openssl: several tests newly fail with 3.2 on ppc64le

System: Chimera Linux ppc64le, clang 17.x, musl libc; hardware is POWER9. This is our build template for openssl: https://github.com/chimera-linux/cports/blob/93f6a0f00cc8bde9ee10f695210b2d5e78045040/main/openssl/template.py

On our builder: https://build.chimera-linux.org/#/builders/3/builds/988/steps/5/logs/pkg_main_openssl_3_2_0-r0

Several tests are newly failing. I’m not entirely sure what to make of it (other architectures appear fine, e.g. x86_64, aarch64, and actually even big endian ppc64). The 3.1.4 release does not fail on any architecture.

Log download in case the above log gets purged: https://0x0.st/Hxiy.log

Just the relevant stuff:

( SRCTOP=.  BLDTOP=.  PERL="/usr/bin/perl"  FIPSKEY="f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813"  EXE_EXT=  /usr/bin/perl ./test/run_tests.pl -test_afalg )
Using HARNESS_JOBS=72
00-prep_fipsmodule_cnf.t .. skipped: FIPS module config file only supported in a fips build
Files=1, Tests=0,  1 wallclock secs ( 0.01 usr  0.00 sys +  0.32 cusr  0.01 csys =  0.34 CPU)
Result: NOTESTS
99-test_fuzz_asn1.t ..................... ok
01-test_abort.t ......................... ok
99-test_fuzz_asn1parse.t ................ ok
99-test_fuzz_bignum.t ................... ok
99-test_fuzz_bndiv.t .................... ok
99-test_fuzz_client.t ................... ok
99-test_fuzz_conf.t ..................... ok
99-test_fuzz_crl.t ...................... ok
99-test_fuzz_decoder.t .................. ok
99-test_fuzz_pem.t ...................... ok
99-test_fuzz_punycode.t ................. ok
99-test_fuzz_server.t ................... ok
99-test_fuzz_smime.t .................... ok
99-test_fuzz_cmp.t ...................... ok
99-test_fuzz_v3name.t ................... ok
99-test_fuzz_quic_client.t .............. ok
99-test_fuzz_cms.t ...................... ok
99-test_fuzz_ct.t ....................... ok
02-test_list.t .......................... ok
02-test_internal_keymgmt.t .............. ok
02-test_localetest.t .................... ok
02-test_ordinals.t ...................... ok
99-test_fuzz_x509.t ..................... ok
01-test_fipsmodule_cnf.t ................ skipped: Test only supported in a fips build
02-test_internal_exts.t ................. ok
04-test_params_conversion.t ............. ok
02-test_internal_context.t .............. ok
02-test_internal_provider.t ............. ok
02-test_sparse_array.t .................. ok
02-test_stack.t ......................... ok
02-test_time.t .......................... ok
03-test_exdata.t ........................ ok
03-test_internal_asn1_dsa.t ............. ok
04-test_provider.t ...................... ok
03-test_internal_mdc2.t ................. ok
03-test_internal_asn1.t ................. ok
03-test_internal_bn.t ................... ok
03-test_internal_sm2.t .................. ok
03-test_fipsinstall.t ................... skipped: Test only supported in a fips build
04-test_bio_tfo.t ....................... skipped: This test requires enable-tfo
03-test_internal_namemap.t .............. ok
03-test_internal_sm3.t .................. ok
03-test_internal_ssl_cert_table.t ....... ok
04-test_asn1_string_table.t ............. ok
03-test_ui.t ............................ ok
04-test_bio_callback.t .................. ok
04-test_bio_core.t ...................... ok
04-test_membio.t ........................ ok
04-test_nodefltctx.t .................... ok
04-test_asn1_decode.t ................... ok
04-test_err.t ........................... ok
04-test_provider_fallback.t ............. ok
04-test_provider_default_search_path.t .. ok
04-test_pem_read_depr.t ................. ok
04-test_upcalls.t ....................... ok
04-test_provfetch.t ..................... ok
04-test_conf.t .......................... ok
04-test_hexstring.t ..................... ok
05-test_cmac.t .......................... ok
03-test_internal_x509.t ................. ok
05-test_pbe.t ........................... ok
04-test_param_build.t ................... ok
05-test_idea.t .......................... ok
07-test_bio_comp.t ...................... skipped: No compression algorithms
05-test_rc5.t ........................... skipped: rc5 is not supported by this OpenSSL build
03-test_internal_poly1305.t ............. ok
05-test_hmac.t .......................... ok
03-test_internal_sm4.t .................. ok
04-test_provider_pkey.t ................. ok
05-test_rc2.t ........................... ok
03-test_internal_curve448.t ............. ok
04-test_asn1_encode.t ................... ok
06-test_rdcpu_sanity.t .................. ok
01-test_sanity.t ........................ ok
04-test_punycode.t ...................... ok
04-test_bio_dgram.t ..................... ok
04-test_bioprint.t ...................... ok
04-test_params.t ........................ ok
03-test_internal_modes.t ................ ok
20-test_cli_fips.t ...................... skipped: Test only supported in a fips build with security checks
