Compilation issues
david raingeard
david.raingeard at gmail.com
Tue Jun 29 16:31:54 UTC 2021
Ok, here it is. It compiled mostly ok (some fixes for solaris 2.6, like
inttypes.h instead of stdint).
The test suite fails (dubious error).
*Tls 1.2 works* just fine (*openssl s_client -connect google.com:443
<http://google.com:443> -tls1_2 -trace*)
but *Tls 1.3 fails* starting when the *ApplicationData *record is received.
I added some log to know what it does. It uses cipher *AES_256_GCM_SHA384*.
It fails in *EVP_DecryptFinal_ex*, as you can see, the 16 bytes don't match.
I compiled OpenSSL with the exact same flags on ubuntu, and it doesn't have
the issue on this os.
crypto/evp/evp_enc.c:590 cipher nid 901
crypto/modes/gcm128.c:1906 ctx->EK0.u[0]=feb43481e257b3
crypto/modes/gcm128.c:1907 ctx->EK0.u[1]=3318fafcfb9e16ff
crypto/modes/gcm128.c:1908 ctx->Xi.u[0]=f8f7981d11c157e0
crypto/modes/gcm128.c:1909 ctx->Xi.u[1]=724b8338c6785f7b
crypto/modes/gcm128.c:1912 after xor:
crypto/modes/gcm128.c:1913 ctx->Xi.u[0]=f8092c2990230053
crypto/modes/gcm128.c:1914 ctx->Xi.u[1]=415379c43de64984
crypto/modes/gcm128.c:1806 CRYPTO_gcm128_memcmp
len=16
f8^2c
09^7e
2c^a9
29^77
90^80
23^c4
00^72
53^98
41^3b
53^e0
79^0a
c4^08
3d^5e
e6^89
49^c9
84^f9
crypto/modes/gcm128.c:1814 CRYPTO_gcm128_memcmp
crypto/modes/gcm128.c:1932 ret = 255
Here is the full log (sorry) :
bash-3.2# ./openssl s_client -connect google.com:443 -tls1_3 -trace
ssl/ssl_lib.c:823
ssl/ssl_lib.c:825
ssl/ssl_lib.c:653
CONNECTED(00000005)
ssl/ssl_lib.c:653
ssl/record/rec_layer_s3.c:1056
ssl/record/rec_layer_s3.c:1059
ssl/record/rec_layer_s3.c:1062
Sent Record
Header:
Version = TLS 1.0 (0x301)
Content Type = Handshake (22)
Length = 229
ssl/record/rec_layer_s3.c:1067 SSL_TREAT_AS_TLS13(s)=0
s->enc_write_ctx=0x00000000
ssl/record/rec_layer_s3.c:1076
ssl/record/rec_layer_s3.c:1079
ClientHello, Length=225
client_version=0x303 (TLS 1.2)
Random:
gmt_unix_time=0xEC7463F6
random_bytes (len=28):
08D00001DEAC51B17E7F98F63D3BB21F3406961A6460434C4BBA5DD0
session_id (len=32):
FBD7A5070B19BE55FE33E41BD61E55CF6C9485D1915DD42B6FCB95F87E9981B6
cipher_suites (len=8)
{0x13, 0x02} TLS_AES_256_GCM_SHA384
{0x13, 0x03} TLS_CHACHA20_POLY1305_SHA256
{0x13, 0x01} TLS_AES_128_GCM_SHA256
{0x00, 0xFF} TLS_EMPTY_RENEGOTIATION_INFO_SCSV
compression_methods (len=1)
No Compression (0x00)
extensions, length = 144
extension_type=server_name(0), length=15
0000 - 00 0d 00 00 0a 67 6f 6f-67 6c 65 2e 63 6f 6d .....
