some possible errors on sparc?

Miroslav Kratochvil exa.exa at gmail.com
Sat Sep 19 19:51:28 CEST 2009


Hi,
today I was trying to run GnuTLS on sparc and connect it to an amd64
machine, well, result is that connection dies because of:

Error: Decryption has failed.

on one side, and with

Fatal error: A TLS fatal alert has been received.

on the other side. Note that sparc-sparc connects without any problem.
The exact machine is 'TI UltraSparc IIe (Hummingbird) GNU/Linux'
running gentoo.

If anyone had an idea about what's wrong on sparc, please comment
this. Seems like some data sizing problem to me, but i'm not really
sure (at least I haven't found any obvious cause yet.) Full logs from
disconnecting gnutls-cli and -serv are attached below.

Thanks in advance,
Mirek Kratochvil


----
Now for the logs:

## server side (sparc) ##

# gnutls-serv  --debug 9 --x509cafile ca.crt --x509keyfile ssl.key
--x509certfile ssl.crt --echo -p 15135
Set static Diffie Hellman parameters, consider --dhparams.
Processed 1 CA certificate(s).
|<2>| ASSERT: x509_b64.c:452
|<2>| Could not find '-----BEGIN RSA PRIVATE KEY'
Echo Server ready. Listening to port '15135'.

