Got the same error on Linux, both x86 and x64, when tried to add following
lines to ./ssl/t1_enc.c@tls1_change_cipher_state:
ssl3_cleanup_key_block(s);
OPENSSL_cleanse(s->s3->read_mac_secret,
sizeof(s->s3->read_mac_secret));
OPENSSL_cleanse(s->s3->write_mac_secret,
sizeof(s->s3->write_mac_secret));
at the very end.
Just before
return(1);
err:
SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
Error appears both for TLS 1.2 AES128-SHA256 and AES256-SHA256 ciphersuites.
And do NOT appears for any other ciphersuites.
On 13 January 2014 20:26, Shawn via RT <r...@openssl.org> wrote:
> hey OpenSSL community maintainers,
>
> Compiled OpenSSL with GCC -O3 optimization on ARM64 might cause
> AES256-SHA256 testing fails:
>
> -------------------------------------------------------------------------------------------------------------
> [ 3022s] Testing AES256-SHA256
> [ 3024s] Available compression methods:
> [ 3024s] NONE
> [ 3024s] ERROR in SERVER
> [ 3024s] 274890758944:error:1408F119:
> SSL
> routines:SSL3_GET_RECORD:decryption failed or bad record
> mac:s3_pkt.c:484:
> [ 3024s] TLSv1.2, cipher TLSv1/SSLv3 AES256-SHA256, 2048 bit RSA
> [ 3024s] 1 handshakes of 256 bytes done
> [ 3024s] Failed AES256-SHA256
> [ 3024s] make[1]: *** [test_ssl] Error 1
> [ 3024s] make[1]: Leaving directory
> `/home/abuild/rpmbuild/BUILD/openssl-1.0.1f/test'
>
> -----------------------------------------------------------------------------------------------------------
>
> I'm not sure if this is an issue of OpenSSL. -O3 works for previous
> release( 1.0.1e). Plz check the fully log which was attached! Thanks!
>
>
> --
> GNU powered it...
> GPL protect it...
> God blessing it...
>
> regards
> Shawn
>
>