google.com
extension_type=ec_point_formats(11), length=4
uncompressed (0)
ansiX962_compressed_prime (1)
ansiX962_compressed_char2 (2)
extension_type=supported_groups(10), length=12
ecdh_x25519 (29)
secp256r1 (P-256) (23)
ecdh_x448 (30)
secp521r1 (P-521) (25)
secp384r1 (P-384) (24)
extension_type=session_ticket(35), length=0
extension_type=encrypt_then_mac(22), length=0
extension_type=extended_master_secret(23), length=0
extension_type=signature_algorithms(13), length=30
ecdsa_secp256r1_sha256 (0x0403)
ecdsa_secp384r1_sha384 (0x0503)
ecdsa_secp521r1_sha512 (0x0603)
ed25519 (0x0807)
ed448 (0x0808)
rsa_pss_pss_sha256 (0x0809)
rsa_pss_pss_sha384 (0x080a)
rsa_pss_pss_sha512 (0x080b)
rsa_pss_rsae_sha256 (0x0804)
rsa_pss_rsae_sha384 (0x0805)
rsa_pss_rsae_sha512 (0x0806)
rsa_pkcs1_sha256 (0x0401)
rsa_pkcs1_sha384 (0x0501)
rsa_pkcs1_sha512 (0x0601)
extension_type=supported_versions(43), length=3
TLS 1.3 (772)
extension_type=psk_key_exchange_modes(45), length=2
psk_dhe_ke (1)
extension_type=key_share(51), length=38
NamedGroup: ecdh_x25519 (29)
key_exchange: (len=32):
ED28A72CB2111BBB8BB7716D0FB83A4748C884BB462A83D6E1AB156FE0712E3F
ssl/record/rec_layer_s3.c:1310 calling ssl3_get_record
ssl/record/ssl3_record.c:197 ssl3_get_record called
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = Handshake (22)
Length = 122
ssl/record/ssl3_record.c:465
ssl/record/ssl3_record.c:497
ssl/record/ssl3_record.c:531
ssl/record/ssl3_record.c:535 ssl version 0x0304 method 0x10000
ssl/record/ssl3_record.c:537 enc_err=1
ssl/record/ssl3_record.c:575
ssl/record/ssl3_record.c:586
ssl/record/ssl3_record.c:655
ssl/record/ssl3_record.c:701
ssl/record/ssl3_record.c:705
ssl/record/ssl3_record.c:721
ssl/record/ssl3_record.c:762
ssl/record/ssl3_record.c:813
ssl/record/ssl3_record.c:827
ssl/record/rec_layer_s3.c:1312
ssl/record/rec_layer_s3.c:1318
ssl/record/rec_layer_s3.c:1320
ssl/record/rec_layer_s3.c:1329
ssl/record/rec_layer_s3.c:1335
ssl/record/rec_layer_s3.c:1341
ssl/record/rec_layer_s3.c:1345
ssl/record/rec_layer_s3.c:1354
ssl/record/rec_layer_s3.c:1360
ssl/record/rec_layer_s3.c:1367
ssl/record/rec_layer_s3.c:1381
ssl/record/rec_layer_s3.c:1389
ssl/record/rec_layer_s3.c:1403
ssl/record/rec_layer_s3.c:1412
ssl/record/rec_layer_s3.c:1422
ssl/record/rec_layer_s3.c:1425
ssl/record/rec_layer_s3.c:1429
ssl/record/rec_layer_s3.c:1443
ssl/record/rec_layer_s3.c:1472
ssl/record/rec_layer_s3.c:1475
ssl/record/rec_layer_s3.c:1481
ssl/record/rec_layer_s3.c:1487
ssl/record/rec_layer_s3.c:1335
ssl/record/rec_layer_s3.c:1341
ssl/record/rec_layer_s3.c:1345
ssl/record/rec_layer_s3.c:1354
ssl/record/rec_layer_s3.c:1360
ssl/record/rec_layer_s3.c:1367
ssl/record/rec_layer_s3.c:1381