30-test_acvp.t .......................... skipped: ACVP is not supported by this test
03-test_internal_rsa_sp800_56b.t ........ ok
30-test_defltfips.t ..................... ok
30-test_aesgcm.t ........................ ok
15-test_sha.t ........................... ok
05-test_cast.t .......................... ok
15-test_out_option.t .................... ok
20-test_legacy_okay.t ................... ok
05-test_bf.t ............................ ok
20-test_rand_config.t ................... ok
25-test_rusext.t ........................ ok
15-test_dh.t ............................ ok
15-test_rsaoaep.t ....................... ok
25-test_sid.t ........................... ok
05-test_rc4.t ........................... ok
15-test_rsax931.t ....................... ok
03-test_property.t ...................... ok
25-test_verify_store.t .................. ok
20-test_spkac.t ......................... ok
25-test_eai_data.t ...................... ok
25-test_pkcs7.t ......................... ok
25-test_pkcs8.t ......................... ok
20-test_kdf.t ........................... ok
25-test_crl.t ........................... ok
30-test_pairwise_fail.t ................. skipped: These tests are unsupported in a non fips build
25-test_d2i.t ........................... ok
60-test_x509_dup_cert.t ................. ok
03-test_internal_siphash.t .............. ok
15-test_rsapss.t ........................ ok
30-test_pbelu.t ......................... ok
61-test_bio_prefix.t .................... ok
15-test_genrsa.t ........................ ok
30-test_pkey_meth.t ..................... ok
20-test_mac.t ........................... ok
30-test_engine.t ........................ ok
30-test_pkey_meth_kdf.t ................. ok
06-test_algorithmid.t ................... ok
20-test_passwd.t ........................ ok
05-test_des.t ........................... ok
65-test_cmp_status.t .................... ok
02-test_lhash.t ......................... ok
30-test_prov_config.t ................... ok
20-test_dgst.t .......................... ok
30-test_hpke.t .......................... ok
05-test_rand.t .......................... ok
61-test_bio_addr.t ...................... ok
30-test_evp_pkey_dparam.t ............... ok
65-test_cmp_asn.t ....................... ok
30-test_provider_status.t ............... ok
02-test_internal_ctype.t ................ ok
65-test_cmp_hdr.t ....................... ok
30-test_evp_kdf.t ....................... ok
40-test_rehash.t ........................ ok
60-test_x509_store.t .................... ok
65-test_cmp_server.t .................... ok
61-test_bio_readbuffer.t ................ ok
66-test_ossl_store.t .................... ok
04-test_encoder_decoder_legacy.t ........ ok
65-test_cmp_protect.t ................... ok
04-test_pem_reading.t ................... ok
70-test_bad_dtls.t ...................... ok
70-test_asyncio.t ....................... ok
60-test_x509_check_cert_pkey.t .......... ok
20-test_pkeyutl.t ....................... ok
70-test_clienthello.t ................... ok
70-test_quic_fifd.t ..................... ok
70-test_quic_cfq.t ...................... ok
20-test_dhparam.t ....................... ok
70-test_quic_txpim.t .................... ok
70-test_quic_fc.t ....................... ok
70-test_packet.t ........................ ok
70-test_recordlen.t ..................... ok
20-test_app.t ........................... ok
03-test_params_api.t .................... ok
70-test_servername.t .................... ok
30-test_evp_fetch_prov.t ................ ok
70-test_tls13certcomp.t ................. skipped: test_tls13certcomp needs compression and algorithms enabled
70-test_quic_tserver.t .................. ok
70-test_wpacket.t ....................... ok
70-test_verify_extra.t .................. ok
30-test_evp_pkey_dhkem.t ................ ok
65-test_cmp_ctx.t ....................... ok
15-test_dsa.t ........................... ok
75-test_quic_cc.t ....................... ok
71-test_ssl_ctx.t ....................... ok
70-test_quic_wire.t ..................... ok
60-test_x509_time.t ..................... ok
65-test_cmp_msg.t ....................... ok
79-test_http.t .......................... ok
15-test_gendh.t ......................... ok
01-test_test.t .......................... ok
15-test_rsa.t ........................... ok
80-test_cipherbytes.t ................... ok
80-test_ciphername.t .................... ok
03-test_internal_ffc.t .................. ok
80-test_cipherlist.t .................... ok
70-test_sslskewith0p.t .................. ok
80-test_cmsapi.t ........................ ok
04-test_encoder_decoder.t ............... ok
15-test_genpkey.t ....................... ok
70-test_tls13alerts.t ................... ok
80-test_dane.t .......................... ok
80-test_ca_internals.t .................. ok
80-test_ct.t ............................ ok
80-test_dtlsv1listen.t .................. ok
02-test_errstr.t ........................ ok
