SSL read error: decryption failed or bad record mac

I also reported this at the upstream project:

http://marc.info/?l=openssl-dev&m=136187226114925&w=2

Thank you for taking the time to report this bug and helping to make Ubuntu better. Please execute the following command, as it will automatically gather debugging information, in a terminal:
apport-collect 1133333
When reporting bugs in the future please use apport by using 'ubuntu-bug' and the name of the package affected. You can learn more about this functionality at https://wiki.ubuntu.com/ReportingBugs.

apport information

My irssi 0.8.15-5ubuntu1 and libssl1.0.0 1.0.1c-3ubuntu2.1 work just fine for CertFP-authenticated connection to irc.oftc.net and two other SSL/TLS IRC networks.

oftc works for me too w/o problems. The IRC server libssl breaks with is a company internal one, so unfortunately I can't give you access to that, but besides me there is at least two other people having the same problem and the same same solution (downgrading to 1.0.1c-3ubuntu2) works for them too.

So there is a difference between the working and non-working servers, we should just find out what it is. Maybe different crypto algorithms used? Not sure how to find out that, will try it tomorrow.

You can dump the algorithm information with e.g.:

openssl s_client -connect irc.oftc.net:6697
...
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
    Protocol : TLSv1
    Cipher : AES256-SHA
...

Thanks, the server I'm having the problem reports:

New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol : TLSv1.1
    Cipher : DHE-RSA-AES256-SHA

Now, it connects fine and is waiting for some input, but that still fits the original bug description. I would need some way now to reproduce the bug with these params.

Or we could just set up an IRC server using these settings.

Creating a channel with 'openssl s_server -cipher DHE-RSA-AES256-SHA -cert certfile.pem -key keyfile.pem' and 'openssl s_client -connect localhost:4433' and transferring data in both directions alone didn't trigger the problem.

I believe this is related to AES-NI. For testing, could you please try setting the following environment variable to disable AES-NI before launching your irc client from the command line:

export OPENSSL_ia32cap=~0x200000200000000

to comment#10:

yes exporting that variable will get rid of the problem.

I believe this only affects openssl 1.0.1. Has anyone seen a similar regression on Ubuntu 8.04, 10.04, or 11.10?

It seems I meet the same problem, but using SVN (Ubuntu 12.04, on 2 machines at least).

As far as I understand, it worked fine with openssl 1.0.1-4ubuntu5.5 package but do not anymore with 1.0.1-4ubuntu5.6 ?

I just rebuilt 1.0.1-4ubuntu5.5 package and it does not seem to be enough. Is my problem due to something else or shoud I consider another version and/or other package(s) too ?

I am currently looking for a short-term hack to make seems work on my machines ...

This bug was fixed in the package openssl - 1.0.1-4ubuntu5.7

---------------
openssl (1.0.1-4ubuntu5.7) precise-security; urgency=low

  * REGRESSION FIX: decryption errors on AES-NI hardware (LP: #1134873,
    LP: #1133333)
    - debian/patches/CVE-2013-0169.patch: disabled for now until fix is
      available from upstream.
 -- Marc Deslauriers <email address hidden> Thu, 28 Feb 2013 11:00:13 -0500

This bug was fixed in the package openssl - 1.0.1c-3ubuntu2.2

---------------
openssl (1.0.1c-3ubuntu2.2) quantal-security; urgency=low

  * REGRESSION FIX: decryption errors on AES-NI hardware (LP: #1134873,
    LP: #1133333)
    - debian/patches/CVE-2013-0169.patch: disabled for now until fix is
      available from upstream.
 -- Marc Deslauriers <email address hidden> Thu, 28 Feb 2013 10:56:42 -0500

This bug was fixed in the package openssl - 1.0.1c-4ubuntu5

---------------
openssl (1.0.1c-4ubuntu5) raring; urgency=low

  * REGRESSION FIX: decryption errors on AES-NI hardware (LP: #1134873,
    LP: #1133333)
    - debian/patches/CVE-2013-0169.patch: disabled for now until fix is
      available from upstream.
 -- Marc Deslauriers <email address hidden> Thu, 28 Feb 2013 11:01:29 -0500

I noticed http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701868 Debian bug report which seems to be related. It now seems fixed for Ubuntu but not for Debian.
Is this the case ?
May the problem occur if the package is installed server-side ?

Just to be clear, we've fixed it in Ubuntu by reverting the security patch until we get a fix that doesn't contain this regression.

Yes, we've seen similar problems when openssl is updated with the problematic fix on servers.

We have updated openssl packages for Precise and Quantal that now re-enable the security fix, along with an extra commit from upstream that should fix the regressions people were seeing. The packages are currently in the security team PPA here:

https://launchpad.net/~ubuntu-security-proposed/+archive/ppa/+packages

I would appreciate if you could test these updated packages and report if they work in your specific environment, and don't contain the regression you previously reported.

Thanks.

to comment#19:

1.0.1c-3ubuntu2.3 seems to work fine, I can't reproduce the problem with it.

Thanks.