some possible errors on sparc?

Simon Josefsson simon at josefsson.org
Tue Sep 22 14:14:17 CEST 2009


Miroslav Kratochvil <exa.exa at gmail.com> writes:

> Hi,
> today I was trying to run GnuTLS on sparc and connect it to an amd64
> machine, well, result is that connection dies because of:

Which GnuTLS version?

> Error: Decryption has failed.
>
> on one side, and with
>
> Fatal error: A TLS fatal alert has been received.
>
> on the other side. Note that sparc-sparc connects without any problem.
> The exact machine is 'TI UltraSparc IIe (Hummingbird) GNU/Linux'
> running gentoo.
>
> If anyone had an idea about what's wrong on sparc, please comment
> this. Seems like some data sizing problem to me, but i'm not really
> sure (at least I haven't found any obvious cause yet.) Full logs from
> disconnecting gnutls-cli and -serv are attached below.

Do the builds pass 'make check' on your systems?

/Simon

> Thanks in advance,
> Mirek Kratochvil
>
>
> ----
> Now for the logs:
>
> ## server side (sparc) ##
>
> # gnutls-serv  --debug 9 --x509cafile ca.crt --x509keyfile ssl.key
> --x509certfile ssl.crt --echo -p 15135
> Set static Diffie Hellman parameters, consider --dhparams.
> Processed 1 CA certificate(s).
> |<2>| ASSERT: x509_b64.c:452
> |<2>| Could not find '-----BEGIN RSA PRIVATE KEY'
> Echo Server ready. Listening to port '15135'.
>
> |<4>| REC[746a0]: Expected Packet[0] Handshake(22) with length: 1
> |<4>| REC[746a0]: Received Packet[0] Handshake(22) with length: 121
> |<2>| ASSERT: gnutls_cipher.c:204
> |<4>| REC[746a0]: Decrypted Packet[0] Handshake(22) with length: 121
> |<3>| HSK[746a0]: CLIENT HELLO was received [121 bytes]
> |<3>| HSK[746a0]: Client's version: 3.2
> |<2>| ASSERT: gnutls_db.c:326
> |<2>| ASSERT: gnutls_db.c:246
> |<2>| EXT[746a0]: Received extension 'CERT_TYPE/9'
> |<2>| EXT[746a0]: Received extension 'SERVER_NAME/0'
> |<2>| EXT[746a0]: Received extension 'CERT_TYPE/9'
> |<2>| EXT[746a0]: Received extension 'SERVER_NAME/0'
> |<3>| HSK[746a0]: Removing ciphersuite: PSK_SHA_ARCFOUR_SHA1
> |<3>| HSK[746a0]: Removing ciphersuite: PSK_SHA_3DES_EDE_CBC_SHA1
> |<3>| HSK[746a0]: Removing ciphersuite: PSK_SHA_AES_128_CBC_SHA1
> |<3>| HSK[746a0]: Removing ciphersuite: PSK_SHA_AES_256_CBC_SHA1
> |<3>| HSK[746a0]: Removing ciphersuite: DHE_PSK_SHA_ARCFOUR_SHA1
> |<3>| HSK[746a0]: Removing ciphersuite: DHE_PSK_SHA_3DES_EDE_CBC_SHA1
> |<3>| HSK[746a0]: Removing ciphersuite: DHE_PSK_SHA_AES_128_CBC_SHA1
> |<3>| HSK[746a0]: Removing ciphersuite: DHE_PSK_SHA_AES_256_CBC_SHA1
> |<3>| HSK[746a0]: Removing ciphersuite: SRP_SHA_3DES_EDE_CBC_SHA1
> |<3>| HSK[746a0]: Removing ciphersuite: SRP_SHA_AES_128_CBC_SHA1
> |<3>| HSK[746a0]: Removing ciphersuite: SRP_SHA_AES_256_CBC_SHA1