10-test_bn.t ............................ ok
82-test_tfo_cli.t ....................... skipped: test_tfo_cli needs tfo enabled
80-test_policy_tree.t ................... ok
03-test_internal_ec.t ................... ok
75-test_quic_ackm.t ..................... ok
65-test_cmp_vfy.t ....................... ok
80-test_x509aux.t ....................... ok
70-test_quic_record.t ................... ok
90-test_async.t ......................... ok
75-test_quicapi.t ....................... ok
80-test_ssl_test_ctx.t .................. ok
70-test_quic_txp.t ...................... ok
01-test_symbol_presence.t ............... ok
80-test_dtls_mtu.t ...................... ok
25-test_x509.t .......................... ok
90-test_cert_comp.t ..................... skipped: Certificate compression is disabled in this OpenSSL build
90-test_bio_memleak.t ................... ok
90-test_memleak.t ....................... ok
90-test_fatalerr.t ...................... ok
90-test_fipsload.t ...................... skipped: Test is disabled with disabled fips
90-test_bio_enc.t ....................... ok
80-test_sslcorrupt.t .................... ok
70-test_sslcertstatus.t ................. ok
15-test_gendhparam.t .................... ok
90-test_secmem.t ........................ ok
90-test_ige.t ........................... ok
90-test_store_cases.t ................... ok
90-test_sysdefault.t .................... ok
65-test_cmp_client.t .................... ok
90-test_sslbuffers.t .................... ok
90-test_shlibload.t ..................... ok
90-test_quicfaults.t .................... ok
90-test_tls13ccs.t ...................... ok
90-test_includes.t ...................... ok
90-test_time_offset.t ................... ok
90-test_threads.t ....................... ok
90-test_tls13secrets.t .................. ok
90-test_asn1_time.t ..................... ok
95-test_external_cf_quiche.t ............ skipped: No external tests in this configuration
95-test_external_tlsfuzzer.t ............ skipped: No external tests in this configuration
95-test_external_gost_engine.t .......... skipped: No external tests in this configuration
90-test_trace_api.t ..................... ok
95-test_external_oqsprovider.t .......... skipped: No external tests in this configuration
95-test_external_krb5.t ................. skipped: No external tests in this configuration
95-test_external_pyca.t ................. skipped: No external tests in this configuration
99-test_ecstress.t ...................... ok
10-test_exp.t ........................... ok
90-test_tls13encryption.t ............... ok
15-test_dsaparam.t ...................... ok
70-test_quic_stream.t ................... ok
90-test_v3name.t ........................ ok
20-test_dhparam_check.t ................. ok
90-test_constant_time.t ................. ok
90-test_srp.t ........................... ok
81-test_cmp_cli.t ....................... ok
15-test_mp_rsa.t ........................ ok
91-test_pkey_check.t .................... ok
80-test_tsa.t ........................... ok
70-test_tls13cookie.t ................... ok
25-test_req.t ........................... ok
15-test_gendsa.t ........................ ok
90-test_overhead.t ...................... ok
25-test_verify.t ........................ ok
20-test_enc.t ........................... ok
70-test_sslvertol.t ..................... ok
70-test_comp.t .......................... ok
80-test_ocsp.t .......................... ok
70-test_certtypeext.t ................... ok
80-test_ca.t ............................ ok
70-test_tls13hrr.t ...................... ok
30-test_evp_extra.t ..................... ok
../../util/wrap.pl ../../test/sslapitest ../../test/certs ../../test/recipes/90-test_sslapi_data/passwd.txt /tmp/VQdict_XmU default ../../test/default.cnf ../../test/recipes/90-test_sslapi_data/dhparams.pem => 139
not ok 1 - running sslapitest
# ------------------------------------------------------------------------------20-test_enc_more.t ...................... ok
# Looks like you failed 1 test of 4.90-test_sslapi.t ........................ 
Dubious, test returned 1 (wstat 256, 0x100)
Failed 1/4 subtests 
	(less 2 skipped subtests: 1 okay)
70-test_sslsignature.t .................. ok
03-test_internal_chacha.t ............... ok
70-test_tls13downgrade.t ................ ok
70-test_tls13psk.t ...................... ok
30-test_evp_pkey_provided.t ............. ok
80-test_cms.t ........................... ok
70-test_sslcbcpadding.t ................. ok
70-test_renegotiation.t ................. ok
80-test_ssl_old.t ....................... ok
70-test_sslextension.t .................. ok
90-test_gmdiff.t ........................ ok
70-test_sslversions.t ................... ok
70-test_quic_multistream.t .............. ok
15-test_ec.t ............................ ok
80-test_pkcs12.t ........................ ok
30-test_evp_libctx.t .................... ok
70-test_tls13kexmodes.t ................. ok

