Re: Compilation issues

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Ok, here it is. It compiled mostly ok (some fixes for solaris 2.6, like inttypes.h instead of stdint).
The test suite fails (dubious error).

Tls 1.2 works just fine (openssl s_client -connect google.com:443 -tls1_2 -trace)

but Tls 1.3 fails starting when the ApplicationData record is received.

I added some log to know what it does. It uses cipher AES_256_GCM_SHA384.

It fails in EVP_DecryptFinal_ex, as you can see, the 16 bytes don't match.

I compiled OpenSSL with the exact same flags on ubuntu, and it doesn't have the issue on this os.

crypto/evp/evp_enc.c:590 cipher nid 901
crypto/modes/gcm128.c:1906 ctx->EK0.u[0]=feb43481e257b3
crypto/modes/gcm128.c:1907 ctx->EK0.u[1]=3318fafcfb9e16ff
crypto/modes/gcm128.c:1908 ctx->Xi.u[0]=f8f7981d11c157e0
crypto/modes/gcm128.c:1909 ctx->Xi.u[1]=724b8338c6785f7b
crypto/modes/gcm128.c:1912 after xor:
crypto/modes/gcm128.c:1913 ctx->Xi.u[0]=f8092c2990230053
crypto/modes/gcm128.c:1914 ctx->Xi.u[1]=415379c43de64984
crypto/modes/gcm128.c:1806 CRYPTO_gcm128_memcmp
        len=16
f8^2c
09^7e
2c^a9
29^77
90^80
23^c4
00^72
53^98
41^3b
53^e0
79^0a
c4^08
3d^5e
e6^89
49^c9
84^f9
crypto/modes/gcm128.c:1814 CRYPTO_gcm128_memcmp
crypto/modes/gcm128.c:1932 ret = 255


Here is the full log (sorry) :

bash-3.2# ./openssl s_client -connect google.com:443 -tls1_3 -trace
ssl/ssl_lib.c:823
ssl/ssl_lib.c:825
ssl/ssl_lib.c:653
CONNECTED(00000005)
ssl/ssl_lib.c:653
ssl/record/rec_layer_s3.c:1056
ssl/record/rec_layer_s3.c:1059
ssl/record/rec_layer_s3.c:1062
Sent Record
Header:
  Version = TLS 1.0 (0x301)
  Content Type = Handshake (22)
  Length = 229
ssl/record/rec_layer_s3.c:1067 SSL_TREAT_AS_TLS13(s)=0 s->enc_write_ctx=0x00000000
ssl/record/rec_layer_s3.c:1076
ssl/record/rec_layer_s3.c:1079
    ClientHello, Length=225
      client_version=0x303 (TLS 1.2)
      Random:
        gmt_unix_time=0xEC7463F6
        random_bytes (len=28): 08D00001DEAC51B17E7F98F63D3BB21F3406961A6460434C4BBA5DD0
      session_id (len=32): FBD7A5070B19BE55FE33E41BD61E55CF6C9485D1915DD42B6FCB95F87E9981B6
      cipher_suites (len=8)
        {0x13, 0x02} TLS_AES_256_GCM_SHA384
        {0x13, 0x03} TLS_CHACHA20_POLY1305_SHA256
        {0x13, 0x01} TLS_AES_128_GCM_SHA256
        {0x00, 0xFF} TLS_EMPTY_RENEGOTIATION_INFO_SCSV
      compression_methods (len=1)
        No Compression (0x00)
      extensions, length = 144
        extension_type=server_name(0), length=15
          0000 - 00 0d 00 00 0a 67 6f 6f-67 6c 65 2e 63 6f 6d   .....google.com
        extension_type=ec_point_formats(11), length=4
          uncompressed (0)
          ansiX962_compressed_prime (1)
          ansiX962_compressed_char2 (2)
        extension_type=supported_groups(10), length=12
          ecdh_x25519 (29)
          secp256r1 (P-256) (23)
          ecdh_x448 (30)
          secp521r1 (P-521) (25)
          secp384r1 (P-384) (24)
        extension_type=session_ticket(35), length=0
        extension_type=encrypt_then_mac(22), length=0
        extension_type=extended_master_secret(23), length=0
        extension_type=signature_algorithms(13), length=30
          ecdsa_secp256r1_sha256 (0x0403)
          ecdsa_secp384r1_sha384 (0x0503)
          ecdsa_secp521r1_sha512 (0x0603)
          ed25519 (0x0807)
          ed448 (0x0808)
          rsa_pss_pss_sha256 (0x0809)
          rsa_pss_pss_sha384 (0x080a)
          rsa_pss_pss_sha512 (0x080b)
          rsa_pss_rsae_sha256 (0x0804)
          rsa_pss_rsae_sha384 (0x0805)
          rsa_pss_rsae_sha512 (0x0806)
          rsa_pkcs1_sha256 (0x0401)
          rsa_pkcs1_sha384 (0x0501)
          rsa_pkcs1_sha512 (0x0601)
        extension_type=supported_versions(43), length=3
          TLS 1.3 (772)
        extension_type=psk_key_exchange_modes(45), length=2
          psk_dhe_ke (1)
        extension_type=key_share(51), length=38
            NamedGroup: ecdh_x25519 (29)
            key_exchange:  (len=32): ED28A72CB2111BBB8BB7716D0FB83A4748C884BB462A83D6E1AB156FE0712E3F