|<4>| REC[746a0]: Expected Packet[0] Handshake(22) with length: 1
|<4>| REC[746a0]: Received Packet[0] Handshake(22) with length: 121
|<2>| ASSERT: gnutls_cipher.c:204
|<4>| REC[746a0]: Decrypted Packet[0] Handshake(22) with length: 121
|<3>| HSK[746a0]: CLIENT HELLO was received [121 bytes]
|<3>| HSK[746a0]: Client's version: 3.2
|<2>| ASSERT: gnutls_db.c:326
|<2>| ASSERT: gnutls_db.c:246
|<2>| EXT[746a0]: Received extension 'CERT_TYPE/9'
|<2>| EXT[746a0]: Received extension 'SERVER_NAME/0'
|<2>| EXT[746a0]: Received extension 'CERT_TYPE/9'
|<2>| EXT[746a0]: Received extension 'SERVER_NAME/0'
|<3>| HSK[746a0]: Removing ciphersuite: PSK_SHA_ARCFOUR_SHA1
|<3>| HSK[746a0]: Removing ciphersuite: PSK_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[746a0]: Removing ciphersuite: PSK_SHA_AES_128_CBC_SHA1
|<3>| HSK[746a0]: Removing ciphersuite: PSK_SHA_AES_256_CBC_SHA1
|<3>| HSK[746a0]: Removing ciphersuite: DHE_PSK_SHA_ARCFOUR_SHA1
|<3>| HSK[746a0]: Removing ciphersuite: DHE_PSK_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[746a0]: Removing ciphersuite: DHE_PSK_SHA_AES_128_CBC_SHA1
|<3>| HSK[746a0]: Removing ciphersuite: DHE_PSK_SHA_AES_256_CBC_SHA1
|<3>| HSK[746a0]: Removing ciphersuite: SRP_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[746a0]: Removing ciphersuite: SRP_SHA_AES_128_CBC_SHA1
|<3>| HSK[746a0]: Removing ciphersuite: SRP_SHA_AES_256_CBC_SHA1
|<3>| HSK[746a0]: Removing ciphersuite: SRP_SHA_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[746a0]: Removing ciphersuite: SRP_SHA_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[746a0]: Removing ciphersuite: SRP_SHA_DSS_AES_128_CBC_SHA1
|<3>| HSK[746a0]: Removing ciphersuite: SRP_SHA_RSA_AES_128_CBC_SHA1
|<3>| HSK[746a0]: Removing ciphersuite: SRP_SHA_DSS_AES_256_CBC_SHA1
|<3>| HSK[746a0]: Removing ciphersuite: SRP_SHA_RSA_AES_256_CBC_SHA1
|<3>| HSK[746a0]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1
|<3>| HSK[746a0]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[746a0]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1
|<3>| HSK[746a0]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1
|<3>| HSK[746a0]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1
|<3>| HSK[746a0]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1
|<3>| HSK[746a0]: Removing ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[746a0]: Removing ciphersuite: DHE_RSA_AES_128_CBC_SHA1
|<3>| HSK[746a0]: Removing ciphersuite: DHE_RSA_AES_256_CBC_SHA1
|<3>| HSK[746a0]: Removing ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[746a0]: Removing ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1
|<3>| HSK[746a0]: Removing ciphersuite: RSA_ARCFOUR_SHA1
|<3>| HSK[746a0]: Removing ciphersuite: RSA_ARCFOUR_MD5
|<3>| HSK[746a0]: Removing ciphersuite: RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[746a0]: Removing ciphersuite: RSA_AES_128_CBC_SHA1
|<3>| HSK[746a0]: Removing ciphersuite: RSA_AES_256_CBC_SHA1
|<3>| HSK[746a0]: Removing ciphersuite: RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[746a0]: Removing ciphersuite: RSA_CAMELLIA_256_CBC_SHA1
|<3>| HSK[746a0]: Selected cipher suite: DHE_DSS_AES_128_CBC_SHA1
|<3>| HSK[746a0]: Selected Compression Method: NULL
|<3>| HSK[746a0]: SessionID:
3dd101d3c7914ac90c3ee763390c2d3e983d5b54a2f3a9142bd5db94cea5b867
|<3>| HSK[746a0]: SERVER HELLO was send [74 bytes]
|<4>| REC[746a0]: Sending Packet[0] Handshake(22) with length: 74
|<2>| ASSERT: gnutls_cipher.c:204
|<4>| REC[746a0]: Sent Packet[1] Handshake(22) with length: 79
|<3>| HSK[746a0]: CERTIFICATE was send [2351 bytes]
|<4>| REC[746a0]: Sending Packet[1] Handshake(22) with length: 2351
|<2>| ASSERT: gnutls_cipher.c:204
|<4>| REC[746a0]: Sent Packet[2] Handshake(22) with length: 2356