Engine "ossltest" set.
Connecting to ::1
Connection opened
Received client packet
Packet length = 420
Processing flight 0
 Record 1 (client -> server)
  Content type: HANDSHAKE
  Version: TLS1.0
  Length: 415
  Message type: ClientHello
  Message Length: 411
    Client Version:771
    Session ID Len:32
    Ciphersuite len:56
    Compression Method Len:1
    Extensions Len:282
Forwarded packet length = 420
Received server packet
Packet length = 173
Processing flight 1
 Record 1 (server -> client)
  Content type: HANDSHAKE
  Version: TLS1.2
  Length: 89
  Message type: ServerHello
  Message Length: 85
    Server Version:771
    Session ID Len:32
    Ciphersuite:47
    Compression Method:0
    Extensions Len:13
 Record 2 (server -> client)
  Content type: CCS
  Version: TLS1.2
  Length: 1
 Record 3 (server -> client)
  Content type: HANDSHAKE
  Version: TLS1.2
  Length: 68
  Message type: Finished
  Message Length: 12
Forwarded packet length = 173
Received client packet
Packet length = 79
Processing flight 2
 Record 1 (client -> server)
  Content type: CCS
  Version: TLS1.2
  Length: 1
 Record 2 (client -> server)
  Content type: HANDSHAKE
  Version: TLS1.2
  Length: 68
  Message type: Finished
  Message Length: 12
Forwarded packet length = 79
No progress made at /builddir/openssl-3.2.0/util/perl/TLSProxy/Proxy.pm line %, <> line 21.
# Looks like your test exited with 255 just after 7.
CONNECTED(00000003)
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
IENBMCAXDTE2MDExNDIyMjk0NloYDzIxMTYwMTE1MjIyOTQ2WjAZMRcwFQYDVQQD
DA5zZXJ2ZXIuZXhhbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
ANVdYGrf/GHuSKqMEUhDpW22Ul2qmEmxYZI1sfw6BCUMbXn/tNXJ6VwcO+Crs7h9
o95tveDd11q/FEcRQl6mgtBhwX/dE0bmCYUHDvLU/Bpk0gqtIKsga5bwrczEGVNV
3AEdpLPvirRJU12KBRzx3OFEv8XX4ncZV1yXC3XuiENxD8pswbSyUKd3RmxYDxG/
8XYkWq45QrdRZynh0FUwbxfkkeqt+CjCQ2+iZKn7nZiSYkg+6w1PgkqK/z9y7pa1
rqHBmLrvfZB1bf9aUp6r9cB+0IdD24UHBw99OHr90dPuZR3T6jlqhzfuStPgDW71
cKzCvfFu85KVXqnwoWWVk40CAwEAAaN9MHswHQYDVR0OBBYEFMDnhL/oWSczELBS
T1FSLwbWwHrNMB8GA1UdIwQYMBaAFHB/Lq6DaFmYBCMqzes+F80k3QFJMAkGA1Ud
EwQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGQYDVR0RBBIwEIIOc2VydmVyLmV4
YW1wbGUwDQYJKoZIhvcNAQELBQADggEBAHvTBEN1ig8RrsT716Ginv4gGNX0LzGI
RrZ1jO7lm5emuaPNYJpGw0iX5Zdo91qGNXPZaZ75X3S55pQTActq3OPEBOll2pyk
iyjz+Zp/v5cfRZLlBbFW5gv2R94eibYr4U3fSn4B0yPcl4xH/l/HzJhGDsSDW8qK
8VIJvmvsPwmL0JMCv+FR59F+NFYZdND/KCXet59WUpF9ICmFCoBEX3EyJXEPwhbi
X2sdPzJbCjx0HLli8e0HUKNttLQxCsBTRGo6iISLLamwN47mGDa9miBADwGSiz2q
YeeuLO02zToHhnQ6KbPXOrQAqcL1kngO4g+j/ru+4AZThFkdkGnltvk=
-----END CERTIFICATE-----
subject=CN=server.example
issuer=CN=Root CA
---
No client certificate CA names sent
---
SSL handshake has read 173 bytes and written 499 bytes
Verification error: unable to verify the first certificate
---
Reused, SSLv3, Cipher is AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : AES128-SHA
