Compilation issues

david raingeard david.raingeard at gmail.com
Tue Jun 29 16:31:54 UTC 2021


Ok, here it is. It compiled mostly ok (some fixes for solaris 2.6, like
inttypes.h instead of stdint).
The test suite fails (dubious error).

*Tls 1.2 works* just fine (*openssl s_client -connect google.com:443
<http://google.com:443> -tls1_2 -trace*)

but *Tls 1.3 fails* starting when the *ApplicationData *record is received.

I added some log to know what it does. It uses cipher *AES_256_GCM_SHA384*.

It fails in *EVP_DecryptFinal_ex*, as you can see, the 16 bytes don't match.

I compiled OpenSSL with the exact same flags on ubuntu, and it doesn't have
the issue on this os.

crypto/evp/evp_enc.c:590 cipher nid 901
crypto/modes/gcm128.c:1906 ctx->EK0.u[0]=feb43481e257b3
crypto/modes/gcm128.c:1907 ctx->EK0.u[1]=3318fafcfb9e16ff
crypto/modes/gcm128.c:1908 ctx->Xi.u[0]=f8f7981d11c157e0
crypto/modes/gcm128.c:1909 ctx->Xi.u[1]=724b8338c6785f7b
crypto/modes/gcm128.c:1912 after xor:
crypto/modes/gcm128.c:1913 ctx->Xi.u[0]=f8092c2990230053
crypto/modes/gcm128.c:1914 ctx->Xi.u[1]=415379c43de64984
crypto/modes/gcm128.c:1806 CRYPTO_gcm128_memcmp
        len=16
f8^2c
09^7e
2c^a9
29^77
90^80
23^c4
00^72
53^98
41^3b
53^e0
79^0a
c4^08
3d^5e
e6^89
49^c9
84^f9
crypto/modes/gcm128.c:1814 CRYPTO_gcm128_memcmp
crypto/modes/gcm128.c:1932 ret = 255



Here is the full log (sorry) :

bash-3.2# ./openssl s_client -connect google.com:443 -tls1_3 -trace

ssl/ssl_lib.c:823

ssl/ssl_lib.c:825

ssl/ssl_lib.c:653

CONNECTED(00000005)

ssl/ssl_lib.c:653

ssl/record/rec_layer_s3.c:1056

ssl/record/rec_layer_s3.c:1059

ssl/record/rec_layer_s3.c:1062

Sent Record

Header:

  Version = TLS 1.0 (0x301)

  Content Type = Handshake (22)

  Length = 229

ssl/record/rec_layer_s3.c:1067 SSL_TREAT_AS_TLS13(s)=0
s->enc_write_ctx=0x00000000

ssl/record/rec_layer_s3.c:1076

ssl/record/rec_layer_s3.c:1079

    ClientHello, Length=225

      client_version=0x303 (TLS 1.2)

      Random:

        gmt_unix_time=0xEC7463F6

        random_bytes (len=28):
08D00001DEAC51B17E7F98F63D3BB21F3406961A6460434C4BBA5DD0

      session_id (len=32):
FBD7A5070B19BE55FE33E41BD61E55CF6C9485D1915DD42B6FCB95F87E9981B6

      cipher_suites (len=8)

        {0x13, 0x02} TLS_AES_256_GCM_SHA384

        {0x13, 0x03} TLS_CHACHA20_POLY1305_SHA256

        {0x13, 0x01} TLS_AES_128_GCM_SHA256

        {0x00, 0xFF} TLS_EMPTY_RENEGOTIATION_INFO_SCSV

      compression_methods (len=1)