> |<3>| HSK[746a0]: Removing ciphersuite: SRP_SHA_DSS_3DES_EDE_CBC_SHA1
> |<3>| HSK[746a0]: Removing ciphersuite: SRP_SHA_RSA_3DES_EDE_CBC_SHA1
> |<3>| HSK[746a0]: Removing ciphersuite: SRP_SHA_DSS_AES_128_CBC_SHA1
> |<3>| HSK[746a0]: Removing ciphersuite: SRP_SHA_RSA_AES_128_CBC_SHA1
> |<3>| HSK[746a0]: Removing ciphersuite: SRP_SHA_DSS_AES_256_CBC_SHA1
> |<3>| HSK[746a0]: Removing ciphersuite: SRP_SHA_RSA_AES_256_CBC_SHA1
> |<3>| HSK[746a0]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1
> |<3>| HSK[746a0]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
> |<3>| HSK[746a0]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1
> |<3>| HSK[746a0]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1
> |<3>| HSK[746a0]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1
> |<3>| HSK[746a0]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1
> |<3>| HSK[746a0]: Removing ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
> |<3>| HSK[746a0]: Removing ciphersuite: DHE_RSA_AES_128_CBC_SHA1
> |<3>| HSK[746a0]: Removing ciphersuite: DHE_RSA_AES_256_CBC_SHA1
> |<3>| HSK[746a0]: Removing ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1
> |<3>| HSK[746a0]: Removing ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1
> |<3>| HSK[746a0]: Removing ciphersuite: RSA_ARCFOUR_SHA1
> |<3>| HSK[746a0]: Removing ciphersuite: RSA_ARCFOUR_MD5
> |<3>| HSK[746a0]: Removing ciphersuite: RSA_3DES_EDE_CBC_SHA1
> |<3>| HSK[746a0]: Removing ciphersuite: RSA_AES_128_CBC_SHA1
> |<3>| HSK[746a0]: Removing ciphersuite: RSA_AES_256_CBC_SHA1
> |<3>| HSK[746a0]: Removing ciphersuite: RSA_CAMELLIA_128_CBC_SHA1
> |<3>| HSK[746a0]: Removing ciphersuite: RSA_CAMELLIA_256_CBC_SHA1
> |<3>| HSK[746a0]: Selected cipher suite: DHE_DSS_AES_128_CBC_SHA1
> |<3>| HSK[746a0]: Selected Compression Method: NULL
> |<3>| HSK[746a0]: SessionID:
> 3dd101d3c7914ac90c3ee763390c2d3e983d5b54a2f3a9142bd5db94cea5b867
> |<3>| HSK[746a0]: SERVER HELLO was send [74 bytes]
> |<4>| REC[746a0]: Sending Packet[0] Handshake(22) with length: 74
> |<2>| ASSERT: gnutls_cipher.c:204
> |<4>| REC[746a0]: Sent Packet[1] Handshake(22) with length: 79
> |<3>| HSK[746a0]: CERTIFICATE was send [2351 bytes]
> |<4>| REC[746a0]: Sending Packet[1] Handshake(22) with length: 2351
> |<2>| ASSERT: gnutls_cipher.c:204
> |<4>| REC[746a0]: Sent Packet[2] Handshake(22) with length: 2356
> |<3>| HSK[746a0]: SERVER KEY EXCHANGE was send [331 bytes]
> |<4>| REC[746a0]: Sending Packet[2] Handshake(22) with length: 331
> |<2>| ASSERT: gnutls_cipher.c:204
> |<4>| REC[746a0]: Sent Packet[3] Handshake(22) with length: 336
> |<3>| HSK[746a0]: CERTIFICATE REQUEST was send [70 bytes]
> |<4>| REC[746a0]: Sending Packet[3] Handshake(22) with length: 70