    Session-ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
    Session-ID-ctx: 
    Master-Key: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F000102030405060708090A0B0C0D0E0F
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - 01 02 03 04 05 06 07 08-09 0a 0b 0c 0d 0e 0f 10   ................
    0010 - 01 02 03 04 05 06 07 08-09 0a 0b 0c 0d 0e 0f 10   ................
    0020 - 58 76 ff ae da bb 4c da-12 c8 93 e8 23 4d c7 22   Xv....L.....#M."
    0030 - db fe ba 88 41 b0 e1 d5-cd 43 e4 30 1e a1 91 ab   ....A....C.0....
    0040 - cb 97 55 51 51 dc 8c 7a-fc 81 c0 81 71 cc 3b 82   ..UQQ..z....q.;.
    0050 - 33 e0 1e 92 05 c0 fc 4b-48 b0 fc c3 b4 a4 0c 99   3......KH.......
    0060 - b5 26 3a 25 a2 56 6e 0a-13 d7 db 98 b1 f4 c6 75   .&:%.Vn........u
    0070 - 23 04 a9 bc d9 ca 9a 32-02 f4 7b 8d 1d 49 e8 b5   #......2..{..I..
    0080 - 31 19 b6 a8 18 04 ec 75-dc d1 04 55 de 4d b0 af   1......u...U.M..
    0090 - 00 01 02 03 04 05 06 07-08 09 0a 0b 0c 0d 0e 0f   ................
    00a0 - 10 11 12 13 14 15 16 17-18 19 1a 1b 1c 1d 1e 1f   ................
    Start Time: 1701211416
    Timeout   : 7200 (sec)
    Verify return code: 21 (unable to verify the first certificate)
    Extended master secret: yes
---
101DF584FF3F0000:error:0A000126:SSL routines::unexpected eof while reading:ssl/record/rec_layer_s3.c:646:
CONNECTION ESTABLISHED
Protocol version: TLSv1.2
Client cipher list: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:TLS_EMPTY_RENEGOTIATION_INFO_SCSV
Ciphersuite: AES128-SHA
Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512
No peer certificate or raw public key
Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2
Supported groups: x25519:secp256r1:x448:secp521r1:secp384r1
CONNECTION CLOSED
CONNECTION ESTABLISHED
Protocol version: TLSv1.2
Client cipher list: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:TLS_EMPTY_RENEGOTIATION_INFO_SCSV
Ciphersuite: AES128-SHA
No peer certificate or raw public key
CONNECTION CLOSED
CONNECTION ESTABLISHED
Protocol version: TLSv1.2
Client cipher list: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:TLS_EMPTY_RENEGOTIATION_INFO_SCSV
Ciphersuite: AES128-SHA
No peer certificate or raw public key
CONNECTION CLOSED
   0 items in the session cache
   0 client connects (SSL_connect())
   0 client renegotiates (SSL_connect())
   0 client connects that finished
   3 server accepts (SSL_accept())
   0 server renegotiates (SSL_accept())
   3 server accepts that finished
   2 session cache hits
   0 session cache misses
   0 session cache timeouts
   0 callback cache hits
   0 cache full overflows (20480 allowed)70-test_sslsessiontick.t ................ 
Dubious, test returned 255 (wstat 65280, 0xff00)
Failed 3/10 subtests 
15-test_ecdsa.t ......................... ok