        No Compression (0x00)

      extensions, length = 144

        extension_type=server_name(0), length=15

          0000 - 00 0d 00 00 0a 67 6f 6f-67 6c 65 2e 63 6f 6d   .....
google.com

        extension_type=ec_point_formats(11), length=4

          uncompressed (0)

          ansiX962_compressed_prime (1)

          ansiX962_compressed_char2 (2)

        extension_type=supported_groups(10), length=12

          ecdh_x25519 (29)

          secp256r1 (P-256) (23)

          ecdh_x448 (30)

          secp521r1 (P-521) (25)

          secp384r1 (P-384) (24)

        extension_type=session_ticket(35), length=0

        extension_type=encrypt_then_mac(22), length=0

        extension_type=extended_master_secret(23), length=0

        extension_type=signature_algorithms(13), length=30

          ecdsa_secp256r1_sha256 (0x0403)

          ecdsa_secp384r1_sha384 (0x0503)

          ecdsa_secp521r1_sha512 (0x0603)

          ed25519 (0x0807)

          ed448 (0x0808)

          rsa_pss_pss_sha256 (0x0809)

          rsa_pss_pss_sha384 (0x080a)

          rsa_pss_pss_sha512 (0x080b)

          rsa_pss_rsae_sha256 (0x0804)

          rsa_pss_rsae_sha384 (0x0805)

          rsa_pss_rsae_sha512 (0x0806)

          rsa_pkcs1_sha256 (0x0401)

          rsa_pkcs1_sha384 (0x0501)

          rsa_pkcs1_sha512 (0x0601)

        extension_type=supported_versions(43), length=3

          TLS 1.3 (772)

        extension_type=psk_key_exchange_modes(45), length=2

          psk_dhe_ke (1)

        extension_type=key_share(51), length=38

            NamedGroup: ecdh_x25519 (29)

            key_exchange:  (len=32):
ED28A72CB2111BBB8BB7716D0FB83A4748C884BB462A83D6E1AB156FE0712E3F


ssl/record/rec_layer_s3.c:1310 calling ssl3_get_record

ssl/record/ssl3_record.c:197 ssl3_get_record called

Received Record

Header:

  Version = TLS 1.2 (0x303)

  Content Type = Handshake (22)

  Length = 122

ssl/record/ssl3_record.c:465

ssl/record/ssl3_record.c:497

ssl/record/ssl3_record.c:531

ssl/record/ssl3_record.c:535 ssl version 0x0304 method 0x10000

ssl/record/ssl3_record.c:537 enc_err=1

ssl/record/ssl3_record.c:575

ssl/record/ssl3_record.c:586

ssl/record/ssl3_record.c:655

ssl/record/ssl3_record.c:701

ssl/record/ssl3_record.c:705

ssl/record/ssl3_record.c:721

ssl/record/ssl3_record.c:762

ssl/record/ssl3_record.c:813

ssl/record/ssl3_record.c:827

ssl/record/rec_layer_s3.c:1312

ssl/record/rec_layer_s3.c:1318

ssl/record/rec_layer_s3.c:1320

ssl/record/rec_layer_s3.c:1329

ssl/record/rec_layer_s3.c:1335

ssl/record/rec_layer_s3.c:1341

ssl/record/rec_layer_s3.c:1345

ssl/record/rec_layer_s3.c:1354

ssl/record/rec_layer_s3.c:1360

ssl/record/rec_layer_s3.c:1367

ssl/record/rec_layer_s3.c:1381

ssl/record/rec_layer_s3.c:1389

ssl/record/rec_layer_s3.c:1403

ssl/record/rec_layer_s3.c:1412

ssl/record/rec_layer_s3.c:1422

ssl/record/rec_layer_s3.c:1425

ssl/record/rec_layer_s3.c:1429

ssl/record/rec_layer_s3.c:1443

ssl/record/rec_layer_s3.c:1472

ssl/record/rec_layer_s3.c:1475

ssl/record/rec_layer_s3.c:1481

ssl/record/rec_layer_s3.c:1487

ssl/record/rec_layer_s3.c:1335

ssl/record/rec_layer_s3.c:1341

ssl/record/rec_layer_s3.c:1345

ssl/record/rec_layer_s3.c:1354

ssl/record/rec_layer_s3.c:1360

ssl/record/rec_layer_s3.c:1367

ssl/record/rec_layer_s3.c:1381

ssl/record/rec_layer_s3.c:1389

ssl/record/rec_layer_s3.c:1403

ssl/record/rec_layer_s3.c:1412

ssl/record/rec_layer_s3.c:1422

ssl/record/rec_layer_s3.c:1429

ssl/record/rec_layer_s3.c:1443

ssl/record/rec_layer_s3.c:1472

ssl/record/rec_layer_s3.c:1475

ssl/record/rec_layer_s3.c:1481

ssl/record/rec_layer_s3.c:1487

    ServerHello, Length=118

      server_version=0x303 (TLS 1.2)