ssl/record/rec_layer_s3.c:1310 calling ssl3_get_record
ssl/record/ssl3_record.c:197 ssl3_get_record called
Received Record
Header:
  Version = TLS 1.2 (0x303)
  Content Type = Handshake (22)
  Length = 122
ssl/record/ssl3_record.c:465
ssl/record/ssl3_record.c:497
ssl/record/ssl3_record.c:531
ssl/record/ssl3_record.c:535 ssl version 0x0304 method 0x10000
ssl/record/ssl3_record.c:537 enc_err=1
ssl/record/ssl3_record.c:575
ssl/record/ssl3_record.c:586
ssl/record/ssl3_record.c:655
ssl/record/ssl3_record.c:701
ssl/record/ssl3_record.c:705
ssl/record/ssl3_record.c:721
ssl/record/ssl3_record.c:762
ssl/record/ssl3_record.c:813
ssl/record/ssl3_record.c:827
ssl/record/rec_layer_s3.c:1312
ssl/record/rec_layer_s3.c:1318
ssl/record/rec_layer_s3.c:1320
ssl/record/rec_layer_s3.c:1329
ssl/record/rec_layer_s3.c:1335
ssl/record/rec_layer_s3.c:1341
ssl/record/rec_layer_s3.c:1345
ssl/record/rec_layer_s3.c:1354
ssl/record/rec_layer_s3.c:1360
ssl/record/rec_layer_s3.c:1367
ssl/record/rec_layer_s3.c:1381
ssl/record/rec_layer_s3.c:1389
ssl/record/rec_layer_s3.c:1403
ssl/record/rec_layer_s3.c:1412
ssl/record/rec_layer_s3.c:1422
ssl/record/rec_layer_s3.c:1425
ssl/record/rec_layer_s3.c:1429
ssl/record/rec_layer_s3.c:1443
ssl/record/rec_layer_s3.c:1472
ssl/record/rec_layer_s3.c:1475
ssl/record/rec_layer_s3.c:1481
ssl/record/rec_layer_s3.c:1487
ssl/record/rec_layer_s3.c:1335
ssl/record/rec_layer_s3.c:1341
ssl/record/rec_layer_s3.c:1345
ssl/record/rec_layer_s3.c:1354
ssl/record/rec_layer_s3.c:1360
ssl/record/rec_layer_s3.c:1367
ssl/record/rec_layer_s3.c:1381
ssl/record/rec_layer_s3.c:1389
ssl/record/rec_layer_s3.c:1403
ssl/record/rec_layer_s3.c:1412
ssl/record/rec_layer_s3.c:1422
ssl/record/rec_layer_s3.c:1429
ssl/record/rec_layer_s3.c:1443
ssl/record/rec_layer_s3.c:1472
ssl/record/rec_layer_s3.c:1475
ssl/record/rec_layer_s3.c:1481
ssl/record/rec_layer_s3.c:1487
    ServerHello, Length=118
      server_version=0x303 (TLS 1.2)
      Random:
        gmt_unix_time=0x7F9CA9DE
        random_bytes (len=28): D6F6EFA5BCBB089010FA1573D92A29ACBFCE84FFE68B6D0736976BE5
      session_id (len=32): FBD7A5070B19BE55FE33E41BD61E55CF6C9485D1915DD42B6FCB95F87E9981B6
      cipher_suite {0x13, 0x02} TLS_AES_256_GCM_SHA384
      compression_method: No Compression (0x00)
      extensions, length = 46
        extension_type=key_share(51), length=36
            NamedGroup: ecdh_x25519 (29)
            key_exchange:  (len=32): AB9BEF12592BBE53425F317364F34CDB0076B9B3669B0B3C58BECA5A30F62534
        extension_type=supported_versions(43), length=2
            TLS 1.3 (772)

