[openssl-dev] [openssl.org #3851] bug report; error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
Andy Polyakov via RT
rt at openssl.org
Tue May 19 08:13:15 UTC 2015
> Thanks for the timely response... below is version we are using. I
> also must point out that we are currently using 0.9.8g for several
> years, I tried to upgrade to .9.8zf, and several 1.0.x versions and
> had the same error. The "./Configure solaris-x86-cc" was used to
> install openssl.
But the question was about SPARC... Anyway. Once again, 1st question in
situation like that is if we are dealing with compiler bug. To answer it
you should drop optimization level and see if problem persists.
> Also below is 0.9.8g version which is in use
> currently.
>
> This is the version with issue (also 0.9.8zf and several 1.0.x has
> same errors)
>
> /home/v316509/ssl/openssl-1.0.2a/apps>./openssl version -a
> OpenSSL 1.0.2a 19 Mar 2015
> built on: reproducible build, date unspecified
> platform: solaris-sparcv9-cc
> options: bn(64,32) rc4(ptr,char) des(ptr,risc1,16,long) idea(int) blowfish(ptr)
> compiler: cc -I. -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DGHASH_ASM
> OPENSSLDIR: "/usr/local/ssl"
> /home/v316509/ssl/openssl-1.0.2a/apps>
>
>
> This is the version in use with no issues :
>
> /home/v336761/openssl/openssl-0.9.8g/apps>./openssl version -a
> OpenSSL 0.9.8g 19 Oct 2007
> built on: Mon May 18 18:14:46 EDT 2015
> platform: solaris-x86-cc
> options: bn(64,32) md2(int) rc4(ptr,char) des(ptr,cisc,16,long) idea(int) blowfish(ptr)
> compiler: cc -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -fast -O -Xa
> OPENSSLDIR: "/home/v336761/openssl/openssl-0.9.8g"
Objective also is to pinpoint the problem to specific algorithm on
specific platform. Mentioning two distinct platforms running different
versions, like SPARC running 1.0.2 and x86 0.9.8g, does not make things
clearer. You have to present evidence that directly supports given
assumption, i.e. that 1.0.2 fails on SPARC. As for identifying
algorithm. You can do so by playing with -cipher option to openssl
s_client. Well, one can specify it even with s_server, but s_client is
more practical for obvious reasons.
More information about the openssl-dev
mailing list