SHA256 openssl-1.1.1i Checksum Error

Chris Outwin coutwin at newstuff.com
Mon Dec 28 18:24:00 UTC 2020


This is my first post.  OpenSSL is not my forte.

The code below returns an unexpected checksum value for openssl-1.1.1i..  Strangely, when the same code is run for a previous version, the correct checksum value is returned.   Here is what I’ve tried:

1.  Downloaded the current SHA256 value for openssl-1.1.1i.tar.gz from https://www.openssl.org/source/
2.  Included that checksum value in the code below
3.  Run the code in macOS Version10.15.7’s Terminal app (using bash)
4.  Observed that the checksum value does not match the downloaded value in Step 1 above

Here is the part of the script associated with the problem.  Notice an incorrect checksum of c413e17d876098e89478c85e1d2b96db79bcdc943ad54550f0351da4f141ec5e is returned at the end.  What am I doing wrong? 

#!/bin/zsh
# This script builds OpenSSL libssl and libcrypto for 64-bit devices.
# Binary distribution for ios64-cross-arm64 and ios64-cross-arm64e

VERSION=“1.1.1i”
VERSION_SHA256_CHECKSUM="e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242"

##############################################################
curl -Ov https://www.openssl.org/source/openssl-$VERSION.tar.gz

# Checksum to verify OpenSSL files are not corrupted.
FILE_CHECKSUM=$(shasum -a 256 openssl-$VERSION.tar.gz | awk '{print $1; exit}')
if [ "$FILE_CHECKSUM" != "$VERSION_SHA256_CHECKSUM" ]; then
	echo "OpenSSL version $VERSION failed checksum."
	echo "Checksum should be:" $VERSION_SHA256_CHECKSUM
	echo "Actual downloaded file checksum:" $FILE_CHECKSUM
	exit 1
fi

Here is the verbose listing returned by the script:

chrisoutwin at Chriss-iMac OpenSSL % bash build.sh
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 23.2.168.18...
* TCP_NODELAY set
* Connected to www.openssl.org (23.2.168.18) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [229 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [108 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [2556 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [333 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: CN=www.openssl.org
*  start date: Oct 30 19:31:03 2020 GMT
*  expire date: Jan 28 19:31:03 2021 GMT
*  subjectAltName: host "www.openssl.org" matched cert's "www.openssl.org"
*  issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
*  SSL certificate verify ok.
> GET /source/openssl-“1.1.1i”.tar.gz HTTP/1.1
> Host: www.openssl.org
> User-Agent: curl/7.64.1
> Accept: */*
> 
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0< HTTP/1.1 404 Not Found
< Server: Apache/2.4.29 (Ubuntu)
< Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
< Accept-Ranges: bytes
< Content-Type: text/html; charset=UTF-8
< Content-Length: 4182
< Cache-Control: max-age=172800
< Expires: Wed, 30 Dec 2020 15:20:43 GMT
< Date: Mon, 28 Dec 2020 15:20:43 GMT
< Connection: keep-alive
< 
{ [1536 bytes data]
100  4182  100  4182    0     0   5873      0 --:--:-- --:--:-- --:--:--  5873
* Connection #0 to host www.openssl.org left intact
* Closing connection 0
OpenSSL version “1.1.1i” failed checksum.
Checksum should be: e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242
Actual downloaded file checksum: c413e17d876098e89478c85e1d2b96db79bcdc943ad54550f0351da4f141ec5e


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201228/5b140723/attachment-0001.html>


More information about the openssl-users mailing list