      Random:

        gmt_unix_time=0x7F9CA9DE

        random_bytes (len=28):
D6F6EFA5BCBB089010FA1573D92A29ACBFCE84FFE68B6D0736976BE5

      session_id (len=32):
FBD7A5070B19BE55FE33E41BD61E55CF6C9485D1915DD42B6FCB95F87E9981B6

      cipher_suite {0x13, 0x02} TLS_AES_256_GCM_SHA384

      compression_method: No Compression (0x00)

      extensions, length = 46

        extension_type=key_share(51), length=36

            NamedGroup: ecdh_x25519 (29)

            key_exchange:  (len=32):
AB9BEF12592BBE53425F317364F34CDB0076B9B3669B0B3C58BECA5A30F62534

        extension_type=supported_versions(43), length=2

            TLS 1.3 (772)


ssl/statem/statem_lib.c:2004 vent version 0x0304

ssl/record/rec_layer_s3.c:1335

ssl/record/rec_layer_s3.c:1341

ssl/record/rec_layer_s3.c:1310 calling ssl3_get_record

ssl/record/ssl3_record.c:197 ssl3_get_record called

Received Record

Header:

  Version = TLS 1.2 (0x303)

  Content Type = ChangeCipherSpec (20)

  Length = 1

ssl/record/ssl3_record.c:465

ssl/record/ssl3_record.c:493

ssl/record/rec_layer_s3.c:1312

ssl/record/rec_layer_s3.c:1318

ssl/record/rec_layer_s3.c:1320

ssl/record/rec_layer_s3.c:1329

ssl/record/rec_layer_s3.c:1335

ssl/record/rec_layer_s3.c:1341

ssl/record/rec_layer_s3.c:1310 calling ssl3_get_record

ssl/record/ssl3_record.c:197 ssl3_get_record called

Received Record

Header:

  Version = TLS 1.2 (0x303)

  Content Type = ApplicationData (23)

  Length = 4658

ssl/record/ssl3_record.c:465

ssl/record/ssl3_record.c:497

ssl/record/ssl3_record.c:531

ssl/record/ssl3_record.c:535 ssl version 0x0304 method 0x0304

ssl/record/ssl3_record_tls13.c:37

ssl/record/ssl3_record_tls13.c:48

crypto/evp/e_aes.c:3195 aes_gcm_cipher

crypto/evp/e_aes.c:3203 aes_gcm_cipher

crypto/evp/e_aes.c:3210 aes_gcm_cipher

crypto/evp/e_aes.c:3216 aes_gcm_cipher

crypto/evp/e_aes.c:3221 aes_gcm_cipher

crypto/evp/e_aes.c:3347 aes_gcm_cipher

crypto/evp/e_aes.c:3195 aes_gcm_cipher

crypto/evp/e_aes.c:3203 aes_gcm_cipher

crypto/evp/e_aes.c:3210 aes_gcm_cipher

crypto/evp/e_aes.c:3216 aes_gcm_cipher

crypto/evp/e_aes.c:3290 aes_gcm_cipher

crypto/evp/e_aes.c:3320 aes_gcm_cipher

crypto/evp/e_aes.c:3336 aes_gcm_cipher

crypto/evp/e_aes.c:3343 aes_gcm_cipher

crypto/evp/e_aes.c:3345 aes_gcm_cipher

crypto/evp/e_aes.c:3347 aes_gcm_cipher

crypto/evp/evp_enc.c:228

crypto/evp/evp_enc.c:576

crypto/evp/evp_enc.c:587

crypto/evp/evp_enc.c:590 cipher nid 901

crypto/evp/e_aes.c:3195 aes_gcm_cipher

crypto/evp/e_aes.c:3203 aes_gcm_cipher

crypto/evp/e_aes.c:3210 aes_gcm_cipher

crypto/evp/e_aes.c:3216 aes_gcm_cipher

crypto/evp/e_aes.c:3350 aes_gcm_cipher

crypto/evp/e_aes.c:3352 aes_gcm_cipher

crypto/evp/e_aes.c:3358 aes_gcm_cipher

crypto/modes/gcm128.c:1838

crypto/modes/gcm128.c:1843

crypto/modes/gcm128.c:1887

crypto/modes/gcm128.c:1890

crypto/modes/gcm128.c:1896

crypto/modes/gcm128.c:1905

crypto/modes/gcm128.c:1906 ctx->EK0.u[0]=feb43481e257b3

crypto/modes/gcm128.c:1907 ctx->EK0.u[1]=3318fafcfb9e16ff

crypto/modes/gcm128.c:1908 ctx->Xi.u[0]=f8f7981d11c157e0

crypto/modes/gcm128.c:1909 ctx->Xi.u[1]=724b8338c6785f7b

crypto/modes/gcm128.c:1912 after xor:

crypto/modes/gcm128.c:1913 ctx->Xi.u[0]=f8092c2990230053

crypto/modes/gcm128.c:1914 ctx->Xi.u[1]=415379c43de64984

crypto/modes/gcm128.c:1916

crypto/modes/gcm128.c:1806 CRYPTO_gcm128_memcmp

        len=16

f8^2c

09^7e

2c^a9

29^77

90^80

23^c4

00^72

53^98

41^3b

53^e0

79^0a

c4^08

3d^5e

e6^89

49^c9

84^f9

crypto/modes/gcm128.c:1814 CRYPTO_gcm128_memcmp

crypto/modes/gcm128.c:1932 ret = 255

crypto/evp/e_aes.c:3361 aes_gcm_cipher

crypto/evp/evp_enc.c:592

ssl/record/ssl3_record_tls13.c:202

ssl/record/ssl3_record.c:537 enc_err=-1

ssl/record/ssl3_record.c:575

ssl/record/ssl3_record.c:586

ssl/record/ssl3_record.c:655

ssl/record/ssl3_record.c:661

ssl/record/ssl3_record.c:696

ssl/record/ssl3_record_tls13.c:37

ssl/record/ssl3_record_tls13.c:48

ssl/record/rec_layer_s3.c:1056

ssl/record/rec_layer_s3.c:1059

ssl/record/rec_layer_s3.c:1062

Sent Record

Header:

  Version = TLS 1.2 (0x303)

  Content Type = Alert (21)

  Length = 2

ssl/record/rec_layer_s3.c:1067 SSL_TREAT_AS_TLS13(s)=1
s->enc_write_ctx=0x00000000

ssl/record/rec_layer_s3.c:1076

ssl/record/rec_layer_s3.c:1079

    Level=fatal(2), description=bad record mac(20)


ssl/record/rec_layer_s3.c:1312

ssl/record/rec_layer_s3.c:1315

0:error:1408F119:SSL routines:ssl3_get_record:decryption failed or bad
record mac:ssl/record/ssl3_record.c:698:

---

no peer certificate available

---

No client certificate CA names sent

Server Temp Key: X25519, 253 bits

---

SSL handshake has read 4796 bytes and written 241 bytes

Verification: OK

---

New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384

Secure Renegotiation IS NOT supported

Compression: NONE

Expansion: NONE

No ALPN negotiated

Early data was not sent

Verify return code: 0 (ok)

-

Le mar. 29 juin 2021 à 18:06, Jan Just Keijser <janjust at nikhef.nl> a écrit :

> On 29/06/21 11:58, david raingeard wrote:
> > Hello,
> >
> > Technically, why prevents openssl 1.1.1g from compiling correctly on some
> > operating systems like Solaris 2.6, CentOS 7.8,... ?
> >
> >
> you will have to provide more details - openssl 1.1.1g compiles just
> fine on CentOS 7 (7.9 in my case).
>
> Can't talk about Solaris 2.6 , other than that it has been out of
> support since July 2006.
>
> HTH,
>
> JJK
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210629/dd37bd5a/attachment-0001.html>


More information about the openssl-users mailing list