Engine "ossltest" set.
Using default temp DH parameters
ACCEPT [::1]:45685
Server responds on [::1]:45685
Engine "ossltest" set.
Connecting to ::1
Connection opened
Received client packet
Packet length = 154
Processing flight 0
 Record 1 (client -> server)
  Content type: HANDSHAKE
  Version: TLS1.0
  Length: 149
  Message type: ClientHello
  Message Length: 145
    Client Version:771
    Session ID Len:0
    Ciphersuite len:42
    Compression Method Len:1
    Extensions Len:62
Forwarded packet length = 154
Received server packet
Packet length = 1212
Processing flight 1
 Record 1 (server -> client)
  Content type: HANDSHAKE
  Version: TLS1.2
  Length: 69
  Message type: ServerHello
  Message Length: 65
    Server Version:771
    Session ID Len:0
    Ciphersuite:49171
    Compression Method:0
    Extensions Len:25
 Record 2 (server -> client)
  Content type: HANDSHAKE
  Version: TLS1.2
  Length: 819
  Message type: Certificate
  Message Length: 815
    Certificate List Len:812
    Certificate Len:809
 Record 3 (server -> client)
  Content type: HANDSHAKE
  Version: TLS1.2
  Length: 300
  Message type: ServerKeyExchange
  Message Length: 296
 Record 4 (server -> client)
  Content type: HANDSHAKE
  Version: TLS1.2
  Length: 4
  Message type: ServerHelloDone
  Message Length: 0
Forwarded packet length = 1212
depth=0 CN=server.example
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN=server.example
verify error:num=21:unable to verify the first certificate
verify return:1
depth=0 CN=server.example
verify return:1
101D75BDFF3F0000:error:0A000172:SSL routines:tls12_check_peer_sigalg:wrong signature type:ssl/t1_lib.c:1965:
Received client packet
Packet length = 7
Processing flight 2
 Record 1 (client -> server)
  Content type: ALERT
  Version: TLS1.2
  Length: 2
  [2, 40]
Forwarded packet length = 7
No progress made at /builddir/openssl-3.2.0/util/perl/TLSProxy/Proxy.pm line %, <> line 51.
CONNECTED(00000003)
---
Certificate chain
 0 s:CN=server.example
   i:CN=Root CA
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jan 14 22:29:46 2016 GMT; NotAfter: Jan 15 22:29:46 2116 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
IENBMCAXDTE2MDExNDIyMjk0NloYDzIxMTYwMTE1MjIyOTQ2WjAZMRcwFQYDVQQD
DA5zZXJ2ZXIuZXhhbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
ANVdYGrf/GHuSKqMEUhDpW22Ul2qmEmxYZI1sfw6BCUMbXn/tNXJ6VwcO+Crs7h9
o95tveDd11q/FEcRQl6mgtBhwX/dE0bmCYUHDvLU/Bpk0gqtIKsga5bwrczEGVNV
3AEdpLPvirRJU12KBRzx3OFEv8XX4ncZV1yXC3XuiENxD8pswbSyUKd3RmxYDxG/
8XYkWq45QrdRZynh0FUwbxfkkeqt+CjCQ2+iZKn7nZiSYkg+6w1PgkqK/z9y7pa1
rqHBmLrvfZB1bf9aUp6r9cB+0IdD24UHBw99OHr90dPuZR3T6jlqhzfuStPgDW71
cKzCvfFu85KVXqnwoWWVk40CAwEAAaN9MHswHQYDVR0OBBYEFMDnhL/oWSczELBS
T1FSLwbWwHrNMB8GA1UdIwQYMBaAFHB/Lq6DaFmYBCMqzes+F80k3QFJMAkGA1Ud
EwQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGQYDVR0RBBIwEIIOc2VydmVyLmV4
YW1wbGUwDQYJKoZIhvcNAQELBQADggEBAHvTBEN1ig8RrsT716Ginv4gGNX0LzGI
RrZ1jO7lm5emuaPNYJpGw0iX5Zdo91qGNXPZaZ75X3S55pQTActq3OPEBOll2pyk
iyjz+Zp/v5cfRZLlBbFW5gv2R94eibYr4U3fSn4B0yPcl4xH/l/HzJhGDsSDW8qK
8VIJvmvsPwmL0JMCv+FR59F+NFYZdND/KCXet59WUpF9ICmFCoBEX3EyJXEPwhbi
X2sdPzJbCjx0HLli8e0HUKNttLQxCsBTRGo6iISLLamwN47mGDa9miBADwGSiz2q
CONNECTION FAILURE
101D55AFFF3F0000:error:0A000410:SSL routines:ssl3_read_bytes:ssl/tls alert handshake failure:ssl/record/rec_layer_s3.c:861:SSL alert number 40
   0 items in the session cache
   0 client connects (SSL_connect())
   0 client renegotiates (SSL_connect())
   0 client connects that finished
   1 server accepts (SSL_accept())
   0 server renegotiates (SSL_accept())
   0 server accepts that finished
   0 session cache hits
   0 session cache misses
   0 session cache timeouts
   0 callback cache hits
   0 cache full overflows (20480 allowed)
YeeuLO02zToHhnQ6KbPXOrQAqcL1kngO4g+j/ru+4AZThFkdkGnltvk=
-----END CERTIFICATE-----
subject=CN=server.example
issuer=CN=Root CA
---
No client certificate CA names sent
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1203 bytes and written 161 bytes
Verification error: unable to verify the first certificate
---
New, (NONE), Cipher is (NONE)
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1701211420
    Timeout   : 7200 (sec)
    Verify return code: 21 (unable to verify the first certificate)
    Extended master secret: yes
---
# Looks like your test exited with 255 just after 16.70-test_sslsigalgs.t .................... 
Dubious, test returned 255 (wstat 65280, 0xff00)
Failed 10/26 subtests 