> |<2>| ASSERT: gnutls_cipher.c:204
> |<4>| REC[746a0]: Sent Packet[4] Handshake(22) with length: 75
> |<3>| HSK[746a0]: SERVER HELLO DONE was send [4 bytes]
> |<4>| REC[746a0]: Sending Packet[4] Handshake(22) with length: 4
> |<2>| ASSERT: gnutls_cipher.c:204
> |<4>| REC[746a0]: Sent Packet[5] Handshake(22) with length: 9
> |<2>| ASSERT: gnutls_buffers.c:360
> |<2>| ASSERT: gnutls_buffers.c:1151
> |<2>| ASSERT: gnutls_handshake.c:1045
> |<4>| REC[746a0]: Expected Packet[1] Handshake(22) with length: 1
> |<4>| REC[746a0]: Received Packet[1] Handshake(22) with length: 2351
> |<2>| ASSERT: gnutls_cipher.c:204
> |<4>| REC[746a0]: Decrypted Packet[1] Handshake(22) with length: 2351
> |<3>| HSK[746a0]: CERTIFICATE was received [2351 bytes]
> |<2>| ASSERT: gnutls_buffers.c:360
> |<2>| ASSERT: gnutls_buffers.c:1151
> |<2>| ASSERT: gnutls_handshake.c:1045
> |<4>| REC[746a0]: Expected Packet[2] Handshake(22) with length: 1
> |<4>| REC[746a0]: Received Packet[2] Handshake(22) with length: 134
> |<2>| ASSERT: gnutls_cipher.c:204
> |<4>| REC[746a0]: Decrypted Packet[2] Handshake(22) with length: 134
> |<3>| HSK[746a0]: CLIENT KEY EXCHANGE was received [134 bytes]
> |<4>| REC[746a0]: Expected Packet[3] Handshake(22) with length: 1
> |<4>| REC[746a0]: Received Packet[3] Handshake(22) with length: 68
> |<2>| ASSERT: gnutls_cipher.c:204
> |<4>| REC[746a0]: Decrypted Packet[3] Handshake(22) with length: 68
> |<3>| HSK[746a0]: CERTIFICATE VERIFY was received [68 bytes]
> |<4>| REC[746a0]: Expected Packet[4] Change Cipher Spec(20) with length: 1
> |<4>| REC[746a0]: Received Packet[4] Change Cipher Spec(20) with length: 1
> |<2>| ASSERT: gnutls_cipher.c:204
> |<4>| REC[746a0]: ChangeCipherSpec Packet was received
> |<9>| INT: PREMASTER SECRET[128]:
> 653c0772433e1eea046a891f8290cb5e27681e50bb07d206f59048350d1847ced5179b2acc933b669b7ff378d0b2d298323f06334782e4cf4f37759847553116e0a409bd2afb9cfd6c26c44245108b04571c7660b23cb0f035f0d39c5a9868f6a4d14f102a2486152a7d4a836581b17c32dfb4ea9d1309fa0aa85576d7cac73b
> |<9>| INT: CLIENT RANDOM[32]:
> 4ab5145766276591b6df4f3d3603b5602ca7272dac4fa03d39ed2e5ac9d8f21a
> |<9>| INT: SERVER RANDOM[32]:
> 4ab5146f5e9d0f5915218d467006e3a55e8ce0fbac3936f00ce092612aae4b93
> |<9>| INT: MASTER SECRET:
> 0a290575d29c8aa4a96944f7dff67b9b4a3a1a763373a2bc5b267c0e67d1f5dce018670478b022df232575b535f1cfce
> |<9>| INT: KEY BLOCK[104]:
> d0faedea6c8baa006af6f09330be9b74cfdb49ccce6571c18cf5452788225f4f
> |<9>| INT: CLIENT WRITE KEY [16]: c33896bce2ebfefd2a0b650a05c92e87
> |<9>| INT: SERVER WRITE KEY [16]: 7931f6300477f3e94563703092d07ee8
> |<3>| HSK[746a0]: Cipher Suite: DHE_DSS_AES_128_CBC_SHA1
> |<3>| HSK[746a0]: Initializing internal [read] cipher sessions
> AES-128 test encryption failed.
