Hi, today I was trying to run GnuTLS on sparc and connect it to an amd64 machine, well, result is that connection dies because of:
Error: Decryption has failed. on one side, and with Fatal error: A TLS fatal alert has been received. on the other side. Note that sparc-sparc connects without any problem. The exact machine is 'TI UltraSparc IIe (Hummingbird) GNU/Linux' running gentoo. If anyone had an idea about what's wrong on sparc, please comment this. Seems like some data sizing problem to me, but i'm not really sure (at least I haven't found any obvious cause yet.) Full logs from disconnecting gnutls-cli and -serv are attached below. Thanks in advance, Mirek Kratochvil ---- Now for the logs: ## server side (sparc) ## # gnutls-serv --debug 9 --x509cafile ca.crt --x509keyfile ssl.key --x509certfile ssl.crt --echo -p 15135 Set static Diffie Hellman parameters, consider --dhparams. Processed 1 CA certificate(s). |<2>| ASSERT: x509_b64.c:452 |<2>| Could not find '-----BEGIN RSA PRIVATE KEY' Echo Server ready. Listening to port '15135'. |<4>| REC[746a0]: Expected Packet[0] Handshake(22) with length: 1 |<4>| REC[746a0]: Received Packet[0] Handshake(22) with length: 121 |<2>| ASSERT: gnutls_cipher.c:204 |<4>| REC[746a0]: Decrypted Packet[0] Handshake(22) with length: 121 |<3>| HSK[746a0]: CLIENT HELLO was received [121 bytes] |<3>| HSK[746a0]: Client's version: 3.2 |<2>| ASSERT: gnutls_db.c:326 |<2>| ASSERT: gnutls_db.c:246 |<2>| EXT[746a0]: Received extension 'CERT_TYPE/9' |<2>| EXT[746a0]: Received extension 'SERVER_NAME/0' |<2>| EXT[746a0]: Received extension 'CERT_TYPE/9' |<2>| EXT[746a0]: Received extension 'SERVER_NAME/0' |<3>| HSK[746a0]: Removing ciphersuite: PSK_SHA_ARCFOUR_SHA1 |<3>| HSK[746a0]: Removing ciphersuite: PSK_SHA_3DES_EDE_CBC_SHA1 |<3>| HSK[746a0]: Removing ciphersuite: PSK_SHA_AES_128_CBC_SHA1 |<3>| HSK[746a0]: Removing ciphersuite: PSK_SHA_AES_256_CBC_SHA1 |<3>| HSK[746a0]: Removing ciphersuite: DHE_PSK_SHA_ARCFOUR_SHA1 |<3>| HSK[746a0]: Removing ciphersuite: DHE_PSK_SHA_3DES_EDE_CBC_SHA1 |<3>| HSK[746a0]: Removing ciphersuite: DHE_PSK_SHA_AES_128_CBC_SHA1 |<3>| HSK[746a0]: Removing ciphersuite: DHE_PSK_SHA_AES_256_CBC_SHA1 |<3>| HSK[746a0]: Removing ciphersuite: SRP_SHA_3DES_EDE_CBC_SHA1 |<3>| HSK[746a0]: Removing ciphersuite: SRP_SHA_AES_128_CBC_SHA1 |<3>| HSK[746a0]: Removing ciphersuite: SRP_SHA_AES_256_CBC_SHA1 |<3>| HSK[746a0]: Removing ciphersuite: SRP_SHA_DSS_3DES_EDE_CBC_SHA1 |<3>| HSK[746a0]: Removing ciphersuite: SRP_SHA_RSA_3DES_EDE_CBC_SHA1 |<3>| HSK[746a0]: Removing ciphersuite: SRP_SHA_DSS_AES_128_CBC_SHA1 |<3>| HSK[746a0]: Removing ciphersuite: SRP_SHA_RSA_AES_128_CBC_SHA1 |<3>| HSK[746a0]: Removing ciphersuite: SRP_SHA_DSS_AES_256_CBC_SHA1 |<3>| HSK[746a0]: Removing ciphersuite: SRP_SHA_RSA_AES_256_CBC_SHA1 |<3>| HSK[746a0]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1 |<3>| HSK[746a0]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1 |<3>| HSK[746a0]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1 |<3>| HSK[746a0]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1 |<3>| HSK[746a0]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1 |<3>| HSK[746a0]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1 |<3>| HSK[746a0]: Removing ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1 |<3>| HSK[746a0]: Removing ciphersuite: DHE_RSA_AES_128_CBC_SHA1 |<3>| HSK[746a0]: Removing ciphersuite: DHE_RSA_AES_256_CBC_SHA1 |<3>| HSK[746a0]: Removing ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1 |<3>| HSK[746a0]: Removing ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1 |<3>| HSK[746a0]: Removing ciphersuite: RSA_ARCFOUR_SHA1 |<3>| HSK[746a0]: Removing ciphersuite: RSA_ARCFOUR_MD5 |<3>| HSK[746a0]: Removing ciphersuite: RSA_3DES_EDE_CBC_SHA1 |<3>| HSK[746a0]: Removing ciphersuite: RSA_AES_128_CBC_SHA1 |<3>| HSK[746a0]: Removing ciphersuite: RSA_AES_256_CBC_SHA1 |<3>| HSK[746a0]: Removing ciphersuite: RSA_CAMELLIA_128_CBC_SHA1 |<3>| HSK[746a0]: Removing ciphersuite: RSA_CAMELLIA_256_CBC_SHA1 |<3>| HSK[746a0]: Selected cipher suite: DHE_DSS_AES_128_CBC_SHA1 |<3>| HSK[746a0]: Selected Compression Method: NULL |<3>| HSK[746a0]: SessionID: 3dd101d3c7914ac90c3ee763390c2d3e983d5b54a2f3a9142bd5db94cea5b867 |<3>| HSK[746a0]: SERVER HELLO was send [74 bytes] |<4>| REC[746a0]: Sending Packet[0] Handshake(22) with length: 74 |<2>| ASSERT: gnutls_cipher.c:204 |<4>| REC[746a0]: Sent Packet[1] Handshake(22) with length: 79 |<3>| HSK[746a0]: CERTIFICATE was send [2351 bytes] |<4>| REC[746a0]: Sending Packet[1] Handshake(22) with length: 2351 |<2>| ASSERT: gnutls_cipher.c:204 |<4>| REC[746a0]: Sent Packet[2] Handshake(22) with length: 2356 |<3>| HSK[746a0]: SERVER KEY EXCHANGE was send [331 bytes] |<4>| REC[746a0]: Sending Packet[2] Handshake(22) with length: 331 |<2>| ASSERT: gnutls_cipher.c:204 |<4>| REC[746a0]: Sent Packet[3] Handshake(22) with length: 336 |<3>| HSK[746a0]: CERTIFICATE REQUEST was send [70 bytes] |<4>| REC[746a0]: Sending Packet[3] Handshake(22) with length: 70 |<2>| ASSERT: gnutls_cipher.c:204 |<4>| REC[746a0]: Sent Packet[4] Handshake(22) with length: 75 |<3>| HSK[746a0]: SERVER HELLO DONE was send [4 bytes] |<4>| REC[746a0]: Sending Packet[4] Handshake(22) with length: 4 |<2>| ASSERT: gnutls_cipher.c:204 |<4>| REC[746a0]: Sent Packet[5] Handshake(22) with length: 9 |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_buffers.c:1151 |<2>| ASSERT: gnutls_handshake.c:1045 |<4>| REC[746a0]: Expected Packet[1] Handshake(22) with length: 1 |<4>| REC[746a0]: Received Packet[1] Handshake(22) with length: 2351 |<2>| ASSERT: gnutls_cipher.c:204 |<4>| REC[746a0]: Decrypted Packet[1] Handshake(22) with length: 2351 |<3>| HSK[746a0]: CERTIFICATE was received [2351 bytes] |<2>| ASSERT: gnutls_buffers.c:360 |<2>| ASSERT: gnutls_buffers.c:1151 |<2>| ASSERT: gnutls_handshake.c:1045 |<4>| REC[746a0]: Expected Packet[2] Handshake(22) with length: 1 |<4>| REC[746a0]: Received Packet[2] Handshake(22) with length: 134 |<2>| ASSERT: gnutls_cipher.c:204 |<4>| REC[746a0]: Decrypted Packet[2] Handshake(22) with length: 134 |<3>| HSK[746a0]: CLIENT KEY EXCHANGE was received [134 bytes] |<4>| REC[746a0]: Expected Packet[3] Handshake(22) with length: 1 |<4>| REC[746a0]: Received Packet[3] Handshake(22) with