Miroslav Kratochvil <[email protected]> writes: > Hi, > today I was trying to run GnuTLS on sparc and connect it to an amd64 > machine, well, result is that connection dies because of:
Which GnuTLS version? > Error: Decryption has failed. > > on one side, and with > > Fatal error: A TLS fatal alert has been received. > > on the other side. Note that sparc-sparc connects without any problem. > The exact machine is 'TI UltraSparc IIe (Hummingbird) GNU/Linux' > running gentoo. > > If anyone had an idea about what's wrong on sparc, please comment > this. Seems like some data sizing problem to me, but i'm not really > sure (at least I haven't found any obvious cause yet.) Full logs from > disconnecting gnutls-cli and -serv are attached below. Do the builds pass 'make check' on your systems? /Simon > Thanks in advance, > Mirek Kratochvil > > > ---- > Now for the logs: > > ## server side (sparc) ## > > # gnutls-serv --debug 9 --x509cafile ca.crt --x509keyfile ssl.key > --x509certfile ssl.crt --echo -p 15135 > Set static Diffie Hellman parameters, consider --dhparams. > Processed 1 CA certificate(s). > |<2>| ASSERT: x509_b64.c:452 > |<2>| Could not find '-----BEGIN RSA PRIVATE KEY' > Echo Server ready. Listening to port '15135'. > > |<4>| REC[746a0]: Expected Packet[0] Handshake(22) with length: 1 > |<4>| REC[746a0]: Received Packet[0] Handshake(22) with length: 121 > |<2>| ASSERT: gnutls_cipher.c:204 > |<4>| REC[746a0]: Decrypted Packet[0] Handshake(22) with length: 121 > |<3>| HSK[746a0]: CLIENT HELLO was received [121 bytes] > |<3>| HSK[746a0]: Client's version: 3.2 > |<2>| ASSERT: gnutls_db.c:326 > |<2>| ASSERT: gnutls_db.c:246 > |<2>| EXT[746a0]: Received extension 'CERT_TYPE/9' > |<2>| EXT[746a0]: Received extension 'SERVER_NAME/0' > |<2>| EXT[746a0]: Received extension 'CERT_TYPE/9' > |<2>| EXT[746a0]: Received extension 'SERVER_NAME/0' > |<3>| HSK[746a0]: Removing ciphersuite: PSK_SHA_ARCFOUR_SHA1 > |<3>| HSK[746a0]: Removing ciphersuite: PSK_SHA_3DES_EDE_CBC_SHA1 > |<3>| HSK[746a0]: Removing ciphersuite: PSK_SHA_AES_128_CBC_SHA1 > |<3>| HSK[746a0]: Removing ciphersuite: PSK_SHA_AES_256_CBC_SHA1 > |<3>| HSK[746a0]: Removing ciphersuite: DHE_PSK_SHA_ARCFOUR_SHA1 > |<3>| HSK[746a0]: Removing ciphersuite: DHE_PSK_SHA_3DES_EDE_CBC_SHA1 > |<3>| HSK[746a0]: Removing ciphersuite: DHE_PSK_SHA_AES_128_CBC_SHA1 > |<3>| HSK[746a0]: Removing ciphersuite: DHE_PSK_SHA_AES_256_CBC_SHA1 > |<3>| HSK[746a0]: Removing ciphersuite: SRP_SHA_3DES_EDE_CBC_SHA1 > |<3>| HSK[746a0]: Removing ciphersuite: SRP_SHA_AES_128_CBC_SHA1 > |<3>| HSK[746a0]: Removing ciphersuite: SRP_SHA_AES_256_CBC_SHA1 > |<3>| HSK[746a0]: Removing ciphersuite: SRP_SHA_DSS_3DES_EDE_CBC_SHA1 > |<3>| HSK[746a0]: Removing ciphersuite: SRP_SHA_RSA_3DES_EDE_CBC_SHA1 > |<3>| HSK[746a0]: Removing ciphersuite: SRP_SHA_DSS_AES_128_CBC_SHA1 > |<3>| HSK[746a0]: Removing ciphersuite: SRP_SHA_RSA_AES_128_CBC_SHA1 > |<3>| HSK[746a0]: Removing ciphersuite: SRP_SHA_DSS_AES_256_CBC_SHA1 > |<3>| HSK[746a0]: Removing ciphersuite: SRP_SHA_RSA_AES_256_CBC_SHA1 > |<3>| HSK[746a0]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1 > |<3>| HSK[746a0]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1 > |<3>| HSK[746a0]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1 > |<3>| HSK[746a0]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1 > |<3>| HSK[746a0]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1 > |<3>| HSK[746a0]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1 > |<3>| HSK[746a0]: Removing ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1 > |<3>| HSK[746a0]: Removing ciphersuite: DHE_RSA_AES_128_CBC_SHA1 > |<3>| HSK[746a0]: Removing ciphersuite: DHE_RSA_AES_256_CBC_SHA1 > |<3>| HSK[746a0]: Removing ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1 > |<3>| HSK[746a0]: Removing ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1 > |<3>| HSK[746a0]: Removing ciphersuite: RSA_ARCFOUR_SHA1 > |<3>| HSK[746a0]: Removing ciphersuite: RSA_ARCFOUR_MD5 > |<3>| HSK[746a0]: Removing ciphersuite: RSA_3DES_EDE_CBC_SHA1 > |<3>| HSK[746a0]: Removing ciphersuite: RSA_AES_128_CBC_SHA1 > |<3>| HSK[746a0]: Removing ciphersuite: RSA_AES_256_CBC_SHA1 > |<3>| HSK[746a0]: Removing ciphersuite: RSA_CAMELLIA_128_CBC_SHA1 > |<3>| HSK[746a0]: Removing ciphersuite: RSA_CAMELLIA_256_CBC_SHA1 > |<3>| HSK[746a0]: Selected cipher suite: DHE_DSS_AES_128_CBC_SHA1 > |<3>| HSK[746a0]: Selected Compression Method: NULL > |<3>| HSK[746a0]: SessionID: > 3dd101d3c7914ac90c3ee763390c2d3e983d5b54a2f3a9142bd5db94cea5b867 > |<3>| HSK[746a0]: SERVER HELLO was send [74 bytes] > |<4>| REC[746a0]: Sending Packet[0] Handshake(22) with length: 74 > |<2>| ASSERT: gnutls_cipher.c:204 > |<4>| REC[746a0]: Sent Packet[1] Handshake(22) with length: 79 > |<3>| HSK[746a0]: CERTIFICATE was send [2351 bytes] > |<4>| REC[746a0]: Sending Packet[1] Handshake(22) with length: 2351 > |<2>| ASSERT: gnutls_cipher.c:204 > |<4>| REC[746a0]: Sent Packet[2] Handshake(22) with length: 2356 > |<3>| HSK[746a0]: SERVER KEY EXCHANGE was send [331 bytes] > |<4>| REC[746a0]: Sending Packet[2] Handshake(22) with length: 331 > |<2>| ASSERT: gnutls_cipher.c:204 > |<4>| REC[746a0]: Sent Packet[3] Handshake(22) with length: 336 > |<3>| HSK[746a0]: CERTIFICATE REQUEST was send [70 bytes] > |<4>| REC[746a0]: Sending Packet[3] Handshake(22) with length: 70 > |<2>| ASSERT: gnutls_cipher.c:204 > |<4>| REC[746a0]: Sent Packet[4] Handshake(22) with length: 75 > |<3>| HSK[746a0]: SERVER HELLO DONE was send [4 bytes] > |<4>| REC[746a0]: Sending Packet[4] Handshake(22) with length: 4 > |<2>| ASSERT: gnutls_cipher.c:204 > |<4>| REC[746a0]: Sent Packet[5] Handshake(22) with length: 9 > |<2>| ASSERT: gnutls_buffers.c:360 > |<2>| ASSERT: gnutls_buffers.c:1151 > |<2>| ASSERT: gnutls_handshake.c:1045 > |<4>| REC[746a0]: Expected Packet[1] Handshake(22) with length: 1 > |<4>| REC[746a0]: Received Packet[1] Handshake(22) with length: 2351 > |<2>| ASSERT: gnutls_cipher.c:204 > |<4>| REC[746a0]: Decrypted Packet[1] Handshake(22) with length: 2351 > |<3>| HSK[746a0]: CERTIFICATE was received [2351 bytes] > |<2>| ASSERT: gnutls_buffers.c:360 > |<2>| ASSERT: gnutls_buffers.c:1151 > |<2>| ASSERT: gnutls_handshake.c:1045 > |<4>| REC[746a0]: Expected Packet[2] Handshake(22) with length: 1 > |<4>| REC[746a0]: Received Packet[2] Handshake(22) with length: 134 > |<2>| ASSERT: gnutls_cipher.c:204 > |<4>| REC[746a0]: Decrypted Packet[2] Handshake(22) with length: 134 > |<3>| HSK[746a0]: CLIENT KEY EXCHANGE was received [134 bytes] > |<4>| REC[746a0]: Expected Packet[3] Handshake(22) with length: 1 > |<4>| REC[746a0]: Received Packet[3] Handshake(22) with length: 68 > |<2>| ASSERT: gnutls_cipher.c:204 > |<4>| REC[746a0]: Decrypted Packet[3] Handshake(22) with length: 68 > |<3>| HSK[746a0]: CERTIFICATE VERIFY was received [68 bytes] > |<4>| REC[746a0]: Expected Packet[4] Change Cipher Spec(20) with length: 1 > |<4>| REC[746a0]: Received Packet[4] Change Cipher Spec(20) with length: 1 > |<2>| ASSERT: gnutls_cipher.c:204 > |<4>| REC[746a0]: ChangeCipherSpec Packet was received > |<9>| INT: PREMASTER SECRET[128]: > 653c0772433e1eea046a891f8290cb5e27681e50bb07d206f59048350d1847ced5179b2acc933b669b7ff378d0b2d298323f06334782e4cf4f37759847553116e0a409bd2afb9cfd6c26c44245108b04571c7660b23cb0f035f0d39c5a9868f6a4d14f102a2486152a7d4a836581b17c32dfb4ea9d1309fa0aa85576d7cac73b > |<9>| INT: CLIENT RANDOM[32]: > 4ab5145766276591b6df4f3d3603b5602ca7272dac4fa03d39ed2e5ac9d8f21a > |<9>| INT: SERVER RANDOM[32]: > 4ab5146f5e9d0f5915218d467006e3a55e8ce0fbac3936f00ce092612aae4b93 > |<9>| INT: MASTER SECRET: > 0a290575d29c8aa4a96944f7dff67b9b4a3a1a763373a2bc5b267c0e67d1f5dce018670478b022df232575b535f1cfce > |<9>| INT: KEY BLOCK[104]: > d0faedea6c8baa006af6f09330be9b74cfdb49ccce6571c18cf5452788225f4f > |<9>| INT: CLIENT WRITE KEY [16]: c33896bce2ebfefd2a0b650a05c92e87 > |<9>| INT: SERVER WRITE KEY [16]: 7931f6300477f3e94563703092d07ee8 > |<3>| HSK[746a0]: Cipher Suite: DHE_DSS_AES_128_CBC_SHA1 > |<3>| HSK[746a0]: Initializing internal [read] cipher sessions > AES-128 test encryption failed. > |<4>| REC[746a0]: Expected Packet[0] Handshake(22) with length: 1 > |<4>| REC[746a0]: Received