ssl/record/rec_layer_s3.c:1389
ssl/record/rec_layer_s3.c:1403
ssl/record/rec_layer_s3.c:1412
ssl/record/rec_layer_s3.c:1422
ssl/record/rec_layer_s3.c:1429
ssl/record/rec_layer_s3.c:1443
ssl/record/rec_layer_s3.c:1472
ssl/record/rec_layer_s3.c:1475
ssl/record/rec_layer_s3.c:1481
ssl/record/rec_layer_s3.c:1487
ServerHello, Length=118
server_version=0x303 (TLS 1.2)
Random:
gmt_unix_time=0x7F9CA9DE
random_bytes (len=28):
D6F6EFA5BCBB089010FA1573D92A29ACBFCE84FFE68B6D0736976BE5
session_id (len=32):
FBD7A5070B19BE55FE33E41BD61E55CF6C9485D1915DD42B6FCB95F87E9981B6
cipher_suite {0x13, 0x02} TLS_AES_256_GCM_SHA384
compression_method: No Compression (0x00)
extensions, length = 46
extension_type=key_share(51), length=36
NamedGroup: ecdh_x25519 (29)
key_exchange: (len=32):
AB9BEF12592BBE53425F317364F34CDB0076B9B3669B0B3C58BECA5A30F62534
extension_type=supported_versions(43), length=2
TLS 1.3 (772)
ssl/statem/statem_lib.c:2004 vent version 0x0304
ssl/record/rec_layer_s3.c:1335
ssl/record/rec_layer_s3.c:1341
ssl/record/rec_layer_s3.c:1310 calling ssl3_get_record
ssl/record/ssl3_record.c:197 ssl3_get_record called
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ChangeCipherSpec (20)
Length = 1
ssl/record/ssl3_record.c:465
ssl/record/ssl3_record.c:493
ssl/record/rec_layer_s3.c:1312
ssl/record/rec_layer_s3.c:1318
ssl/record/rec_layer_s3.c:1320
ssl/record/rec_layer_s3.c:1329
ssl/record/rec_layer_s3.c:1335
ssl/record/rec_layer_s3.c:1341
ssl/record/rec_layer_s3.c:1310 calling ssl3_get_record
ssl/record/ssl3_record.c:197 ssl3_get_record called
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 4658
ssl/record/ssl3_record.c:465
ssl/record/ssl3_record.c:497
ssl/record/ssl3_record.c:531
ssl/record/ssl3_record.c:535 ssl version 0x0304 method 0x0304
ssl/record/ssl3_record_tls13.c:37
ssl/record/ssl3_record_tls13.c:48
crypto/evp/e_aes.c:3195 aes_gcm_cipher
crypto/evp/e_aes.c:3203 aes_gcm_cipher
crypto/evp/e_aes.c:3210 aes_gcm_cipher
crypto/evp/e_aes.c:3216 aes_gcm_cipher
crypto/evp/e_aes.c:3221 aes_gcm_cipher
crypto/evp/e_aes.c:3347 aes_gcm_cipher
crypto/evp/e_aes.c:3195 aes_gcm_cipher
crypto/evp/e_aes.c:3203 aes_gcm_cipher
crypto/evp/e_aes.c:3210 aes_gcm_cipher
crypto/evp/e_aes.c:3216 aes_gcm_cipher
crypto/evp/e_aes.c:3290 aes_gcm_cipher
crypto/evp/e_aes.c:3320 aes_gcm_cipher
crypto/evp/e_aes.c:3336 aes_gcm_cipher
crypto/evp/e_aes.c:3343 aes_gcm_cipher
crypto/evp/e_aes.c:3345 aes_gcm_cipher
crypto/evp/e_aes.c:3347 aes_gcm_cipher
crypto/evp/evp_enc.c:228
crypto/evp/evp_enc.c:576
crypto/evp/evp_enc.c:587
crypto/evp/evp_enc.c:590 cipher nid 901
crypto/evp/e_aes.c:3195 aes_gcm_cipher
crypto/evp/e_aes.c:3203 aes_gcm_cipher
crypto/evp/e_aes.c:3210 aes_gcm_cipher