|<3>| HSK[746a0]: SERVER KEY EXCHANGE was send [331 bytes]
|<4>| REC[746a0]: Sending Packet[2] Handshake(22) with length: 331
|<2>| ASSERT: gnutls_cipher.c:204
|<4>| REC[746a0]: Sent Packet[3] Handshake(22) with length: 336
|<3>| HSK[746a0]: CERTIFICATE REQUEST was send [70 bytes]
|<4>| REC[746a0]: Sending Packet[3] Handshake(22) with length: 70
|<2>| ASSERT: gnutls_cipher.c:204
|<4>| REC[746a0]: Sent Packet[4] Handshake(22) with length: 75
|<3>| HSK[746a0]: SERVER HELLO DONE was send [4 bytes]
|<4>| REC[746a0]: Sending Packet[4] Handshake(22) with length: 4
|<2>| ASSERT: gnutls_cipher.c:204
|<4>| REC[746a0]: Sent Packet[5] Handshake(22) with length: 9
|<2>| ASSERT: gnutls_buffers.c:360
|<2>| ASSERT: gnutls_buffers.c:1151
|<2>| ASSERT: gnutls_handshake.c:1045
|<4>| REC[746a0]: Expected Packet[1] Handshake(22) with length: 1
|<4>| REC[746a0]: Received Packet[1] Handshake(22) with length: 2351
|<2>| ASSERT: gnutls_cipher.c:204
|<4>| REC[746a0]: Decrypted Packet[1] Handshake(22) with length: 2351
|<3>| HSK[746a0]: CERTIFICATE was received [2351 bytes]
|<2>| ASSERT: gnutls_buffers.c:360
|<2>| ASSERT: gnutls_buffers.c:1151
|<2>| ASSERT: gnutls_handshake.c:1045
|<4>| REC[746a0]: Expected Packet[2] Handshake(22) with length: 1
|<4>| REC[746a0]: Received Packet[2] Handshake(22) with length: 134
|<2>| ASSERT: gnutls_cipher.c:204
|<4>| REC[746a0]: Decrypted Packet[2] Handshake(22) with length: 134
|<3>| HSK[746a0]: CLIENT KEY EXCHANGE was received [134 bytes]
|<4>| REC[746a0]: Expected Packet[3] Handshake(22) with length: 1
|<4>| REC[746a0]: Received Packet[3] Handshake(22) with length: 68
|<2>| ASSERT: gnutls_cipher.c:204
|<4>| REC[746a0]: Decrypted Packet[3] Handshake(22) with length: 68
|<3>| HSK[746a0]: CERTIFICATE VERIFY was received [68 bytes]
|<4>| REC[746a0]: Expected Packet[4] Change Cipher Spec(20) with length: 1
|<4>| REC[746a0]: Received Packet[4] Change Cipher Spec(20) with length: 1
|<2>| ASSERT: gnutls_cipher.c:204
|<4>| REC[746a0]: ChangeCipherSpec Packet was received
|<9>| INT: PREMASTER SECRET[128]:
653c0772433e1eea046a891f8290cb5e27681e50bb07d206f59048350d1847ced5179b2acc933b669b7ff378d0b2d298323f06334782e4cf4f37759847553116e0a409bd2afb9cfd6c26c44245108b04571c7660b23cb0f035f0d39c5a9868f6a4d14f102a2486152a7d4a836581b17c32dfb4ea9d1309fa0aa85576d7cac73b
|<9>| INT: CLIENT RANDOM[32]:
4ab5145766276591b6df4f3d3603b5602ca7272dac4fa03d39ed2e5ac9d8f21a
|<9>| INT: SERVER RANDOM[32]:
4ab5146f5e9d0f5915218d467006e3a55e8ce0fbac3936f00ce092612aae4b93
|<9>| INT: MASTER SECRET:
0a290575d29c8aa4a96944f7dff67b9b4a3a1a763373a2bc5b267c0e67d1f5dce018670478b022df232575b535f1cfce
|<9>| INT: KEY BLOCK[104]:
d0faedea6c8baa006af6f09330be9b74cfdb49ccce6571c18cf5452788225f4f
|<9>| INT: CLIENT WRITE KEY [16]: c33896bce2ebfefd2a0b650a05c92e87
|<9>| INT: SERVER WRITE KEY [16]: 7931f6300477f3e94563703092d07ee8
|<3>| HSK[746a0]: Cipher Suite: DHE_DSS_AES_128_CBC_SHA1
|<3>| HSK[746a0]: Initializing internal [read] cipher sessions
AES-128 test encryption failed.
|<4>| REC[746a0]: Expected Packet[0] Handshake(22) with length: 1
|<4>| REC[746a0]: Received Packet[0] Handshake(22) with length: 80
|<2>| ASSERT: gnutls_cipher.c:516
|<4>| REC[746a0]: Short record length 54 > 64 - 20 (under attack?)
|<2>| ASSERT: gnutls_record.c:1002
|<2>| ASSERT: gnutls_buffers.c:1151
|<2>| ASSERT: gnutls_handshake.c:1045
|<2>| ASSERT: gnutls_handshake.c:599
|<2>| ASSERT: gnutls_handshake.c:2553
|<2>| ASSERT: gnutls_handshake.c:2685
Error in handshake
Error: Decryption has failed.
|<4>| REC: Sending Alert[2|20] - Bad record MAC
|<4>| REC[746a0]: Sending Packet[5] Alert(21) with length: 2
|<2>| ASSERT: gnutls_cipher.c:204
|<4>| REC[746a0]: Sent Packet[6] Alert(21) with length: 7
|<2>| ASSERT: gnutls_record.c:262