Packet[0] Handshake(22) with length: 80 > |<2>| ASSERT: gnutls_cipher.c:516 > |<4>| REC[746a0]: Short record length 54 > 64 - 20 (under attack?) > |<2>| ASSERT: gnutls_record.c:1002 > |<2>| ASSERT: gnutls_buffers.c:1151 > |<2>| ASSERT: gnutls_handshake.c:1045 > |<2>| ASSERT: gnutls_handshake.c:599 > |<2>| ASSERT: gnutls_handshake.c:2553 > |<2>| ASSERT: gnutls_handshake.c:2685 > Error in handshake > Error: Decryption has failed. > |<4>| REC: Sending Alert[2|20] - Bad record MAC > |<4>| REC[746a0]: Sending Packet[5] Alert(21) with length: 2 > |<2>| ASSERT: gnutls_cipher.c:204 > |<4>| REC[746a0]: Sent Packet[6] Alert(21) with length: 7 > |<2>| ASSERT: gnutls_record.c:262 > > > > > > > ## client side (amd64) ## > > # gnutls-cli --debug 9 --x509keyfile ssl.key --x509certfile ssl.crt -p > 15135 someserver > Processed 1 client certificates... > |<2>| ASSERT: x509_b64.c:452 > |<2>| Could not find '-----BEGIN RSA PRIVATE KEY' > Processed 1 client X.509 certificates... > Resolving 'someserver'... > Connecting to '....:15135'... > |<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1 > |<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1 > |<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1 > |<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1 > |<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1 > |<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1 > |<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1 > |<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_PSK_SHA_AES_128_CBC_SHA1 > |<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_PSK_SHA_AES_256_CBC_SHA1 > |<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_PSK_SHA_3DES_EDE_CBC_SHA1 > |<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_PSK_SHA_ARCFOUR_SHA1 > |<3>| HSK[0x12d9e60]: Removing ciphersuite: SRP_SHA_RSA_AES_128_CBC_SHA1 > |<3>| HSK[0x12d9e60]: Removing ciphersuite: SRP_SHA_RSA_AES_256_CBC_SHA1 > |<3>| HSK[0x12d9e60]: Removing ciphersuite: SRP_SHA_RSA_3DES_EDE_CBC_SHA1 > |<3>| HSK[0x12d9e60]: Removing ciphersuite: SRP_SHA_DSS_AES_128_CBC_SHA1 > |<3>| HSK[0x12d9e60]: Removing ciphersuite: SRP_SHA_DSS_AES_256_CBC_SHA1 > |<3>| HSK[0x12d9e60]: Removing ciphersuite: SRP_SHA_DSS_3DES_EDE_CBC_SHA1 > |<3>| HSK[0x12d9e60]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1 > |<3>| HSK[0x12d9e60]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1 > |<3>| HSK[0x12d9e60]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1 > |<3>| HSK[0x12d9e60]: Keeping ciphersuite: RSA_ARCFOUR_SHA1 > |<3>| HSK[0x12d9e60]: Keeping ciphersuite: RSA_ARCFOUR_MD5 > |<3>| HSK[0x12d9e60]: Keeping ciphersuite: PSK_SHA_AES_128_CBC_SHA1 > |<3>| HSK[0x12d9e60]: Keeping ciphersuite: PSK_SHA_AES_256_CBC_SHA1 > |<3>| HSK[0x12d9e60]: Keeping ciphersuite: PSK_SHA_3DES_EDE_CBC_SHA1 > |<3>| HSK[0x12d9e60]: Keeping ciphersuite: PSK_SHA_ARCFOUR_SHA1 > |<3>| HSK[0x12d9e60]: Removing ciphersuite: SRP_SHA_AES_128_CBC_SHA1 > |<3>| HSK[0x12d9e60]: Removing ciphersuite: SRP_SHA_AES_256_CBC_SHA1 > |<3>| HSK[0x12d9e60]: Removing ciphersuite: SRP_SHA_3DES_EDE_CBC_SHA1 > |<2>| EXT[0x12d9e60]: Sending extension CERT_TYPE > |<2>| EXT[0x12d9e60]: Sending extension SERVER_NAME > |<3>| HSK[0x12d9e60]: CLIENT HELLO was send [121 bytes] > |<4>| REC[0x12d9e60]: Sending Packet[0] Handshake(22) with length: 121 > |<2>| ASSERT: gnutls_cipher.c:204 > |<4>| REC[0x12d9e60]: Sent Packet[1] Handshake(22) with length: 126 > |<4>| REC[0x12d9e60]: Expected Packet[0] Handshake(22) with length: 1 > |<4>| REC[0x12d9e60]: Received Packet[0] Handshake(22) with length: 74 > |<2>| ASSERT: gnutls_cipher.c:204 > |<4>| REC[0x12d9e60]: Decrypted Packet[0] Handshake(22) with length: 74 > |<3>| HSK[0x12d9e60]: SERVER HELLO was received [74 bytes] > |<3>| HSK[0x12d9e60]: Server's version: 3.2 > |<3>| HSK[0x12d9e60]: SessionID length: 32 > |<3>| HSK[0x12d9e60]: SessionID: > 3dd101d3c7914ac90c3ee763390c2d3e983d5b54a2f3a9142bd5db94cea5b867 > |<3>| HSK[0x12d9e60]: Selected cipher suite: DHE_DSS_AES_128_CBC_SHA1 > |<2>| ASSERT: gnutls_extensions.c:124 > |<4>| REC[0x12d9e60]: Expected Packet[1] Handshake(22) with length: 1 > |<4>| REC[0x12d9e60]: Received Packet[1] Handshake(22) with length: 2351 > |<2>| ASSERT: gnutls_cipher.c:204 > |<4>| REC[0x12d9e60]: Decrypted Packet[1] Handshake(22) with length: 2351 > |<3>| HSK[0x12d9e60]: CERTIFICATE was received [2351 bytes] > |<4>| REC[0x12d9e60]: Expected Packet[2] Handshake(22) with length: 1 > |<4>| REC[0x12d9e60]: Received Packet[2] Handshake(22) with length: 331 > |<2>| ASSERT: gnutls_cipher.c:204 > |<4>| REC[0x12d9e60]: Decrypted Packet[2] Handshake(22) with length: 331 > |<3>| HSK[0x12d9e60]: SERVER KEY EXCHANGE was received [331 bytes] > |<4>| REC[0x12d9e60]: Expected Packet[3] Handshake(22) with length: 1 > |<4>| REC[0x12d9e60]: Received Packet[3] Handshake(22) with length: 70 > |<2>| ASSERT: gnutls_cipher.c:204 > |<4>| REC[0x12d9e60]: Decrypted Packet[3] Handshake(22) with length: 70 > |<3>| HSK[0x12d9e60]: CERTIFICATE REQUEST was received [70 bytes] > |<4>| REC[0x12d9e60]: Expected Packet[4] Handshake(22) with length: 1 > |<4>| REC[0x12d9e60]: Received Packet[4] Handshake(22) with length: 4 > |<2>| ASSERT: gnutls_cipher.c:204 > |<4>| REC[0x12d9e60]: Decrypted Packet[4] Handshake(22) with length: 4 > |<3>| HSK[0x12d9e60]: SERVER HELLO DONE was received [4 bytes] > |<3>| HSK[0x12d9e60]: CERTIFICATE was send [2351 bytes] > |<4>| REC[0x12d9e60]: Sending Packet[1] Handshake(22) with length: 