> |<4>| REC[746a0]: Expected Packet[0] Handshake(22) with length: 1
> |<4>| REC[746a0]: Received Packet[0] Handshake(22) with length: 80
> |<2>| ASSERT: gnutls_cipher.c:516
> |<4>| REC[746a0]: Short record length 54 > 64 - 20 (under attack?)
> |<2>| ASSERT: gnutls_record.c:1002
> |<2>| ASSERT: gnutls_buffers.c:1151
> |<2>| ASSERT: gnutls_handshake.c:1045
> |<2>| ASSERT: gnutls_handshake.c:599
> |<2>| ASSERT: gnutls_handshake.c:2553
> |<2>| ASSERT: gnutls_handshake.c:2685
> Error in handshake
> Error: Decryption has failed.
> |<4>| REC: Sending Alert[2|20] - Bad record MAC
> |<4>| REC[746a0]: Sending Packet[5] Alert(21) with length: 2
> |<2>| ASSERT: gnutls_cipher.c:204
> |<4>| REC[746a0]: Sent Packet[6] Alert(21) with length: 7
> |<2>| ASSERT: gnutls_record.c:262
>
>
>
>
>
>
> ## client side (amd64) ##
>
> # gnutls-cli --debug 9 --x509keyfile ssl.key --x509certfile ssl.crt -p
> 15135 someserver
> Processed 1 client certificates...
> |<2>| ASSERT: x509_b64.c:452
> |<2>| Could not find '-----BEGIN RSA PRIVATE KEY'
> Processed 1 client X.509 certificates...
> Resolving 'someserver'...
> Connecting to '....:15135'...
> |<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1
> |<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1
> |<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
> |<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1
> |<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1
> |<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
> |<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1
> |<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_PSK_SHA_AES_128_CBC_SHA1
> |<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_PSK_SHA_AES_256_CBC_SHA1
> |<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_PSK_SHA_3DES_EDE_CBC_SHA1
> |<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_PSK_SHA_ARCFOUR_SHA1
> |<3>| HSK[0x12d9e60]: Removing ciphersuite: SRP_SHA_RSA_AES_128_CBC_SHA1
> |<3>| HSK[0x12d9e60]: Removing ciphersuite: SRP_SHA_RSA_AES_256_CBC_SHA1
> |<3>| HSK[0x12d9e60]: Removing ciphersuite: SRP_SHA_RSA_3DES_EDE_CBC_SHA1
> |<3>| HSK[0x12d9e60]: Removing ciphersuite: SRP_SHA_DSS_AES_128_CBC_SHA1
> |<3>| HSK[0x12d9e60]: Removing ciphersuite: SRP_SHA_DSS_AES_256_CBC_SHA1
> |<3>| HSK[0x12d9e60]: Removing ciphersuite: SRP_SHA_DSS_3DES_EDE_CBC_SHA1
> |<3>| HSK[0x12d9e60]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1
> |<3>| HSK[0x12d9e60]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1
> |<3>| HSK[0x12d9e60]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1
> |<3>| HSK[0x12d9e60]: Keeping ciphersuite: RSA_ARCFOUR_SHA1
> |<3>| HSK[0x12d9e60]: Keeping ciphersuite: RSA_ARCFOUR_MD5
> |<3>| HSK[0x12d9e60]: Keeping ciphersuite: PSK_SHA_AES_128_CBC_SHA1
