Intermittent dom/u2f/tests/test_register_sign.html | /tests/dom/u2f/tests/frame_register_sign.html: Register attestation signature verified

RESOLVED FIXED in Firefox 57

Status

()

Core
DOM: Device Interfaces
P2
normal
RESOLVED FIXED
7 months ago
3 months ago

People

(Reporter: Treeherder Bug Filer, Assigned: jcj)

Tracking

({intermittent-failure})

unspecified
mozilla58
intermittent-failure
Points:
---

Firefox Tracking Flags

(firefox57 fixed, firefox58 fixed)

Details

(Whiteboard: [webauthn] [webauthn-test][stockwell unknown])

MozReview Requests

()

Submitter Diff Changes Open Issues Last Updated
Loading...
Error loading review requests:

Attachments

(3 attachments)

Comment 1

7 months ago
39 failures in 1032 pushes (0.038 failures/push) were associated with this bug in the last 7 days.   

** This failure happened more than 30 times this week! Resolving this bug is a high priority. **

** Try to resolve this bug as soon as possible. If unresolved for 2 weeks, the affected test(s) may be disabled. **  

Repository breakdown:
* mozilla-inbound: 13
* autoland: 12
* mozilla-central: 11
* try: 3

Platform breakdown:
* linux64: 10
* windows7-32: 9
* windows10-64: 5
* windows7-32-stylo-disabled: 3
* windows10-64-stylo-disabled: 3
* osx-10-10: 3
* linux32-stylo-disabled: 2
* linux32: 2
* macosx64-stylo-disabled: 1
* linux64-stylo-disabled: 1

For more details, see:
https://brasstacks.mozilla.com/orangefactor/?display=Bug&bugid=1399334&startday=2017-09-11&endday=2017-09-17&tree=all
Priority: P5 → --
Whiteboard: [stockwell needswork:owner]
Hi J.C., is this recently-rose-up intermittent failure on your radar?
Flags: needinfo?(jjones)
(Assignee)

Comment 3

7 months ago
It wasn't, but it is now. Thanks!
Flags: needinfo?(jjones)
OS: Unspecified → All
Priority: -- → P2
QA Contact: mwobensmith
Hardware: Unspecified → All
Whiteboard: [stockwell needswork:owner] → [stockwell needswork:owner] [webauthn] [webauthn-test]
(Assignee)

Updated

7 months ago
Assignee: nobody → jjones
Status: NEW → ASSIGNED
(Assignee)

Comment 4

7 months ago
I've a test to print the whole certificate that is offensive whenever it comes up.
Keywords: leave-open
(Assignee)

Comment 5

7 months ago
Marking checkin-needed w/ leave-open so we can see what the real failure is
Keywords: checkin-needed

Updated

7 months ago
Attachment #8909606 - Flags: review+
I have no way of landing patches from Phabricator at the moment. Please attach it here or to MozReview instead.
Flags: needinfo?(jjones)
Keywords: checkin-needed
(Assignee)

Comment 7

7 months ago
Created attachment 8909919 [details] [diff] [review]
1399334-intermittent_u2f_sign.patch

Here goes!
Attachment #8909606 - Attachment is obsolete: true
Flags: needinfo?(jjones)
Attachment #8909919 - Flags: review+
(Assignee)

Updated

7 months ago
Keywords: checkin-needed

Comment 8

7 months ago
Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/0902f7275334
Add more debugging to see why certificates aren't valid. r=ttaubert
Keywords: checkin-needed

Comment 10

7 months ago
19 failures in 943 pushes (0.02 failures/push) were associated with this bug in the last 7 days.    

Repository breakdown:
* autoland: 10
* mozilla-central: 6
* mozilla-inbound: 2
* mozilla-beta: 1

Platform breakdown:
* osx-10-10: 5
* windows7-32: 4
* windows10-64-stylo-disabled: 2
* windows10-64: 2
* linux32-stylo-disabled: 2
* linux32: 2
* linux64-nightly: 1
* linux64: 1

For more details, see:
https://brasstacks.mozilla.com/orangefactor/?display=Bug&bugid=1399334&startday=2017-09-18&endday=2017-09-24&tree=all
Whiteboard: [stockwell needswork:owner] [webauthn] [webauthn-test] → [webauthn] [webauthn-test][stockwell unknown]
status-firefox57: --- → affected
status-firefox58: --- → affected
(Assignee)

Comment 11

7 months ago
I've dug through this and am still not clear on what the cause is.

This failure is new simply because I added the check of whether the certificate's signature was valid to this test relatively recently. There are other tests that check that out, particularly all of the equivalent webauthn tests. 

I'm tempted to go remove the check again. We don't ship the soft token, it's purely for testing...

Comment 12

7 months ago
26 failures in 885 pushes (0.029 failures/push) were associated with this bug in the last 7 days.    