length: 68 |<2>| ASSERT: gnutls_cipher.c:204 |<4>| REC[746a0]: Decrypted Packet[3] Handshake(22) with length: 68 |<3>| HSK[746a0]: CERTIFICATE VERIFY was received [68 bytes] |<4>| REC[746a0]: Expected Packet[4] Change Cipher Spec(20) with length: 1 |<4>| REC[746a0]: Received Packet[4] Change Cipher Spec(20) with length: 1 |<2>| ASSERT: gnutls_cipher.c:204 |<4>| REC[746a0]: ChangeCipherSpec Packet was received |<9>| INT: PREMASTER SECRET[128]: 653c0772433e1eea046a891f8290cb5e27681e50bb07d206f59048350d1847ced5179b2acc933b669b7ff378d0b2d298323f06334782e4cf4f37759847553116e0a409bd2afb9cfd6c26c44245108b04571c7660b23cb0f035f0d39c5a9868f6a4d14f102a2486152a7d4a836581b17c32dfb4ea9d1309fa0aa85576d7cac73b |<9>| INT: CLIENT RANDOM[32]: 4ab5145766276591b6df4f3d3603b5602ca7272dac4fa03d39ed2e5ac9d8f21a |<9>| INT: SERVER RANDOM[32]: 4ab5146f5e9d0f5915218d467006e3a55e8ce0fbac3936f00ce092612aae4b93 |<9>| INT: MASTER SECRET: 0a290575d29c8aa4a96944f7dff67b9b4a3a1a763373a2bc5b267c0e67d1f5dce018670478b022df232575b535f1cfce |<9>| INT: KEY BLOCK[104]: d0faedea6c8baa006af6f09330be9b74cfdb49ccce6571c18cf5452788225f4f |<9>| INT: CLIENT WRITE KEY [16]: c33896bce2ebfefd2a0b650a05c92e87 |<9>| INT: SERVER WRITE KEY [16]: 7931f6300477f3e94563703092d07ee8 |<3>| HSK[746a0]: Cipher Suite: DHE_DSS_AES_128_CBC_SHA1 |<3>| HSK[746a0]: Initializing internal [read] cipher sessions AES-128 test encryption failed. |<4>| REC[746a0]: Expected Packet[0] Handshake(22) with length: 1 |<4>| REC[746a0]: Received Packet[0] Handshake(22) with length: 80 |<2>| ASSERT: gnutls_cipher.c:516 |<4>| REC[746a0]: Short record length 54 > 64 - 20 (under attack?) |<2>| ASSERT: gnutls_record.c:1002 |<2>| ASSERT: gnutls_buffers.c:1151 |<2>| ASSERT: gnutls_handshake.c:1045 |<2>| ASSERT: gnutls_handshake.c:599 |<2>| ASSERT: gnutls_handshake.c:2553 |<2>| ASSERT: gnutls_handshake.c:2685 Error in handshake Error: Decryption has failed. |<4>| REC: Sending Alert[2|20] - Bad record MAC |<4>| REC[746a0]: Sending Packet[5] Alert(21) with length: 2 |<2>| ASSERT: gnutls_cipher.c:204 |<4>| REC[746a0]: Sent Packet[6] Alert(21) with length: 7 |<2>| ASSERT: gnutls_record.c:262 ## client side (amd64) ## # gnutls-cli --debug 9 --x509keyfile ssl.key --x509certfile ssl.crt -p 15135 someserver Processed 1 client certificates... |<2>| ASSERT: x509_b64.c:452 |<2>| Could not find '-----BEGIN RSA PRIVATE KEY' Processed 1 client X.509 certificates... Resolving 'someserver'... Connecting to '....:15135'... |<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1 |<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1 |<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1 |<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1 |<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1 |<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1 |<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1 |<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_PSK_SHA_AES_128_CBC_SHA1 |<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_PSK_SHA_AES_256_CBC_SHA1 |<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_PSK_SHA_3DES_EDE_CBC_SHA1 |<3>| HSK[0x12d9e60]: Keeping ciphersuite: DHE_PSK_SHA_ARCFOUR_SHA1 |<3>| HSK[0x12d9e60]: Removing ciphersuite: SRP_SHA_RSA_AES_128_CBC_SHA1 |<3>| HSK[0x12d9e60]: Removing ciphersuite: SRP_SHA_RSA_AES_256_CBC_SHA1 |<3>| HSK[0x12d9e60]: Removing ciphersuite: SRP_SHA_RSA_3DES_EDE_CBC_SHA1 |<3>| HSK[0x12d9e60]: Removing ciphersuite: SRP_SHA_DSS_AES_128_CBC_SHA1 |<3>| HSK[0x12d9e60]: Removing ciphersuite: SRP_SHA_DSS_AES_256_CBC_SHA1 |<3>| HSK[0x12d9e60]: Removing ciphersuite: SRP_SHA_DSS_3DES_EDE_CBC_SHA1 |<3>| HSK[0x12d9e60]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1 |<3>| HSK[0x12d9e60]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1 |<3>| HSK[0x12d9e60]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1 |<3>| HSK[0x12d9e60]: Keeping ciphersuite: RSA_ARCFOUR_SHA1 |<3>| HSK[0x12d9e60]: Keeping ciphersuite: RSA_ARCFOUR_MD5 |<3>| HSK[0x12d9e60]: Keeping ciphersuite: PSK_SHA_AES_128_CBC_SHA1 |<3>| HSK[0x12d9e60]: Keeping ciphersuite: PSK_SHA_AES_256_CBC_SHA1 |<3>| HSK[0x12d9e60]: Keeping ciphersuite: PSK_SHA_3DES_EDE_CBC_SHA1 |<3>| HSK[0x12d9e60]: Keeping ciphersuite: PSK_SHA_ARCFOUR_SHA1 |<3>| HSK[0x12d9e60]: Removing ciphersuite: SRP_SHA_AES_128_CBC_SHA1 |<3>| HSK[0x12d9e60]: Removing ciphersuite: SRP_SHA_AES_256_CBC_SHA1 |<3>| HSK[0x12d9e60]: Removing ciphersuite: SRP_SHA_3DES_EDE_CBC_SHA1 |<2>| EXT[0x12d9e60]: Sending extension CERT_TYPE |<2>| EXT[0x12d9e60]: Sending extension SERVER_NAME |<3>| HSK[0x12d9e60]: CLIENT HELLO was send [121 bytes] |<4>| REC[0x12d9e60]: Sending Packet[0] Handshake(22) with length: 121 |<2>| ASSERT: gnutls_cipher.c:204 |<4>| REC[0x12d9e60]: Sent Packet[1] Handshake(22) with length: 126 |<4>| REC[0x12d9e60]: Expected Packet[0] Handshake(22) with length: 1 |<4>| REC[0x12d9e60]: Received Packet[0] Handshake(22) with length: 74 |<2>| ASSERT: gnutls_cipher.c:204 |<4>| REC[0x12d9e60]: Decrypted Packet[0] Handshake(22) with length: 74 |<3>| HSK[0x12d9e60]: SERVER HELLO was received [74 bytes] |<3>| HSK[0x12d9e60]: Server's version: 3.2 |<3>| HSK[0x12d9e60]: SessionID length: 32 |<3>| HSK[0x12d9e60]: SessionID: 3dd101d3c7914ac90c3ee763390c2d3e983d5b54a2f3a9142bd5db94cea5b867 |<3>| HSK[0x12d9e60]: Selected cipher suite: DHE_DSS_AES_128_CBC_SHA1 |<2>| ASSERT: gnutls_extensions.c:124 |<4>| REC[0x12d9e60]: Expected Packet[1] Handshake(22) with length: 1 |<4>| REC[0x12d9e60]: Received Packet[1] Handshake(22) with length: 2351 |<2>| ASSERT: gnutls_cipher.c:204 |<4>| REC[0x12d9e60]: Decrypted Packet[1] Handshake(22) with length: 2351 |<3>| HSK[0x12d9e60]: CERTIFICATE was received [2351 bytes] |<4>| REC[0x12d9e60]: Expected Packet[2] Handshake(22) with length: 1 |<4>| REC[0x12d9e60]: Received Packet[2] Handshake(22) with length: 331 |<2>| ASSERT: gnutls_cipher.c:204 |<4>| REC[0x12d9e60]: Decrypted Packet[2] Handshake(22) with length: 331 |<3>| HSK[0x12d9e60]: SERVER KEY EXCHANGE was received [331 bytes] |<4>| REC[0x12d9e60]: Expected Packet[3] Handshake(22) with length: 1 |<4>| REC[0x12d9e60]: Received Packet[3] Handshake(22) with length: 70 |<2>| ASSERT: gnutls_cipher.c:204 |<4>| REC[0x12d9e60]: Decrypted Packet[3] Handshake(22) with length: 70 |<3>| HSK[0x12d9e60]: CERTIFICATE REQUEST was received [70 bytes] |<4>| REC[0x12d9e60]: Expected Packet[4] Handshake(22) with length: 1 |<4>| REC[0x12d9e60]: Received Packet[4] Handshake(22) with length: 4 |<2>| ASSERT: gnutls_cipher.c:204 |<4>| REC[0x12d9e60]: Decrypted Packet[4] Handshake(22) with length: 4 |<3>| HSK[0x12d9e60]: SERVER HELLO DONE was received [4 bytes] |<3>| HSK[0x12d9e60]: CERTIFICATE was send [2351 bytes] |<4>| REC[0x12d9e60]: Sending Packet[1] Handshake(22) with length: 2351 |<2>| ASSERT: gnutls_cipher.c:204 |<4>| REC[0x12d9e60]: Sent Packet[2] Handshake(22) with length: 2356 |<3>| HSK[0x12d9e60]: CLIENT KEY EXCHANGE was send [134 bytes] |<4>| REC[0x12d9e60]: Sending Packet[2] Handshake(22) with length: 134 |<2>| ASSERT: gnutls_cipher.c:204 |<4>| REC[0x12d9e60]: Sent Packet[3] Handshake(22) with length: 139 |<3>| HSK[0x12d9e60]: CERTIFICATE VERIFY was send [68 bytes] |<4>| REC[0x12d9e60]: Sending Packet[3] Handshake(22) with length: 68 |<2>| ASSERT: gnutls_cipher.c:204 |<4>| REC[0x12d9e60]: Sent Packet[4] Handshake(22) with length: 73 |<3>| REC[0x12d9e60]: Sent ChangeCipherSpec |<4>| REC[0x12d9e60]: Sending Packet[4] Change Cipher Spec(20) with length: 1 |<2>| ASSERT: gnutls_cipher.c:204 |<4>| REC[0x12d9e60]: Sent Packet[5] Change Cipher Spec(20) with length: 6 |<9>| INT: PREMASTER SECRET[128]: 653c0772433e1eea046a891f8290cb5e27681e50bb07d206f59048350d1847ced5179b2acc933b669b7ff378d0b2d298323f06334782e4cf4f37759847553116e0a409bd2afb9cfd6c26c44245108b04571c7660b23cb0f035f0d39c5a9868f6a4d14f102a2486152a7d4a836581b17c32dfb4ea9d1309fa0aa85576d7cac73b |<9>| INT: CLIENT RANDOM[32]: 4ab5145766276591b6df4f3d3603b5602ca7272dac4fa03d39ed2e5ac9d8f21a |<9>| INT: SERVER RANDOM[32]: 4ab5146f5e9d0f5915218d467006e3a55e8ce0fbac3936f00ce092612aae4b93 |<9>| INT: MASTER SECRET: 0a290575d29c8aa4a96944f7dff67b9b4a3a1a763373a2bc5b267c0e67d1f5dce018670478b022df232575b535f1cfce |<9>| INT: KEY BLOCK[104]: d0faedea6c8baa006af6f09330be9b74cfdb49ccce6571c18cf5452788225f4f |<9>| INT: CLIENT WRITE KEY [16]: c33896bce2ebfefd2a0b650a05c92e87 |<9>| INT: SERVER WRITE KEY [16]: 7931f6300477f3e94563703092d07ee8 |<3>| HSK[0x12d9e60]: Cipher Suite: DHE_DSS_AES_128_CBC_SHA1 |<3>| HSK[0x12d9e60]: Initializing internal [write] cipher sessions |<3>| HSK[0x12d9e60]: FINISHED was send [16 bytes] |<4>| REC[0x12d9e60]: Sending Packet[0] Handshake(22) with length: 16 |<4>| REC[0x12d9e60]: Sent Packet[1] Handshake(22) with length: 85 |<4>| REC[0x12d9e60]: Expected Packet[5] Change Cipher Spec(20) with length: 1 |<4>| REC[0x12d9e60]: Received Packet[5] Alert(21) with length: 2 |<2>| ASSERT: gnutls_cipher.c:204 |<4>| REC[0x12d9e60]: Decrypted Packet[5] Alert(21) with length: 2 |<4>| REC[0x12d9e60]: Alert[2|20] - Bad record MAC - was received |<2>| ASSERT: gnutls_record.c:695 |<2>| ASSERT: gnutls_record.c:1048 |<2>| ASSERT: gnutls_handshake.c:2525 |<2>| ASSERT: gnutls_handshake.c:2697 *** Fatal error: A TLS fatal alert has been received. *** Received alert [20]: Bad record MAC *** Handshake has failed GNUTLS ERROR: A TLS fatal alert has been received. _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
