Closed krizhanovsky closed 2 years ago
Just checked that the issue is still here:
# ./run_tests.py -n tls.test_tls_cert.TlsCertSelect
...
----------------------------------------------------------------------
Running functional tests...
----------------------------------------------------------------------
test_vhost_cert_selection (tls.test_tls_cert.TlsCertSelect) ... /root/tempesta-test/tls/scapy_ssl_tls/ssl_tls_crypto.py:1093: UserWarning: Verification of GCM tag failed: MAC check failed
warnings.warn("Verification of GCM tag failed: %s" % why)
ok
----------------------------------------------------------------------
Ran 1 test in 4.833s
OK
# ./run_tests.py -n tls.test_tls_cert.TlsCertSelect
.....
----------------------------------------------------------------------
Running functional tests...
----------------------------------------------------------------------
test_vhost_cert_selection (tls.test_tls_cert.TlsCertSelect) ... /root/tempesta-test/tls/scapy_ssl_tls/ssl_tls_crypto.py:1093: UserWarning: Verification of GCM tag failed: MAC check failed
warnings.warn("Verification of GCM tag failed: %s" % why)
ERROR
======================================================================
ERROR: test_vhost_cert_selection (tls.test_tls_cert.TlsCertSelect)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/root/tempesta-test/framework/tester.py", line 340, in tearDown
raise Exception("%s happened during test on Tempesta" % err)
Exception: WARNING happened during test on Tempesta
----------------------------------------------------------------------
Ran 1 test in 4.463s
FAILED (errors=1)
Versions of the tests and Tempesta:
# cd ~/tempesta-test && git log|head -1
commit f09b12988cb65be26e438bda428dc9b2246d7ded
# cd ~/tempesta && git log|head -1
commit b54724134d28102e75ea2a5399598fd19fecba89
# pip list
Package Version
---------------------- -------------
appdirs 1.4.4
attrs 21.2.0
Automat 20.2.0
awscli 1.25.18
Babel 2.8.0
backcall 0.2.0
bcrypt 3.2.0
beautifulsoup4 4.10.0
beniget 0.4.1
blinker 1.4
boto 2.49.0
botocore 1.27.18
Brotli 1.0.9
certifi 2020.6.20
chardet 4.0.0
click 8.0.3
cloud-init 22.2
colorama 0.4.4
command-not-found 0.3
configobj 5.0.6
constantly 15.1.0
cryptography 3.4.8
cycler 0.11.0
dbus-python 1.2.18
decorator 4.4.2
distro 1.7.0
distro-info 1.1build1
docutils 0.16
fonttools 4.29.1
fs 2.4.12
future 0.18.2
gast 0.5.2
gyp 0.1
h2 4.1.0
hpack 4.0.0
html5lib 1.1
httplib2 0.20.2
hyperframe 6.0.1
hyperlink 21.0.0
idna 3.3
importlib-metadata 4.6.4
incremental 21.3.0
ipython 7.31.1
jedi 0.18.0
jeepney 0.7.1
Jinja2 3.0.3
jmespath 1.0.1
jsonpatch 1.32
jsonpointer 2.0
jsonschema 3.2.0
keyring 23.5.0
kiwisolver 1.3.2
launchpadlib 1.10.16
lazr.restfulclient 0.14.4
lazr.uri 1.0.6
lxml 4.8.0
lz4 3.1.3+dfsg
MarkupSafe 2.0.1
matplotlib 3.5.1
matplotlib-inline 0.1.3
more-itertools 8.10.0
mpmath 0.0.0
netifaces 0.11.0
numpy 1.21.5
oauthlib 3.2.0
olefile 0.46
packaging 21.3
paramiko 2.9.3
parso 0.8.1
pexpect 4.8.0
pickleshare 0.7.5
Pillow 9.0.1
pip 22.0.2
ply 3.11
prompt-toolkit 3.0.28
ptyprocess 0.7.0
pyasn1 0.4.8
pyasn1-modules 0.2.1
pycryptodome 3.15.0
pycryptodomex 3.15.0
Pygments 2.11.2
PyGObject 3.42.0
PyHamcrest 2.0.2
PyJWT 2.3.0
pymacaroons 0.13.0
PyNaCl 1.5.0
pyOpenSSL 21.0.0
pyparsing 2.4.7
pyrsistent 0.18.1
pyserial 3.5
python-apt 2.3.0+ubuntu2
python-dateutil 2.8.1
python-debian 0.1.43ubuntu1
pythran 0.10.0
pytz 2022.1
PyYAML 5.4.1
requests 2.25.1
roman 3.3
rsa 4.7.2
s3transfer 0.6.0
scapy 2.4.4
scipy 1.8.0
SCons 4.0.1
SecretStorage 3.3.1
service-identity 18.1.0
setuptools 59.6.0
six 1.16.0
sos 4.3
soupsieve 2.3.1
ssh-import-id 5.11
subprocess32 3.5.4
sympy 1.9
systemd-python 234
tinyec 0.4.0
traitlets 5.1.1
Twisted 22.1.0
ubuntu-advantage-tools 27.9
ufoLib2 0.13.1
ufw 0.36.1
unattended-upgrades 0.1
unicodedata2 14.0.0
urllib3 1.26.5
wadllib 1.3.6
wcwidth 0.2.5
webencodings 0.5.1
websockets 10.3
wheel 0.37.1
wrk 0.3.2
zipp 1.0.0
zope.interface 5.4.0
I made one for unsuccessful test run, i.e. in total there were 1 first successful run followed by 2 unsuccessful. I noticed that there were 2 call traces in big integer arithmetics, so I suppose the problem is on the Tempesta TLS side. See the attached fill serial console log serial-ubuntu.txt
This is ttls_mpi_shift_l()
call at https://github.com/tempesta-tech/tempesta/blob/master/tls/bignum.c#L988
I ran the fix from https://github.com/tempesta-tech/tempesta/pull/1694 20 times for the test and didn't notice a failure.
Warning on tls.test_tls_cert.TlsCertSelect
occurs for some of generated certificates. https://github.com/tempesta-tech/tempesta/issues/1683 has example of a certificate causing a warning.
On latest master branches of tempesta-fw and tempesta-test this test fail in all runs - i disable it with issue
The issue is fixed in https://github.com/tempesta-tech/tempesta/pull/1694
The test may fail or not on the current master as of 8efb2353a2b89a542de4e1783f9913fc32b924a7 and Tempesta FW master 1414cf5c285b6fe4acae09c6d1d6f244250d17eb :