Repository breakdown:
* autoland: 12
* mozilla-inbound: 5
* mozilla-beta: 4
* mozilla-central: 3
* try: 2

Platform breakdown:
* osx-10-10: 6
* linux64: 4
* linux32-stylo-disabled: 3
* windows7-32-stylo-disabled: 2
* windows7-32: 2
* windows10-64-stylo-disabled: 2
* macosx64-stylo-disabled: 2
* linux64-stylo-disabled: 2
* linux32: 2
* linux64-qr: 1

For more details, see:
https://brasstacks.mozilla.com/orangefactor/?display=Bug&bugid=1399334&startday=2017-09-25&endday=2017-10-01&tree=all
(Assignee)

Comment 13

7 months ago
I think this bug is in PKI.js, but I haven't isolated where. Most of the certificates reported in brasstacks are truncated by the logger (oops), but some are complete, and those which are complete verify fine with OpenSSL and NSS, so whatever is wrong is a false positive.

I'm going to remove the call to attestationCert.verify() --- it's not even testing anything relevant to U2F.
(Assignee)

Comment 14

7 months ago
Examples for posterity:


https://treeherder.mozilla.org/logviewer.html#?repo=mozilla-beta&job_id=133848683&lineNumber=4971

-----BEGIN CERTIFICATE-----
MIIBMTCB2aADAgECAgUAq02MeTAKBggqhkjOPQQDAjAhMR8wHQYDVQQDExZGaXJl
Zm94IFUyRiBTb2Z0IFRva2VuMB4XDTE3MDkyNzE2MDAzN1oXDTE3MDkyOTE2MDAz
N1owITEfMB0GA1UEAxMWRmlyZWZveCBVMkYgU29mdCBUb2tlbjBZMBMGByqGSM49
AgEGCCqGSM49AwEHA0IABH4RcxsrUCg09aLnYY3Bi6kUqjiQ1WtZkjpRs+gxyTKW
Tg4DIWRket4Ok8gv+a4W6JaIzt//orbJ3bo0uWKDUVAwCgYIKoZIzj0EAwIDRwAw
RAIgAORpKjwu9wKJkhIxMYiTHC0WzTb99G58EkQ5ejteHMUCIFYa6ilDjW3BAtm4
fJNr3yK/K2QnP3EfMqO+c+el9C4O
-----END CERTIFICATE-----

openssl verify -purpose any -CAfile /tmp/cert.pem /tmp/cert.pem
/tmp/cert.pem: /CN=Firefox U2F Soft Token
error 10 at 0 depth lookup:certificate has expired
OK


https://treeherder.mozilla.org/logviewer.html#?repo=mozilla-central&job_id=134282931&lineNumber=2673

-----BEGIN CERTIFICATE-----
MIIBMTCB2aADAgECAgUA55x6LTAKBggqhkjOPQQDAjAhMR8wHQYDVQQDExZGaXJl
Zm94IFUyRiBTb2Z0IFRva2VuMB4XDTE3MDkzMDE5MjIzMloXDTE3MTAwMjE5MjIz
MlowITEfMB0GA1UEAxMWRmlyZWZveCBVMkYgU29mdCBUb2tlbjBZMBMGByqGSM49
AgEGCCqGSM49AwEHA0IABIWu4L8ky7s8I7qVv+JwMRHpippH4b6h7rN0jlKpFbHK
hnEwaCPLrTx04Eh9xT4GK9JWuuP759hnAxsWD5wk0H0wCgYIKoZIzj0EAwIDRwAw
RAIgRIeRcn6LkwU8VOmX+mdQ3jUQrUOp5f2xH/qBECGi5EcCIADBjsm/EDKkAwLZ
pGdX7+N+kgf9No4uuLV4dsNVJ1pa
-----END CERTIFICATE-----

openssl verify -purpose any -CAfile /tmp/cert2.pem /tmp/cert2.pem
/tmp/cert2.pem: OK
Comment hidden (mozreview-request)

Comment 16

7 months ago
mozreview-review
Comment on attachment 8914437 [details]
Bug 1399334 - Workaround buggy pki.js cert verifier implementation

https://reviewboard.mozilla.org/r/185742/#review190690

Seems reasonable. Maybe file a bug wherever pki.js tracks its issues with a certificate that fails to verify?
Attachment #8914437 - Flags: review?(dkeeler) → review+
(Assignee)

Comment 17

7 months ago
That's https://github.com/PeculiarVentures/PKI.js ; good idea, will do!
Keywords: leave-open → checkin-needed

Comment 18

7 months ago
Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/42e5371334d9
Workaround buggy pki.js cert verifier implementation r=keeler
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/42e5371334d9
Status: ASSIGNED → RESOLVED
Last Resolved: 7 months ago
status-firefox58: affected → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla58

Comment 20

7 months ago
bugherderuplift
https://hg.mozilla.org/releases/mozilla-beta/rev/f66ff4d9ddbe
status-firefox57: affected → fixed
(Assignee)

Updated

7 months ago
Duplicate of this bug: 1401470

Comment 22

6 months ago
5 failures in 824 pushes (0.006 failures/push) were associated with this bug in the last 7 days.    

Repository breakdown:
* autoland: 2
* mozilla-inbound: 1
* mozilla-central: 1
* mozilla-beta: 1

Platform breakdown:
* windows7-32: 1
* windows10-64-stylo-disabled: 1
* osx-10-10: 1
* linux64: 1
* linux32: 1

For more details, see:
https://brasstacks.mozilla.com/orangefactor/?display=Bug&bugid=1399334&startday=2017-10-02&endday=2017-10-08&tree=all

Updated

3 months ago
Attachment #8909606 - Attachment is obsolete: false
You need to log in before you can comment on or make changes to this bug.