crypto/evp/e_aes.c:3216 aes_gcm_cipher
crypto/evp/e_aes.c:3350 aes_gcm_cipher
crypto/evp/e_aes.c:3352 aes_gcm_cipher
crypto/evp/e_aes.c:3358 aes_gcm_cipher
crypto/modes/gcm128.c:1838
crypto/modes/gcm128.c:1843
crypto/modes/gcm128.c:1887
crypto/modes/gcm128.c:1890
crypto/modes/gcm128.c:1896
crypto/modes/gcm128.c:1905
crypto/modes/gcm128.c:1906 ctx->EK0.u[0]=feb43481e257b3
crypto/modes/gcm128.c:1907 ctx->EK0.u[1]=3318fafcfb9e16ff
crypto/modes/gcm128.c:1908 ctx->Xi.u[0]=f8f7981d11c157e0
crypto/modes/gcm128.c:1909 ctx->Xi.u[1]=724b8338c6785f7b
crypto/modes/gcm128.c:1912 after xor:
crypto/modes/gcm128.c:1913 ctx->Xi.u[0]=f8092c2990230053
crypto/modes/gcm128.c:1914 ctx->Xi.u[1]=415379c43de64984
crypto/modes/gcm128.c:1916
crypto/modes/gcm128.c:1806 CRYPTO_gcm128_memcmp
len=16
f8^2c
09^7e
2c^a9
29^77
90^80
23^c4
00^72
53^98
41^3b
53^e0
79^0a
c4^08
3d^5e
e6^89
49^c9
84^f9
crypto/modes/gcm128.c:1814 CRYPTO_gcm128_memcmp
crypto/modes/gcm128.c:1932 ret = 255
crypto/evp/e_aes.c:3361 aes_gcm_cipher
crypto/evp/evp_enc.c:592
ssl/record/ssl3_record_tls13.c:202
ssl/record/ssl3_record.c:537 enc_err=-1
ssl/record/ssl3_record.c:575
ssl/record/ssl3_record.c:586
ssl/record/ssl3_record.c:655
ssl/record/ssl3_record.c:661
ssl/record/ssl3_record.c:696
ssl/record/ssl3_record_tls13.c:37
ssl/record/ssl3_record_tls13.c:48
ssl/record/rec_layer_s3.c:1056
ssl/record/rec_layer_s3.c:1059
ssl/record/rec_layer_s3.c:1062
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = Alert (21)
Length = 2
ssl/record/rec_layer_s3.c:1067 SSL_TREAT_AS_TLS13(s)=1
s->enc_write_ctx=0x00000000
ssl/record/rec_layer_s3.c:1076
ssl/record/rec_layer_s3.c:1079
Level=fatal(2), description=bad record mac(20)
ssl/record/rec_layer_s3.c:1312
ssl/record/rec_layer_s3.c:1315
0:error:1408F119:SSL routines:ssl3_get_record:decryption failed or bad
record mac:ssl/record/ssl3_record.c:698:
---
no peer certificate available
---
No client certificate CA names sent
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4796 bytes and written 241 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
-
Le mar. 29 juin 2021 à 18:06, Jan Just Keijser <janjust at nikhef.nl> a écrit :
> On 29/06/21 11:58, david raingeard wrote:
> > Hello,
> >
> > Technically, why prevents openssl 1.1.1g from compiling correctly on some
> > operating systems like Solaris 2.6, CentOS 7.8,... ?
> >
> >
> you will have to provide more details - openssl 1.1.1g compiles just
> fine on CentOS 7 (7.9 in my case).
>
> Can't talk about Solaris 2.6 , other than that it has been out of
> support since July 2006.
>
> HTH,
>
> JJK
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210629/dd37bd5a/attachment-0001.html>
More information about the openssl-users
mailing list