2351 > |<2>| ASSERT: gnutls_cipher.c:204 > |<4>| REC[0x12d9e60]: Sent Packet[2] Handshake(22) with length: 2356 > |<3>| HSK[0x12d9e60]: CLIENT KEY EXCHANGE was send [134 bytes] > |<4>| REC[0x12d9e60]: Sending Packet[2] Handshake(22) with length: 134 > |<2>| ASSERT: gnutls_cipher.c:204 > |<4>| REC[0x12d9e60]: Sent Packet[3] Handshake(22) with length: 139 > |<3>| HSK[0x12d9e60]: CERTIFICATE VERIFY was send [68 bytes] > |<4>| REC[0x12d9e60]: Sending Packet[3] Handshake(22) with length: 68 > |<2>| ASSERT: gnutls_cipher.c:204 > |<4>| REC[0x12d9e60]: Sent Packet[4] Handshake(22) with length: 73 > |<3>| REC[0x12d9e60]: Sent ChangeCipherSpec > |<4>| REC[0x12d9e60]: Sending Packet[4] Change Cipher Spec(20) with length: 1 > |<2>| ASSERT: gnutls_cipher.c:204 > |<4>| REC[0x12d9e60]: Sent Packet[5] Change Cipher Spec(20) with length: 6 > |<9>| INT: PREMASTER SECRET[128]: > 653c0772433e1eea046a891f8290cb5e27681e50bb07d206f59048350d1847ced5179b2acc933b669b7ff378d0b2d298323f06334782e4cf4f37759847553116e0a409bd2afb9cfd6c26c44245108b04571c7660b23cb0f035f0d39c5a9868f6a4d14f102a2486152a7d4a836581b17c32dfb4ea9d1309fa0aa85576d7cac73b > |<9>| INT: CLIENT RANDOM[32]: > 4ab5145766276591b6df4f3d3603b5602ca7272dac4fa03d39ed2e5ac9d8f21a > |<9>| INT: SERVER RANDOM[32]: > 4ab5146f5e9d0f5915218d467006e3a55e8ce0fbac3936f00ce092612aae4b93 > |<9>| INT: MASTER SECRET: > 0a290575d29c8aa4a96944f7dff67b9b4a3a1a763373a2bc5b267c0e67d1f5dce018670478b022df232575b535f1cfce > |<9>| INT: KEY BLOCK[104]: > d0faedea6c8baa006af6f09330be9b74cfdb49ccce6571c18cf5452788225f4f > |<9>| INT: CLIENT WRITE KEY [16]: c33896bce2ebfefd2a0b650a05c92e87 > |<9>| INT: SERVER WRITE KEY [16]: 7931f6300477f3e94563703092d07ee8 > |<3>| HSK[0x12d9e60]: Cipher Suite: DHE_DSS_AES_128_CBC_SHA1 > |<3>| HSK[0x12d9e60]: Initializing internal [write] cipher sessions > |<3>| HSK[0x12d9e60]: FINISHED was send [16 bytes] > |<4>| REC[0x12d9e60]: Sending Packet[0] Handshake(22) with length: 16 > |<4>| REC[0x12d9e60]: Sent Packet[1] Handshake(22) with length: 85 > |<4>| REC[0x12d9e60]: Expected Packet[5] Change Cipher Spec(20) with length: 1 > |<4>| REC[0x12d9e60]: Received Packet[5] Alert(21) with length: 2 > |<2>| ASSERT: gnutls_cipher.c:204 > |<4>| REC[0x12d9e60]: Decrypted Packet[5] Alert(21) with length: 2 > |<4>| REC[0x12d9e60]: Alert[2|20] - Bad record MAC - was received > |<2>| ASSERT: gnutls_record.c:695 > |<2>| ASSERT: gnutls_record.c:1048 > |<2>| ASSERT: gnutls_handshake.c:2525 > |<2>| ASSERT: gnutls_handshake.c:2697 > *** Fatal error: A TLS fatal alert has been received. > *** Received alert [20]: Bad record MAC > *** Handshake has failed > GNUTLS ERROR: A TLS fatal alert has been received. _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
