linux - openssl erro after machine restart decryption failed or bad record mac -


using openssl 0.9.8 in c++ application .

things working fine , following errors encountered. no change in code, certificate or in peer application done.

error:1408f119:ssl routines:ssl3_get_record:decryption failed or bad record mac:s3_pkt.c:426: error:1408f10b:ssl routines:ssl3_get_record:wrong version number:s3_pkt.c:288: error:1408f096:ssl routines:ssl3_get_record:encrypted length long:s3_pkt.c:346:  m/c details:linux awtah.dispatchserver1 3.6.11-1.fc16.i686 #1 smp mon dec 17 21:36:23 utc 2012 i686 i686 i386 gnu/linux

these error random. though application uses it’s own opnesssl 0.9.8 , m/c have 1.0.0j-fips.

-bash-4.2# openssl version -a openssl 1.0.0j-fips 10 may 2012 built on: tue may 15 18:44:01 utc 2012 platform: linux-elf options:  bn(64,32) md2(int) rc4(8x,mmx) des(ptr,risc1,16,long) blowfish(idx) compiler: gcc -fpic -dopenssl_pic -dzlib -dopenssl_threads -d_reentrant -ddso_dlfcn -dhave_dlfcn_h -dkrb5_mit -dl_endian -dtermio -wall -o2 -g -pipe -wall -wp,-d_fortify_source=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4  -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tables -wa,--noexecstack -dopenssl_bn_asm_part_words -dopenssl_ia32_sse2 -dopenssl_bn_asm_mont -dsha1_asm -dsha256_asm -dsha512_asm -dmd5_asm -drmd160_asm -daes_asm -dwhirlpool_asm openssldir: "/etc/pki/tls" engines:  aesni dynamic

on reinstalling 1.0.0j-fips on machine error got fixed.

now same application on fedora 14, after reboot have encountered above problem.

linux 3upcawt605 2.6.35.6-45.fc14.i686 #1 smp mon oct 18 23:56:17 utc 2010 i686 i686 i386 gnu/linux

any pointer root cause of problem or how fix this. open ssl installed on second m/c

built on: wed sep  7 18:59:14 utc 2011 platform: linux-elf options:  bn(64,32) md2(int) rc4(8x,mmx) des(ptr,risc1,16,long) blowfish(idx) compiler: gcc -fpic -dopenssl_pic -dzlib -dopenssl_threads -d_reentrant -ddso_dlfcn -dhave_dlfcn_h -dkrb5_mit -dl_endian -dtermio -wall -o2 -g -pipe -wall -wp,-d_fortify_source=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tables -wa,--noexecstack -dopenssl_bn_asm_part_words -dopenssl_ia32_sse2 -dopenssl_bn_asm_mont -dsha1_asm -dsha256_asm -dsha512_asm -dmd5_asm -drmd160_asm -daes_asm -dwhirlpool_asm openssldir: "/etc/pki/tls" engines:  aesni dynamic

the cbc padding check seems failing.that can triggered elements changing data in network,or library expecting , got else.for multi-threading environments callbacks of lock should registered openssl library.

for instance library behavior ,in cant except re-creating ssl context , starting beginning on error.

some machines support instruction sets accelerating library encryption/decryption,you may want disable instructions exporting openssl environment variables.


Comments

Post a Comment

Popular posts from this blog

basic authentication with http post params android -

i doing basic authentication passing username , password , using basicnamevaluepair sending post params response service. my method: public stringbuilder callservicehttppost(string username, string password, string type) { // create new httpclient , post header httpclient httpclient = new defaulthttpclient(); httppost httppost = new httppost(webservice + type); httpresponse response = null; stringbuilder total = new stringbuilder(); try { url url = new url(webservice + type); /*string base64encodedcredentials = base64.encodetostring((username + ":" + password).getbytes(), base64.url_safe | base64.no_wrap);*/ string base64encodedcredentials = "basic " + base64.encodetostring( (username + ":" + password).getbytes(), base64.no_wrap); httppost.setheader("auth...
Read more

vb.net - Virtual Keyboard commands -

i wondering difference between virtual these keyboard commands is: keyeventf_extendedkey , keyeventf_keyup is. everywhere have looked gives me description based off integers , not want know each of them does. you've tagged question vb.net, these have nothing @ vb.net. they're constants defined in windows header files, use win32 api functions. as far difference, can't tell looking @ values. individual values not particularly important, that's why named identifiers used. what's important used , documentation functions tells mean. the first one, keyeventf_extendedkey , used keybdinput structure (which used along e.g. sendinput function) pass information synthesized keyboard input. if flag used, means scan code should interpreted extended key. technically, means scan code preceded prefix byte value 224 (&he0 in hexadecimal notation). the second one, keyeventf_keyup , 1 of flags available use structure. means key being released (going up)...
Read more

c++ - End of file on pipe magic during open -

i have c++ application in starting process(wireshark) following. if (fp == null){ fp = popen(processpath, "r"); //processpath process want start if (!fp){ throw std::invalid_argument("cannot start process"); } fprintf(fp, d_msg);//d_msg input want provide process } else if(fp != null){ fprintf(fp, d_msg); } the problem when execute c++ application, start wireshark error end of file on pipe magic during open what should avoid that? also tried using mkfifo create named pipe , execute it. used this: if (fp == null){ system("mkfifo /tmp/mine.pcap"); fp = popen("wireshark -k -i /tmp/mine.pcap", "r"); if (!fp){ dout << "cannot start wireshark"<<std::endl; throw std::invalid_argument("cannot start wireshark"); } input = fopen("/tmp/mine.pcap", "wb"); fprintf(input , d_msg); fclose(input)...
Read more