[gnutls-dev][andreas.trottmann at werft22.com: Bug#183176: libgnutls5: Crypts wrong on alpha]
ivo at o2w.nl
Mon Mar 3 18:52:01 CET 2003
----- Forwarded message from "Andreas U. Trottmann" <andreas.trottmann at werft22.com> -----
Subject: Bug#183176: libgnutls5: Crypts wrong on alpha
Reply-To: "Andreas U. Trottmann" <andreas.trottmann at werft22.com>,
183176 at bugs.debian.org
From: "Andreas U. Trottmann" <andreas.trottmann at werft22.com>
To: Debian Bug Tracking System <submit at bugs.debian.org>
Date: Mon, 03 Mar 2003 01:40:50 +0100
X-Spam-Status: No, hits=-6.5 required=5.0 tests=SENT_BY_BTS,FORGED_RCVD_FOUND,AWL version=2.20
On (at least) alpha, gnutls seems to be broken. While it generally can
communicate fine for short transactions, after a couple of kilobytes of
data transferred it either generates something the other side can't
decode, or it can't decode something received by the other side.
I'm reporting the bug against a self-compiled backport of libgnutls5
0.8.1-1 to woody, but it also is present in (at least) the libgnutls3
shipped with woody, and presumably also with the "official" sid 0.8.1-1.
I can't test this for lack of a sid alpha system, however.
The bug can be reproduced easily, for example using one of the following
* read your mail on an alpha machine with mutt on an IMAP server over ssl.
After some succesful reading you *will* get
"tls_socket_read (Decryption of the TLS record packet has failed.)"
and your IMAP connection will be aborted
- or -
* create a text file of some MB (for example uuencode your linux
kernel > bigfile). Then, on an i386 machine, run "gnutls-serv".
On an alpha machine, run "gnutls-cli -p 5556 < bigfile i386.host.name"
You will get, after some successful data transmission, on the server:
"*** gnutls error[-24]: Decryption of the TLS record packet has failed.
and on the client:
"*** Received corrupted data(-10) - server has terminated the connection
- or -
* on any machine (tested: i386 and alpha): create a example certificate,
put it in a file "server.crt", then run "openssl s_server".
Then, on your alpha machine, run "gnutls-cli -p 4433 < bigfile
On the server you will soon get
"21579:error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed
or bad record mac:s3_pkt.c:457:"
and on the client you will again get
"*** Received corrupted data(-9) - server has terminated the
To me, the facts that gnutls(alpha) to gnutls(i386) fails as well as
gnutls(alpha) to openssl(alpha) makes it look like gnutls has some
issues on alpha, maybe regarding some effects of the 64 bit architecture.
Interestingly, gnutls(alpha) to gnutls(alpha) seems to work fine. So,
apparently, the bug seems to affect encoding and decoding equally.
-- System Information
Debian Release: 3.0
Kernel: Linux clockwork 2.2.22 #2 Mon Oct 7 12:16:31 CEST 2002 alpha
Locale: LANG=de_CH.ISO-8859-1, LC_CTYPE=de_CH.ISO-8859-1
Versions of packages libgnutls5 depends on:
ii libc6.1 2.2.5-11.2 GNU C Library: Shared libraries an
ii libgcrypt1 1.1.12-0mywoody1 LGPL Crypto library - runtime libr
ii liblzo1 1.07-1 A real-time data compression libra
ii libopencdk4 1:0.4.2-0mywoody3 Open Crypto Development Kit (OpenC
ii libpopt0 1.6.2-7 lib for parsing cmdline parameters
ii libtasn1-0 0.1.2-0mywoody1 Manage ASN.1 structures (runtime)
ii zlib1g 1:1.1.4-1 compression library - runtime
----- End forwarded message -----
No, I just like to run around and scream real loud!
- Dee Dee
More information about the Gnutls-devel