunPKCS11 back-end

sxa commented 4 months ago

For reference as potentially related: https://bugs.openjdk.org/browse/JDK-8029661

jiekang commented 3 months ago

I've been trawling through the commit history for this test and related files on JDK 8, 11, 17, and 21.

I think it would be worth opening a JBS issue for this and asking one of the SME's in the area to help as there is a history of test failure reports and fixes in the area.

jiekang commented 3 months ago

For reference:

jdk8u: https://github.com/openjdk/jdk8u/blob/master/jdk/test/sun/security/pkcs11/fips/TestTLS12.java jdk11u: https://github.com/openjdk/jdk11u/blob/master/test/jdk/sun/security/pkcs11/fips/TestTLS12.java jdk17u: https://github.com/openjdk/jdk17u/blob/master/test/jdk/sun/security/pkcs11/tls/tls12/FipsModeTLS12.java jdk21u: https://github.com/openjdk/jdk21u/blob/master/test/jdk/sun/security/pkcs11/tls/tls12/FipsModeTLS12.java jdk: https://github.com/openjdk/jdk/blob/master/test/jdk/sun/security/pkcs11/tls/tls12/FipsModeTLS12.java