> |<3>| HSK[0x12d9e60]: Keeping ciphersuite: PSK_SHA_AES_256_CBC_SHA1
> |<3>| HSK[0x12d9e60]: Keeping ciphersuite: PSK_SHA_3DES_EDE_CBC_SHA1
> |<3>| HSK[0x12d9e60]: Keeping ciphersuite: PSK_SHA_ARCFOUR_SHA1
> |<3>| HSK[0x12d9e60]: Removing ciphersuite: SRP_SHA_AES_128_CBC_SHA1
> |<3>| HSK[0x12d9e60]: Removing ciphersuite: SRP_SHA_AES_256_CBC_SHA1
> |<3>| HSK[0x12d9e60]: Removing ciphersuite: SRP_SHA_3DES_EDE_CBC_SHA1
> |<2>| EXT[0x12d9e60]: Sending extension CERT_TYPE
> |<2>| EXT[0x12d9e60]: Sending extension SERVER_NAME
> |<3>| HSK[0x12d9e60]: CLIENT HELLO was send [121 bytes]
> |<4>| REC[0x12d9e60]: Sending Packet[0] Handshake(22) with length: 121
> |<2>| ASSERT: gnutls_cipher.c:204
> |<4>| REC[0x12d9e60]: Sent Packet[1] Handshake(22) with length: 126
> |<4>| REC[0x12d9e60]: Expected Packet[0] Handshake(22) with length: 1
> |<4>| REC[0x12d9e60]: Received Packet[0] Handshake(22) with length: 74
> |<2>| ASSERT: gnutls_cipher.c:204
> |<4>| REC[0x12d9e60]: Decrypted Packet[0] Handshake(22) with length: 74
> |<3>| HSK[0x12d9e60]: SERVER HELLO was received [74 bytes]
> |<3>| HSK[0x12d9e60]: Server's version: 3.2
> |<3>| HSK[0x12d9e60]: SessionID length: 32
> |<3>| HSK[0x12d9e60]: SessionID:
> 3dd101d3c7914ac90c3ee763390c2d3e983d5b54a2f3a9142bd5db94cea5b867
> |<3>| HSK[0x12d9e60]: Selected cipher suite: DHE_DSS_AES_128_CBC_SHA1
> |<2>| ASSERT: gnutls_extensions.c:124
> |<4>| REC[0x12d9e60]: Expected Packet[1] Handshake(22) with length: 1
> |<4>| REC[0x12d9e60]: Received Packet[1] Handshake(22) with length: 2351
> |<2>| ASSERT: gnutls_cipher.c:204
> |<4>| REC[0x12d9e60]: Decrypted Packet[1] Handshake(22) with length: 2351
> |<3>| HSK[0x12d9e60]: CERTIFICATE was received [2351 bytes]
> |<4>| REC[0x12d9e60]: Expected Packet[2] Handshake(22) with length: 1
> |<4>| REC[0x12d9e60]: Received Packet[2] Handshake(22) with length: 331
> |<2>| ASSERT: gnutls_cipher.c:204
> |<4>| REC[0x12d9e60]: Decrypted Packet[2] Handshake(22) with length: 331
> |<3>| HSK[0x12d9e60]: SERVER KEY EXCHANGE was received [331 bytes]
> |<4>| REC[0x12d9e60]: Expected Packet[3] Handshake(22) with length: 1
> |<4>| REC[0x12d9e60]: Received Packet[3] Handshake(22) with length: 70
> |<2>| ASSERT: gnutls_cipher.c:204
> |<4>| REC[0x12d9e60]: Decrypted Packet[3] Handshake(22) with length: 70
> |<3>| HSK[0x12d9e60]: CERTIFICATE REQUEST was received [70 bytes]
> |<4>| REC[0x12d9e60]: Expected Packet[4] Handshake(22) with length: 1
> |<4>| REC[0x12d9e60]: Received Packet[4] Handshake(22) with length: 4
> |<2>| ASSERT: gnutls_cipher.c:204
> |<4>| REC[0x12d9e60]: Decrypted Packet[4] Handshake(22) with length: 4
> |<3>| HSK[0x12d9e60]: SERVER HELLO DONE was received [4 bytes]
> |<3>| HSK[0x12d9e60]: CERTIFICATE was send [2351 bytes]
