[gnutls-dev] GNUTLS_E_INTERNAL_ERROR in _gnutls_ciphertext2compressed
Ludovic Courtès
ludovic.courtes at laas.fr
Thu Nov 15 15:06:27 CET 2007
With the attached patch against 2.0.1 (your 2 fixes + additional
`gnutls assert's) and `NULL' encryption, I nailed it down to this part
of `gnutls_cipher.c':
/* This one was introduced to avoid a timing attack against the TLS
* 1.0 protocol.
*/
if (pad_failed != 0)
{
gnutls_assert (); /* <-- This is where we fail */
return pad_failed;
}
That's the first `assert' I see, which seems to indicate that PAD_FAILED
was set here:
/* Check the pading bytes (TLS 1.x)
*/
if (ver >= GNUTLS_TLS1 && pad_failed == 0)
for (i = 2; i < pad; i++)
{
if (ciphertext.data[ciphertext.size - i] !=
ciphertext.data[ciphertext.size - 1])
pad_failed = GNUTLS_E_DECRYPTION_FAILED;
}
It's pretty hard for me to debug this on a Nokia so I hope you'll come
up with a bright idea. :-)
Thanks,
Ludovic.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ,,maemo.diff
Type: text/x-patch
Size: 5612 bytes
Desc: The patch
Url : /pipermail/attachments/20071115/a43a99cf/attachment-0001.bin
More information about the Gnutls-dev
mailing list