ssl/statem/statem_lib.c:2004 vent version 0x0304
ssl/record/rec_layer_s3.c:1335
ssl/record/rec_layer_s3.c:1341
ssl/record/rec_layer_s3.c:1310 calling ssl3_get_record
ssl/record/ssl3_record.c:197 ssl3_get_record called
Received Record
Header:
  Version = TLS 1.2 (0x303)
  Content Type = ChangeCipherSpec (20)
  Length = 1
ssl/record/ssl3_record.c:465
ssl/record/ssl3_record.c:493
ssl/record/rec_layer_s3.c:1312
ssl/record/rec_layer_s3.c:1318
ssl/record/rec_layer_s3.c:1320
ssl/record/rec_layer_s3.c:1329
ssl/record/rec_layer_s3.c:1335
ssl/record/rec_layer_s3.c:1341
ssl/record/rec_layer_s3.c:1310 calling ssl3_get_record
ssl/record/ssl3_record.c:197 ssl3_get_record called
Received Record
Header:
  Version = TLS 1.2 (0x303)
  Content Type = ApplicationData (23)
  Length = 4658
ssl/record/ssl3_record.c:465
ssl/record/ssl3_record.c:497
ssl/record/ssl3_record.c:531
ssl/record/ssl3_record.c:535 ssl version 0x0304 method 0x0304
ssl/record/ssl3_record_tls13.c:37
ssl/record/ssl3_record_tls13.c:48
crypto/evp/e_aes.c:3195 aes_gcm_cipher
crypto/evp/e_aes.c:3203 aes_gcm_cipher
crypto/evp/e_aes.c:3210 aes_gcm_cipher
crypto/evp/e_aes.c:3216 aes_gcm_cipher
crypto/evp/e_aes.c:3221 aes_gcm_cipher
crypto/evp/e_aes.c:3347 aes_gcm_cipher
crypto/evp/e_aes.c:3195 aes_gcm_cipher
crypto/evp/e_aes.c:3203 aes_gcm_cipher
crypto/evp/e_aes.c:3210 aes_gcm_cipher
crypto/evp/e_aes.c:3216 aes_gcm_cipher
crypto/evp/e_aes.c:3290 aes_gcm_cipher
crypto/evp/e_aes.c:3320 aes_gcm_cipher
crypto/evp/e_aes.c:3336 aes_gcm_cipher
crypto/evp/e_aes.c:3343 aes_gcm_cipher
crypto/evp/e_aes.c:3345 aes_gcm_cipher
crypto/evp/e_aes.c:3347 aes_gcm_cipher
crypto/evp/evp_enc.c:228
crypto/evp/evp_enc.c:576
crypto/evp/evp_enc.c:587
crypto/evp/evp_enc.c:590 cipher nid 901
crypto/evp/e_aes.c:3195 aes_gcm_cipher
crypto/evp/e_aes.c:3203 aes_gcm_cipher
crypto/evp/e_aes.c:3210 aes_gcm_cipher
crypto/evp/e_aes.c:3216 aes_gcm_cipher
crypto/evp/e_aes.c:3350 aes_gcm_cipher
crypto/evp/e_aes.c:3352 aes_gcm_cipher
crypto/evp/e_aes.c:3358 aes_gcm_cipher
crypto/modes/gcm128.c:1838
crypto/modes/gcm128.c:1843
crypto/modes/gcm128.c:1887
crypto/modes/gcm128.c:1890
crypto/modes/gcm128.c:1896
crypto/modes/gcm128.c:1905
crypto/modes/gcm128.c:1906 ctx->EK0.u[0]=feb43481e257b3
