Closed Bug 499658 Opened 15 years ago Closed 5 months ago

Incorrect Message Authentication Code in SSL tests.

Categories

(NSS :: Tools, defect, P5)

Product:
NSS
Component:
Tools
Version:
3.12.3
Platform:
x86_64
Windows Server 2003
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: slavomir.katuscak+mozilla, Unassigned)

Details

Build:
securitytip/20090619.1/nss-w2kp_WIN64/NSS-W2KP.4 (64bit/OPT/nightly QA)

One of SSL client authentication extended tests failed:

Log:
ssl.sh: TLS Request don't require client auth on 2nd hs (bad password) ----
selfserv starting at Sat Jun 20 04:03:06 PDT 2009
selfserv -D -p 8444 -d ../ext_server -n NSS-W2KP.red.iplanet.com -B -s \
         -e NSS-W2KP.red.iplanet.com-ec -w nss -r -r -r -i ../tests_pid.1556  &
trying to connect to selfserv at Sat Jun 20 04:03:06 PDT 2009
tstclnt -p 8444 -h NSS-W2KP.red.iplanet.com  -q \
        -d ../ext_client -v < /e/security/securitytip/builds/20090619.1/nss-w2kp_WIN64/mozilla/security/nss/tests/ssl/sslreq.dat
tstclnt.exe: connecting to NSS-W2KP.red.iplanet.com:8444 (address=192.18.72.33)
kill -0 3268 >/dev/null 2>/dev/null
selfserv with PID 3268 found at Sat Jun 20 04:03:07 PDT 2009
selfserv with PID 3268 started at Sat Jun 20 04:03:07 PDT 2009
tstclnt -p 8444 -h NSS-W2KP.red.iplanet.com -f -d ../ext_client -v  \
        -w bogus -n ExtendedSSLUser  < /e/security/securitytip/builds/20090619.1/nss-w2kp_WIN64/mozilla/security/nss/tests/ssl/sslreq.dat
Incorrect password/PIN entered.
tstclnt.exe: connecting to NSS-W2KP.red.iplanet.com:8444 (address=192.18.72.33)
tstclnt.exe: connect: Operation is still in progress (probably a non-blocking connect).
tstclnt.exe: about to call PR_Poll for connect completion!
tstclnt.exe: PR_Poll returned 0x02 for socket out_flags.
tstclnt.exe: ready...
tstclnt.exe: about to call PR_Poll !
tstclnt.exe: PR_Poll returned!
tstclnt.exe: PR_Poll returned 0x01 for stdin out_flags.
tstclnt.exe: PR_Poll returned 0x00 for socket out_flags.
tstclnt.exe: stdin read 18 bytes
tstclnt.exe: Writing 18 bytes to server
tstclnt.exe: about to call PR_Poll on writable socket !
tstclnt.exe: PR_Poll returned with writable socket !
tstclnt.exe: about to call PR_Poll on writable socket !
tstclnt.exe: PR_Poll returned with writable socket !
tstclnt: SSL version 3.1 using 128-bit RC4 with 128-bit MD5 MAC
tstclnt: Server Auth: 1024-bit RSA, Key Exchange: 1024-bit RSA
subject DN: CN=NSS-W2KP.red.iplanet.com,E=NSS-W2KP.red.iplanet.com@bogus.com,O=BOGUS NSS,L=Mountain View,ST=California,C=US
issuer  DN: CN=NSS Chain2 Server Test CA,O=BOGUS NSS,L=Santa Clara,ST=California,C=US
0 cache hits; 1 cache misses, 0 cache not reusable
0 stateless resumes
tstclnt.exe: PR_Poll returned 0x02 for socket out_flags.
tstclnt.exe: about to call PR_Poll !
tstclnt.exe: PR_Poll returned!
tstclnt.exe: PR_Poll returned 0x01 for stdin out_flags.
tstclnt.exe: PR_Poll returned 0x00 for socket out_flags.
tstclnt.exe: stdin read 0 bytes
tstclnt.exe: PR_Poll returned 0x00 for socket out_flags.
tstclnt.exe: about to call PR_Poll !
tstclnt.exe: PR_Poll returned!
tstclnt.exe: PR_Poll returned 0x01 for socket out_flags.
tstclnt.exe: PR_Poll returned 0x01 for socket out_flags.
tstclnt.exe: Read from server -1 bytes
tstclnt.exe: about to call PR_Poll !
tstclnt.exe: PR_Poll returned!
tstclnt.exe: PR_Poll returned 0x01 for socket out_flags.
tstclnt.exe: PR_Poll returned 0x01 for socket out_flags.
tstclnt.exe: Read from server -1 bytes
tstclnt.exe: about to call PR_Poll !
tstclnt.exe: PR_Poll returned!
tstclnt.exe: PR_Poll returned 0x01 for socket out_flags.
tstclnt.exe: PR_Poll returned 0x01 for socket out_flags.
tstclnt.exe: Read from server -1 bytes
tstclnt.exe: read from socket failed: SSL peer reports incorrect Message Authentication Code.
tstclnt: exiting with return code 1
ssl.sh: #1359: TLS Request don't require client auth on 2nd hs (bad password) produced a returncode of 1, expected is 0 - FAILED
trying to kill selfserv with PID 3268 at Sat Jun 20 04:03:07 PDT 2009
kill 3268
./all.sh: line 17:  3268 Terminated              ${PROFTOOL} ${BINDIR}/selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} ${ECC_OPTIONS} -w nss ${sparam} -i ${R_SERVERPID} $verbose
selfserv with PID 3268 killed at Sat Jun 20 04:03:07 PDT 2009

Server was in bypass mode, client in standard mode. This failure occurred only once.
Another incorrect message authentication code error today on the same machine.

