[DragonFlyBSD - Bug #2258] engine padlock broken in openssl on current master

Alex Hornung via Redmine bugtracker-admin at leaf.dragonflybsd.org
Sun Dec 11 13:55:48 PST 2011


Issue #2258 has been updated by Alex Hornung.


Try running some standalone tests with openssl itself, and also try
loading or unloading padlock.ko (depending on whether you've loaded it
now or not).

Cheers,
Alex

On 11/12/11 20:45, Jan Lentfer via Redmine wrote:
> 
> Issue #2258 has been reported by Jan Lentfer.
> 
> ----------------------------------------
> Bug #2258: engine padlock broken in openssl on current master
> http://bugs.dragonflybsd.org/issues/2258
> 
> Author: Jan Lentfer
> Status: New
> Priority: Normal
> Assignee: 
> Category: 
> Target version: 
> 
> 
> After Upgrading to  v2.13.0.527.g95bf5 openvpn does not work any more 
> with "engine padlock" enabled in server.conf.
> 
> Seems engine padlock in openssl is broken. If I comment out "engine 
> padlock" from server.conf, handshake works fine.
> 
> I X-ed out private info in the certificates.
> 
> 
> 
> Dec 11 21:38:10 epia openvpn[99939]: MULTI: multi_create_instance called
> Dec 11 21:38:10 epia openvpn[99939]: 85.214.83.243:38599 Re-using 
> SSL/TLS context
> Dec 11 21:38:10 epia openvpn[99939]: 85.214.83.243:38599 LZO compression 
> initialized
> Dec 11 21:38:10 epia openvpn[99939]: 85.214.83.243:38599 Control Channel 
> MTU parms [ L:1562 D:138 EF:38 EB:0 ET:0 EL:0 ]
> Dec 11 21:38:10 epia openvpn[99939]: 85.214.83.243:38599 Data Channel 
> MTU parms [ L:1562 D:1300 EF:62 EB:135 ET:0 EL:0 AF:3/1 ]
> Dec 11 21:38:10 epia openvpn[99939]: 85.214.83.243:38599 Fragmentation 
> MTU parms [ L:1562 D:1300 EF:61 EB:135 ET:1 EL:0 AF:3/1 ]
> Dec 11 21:38:10 epia openvpn[99939]: 85.214.83.243:38599 Local Options 
> String: 'V4,dev-type tun,link-mtu 1562,tun-mtu 1500,proto 
> UDPv4,comp-lzo,mtu-dynamic,cipher AES-128-CBC,auth SHA1,keysize 
> 128,key-method 2,tls-server'
> Dec 11 21:38:10 epia openvpn[99939]: 85.214.83.243:38599 Expected Remote 
> Options String: 'V4,dev-type tun,link-mtu 1562,tun-mtu 1500,proto 
> UDPv4,comp-lzo,mtu-dynamic,cipher AES-128-CBC,auth SHA1,keysize 
> 128,key-method 2,tls-client'
> Dec 11 21:38:10 epia openvpn[99939]: 85.214.83.243:38599 Local Options 
> hash (VER=V4): 'e11a9f86'
> Dec 11 21:38:10 epia openvpn[99939]: 85.214.83.243:38599 Expected Remote 
> Options hash (VER=V4): '0c7fabe0'
> Dec 11 21:38:10 epia openvpn[99939]: 85.214.83.243:38599 TLS: Initial 
> packet from 85.214.83.243:38599, sid=caa12d6f 165ba8e5
> Dec 11 21:38:11 epia openvpn[99939]: 85.214.83.243:38599 VERIFY OK: 
> depth=1, /C=XX/ST=XXXXX/L=XXXXX/O=XXXXXXXXXXXXXXXXX
> Dec 11 21:38:11 epia openvpn[99939]: 85.214.83.243:38599 VERIFY OK: 
> depth=0, 
> /C=XX/ST=XXXXX/L=XXXX/O=XXXXXXXXXXXXXXXXXXXX/CN=XXXXX/emailAddress=XXXXXXXXXXXX
> Dec 11 21:38:11 epia openvpn[99939]: 85.214.83.243:38599 TLS_ERROR: BIO 
> read tls_read_plaintext error: error:1408F119:SSL 
> routines:SSL3_GET_RECORD:decryption failed or bad record mac
> Dec 11 21:38:11 epia openvpn[99939]: 85.214.83.243:38599 TLS Error: TLS 
> object -> incoming plaintext read error
> Dec 11 21:38:11 epia openvpn[99939]: 85.214.83.243:38599 TLS Error: TLS 
> handshake failed
> Dec 11 21:38:11 epia openvpn[99939]: 85.214.83.243:38599 
> SIGUSR1[soft,tls-error] received, client-instance restarting
> 
>
----------------------------------------
Bug #2258: engine padlock broken in openssl on current master
http://bugs.dragonflybsd.org/issues/2258

Author: Jan Lentfer
Status: New
Priority: Normal
Assignee: 
Category: 
Target version: 


After Upgrading to  v2.13.0.527.g95bf5 openvpn does not work any more 
with "engine padlock" enabled in server.conf.

Seems engine padlock in openssl is broken. If I comment out "engine 
padlock" from server.conf, handshake works fine.

I X-ed out private info in the certificates.



Dec 11 21:38:10 epia openvpn[99939]: MULTI: multi_create_instance called
Dec 11 21:38:10 epia openvpn[99939]: 85.214.83.243:38599 Re-using 
SSL/TLS context
Dec 11 21:38:10 epia openvpn[99939]: 85.214.83.243:38599 LZO compression 
initialized
Dec 11 21:38:10 epia openvpn[99939]: 85.214.83.243:38599 Control Channel 
MTU parms [ L:1562 D:138 EF:38 EB:0 ET:0 EL:0 ]
Dec 11 21:38:10 epia openvpn[99939]: 85.214.83.243:38599 Data Channel 
MTU parms [ L:1562 D:1300 EF:62 EB:135 ET:0 EL:0 AF:3/1 ]
Dec 11 21:38:10 epia openvpn[99939]: 85.214.83.243:38599 Fragmentation 
MTU parms [ L:1562 D:1300 EF:61 EB:135 ET:1 EL:0 AF:3/1 ]
Dec 11 21:38:10 epia openvpn[99939]: 85.214.83.243:38599 Local Options 
String: 'V4,dev-type tun,link-mtu 1562,tun-mtu 1500,proto 
UDPv4,comp-lzo,mtu-dynamic,cipher AES-128-CBC,auth SHA1,keysize 
128,key-method 2,tls-server'
Dec 11 21:38:10 epia openvpn[99939]: 85.214.83.243:38599 Expected Remote 
Options String: 'V4,dev-type tun,link-mtu 1562,tun-mtu 1500,proto 
UDPv4,comp-lzo,mtu-dynamic,cipher AES-128-CBC,auth SHA1,keysize 
128,key-method 2,tls-client'
Dec 11 21:38:10 epia openvpn[99939]: 85.214.83.243:38599 Local Options 
hash (VER=V4): 'e11a9f86'
Dec 11 21:38:10 epia openvpn[99939]: 85.214.83.243:38599 Expected Remote 
Options hash (VER=V4): '0c7fabe0'
Dec 11 21:38:10 epia openvpn[99939]: 85.214.83.243:38599 TLS: Initial 
packet from 85.214.83.243:38599, sid=caa12d6f 165ba8e5
Dec 11 21:38:11 epia openvpn[99939]: 85.214.83.243:38599 VERIFY OK: 
depth=1, /C=XX/ST=XXXXX/L=XXXXX/O=XXXXXXXXXXXXXXXXX
Dec 11 21:38:11 epia openvpn[99939]: 85.214.83.243:38599 VERIFY OK: 
depth=0, 
/C=XX/ST=XXXXX/L=XXXX/O=XXXXXXXXXXXXXXXXXXXX/CN=XXXXX/emailAddress=XXXXXXXXXXXX
Dec 11 21:38:11 epia openvpn[99939]: 85.214.83.243:38599 TLS_ERROR: BIO 
read tls_read_plaintext error: error:1408F119:SSL 
routines:SSL3_GET_RECORD:decryption failed or bad record mac
Dec 11 21:38:11 epia openvpn[99939]: 85.214.83.243:38599 TLS Error: TLS 
object -> incoming plaintext read error
Dec 11 21:38:11 epia openvpn[99939]: 85.214.83.243:38599 TLS Error: TLS 
handshake failed
Dec 11 21:38:11 epia openvpn[99939]: 85.214.83.243:38599 
SIGUSR1[soft,tls-error] received, client-instance restarting


-- 
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account





More information about the Bugs mailing list