[openssl-dev] [openssl.org #3851] bug report; error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac

Tue May 19 14:52:30 UTC 2015

Saw this one after responding to the later one.....

I have already tried using gcc instead cc to rule out compiler bug but only on server program. I will install openssl using gcc and dropping optimization. Will also verify that server/client programs are not optimized.

Thanks

Shailender

-----Original Message-----
From: Andy Polyakov via RT [mailto:rt at openssl.org] 
Sent: Tuesday, May 19, 2015 4:13 AM
To: Gola, Shailender K
Cc: openssl-dev at openssl.org
Subject: Re: [openssl-dev] [openssl.org #3851] bug report; error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac

> Thanks for the timely response... below is version we are using. I 
> also must point out that we are currently using 0.9.8g for several 
> years, I tried to upgrade to .9.8zf, and several 1.0.x versions and 
> had the same error. The "./Configure solaris-x86-cc" was used to 
> install openssl.

But the question was about SPARC... Anyway. Once again, 1st question in situation like that is if we are dealing with compiler bug. To answer it you should drop optimization level and see if problem persists.

> Also below is 0.9.8g version which is in use currently.
> 
> This is the version with issue (also 0.9.8zf and several 1.0.x has 
> same errors)
> 
> /home/v316509/ssl/openssl-1.0.2a/apps>./openssl version -a OpenSSL 
> 1.0.2a 19 Mar 2015 built on: reproducible build, date unspecified
> platform: solaris-sparcv9-cc
> options:  bn(64,32) rc4(ptr,char) des(ptr,risc1,16,long) idea(int) 
> blowfish(ptr)
> compiler: cc -I. -I.. -I../include  -DOPENSSL_THREADS -D_REENTRANT 
> -DDSO_DLFCN -DHAVE_DLFCN_H -xtarget=ultra -xarch=v8plus -xO5 
> -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DOPENSSL_BN_ASM_MONT 
> -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM 
> -DAES_ASM -DGHASH_ASM
> OPENSSLDIR: "/usr/local/ssl"
> /home/v316509/ssl/openssl-1.0.2a/apps>
> 
> 
> This is the version in use with no issues :
> 
> /home/v336761/openssl/openssl-0.9.8g/apps>./openssl version -a OpenSSL 
> 0.9.8g 19 Oct 2007 built on: Mon May 18 18:14:46 EDT 2015
> platform: solaris-x86-cc
> options: bn(64,32) md2(int) rc4(ptr,char) des(ptr,cisc,16,long) 
> idea(int) blowfish(ptr)
> compiler: cc -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H 
> -fast -O -Xa
> OPENSSLDIR: "/home/v336761/openssl/openssl-0.9.8g"

Objective also is to pinpoint the problem to specific algorithm on specific platform. Mentioning two distinct platforms running different versions, like SPARC running 1.0.2 and x86 0.9.8g, does not make things clearer. You have to present evidence that directly supports given assumption, i.e. that 1.0.2 fails on SPARC. As for identifying algorithm. You can do so by playing with -cipher option to openssl s_client. Well, one can specify it even with s_server, but s_client is more practical for obvious reasons.