SSL read error: decryption failed or bad record mac

Bug #1133333 reported by Imre Deak on 2013-02-26
18
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenSSL
Fix Released
Unknown
openssl (Debian)
Fix Released
Unknown
openssl (Ubuntu)
High
Marc Deslauriers
Precise
High
Marc Deslauriers
Quantal
High
Marc Deslauriers
Raring
High
Marc Deslauriers

Bug Description

I have Ubuntu-12.10/irssi 0.8.15/libssl 1.0.1c-3. After connecting
successfully to an SSL IRC server and joining some channel on it, I get
the error

read error: decryption failed or bad record mac

after which the connection terminates. I didn't have any problem with
this before, the error started to occur only yesterday after an Ubuntu
security update from libssl 1.0.1c-3ubuntu2 to 1.0.1c-3ubuntu2.1. Using
the version 1.0.1c-3ubuntu2 of libssl and libcrypto gets rid of the
problem.
---
ApportVersion: 2.6.1-0ubuntu10
Architecture: amd64
DistroRelease: Ubuntu 12.10
InstallationDate: Installed on 2013-02-15 (10 days ago)
InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Release amd64 (20121017.5)
MarkForUpload: True
Package: openssl 1.0.1c-3ubuntu2.1
PackageArchitecture: amd64
ProcEnviron:
 TERM=xterm
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 3.5.0-25.38-generic 3.5.7.4
Tags: quantal running-unity
Uname: Linux 3.5.0-25-generic x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo

Imre Deak (ideak) wrote :

I also reported this at the upstream project:

http://marc.info/?l=openssl-dev&m=136187226114925&w=2

Thank you for taking the time to report this bug and helping to make Ubuntu better. Please execute the following command, as it will automatically gather debugging information, in a terminal:
apport-collect 1133333
When reporting bugs in the future please use apport by using 'ubuntu-bug' and the name of the package affected. You can learn more about this functionality at https://wiki.ubuntu.com/ReportingBugs.

Changed in openssl (Ubuntu):
status: New → Incomplete

apport information

tags: added: apport-collected quantal running-unity
description: updated
Changed in openssl (Ubuntu):
status: Incomplete → New
Seth Arnold (seth-arnold) wrote :

My irssi 0.8.15-5ubuntu1 and libssl1.0.0 1.0.1c-3ubuntu2.1 work just fine for CertFP-authenticated connection to irc.oftc.net and two other SSL/TLS IRC networks.

Imre Deak (ideak) wrote :

oftc works for me too w/o problems. The IRC server libssl breaks with is a company internal one, so unfortunately I can't give you access to that, but besides me there is at least two other people having the same problem and the same same solution (downgrading to 1.0.1c-3ubuntu2) works for them too.

So there is a difference between the working and non-working servers, we should just find out what it is. Maybe different crypto algorithms used? Not sure how to find out that, will try it tomorrow.

Seth Arnold (seth-arnold) wrote :

You can dump the algorithm information with e.g.:

openssl s_client -connect irc.oftc.net:6697
...
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
    Protocol : TLSv1
    Cipher : AES256-SHA
...

Imre Deak (ideak) wrote :

Thanks, the server I'm having the problem reports:

New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol : TLSv1.1
    Cipher : DHE-RSA-AES256-SHA

Now, it connects fine and is waiting for some input, but that still fits the original bug description. I would need some way now to reproduce the bug with these params.

Imre Deak (ideak) wrote :

Or we could just set up an IRC server using these settings.

Imre Deak (ideak) wrote :

Creating a channel with 'openssl s_server -cipher DHE-RSA-AES256-SHA -cert certfile.pem -key keyfile.pem' and 'openssl s_client -connect localhost:4433' and transferring data in both directions alone didn't trigger the problem.

Marc Deslauriers (mdeslaur) wrote :

I believe this is related to AES-NI. For testing, could you please try setting the following environment variable to disable AES-NI before launching your irc client from the command line:

export OPENSSL_ia32cap=~0x200000200000000

Imre Deak (ideak) wrote :

to comment#10:

yes exporting that variable will get rid of the problem.