> |<4>| REC[0x12d9e60]: Sending Packet[1] Handshake(22) with length: 2351
> |<2>| ASSERT: gnutls_cipher.c:204
> |<4>| REC[0x12d9e60]: Sent Packet[2] Handshake(22) with length: 2356
> |<3>| HSK[0x12d9e60]: CLIENT KEY EXCHANGE was send [134 bytes]
> |<4>| REC[0x12d9e60]: Sending Packet[2] Handshake(22) with length: 134
> |<2>| ASSERT: gnutls_cipher.c:204
> |<4>| REC[0x12d9e60]: Sent Packet[3] Handshake(22) with length: 139
> |<3>| HSK[0x12d9e60]: CERTIFICATE VERIFY was send [68 bytes]
> |<4>| REC[0x12d9e60]: Sending Packet[3] Handshake(22) with length: 68
> |<2>| ASSERT: gnutls_cipher.c:204
> |<4>| REC[0x12d9e60]: Sent Packet[4] Handshake(22) with length: 73
> |<3>| REC[0x12d9e60]: Sent ChangeCipherSpec
> |<4>| REC[0x12d9e60]: Sending Packet[4] Change Cipher Spec(20) with length: 1
> |<2>| ASSERT: gnutls_cipher.c:204
> |<4>| REC[0x12d9e60]: Sent Packet[5] Change Cipher Spec(20) with length: 6
> |<9>| INT: PREMASTER SECRET[128]:
> 653c0772433e1eea046a891f8290cb5e27681e50bb07d206f59048350d1847ced5179b2acc933b669b7ff378d0b2d298323f06334782e4cf4f37759847553116e0a409bd2afb9cfd6c26c44245108b04571c7660b23cb0f035f0d39c5a9868f6a4d14f102a2486152a7d4a836581b17c32dfb4ea9d1309fa0aa85576d7cac73b
> |<9>| INT: CLIENT RANDOM[32]:
> 4ab5145766276591b6df4f3d3603b5602ca7272dac4fa03d39ed2e5ac9d8f21a
> |<9>| INT: SERVER RANDOM[32]:
> 4ab5146f5e9d0f5915218d467006e3a55e8ce0fbac3936f00ce092612aae4b93
> |<9>| INT: MASTER SECRET:
> 0a290575d29c8aa4a96944f7dff67b9b4a3a1a763373a2bc5b267c0e67d1f5dce018670478b022df232575b535f1cfce
> |<9>| INT: KEY BLOCK[104]:
> d0faedea6c8baa006af6f09330be9b74cfdb49ccce6571c18cf5452788225f4f
> |<9>| INT: CLIENT WRITE KEY [16]: c33896bce2ebfefd2a0b650a05c92e87
> |<9>| INT: SERVER WRITE KEY [16]: 7931f6300477f3e94563703092d07ee8
> |<3>| HSK[0x12d9e60]: Cipher Suite: DHE_DSS_AES_128_CBC_SHA1
> |<3>| HSK[0x12d9e60]: Initializing internal [write] cipher sessions
> |<3>| HSK[0x12d9e60]: FINISHED was send [16 bytes]
> |<4>| REC[0x12d9e60]: Sending Packet[0] Handshake(22) with length: 16
> |<4>| REC[0x12d9e60]: Sent Packet[1] Handshake(22) with length: 85
> |<4>| REC[0x12d9e60]: Expected Packet[5] Change Cipher Spec(20) with length: 1
> |<4>| REC[0x12d9e60]: Received Packet[5] Alert(21) with length: 2
> |<2>| ASSERT: gnutls_cipher.c:204
> |<4>| REC[0x12d9e60]: Decrypted Packet[5] Alert(21) with length: 2
> |<4>| REC[0x12d9e60]: Alert[2|20] - Bad record MAC - was received
> |<2>| ASSERT: gnutls_record.c:695
> |<2>| ASSERT: gnutls_record.c:1048
> |<2>| ASSERT: gnutls_handshake.c:2525
> |<2>| ASSERT: gnutls_handshake.c:2697
> *** Fatal error: A TLS fatal alert has been received.
> *** Received alert [20]: Bad record MAC
> *** Handshake has failed
> GNUTLS ERROR: A TLS fatal alert has been received.





More information about the Gnutls-help mailing list