## client side (amd64) ##

# gnutls-cli --debug 9 --x509keyfile ssl.key --x509certfile ssl.crt -p
15135 someserver
Processed 1 client certificates...
|<2>| ASSERT: x509_b64.c:452
|<2>| Could not find '-----BEGIN RSA PRIVATE KEY'
Processed 1 client X.509 certificates...
Resolving 'someserver'...
Connecting to '....:15135'...
|<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1
|<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1
|<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1
|<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1
|<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1
|<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_PSK_SHA_AES_128_CBC_SHA1
|<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_PSK_SHA_AES_256_CBC_SHA1
|<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_PSK_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_PSK_SHA_ARCFOUR_SHA1
|<3>| HSK[0x12d9e60]: Removing ciphersuite: SRP_SHA_RSA_AES_128_CBC_SHA1
|<3>| HSK[0x12d9e60]: Removing ciphersuite: SRP_SHA_RSA_AES_256_CBC_SHA1
|<3>| HSK[0x12d9e60]: Removing ciphersuite: SRP_SHA_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x12d9e60]: Removing ciphersuite: SRP_SHA_DSS_AES_128_CBC_SHA1
|<3>| HSK[0x12d9e60]: Removing ciphersuite: SRP_SHA_DSS_AES_256_CBC_SHA1
|<3>| HSK[0x12d9e60]: Removing ciphersuite: SRP_SHA_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[0x12d9e60]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1
|<3>| HSK[0x12d9e60]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1
|<3>| HSK[0x12d9e60]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x12d9e60]: Keeping ciphersuite: RSA_ARCFOUR_SHA1
|<3>| HSK[0x12d9e60]: Keeping ciphersuite: RSA_ARCFOUR_MD5
|<3>| HSK[0x12d9e60]: Keeping ciphersuite: PSK_SHA_AES_128_CBC_SHA1
|<3>| HSK[0x12d9e60]: Keeping ciphersuite: PSK_SHA_AES_256_CBC_SHA1
|<3>| HSK[0x12d9e60]: Keeping ciphersuite: PSK_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x12d9e60]: Keeping ciphersuite: PSK_SHA_ARCFOUR_SHA1
|<3>| HSK[0x12d9e60]: Removing ciphersuite: SRP_SHA_AES_128_CBC_SHA1
|<3>| HSK[0x12d9e60]: Removing ciphersuite: SRP_SHA_AES_256_CBC_SHA1
|<3>| HSK[0x12d9e60]: Removing ciphersuite: SRP_SHA_3DES_EDE_CBC_SHA1
|<2>| EXT[0x12d9e60]: Sending extension CERT_TYPE
|<2>| EXT[0x12d9e60]: Sending extension SERVER_NAME
|<3>| HSK[0x12d9e60]: CLIENT HELLO was send [121 bytes]
|<4>| REC[0x12d9e60]: Sending Packet[0] Handshake(22) with length: 121
|<2>| ASSERT: gnutls_cipher.c:204
|<4>| REC[0x12d9e60]: Sent Packet[1] Handshake(22) with length: 126
|<4>| REC[0x12d9e60]: Expected Packet[0] Handshake(22) with length: 1
|<4>| REC[0x12d9e60]: Received Packet[0] Handshake(22) with length: 74
|<2>| ASSERT: gnutls_cipher.c:204
|<4>| REC[0x12d9e60]: Decrypted Packet[0] Handshake(22) with length: 74
|<3>| HSK[0x12d9e60]: SERVER HELLO was received [74 bytes]
|<3>| HSK[0x12d9e60]: Server's version: 3.2
|<3>| HSK[0x12d9e60]: SessionID length: 32
|<3>| HSK[0x12d9e60]: SessionID:
3dd101d3c7914ac90c3ee763390c2d3e983d5b54a2f3a9142bd5db94cea5b867
|<3>| HSK[0x12d9e60]: Selected cipher suite: DHE_DSS_AES_128_CBC_SHA1
|<2>| ASSERT: gnutls_extensions.c:124
|<4>| REC[0x12d9e60]: Expected Packet[1] Handshake(22) with length: 1
|<4>| REC[0x12d9e60]: Received Packet[1] Handshake(22) with length: 2351
|<2>| ASSERT: gnutls_cipher.c:204
|<4>| REC[0x12d9e60]: Decrypted Packet[1] Handshake(22) with length: 2351
|<3>| HSK[0x12d9e60]: CERTIFICATE was received [2351 bytes]
|<4>| REC[0x12d9e60]: Expected Packet[2] Handshake(22) with length: 1
|<4>| REC[0x12d9e60]: Received Packet[2] Handshake(22) with length: 331