Engine "ossltest" set.
Using default temp DH parameters
ACCEPT [::1]:38215
Server responds on [::1]:38215
Engine "ossltest" set.
Connecting to ::1
Connection opened
Received client packet
Packet length = 317
Processing flight 0
 Record 1 (client -> server)
  Content type: HANDSHAKE
  Version: TLS1.0
  Length: 312
  Message type: ClientHello
  Message Length: 308
    Client Version:771
    Session ID Len:32
    Ciphersuite len:62
    Compression Method Len:1
    Extensions Len:173
Forwarded packet length = 317
Received server packet
Packet length = 1349
Processing flight 1
 Record 1 (server -> client)
  Content type: HANDSHAKE
  Version: TLS1.2
  Length: 122
  Message type: ServerHello
  Message Length: 118
    Server Version:771
    Session ID Len:32
    Ciphersuite:4865
    Compression Method:0
    Extensions Len:46
 Record 2 (server -> client)
  Content type: CCS
  Version: TLS1.2
  Length: 1
 Record 3 (server -> client)
  Content type: APPLICATION DATA
  Version: TLS1.2
  Length: 23
  Inner content type: HANDSHAKE
  Message type: EncryptedExtensions
  Message Length: 2
    Extensions Len:0
 Record 4 (server -> client)
  Content type: APPLICATION DATA
  Version: TLS1.2
  Length: 839
  Inner content type: HANDSHAKE
  Message type: Certificate
  Message Length: 818
    Context:
    Certificate List Len:814
    Certificate Len:809
    Extensions Len:0
 Record 5 (server -> client)
  Content type: APPLICATION DATA
  Version: TLS1.2
  Length: 281
  Inner content type: HANDSHAKE
  Message type: CertificateVerify
  Message Length: 260
    SigAlg:2052
    Signature Len:256
 Record 6 (server -> client)
  Content type: APPLICATION DATA
  Version: TLS1.2
  Length: 53
  Inner content type: HANDSHAKE
  Message type: Finished
  Message Length: 32
Forwarded packet length = 1354
depth=0 CN=server.example
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN=server.example
verify error:num=21:unable to verify the first certificate
verify return:1
depth=0 CN=server.example
verify return:1
No progress made at /builddir/openssl-3.2.0/util/perl/TLSProxy/Proxy.pm line %, <> line 51.
101D35BEFF3F0000:error:0A0000B6:SSL routines:tls_process_finished:not on record boundary:ssl/statem/statem_lib.c:869:
CONNECTED(00000003)
---
Certificate chain
 0 s:CN=server.example
   i:CN=Root CA
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jan 14 22:29:46 2016 GMT; NotAfter: Jan 15 22:29:46 2116 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
IENBMCAXDTE2MDExNDIyMjk0NloYDzIxMTYwMTE1MjIyOTQ2WjAZMRcwFQYDVQQD
DA5zZXJ2ZXIuZXhhbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
ANVdYGrf/GHuSKqMEUhDpW22Ul2qmEmxYZI1sfw6BCUMbXn/tNXJ6VwcO+Crs7h9
o95tveDd11q/FEcRQl6mgtBhwX/dE0bmCYUHDvLU/Bpk0gqtIKsga5bwrczEGVNV
3AEdpLPvirRJU12KBRzx3OFEv8XX4ncZV1yXC3XuiENxD8pswbSyUKd3RmxYDxG/
8XYkWq45QrdRZynh0FUwbxfkkeqt+CjCQ2+iZKn7nZiSYkg+6w1PgkqK/z9y7pa1
rqHBmLrvfZB1bf9aUp6r9cB+0IdD24UHBw99OHr90dPuZR3T6jlqhzfuStPgDW71
cKzCvfFu85KVXqnwoWWVk40CAwEAAaN9MHswHQYDVR0OBBYEFMDnhL/oWSczELBS
T1FSLwbWwHrNMB8GA1UdIwQYMBaAFHB/Lq6DaFmYBCMqzes+F80k3QFJMAkGA1Ud
EwQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGQYDVR0RBBIwEIIOc2VydmVyLmV4
YW1wbGUwDQYJKoZIhvcNAQELBQADggEBAHvTBEN1ig8RrsT716Ginv4gGNX0LzGI
RrZ1jO7lm5emuaPNYJpGw0iX5Zdo91qGNXPZaZ75X3S55pQTActq3OPEBOll2pyk
iyjz+Zp/v5cfRZLlBbFW5gv2R94eibYr4U3fSn4B0yPcl4xH/l/HzJhGDsSDW8qK
8VIJvmvsPwmL0JMCv+FR59F+NFYZdND/KCXet59WUpF9ICmFCoBEX3EyJXEPwhbi
X2sdPzJbCjx0HLli8e0HUKNttLQxCsBTRGo6iISLLamwN47mGDa9miBADwGSiz2q
YeeuLO02zToHhnQ6KbPXOrQAqcL1kngO4g+j/ru+4AZThFkdkGnltvk=
-----END CERTIFICATE-----
subject=CN=server.example
issuer=CN=Root CA
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1354 bytes and written 324 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
Server public key is 2048 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 21 (unable to verify the first certificate)
---
# Looks like your test exited with 1 just after 16.
CONNECTION FAILURE
101DB58AFF3F0000:error:0A000126:SSL routines::unexpected eof while reading:ssl/record/rec_layer_s3.c:646:
   0 items in the session cache
   0 client connects (SSL_connect())
   0 client renegotiates (SSL_connect())
   0 client connects that finished
   1 server accepts (SSL_accept())
   0 server renegotiates (SSL_accept())
   0 server accepts that finished
   0 session cache hits
   0 session cache misses
   0 session cache timeouts
   0 callback cache hits
   0 cache full overflows (20480 allowed)70-test_sslrecords.t .................... 
Dubious, test returned 1 (wstat 256, 0x100)
Failed 5/21 subtests 
80-test_dtls.t .......................... ok
02-test_priority_queue.t ................ ok
70-test_tlsextms.t ...................... ok
70-test_key_share.t ..................... ok
90-test_rpk.t ........................... ok
70-test_tls13messages.t ................. ok
70-test_sslmessages.t ................... ok
15-test_ecparam.t ....................... ok
90-test_store.t ......................... ok
30-test_evp.t ........................... ok
80-test_ssl_new.t ....................... ok
80-test_cmp_http.t ...................... ok
15-test_genec.t ......................... ok