Build:
securitytip/20090621.1/nss-w2kp_WIN64/NSS-W2KP.3 (64bit/DBG/nightly QA)

ssl.sh: Stress TLS  ECDH-RSA    AES 128 CBC with SHA (no reuse) ----
selfserv starting at Mon Jun 22 03:23:26 PDT 2009
selfserv -D -p 8444 -d ../ext_server -n NSS-W2KP.red.iplanet.com -B -s \
         -e NSS-W2KP.red.iplanet.com-ecmixed -w nss -c :C00E -i ../tests_pid.2592  &
trying to connect to selfserv at Mon Jun 22 03:23:26 PDT 2009
tstclnt -p 8444 -h NSS-W2KP.red.iplanet.com -B -s -q \
        -d ../ext_client -v < /e/security/securitytip/builds/20090621.1/nss-w2kp_WIN64/mozilla/security/nss/tests/ssl/sslreq.dat
tstclnt.exe: connecting to NSS-W2KP.red.iplanet.com:8444 (address=192.18.72.33)
kill -0 1196 >/dev/null 2>/dev/null
selfserv with PID 1196 found at Mon Jun 22 03:23:27 PDT 2009
selfserv with PID 1196 started at Mon Jun 22 03:23:27 PDT 2009
strsclnt -q -p 8444 -d ../ext_client -B -s -w nss -2 -c 100 -C :C00E -N \
          NSS-W2KP.red.iplanet.com
strsclnt started at Mon Jun 22 03:23:27 PDT 2009
strsclnt: 0 cache hits; 40 cache misses, 0 cache not reusable
          0 stateless resumes
strsclnt: NoReuse - 40 server certificates tested.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: 0 cache hits; 8 cache misses, 0 cache not reusable
          0 stateless resumes
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: PR_Send returned error -12272:
SSL peer reports incorrect Message Authentication Code.
strsclnt completed at Mon Jun 22 03:23:28 PDT 2009
ssl.sh: #5385: Stress TLS  ECDH-RSA    AES 128 CBC with SHA (no reuse) produced a returncode of 1, expected is 0.  - FAILED
trying to kill selfserv with PID 1196 at Mon Jun 22 03:23:28 PDT 2009
kill 1196
./all.sh: line 17:  1196 Terminated              ${PROFTOOL} ${BINDIR}/selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} ${ECC_OPTIONS} -w nss ${sparam} -i ${R_SERVERPID} $verbose
selfserv with PID 1196 killed at Mon Jun 22 03:23:28 PDT 2009
Summary: SSL client authentication extended test failed. → Incorrect Message Authentication Code in SSL tests.
Another failure of this kind on Tinderboxes.

Build identifier: trunk standard boy MINGW32_NT-5.2 64bit OPT
(Started 2009/10/04 17:42, finished 2009/10/04 20:17)

Logfile: http://tinderbox.mozilla.org/showlog.cgi?log=NSS/1254703372.1254712574.20708.gz&fulltext=1

---------- Relevant snippet from log ----------
trying to kill selfserv with PID 3776 at Sun Oct  4 18:24:33 PDT 2009
kill 3776
./ssl.sh: line 207:  3776 Terminated              ${PROFTOOL} ${BINDIR}/selfserv -D -p ${PORT} -d ${P_R_SERVERDIR} -n ${HOSTADDR} ${SERVER_OPTIONS} ${ECC_OPTIONS} -w nss ${sparam} -i ${R_SERVERPID} $verbose
selfserv with PID 3776 killed at Sun Oct  4 18:24:33 PDT 2009
ssl.sh: Stress SSL3 ECDHE-ECDSA AES 128 CBC with SHA (no reuse) ----
selfserv starting at Sun Oct  4 18:24:33 PDT 2009
selfserv -D -p 8444 -d ../ext_server -n BOY.red.iplanet.com  \
         -e BOY.red.iplanet.com-ec -w nss -c :C009 -i ../tests_pid.2264  &amp;
trying to connect to selfserv at Sun Oct  4 18:24:33 PDT 2009
tstclnt -p 8444 -h BOY.red.iplanet.com  -q \
        -d ../ext_client -v &lt; /export/tinderlight/data/boy_64_OPT/mozilla/security/nss/tests/ssl/sslreq.dat
tstclnt.exe: connecting to BOY.red.iplanet.com:8444 (address=192.18.72.154)
kill -0 4652 >/dev/null 2>/dev/null
selfserv with PID 4652 found at Sun Oct  4 18:24:34 PDT 2009
selfserv with PID 4652 started at Sun Oct  4 18:24:34 PDT 2009
strsclnt -q -p 8444 -d ../ext_client  -w nss -c 100 -C :C009 -N -T \
          BOY.red.iplanet.com
strsclnt started at Sun Oct  4 18:24:34 PDT 2009
strsclnt: 0 cache hits; 36 cache misses, 0 cache not reusable
          0 stateless resumes
strsclnt: NoReuse - 36 server certificates tested.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: 0 cache hits; 8 cache misses, 0 cache not reusable
          0 stateless resumes
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: PR_Send returned error -12272:
SSL peer reports incorrect Message Authentication Code.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt: -- SSL: Server Certificate Validated.
strsclnt completed at Sun Oct  4 18:24:35 PDT 2009
ssl.sh: #1926: Stress SSL3 ECDHE-ECDSA AES 128 CBC with SHA (no reuse) produced a returncode of 1, expected is 0.  - FAILED
---------- /Relevant snippet from log ----------
This bug became a frequent failure, I see it 2-3 times per week on Tinderbox machines.
Assignee: nelson → nobody
Target Milestone: 3.12.4 → ---
Severity: normal → S3
Severity: S3 → S4
Status: NEW → RESOLVED
Closed: 5 months ago
Priority: -- → P5
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.