|<2>| ASSERT: gnutls_cipher.c:204
|<4>| REC[0x12d9e60]: Decrypted Packet[2] Handshake(22) with length: 331
|<3>| HSK[0x12d9e60]: SERVER KEY EXCHANGE was received [331 bytes]
|<4>| REC[0x12d9e60]: Expected Packet[3] Handshake(22) with length: 1
|<4>| REC[0x12d9e60]: Received Packet[3] Handshake(22) with length: 70
|<2>| ASSERT: gnutls_cipher.c:204
|<4>| REC[0x12d9e60]: Decrypted Packet[3] Handshake(22) with length: 70
|<3>| HSK[0x12d9e60]: CERTIFICATE REQUEST was received [70 bytes]
|<4>| REC[0x12d9e60]: Expected Packet[4] Handshake(22) with length: 1
|<4>| REC[0x12d9e60]: Received Packet[4] Handshake(22) with length: 4
|<2>| ASSERT: gnutls_cipher.c:204
|<4>| REC[0x12d9e60]: Decrypted Packet[4] Handshake(22) with length: 4
|<3>| HSK[0x12d9e60]: SERVER HELLO DONE was received [4 bytes]
|<3>| HSK[0x12d9e60]: CERTIFICATE was send [2351 bytes]
|<4>| REC[0x12d9e60]: Sending Packet[1] Handshake(22) with length: 2351
|<2>| ASSERT: gnutls_cipher.c:204
|<4>| REC[0x12d9e60]: Sent Packet[2] Handshake(22) with length: 2356
|<3>| HSK[0x12d9e60]: CLIENT KEY EXCHANGE was send [134 bytes]
|<4>| REC[0x12d9e60]: Sending Packet[2] Handshake(22) with length: 134
|<2>| ASSERT: gnutls_cipher.c:204
|<4>| REC[0x12d9e60]: Sent Packet[3] Handshake(22) with length: 139
|<3>| HSK[0x12d9e60]: CERTIFICATE VERIFY was send [68 bytes]
|<4>| REC[0x12d9e60]: Sending Packet[3] Handshake(22) with length: 68
|<2>| ASSERT: gnutls_cipher.c:204
|<4>| REC[0x12d9e60]: Sent Packet[4] Handshake(22) with length: 73
|<3>| REC[0x12d9e60]: Sent ChangeCipherSpec
|<4>| REC[0x12d9e60]: Sending Packet[4] Change Cipher Spec(20) with length: 1
|<2>| ASSERT: gnutls_cipher.c:204
|<4>| REC[0x12d9e60]: Sent Packet[5] Change Cipher Spec(20) with length: 6
|<9>| INT: PREMASTER SECRET[128]:
653c0772433e1eea046a891f8290cb5e27681e50bb07d206f59048350d1847ced5179b2acc933b669b7ff378d0b2d298323f06334782e4cf4f37759847553116e0a409bd2afb9cfd6c26c44245108b04571c7660b23cb0f035f0d39c5a9868f6a4d14f102a2486152a7d4a836581b17c32dfb4ea9d1309fa0aa85576d7cac73b
|<9>| INT: CLIENT RANDOM[32]:
4ab5145766276591b6df4f3d3603b5602ca7272dac4fa03d39ed2e5ac9d8f21a
|<9>| INT: SERVER RANDOM[32]:
4ab5146f5e9d0f5915218d467006e3a55e8ce0fbac3936f00ce092612aae4b93
|<9>| INT: MASTER SECRET:
0a290575d29c8aa4a96944f7dff67b9b4a3a1a763373a2bc5b267c0e67d1f5dce018670478b022df232575b535f1cfce
|<9>| INT: KEY BLOCK[104]:
d0faedea6c8baa006af6f09330be9b74cfdb49ccce6571c18cf5452788225f4f
|<9>| INT: CLIENT WRITE KEY [16]: c33896bce2ebfefd2a0b650a05c92e87
|<9>| INT: SERVER WRITE KEY [16]: 7931f6300477f3e94563703092d07ee8
|<3>| HSK[0x12d9e60]: Cipher Suite: DHE_DSS_AES_128_CBC_SHA1
|<3>| HSK[0x12d9e60]: Initializing internal [write] cipher sessions
|<3>| HSK[0x12d9e60]: FINISHED was send [16 bytes]
|<4>| REC[0x12d9e60]: Sending Packet[0] Handshake(22) with length: 16
|<4>| REC[0x12d9e60]: Sent Packet[1] Handshake(22) with length: 85
|<4>| REC[0x12d9e60]: Expected Packet[5] Change Cipher Spec(20) with length: 1
|<4>| REC[0x12d9e60]: Received Packet[5] Alert(21) with length: 2
|<2>| ASSERT: gnutls_cipher.c:204
|<4>| REC[0x12d9e60]: Decrypted Packet[5] Alert(21) with length: 2
|<4>| REC[0x12d9e60]: Alert[2|20] - Bad record MAC - was received
|<2>| ASSERT: gnutls_record.c:695
|<2>| ASSERT: gnutls_record.c:1048
|<2>| ASSERT: gnutls_handshake.c:2525
|<2>| ASSERT: gnutls_handshake.c:2697
*** Fatal error: A TLS fatal alert has been received.
*** Received alert [20]: Bad record MAC
*** Handshake has failed
GNUTLS ERROR: A TLS fatal alert has been received.





More information about the Gnutls-help mailing list