Test Summary Report
-------------------
90-test_sslapi.t                      (Wstat: 256 (exited 1) Tests: 4 Failed: 1)
  Failed test:  1
  Non-zero exit status: 1
70-test_sslsessiontick.t              (Wstat: 65280 (exited 255) Tests: 7 Failed: 0)
  Non-zero exit status: 255
  Parse errors: Bad plan.  You planned 10 tests but ran 7.
70-test_sslsigalgs.t                  (Wstat: 65280 (exited 255) Tests: 16 Failed: 0)
  Non-zero exit status: 255
  Parse errors: Bad plan.  You planned 26 tests but ran 16.
70-test_sslrecords.t                  (Wstat: 256 (exited 1) Tests: 16 Failed: 0)
  Non-zero exit status: 1
  Parse errors: Bad plan.  You planned 21 tests but ran 16.
Files=293, Tests=3585, 82 wallclock secs (23.29 usr  2.24 sys + 733.03 cusr 139.80 csys = 898.36 CPU)
Result: FAIL

About this issue

  • Original URL
  • State: open
  • Created 7 months ago
  • Comments: 15 (2 by maintainers)

Most upvoted comments

Another thing which appears to help is disabling LTO.

+1
q66 on Dec 6, 2023
Read more comments on GitHub
← openssl: s_server crashes with "gethostbyname failure" on iOS connect
openssl: Shipping invalid key →