crypto/modes/gcm128.c:1907 ctx->EK0.u[1]=3318fafcfb9e16ff
crypto/modes/gcm128.c:1908 ctx->Xi.u[0]=f8f7981d11c157e0
crypto/modes/gcm128.c:1909 ctx->Xi.u[1]=724b8338c6785f7b
crypto/modes/gcm128.c:1912 after xor:
crypto/modes/gcm128.c:1913 ctx->Xi.u[0]=f8092c2990230053
crypto/modes/gcm128.c:1914 ctx->Xi.u[1]=415379c43de64984
crypto/modes/gcm128.c:1916
crypto/modes/gcm128.c:1806 CRYPTO_gcm128_memcmp
        len=16
f8^2c
09^7e
2c^a9
29^77
90^80
23^c4
00^72
53^98
41^3b
53^e0
79^0a
c4^08
3d^5e
e6^89
49^c9
84^f9
crypto/modes/gcm128.c:1814 CRYPTO_gcm128_memcmp
crypto/modes/gcm128.c:1932 ret = 255
crypto/evp/e_aes.c:3361 aes_gcm_cipher
crypto/evp/evp_enc.c:592
ssl/record/ssl3_record_tls13.c:202
ssl/record/ssl3_record.c:537 enc_err=-1
ssl/record/ssl3_record.c:575
ssl/record/ssl3_record.c:586
ssl/record/ssl3_record.c:655
ssl/record/ssl3_record.c:661
ssl/record/ssl3_record.c:696
ssl/record/ssl3_record_tls13.c:37
ssl/record/ssl3_record_tls13.c:48
ssl/record/rec_layer_s3.c:1056
ssl/record/rec_layer_s3.c:1059
ssl/record/rec_layer_s3.c:1062
Sent Record
Header:
  Version = TLS 1.2 (0x303)
  Content Type = Alert (21)
  Length = 2
ssl/record/rec_layer_s3.c:1067 SSL_TREAT_AS_TLS13(s)=1 s->enc_write_ctx=0x00000000
ssl/record/rec_layer_s3.c:1076
ssl/record/rec_layer_s3.c:1079
    Level=fatal(2), description=bad record mac(20)

ssl/record/rec_layer_s3.c:1312
ssl/record/rec_layer_s3.c:1315
0:error:1408F119:SSL routines:ssl3_get_record:decryption failed or bad record mac:ssl/record/ssl3_record.c:698:
---
no peer certificate available
---
No client certificate CA names sent
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4796 bytes and written 241 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
-

Le mar. 29 juin 2021 à 18:06, Jan Just Keijser <janjust@xxxxxxxxx> a écrit :
On 29/06/21 11:58, david raingeard wrote:
> Hello,
>
> Technically, why prevents openssl 1.1.1g from compiling correctly on some
> operating systems like Solaris 2.6, CentOS 7.8,... ?
>
>
you will have to provide more details - openssl 1.1.1g compiles just
fine on CentOS 7 (7.9 in my case).

Can't talk about Solaris 2.6 , other than that it has been out of
support since July 2006.

HTH,

JJK

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux