openssl: Sporadic KTLS failures

While testing my RFC 8449 patch #18248 with KTLS enabled system I became aware of a sporadic test failure, that turns out to be also there without my patch. I’ve been able to reproduce with master ecb1ed1b0e5aea5b71e8a98e95b6f9f022d61c89 ./config enable-ktls I use Linux version 5.4.0-109-lowlatency (buildd@ubuntu) (gcc version 9.4.0 (Ubuntu 9.4.0-1ubuntu1~20.04.1)) #123-Ubuntu SMP PREEMPT Fri Apr 8 09:52:18 UTC 2022

I see the following test failure in make test TESTS=test_sslapi V=1 but not easily reproducible:

    # Subtest: test_ktls
    1..24
    ok 1 - iteration 1
    ok 2 - iteration 2
    ok 3 - iteration 3
    ok 4 - iteration 4
    ok 5 - iteration 5
    ok 6 - iteration 6
    ok 7 - iteration 7
    ok 8 - iteration 8
    ok 9 - iteration 9
    ok 10 - iteration 10
    ok 11 - iteration 11
    ok 12 - iteration 12
    ok 13 - iteration 13
    # ERROR: (bool) 'ping_pong_query(clientssl, serverssl) == true' failed @ test/sslapitest.c:1271
    # false
    # 80D262C18C7F0000:error:0A000119:SSL routines:ssl3_get_record:decryption failed or bad record mac:ssl/record/ssl3_record.c:224:
    # 80D262C18C7F0000:error:0A000197:SSL routines:SSL_shutdown:shutdown while in init:ssl/ssl_lib.c:2245:
    # OPENSSL_TEST_RAND_ORDER=1652172508
    not ok 14 - iteration 14
    # ERROR: (bool) 'ping_pong_query(clientssl, serverssl) == true' failed @ test/sslapitest.c:1271
    # false
    # 80D262C18C7F0000:error:0A000119:SSL routines:ssl3_get_record:decryption failed or bad record mac:ssl/record/ssl3_record.c:224:
    # 80D262C18C7F0000:error:0A000197:SSL routines:SSL_shutdown:shutdown while in init:ssl/ssl_lib.c:2245:
    # OPENSSL_TEST_RAND_ORDER=1652172508
    not ok 15 - iteration 15
    # ERROR: (bool) 'ping_pong_query(clientssl, serverssl) == true' failed @ test/sslapitest.c:1271
    # false
    # 80D262C18C7F0000:error:0A000119:SSL routines:ssl3_get_record:decryption failed or bad record mac:ssl/record/ssl3_record.c:224:
    # 80D262C18C7F0000:error:0A000197:SSL routines:SSL_shutdown:shutdown while in init:ssl/ssl_lib.c:2245:
    # OPENSSL_TEST_RAND_ORDER=1652172508
    not ok 16 - iteration 16
    ok 17 - iteration 17
    # SKIP:  @ test/sslapitest.c:1265
    # KTLS not supported for TLS 1.3 cipher TLS_AES_128_CCM_SHA256
    ok 18 - iteration 18 # skipped
    # SKIP:  @ test/sslapitest.c:1265
    # KTLS not supported for TLS 1.3 cipher TLS_AES_128_CCM_SHA256
    ok 19 - iteration 19 # skipped
    # SKIP:  @ test/sslapitest.c:1265
    # KTLS not supported for TLS 1.3 cipher TLS_AES_128_CCM_SHA256
    ok 20 - iteration 20 # skipped
    ok 21 - iteration 21
    # ERROR: (bool) 'ping_pong_query(clientssl, serverssl) == true' failed @ test/sslapitest.c:1271
    # false
    # 80D262C18C7F0000:error:0A000119:SSL routines:ssl3_get_record:decryption failed or bad record mac:ssl/record/ssl3_record.c:224:
    # 80D262C18C7F0000:error:0A000197:SSL routines:SSL_shutdown:shutdown while in init:ssl/ssl_lib.c:2245:
    # OPENSSL_TEST_RAND_ORDER=1652172508
    not ok 22 - iteration 22
    # ERROR: (bool) 'ping_pong_query(clientssl, serverssl) == true' failed @ test/sslapitest.c:1271
    # false
    # 80D262C18C7F0000:error:0A000119:SSL routines:ssl3_get_record:decryption failed or bad record mac:ssl/record/ssl3_record.c:224:
    # 80D262C18C7F0000:error:0A000197:SSL routines:SSL_shutdown:shutdown while in init:ssl/ssl_lib.c:2245:
    # OPENSSL_TEST_RAND_ORDER=1652172508
    not ok 23 - iteration 23
    # ERROR: (bool) 'ping_pong_query(clientssl, serverssl) == true' failed @ test/sslapitest.c:1271
    # false
    # 80D262C18C7F0000:error:0A000119:SSL routines:ssl3_get_record:decryption failed or bad record mac:ssl/record/ssl3_record.c:224:
    # 80D262C18C7F0000:error:0A000197:SSL routines:SSL_shutdown:shutdown while in init:ssl/ssl_lib.c:2245:
    # OPENSSL_TEST_RAND_ORDER=1652172508
    not ok 24 - iteration 24
# OPENSSL_TEST_RAND_ORDER=1652172508
not ok 1 - test_ktls

It does only happen very rarely, and so far only immedeatly after the full buitd. It is always in the TLS1.3 tests with TLS_AES_128_GCM_SHA256 and TLS_AES_256_GCM_SHA384.

About this issue

Original URL
State: open
Created 2 years ago
Comments: 17 (17 by maintainers)

Commits related to this issue

Fix sporadic KTLS RX failures Disable the KTLS RX path, since that may cause bad record mac errors for unknown reasons. Fixes #18276 — committed to bernd-edlinger/openssl by bernd-edlinger 2 years ago

Most upvoted comments

EBADMSG means that the kernel failed a record due to one of its internal checks (header validation, MAC mismatch, etc.). I don’t know if Linux provides counters or logs for the specific error checks it performs, but I would start with checking that (perhaps adding new counters or traces in a local kernel patch while reproducing). I have never seen sporadic failures myself, but I work on KTLS on FreeBSD and this might very well be an OS-specific issue if the kernel is failing a valid record incorrectly.

bsdjhb on May 17, 2022