Marc Deslauriers (mdeslaur) wrote :

I believe this only affects openssl 1.0.1. Has anyone seen a similar regression on Ubuntu 8.04, 10.04, or 11.10?

Changed in openssl (Ubuntu Precise):
status: New → Confirmed
Changed in openssl (Ubuntu Quantal):
status: New → Confirmed
Changed in openssl (Ubuntu Raring):
status: New → Confirmed
Changed in openssl (Ubuntu Precise):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in openssl (Ubuntu Quantal):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in openssl (Ubuntu Raring):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in openssl (Ubuntu Precise):
importance: Undecided → High
Changed in openssl (Ubuntu Quantal):
importance: Undecided → High
Changed in openssl (Ubuntu Raring):
importance: Undecided → High
Brice TENCE (btence-rde) wrote :

It seems I meet the same problem, but using SVN (Ubuntu 12.04, on 2 machines at least).

As far as I understand, it worked fine with openssl 1.0.1-4ubuntu5.5 package but do not anymore with 1.0.1-4ubuntu5.6 ?

I just rebuilt 1.0.1-4ubuntu5.5 package and it does not seem to be enough. Is my problem due to something else or shoud I consider another version and/or other package(s) too ?

I am currently looking for a short-term hack to make seems work on my machines ...

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssl - 1.0.1-4ubuntu5.7

---------------
openssl (1.0.1-4ubuntu5.7) precise-security; urgency=low

  * REGRESSION FIX: decryption errors on AES-NI hardware (LP: #1134873,
    LP: #1133333)
    - debian/patches/CVE-2013-0169.patch: disabled for now until fix is
      available from upstream.
 -- Marc Deslauriers <email address hidden> Thu, 28 Feb 2013 11:00:13 -0500

Changed in openssl (Ubuntu Precise):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssl - 1.0.1c-3ubuntu2.2

---------------
openssl (1.0.1c-3ubuntu2.2) quantal-security; urgency=low

  * REGRESSION FIX: decryption errors on AES-NI hardware (LP: #1134873,
    LP: #1133333)
    - debian/patches/CVE-2013-0169.patch: disabled for now until fix is
      available from upstream.
 -- Marc Deslauriers <email address hidden> Thu, 28 Feb 2013 10:56:42 -0500

Changed in openssl (Ubuntu Quantal):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssl - 1.0.1c-4ubuntu5

---------------
openssl (1.0.1c-4ubuntu5) raring; urgency=low

  * REGRESSION FIX: decryption errors on AES-NI hardware (LP: #1134873,
    LP: #1133333)
    - debian/patches/CVE-2013-0169.patch: disabled for now until fix is
      available from upstream.
 -- Marc Deslauriers <email address hidden> Thu, 28 Feb 2013 11:01:29 -0500

Changed in openssl (Ubuntu Raring):
status: Confirmed → Fix Released
Changed in openssl (Debian):
status: Unknown → New
Changed in openssl:
status: Unknown → New
Brice TENCE (btence-rde) wrote :

I noticed http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701868 Debian bug report which seems to be related. It now seems fixed for Ubuntu but not for Debian.
Is this the case ?
May the problem occur if the package is installed server-side ?

Marc Deslauriers (mdeslaur) wrote :

Just to be clear, we've fixed it in Ubuntu by reverting the security patch until we get a fix that doesn't contain this regression.

Yes, we've seen similar problems when openssl is updated with the problematic fix on servers.

Changed in openssl (Debian):
status: New → Fix Released
Marc Deslauriers (mdeslaur) wrote :

We have updated openssl packages for Precise and Quantal that now re-enable the security fix, along with an extra commit from upstream that should fix the regressions people were seeing. The packages are currently in the security team PPA here:

https://launchpad.net/~ubuntu-security-proposed/+archive/ppa/+packages

I would appreciate if you could test these updated packages and report if they work in your specific environment, and don't contain the regression you previously reported.

Thanks.

Imre Deak (ideak) wrote :

to comment#19:

1.0.1c-3ubuntu2.3 seems to work fine, I can't reproduce the problem with it.

Thanks.

Changed in openssl:
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.