[gnutls-dev][andreas.trottmann@werft22.com: Bug#183176: libgnutls5: Crypts wrong on alpha]
Ivo Timmermans
ivo@o2w.nl
Mon Mar 3 18:52:01 2003
FYI:
----- Forwarded message from "Andreas U. Trottmann" <andreas.trottmann@werft22.com> -----
Subject: Bug#183176: libgnutls5: Crypts wrong on alpha
Reply-To: "Andreas U. Trottmann" <andreas.trottmann@werft22.com>,
183176@bugs.debian.org
From: "Andreas U. Trottmann" <andreas.trottmann@werft22.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Date: Mon, 03 Mar 2003 01:40:50 +0100
X-Spam-Status: No, hits=-6.5 required=5.0 tests=SENT_BY_BTS,FORGED_RCVD_FOUND,AWL version=2.20
Package: libgnutls5
Version: 0.8.1-0mywoody1
Severity: normal
On (at least) alpha, gnutls seems to be broken. While it generally can
communicate fine for short transactions, after a couple of kilobytes of
data transferred it either generates something the other side can't
decode, or it can't decode something received by the other side.
I'm reporting the bug against a self-compiled backport of libgnutls5
0.8.1-1 to woody, but it also is present in (at least) the libgnutls3
shipped with woody, and presumably also with the "official" sid 0.8.1-1.
I can't test this for lack of a sid alpha system, however.
The bug can be reproduced easily, for example using one of the following
methods:
* read your mail on an alpha machine with mutt on an IMAP server over ssl.
After some succesful reading you *will* get
"tls_socket_read (Decryption of the TLS record packet has failed.)"
and your IMAP connection will be aborted
- or -
* create a text file of some MB (for example uuencode your linux
kernel > bigfile). Then, on an i386 machine, run "gnutls-serv".
On an alpha machine, run "gnutls-cli -p 5556 < bigfile i386.host.name"
You will get, after some successful data transmission, on the server:
"*** gnutls error[-24]: Decryption of the TLS record packet has failed.
(recv)"
and on the client:
"*** Received corrupted data(-10) - server has terminated the connection
abnormally"
- or -
* on any machine (tested: i386 and alpha): create a example certificate,
put it in a file "server.crt", then run "openssl s_server".
Then, on your alpha machine, run "gnutls-cli -p 4433 < bigfile
server.host.name"
On the server you will soon get
"21579:error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed
or bad record mac:s3_pkt.c:457:"
and on the client you will again get
"*** Received corrupted data(-9) - server has terminated the
connection abnormally"
To me, the facts that gnutls(alpha) to gnutls(i386) fails as well as
gnutls(alpha) to openssl(alpha) makes it look like gnutls has some
issues on alpha, maybe regarding some effects of the 64 bit architecture.
Interestingly, gnutls(alpha) to gnutls(alpha) seems to work fine. So,
apparently, the bug seems to affect encoding and decoding equally.
-- System Information
Debian Release: 3.0
Architecture: alpha
Kernel: Linux clockwork 2.2.22 #2 Mon Oct 7 12:16:31 CEST 2002 alpha
Locale: LANG=de_CH.ISO-8859-1, LC_CTYPE=de_CH.ISO-8859-1
Versions of packages libgnutls5 depends on:
ii libc6.1 2.2.5-11.2 GNU C Library: Shared libraries an
ii libgcrypt1 1.1.12-0mywoody1 LGPL Crypto library - runtime libr
ii liblzo1 1.07-1 A real-time data compression libra
ii libopencdk4 1:0.4.2-0mywoody3 Open Crypto Development Kit (OpenC
ii libpopt0 1.6.2-7 lib for parsing cmdline parameters
ii libtasn1-0 0.1.2-0mywoody1 Manage ASN.1 structures (runtime)
ii zlib1g 1:1.1.4-1 compression library - runtime
----- End forwarded message -----
Ivo
--
No, I just like to run around and scream real loud!
- Dee Dee