[gnutls-dev][andreas.trottmann at werft22.com: Bug#183176: libgnutls5: Crypts wrong on alpha]

Ivo Timmermans ivo at o2w.nl
Mon Mar 3 18:52:01 CET 2003


----- Forwarded message from "Andreas U. Trottmann" <andreas.trottmann at werft22.com> -----

Subject: Bug#183176: libgnutls5: Crypts wrong on alpha
Reply-To: "Andreas U. Trottmann" <andreas.trottmann at werft22.com>,
	183176 at bugs.debian.org
From: "Andreas U. Trottmann" <andreas.trottmann at werft22.com>
To: Debian Bug Tracking System <submit at bugs.debian.org>
Date: Mon, 03 Mar 2003 01:40:50 +0100
X-Spam-Status: No, hits=-6.5 required=5.0 tests=SENT_BY_BTS,FORGED_RCVD_FOUND,AWL version=2.20

Package: libgnutls5
Version: 0.8.1-0mywoody1
Severity: normal

On (at least) alpha, gnutls seems to be broken. While it generally can
communicate fine for short transactions, after a couple of kilobytes of
data transferred it either generates something the other side can't
decode, or it can't decode something received by the other side.

I'm reporting the bug against a self-compiled backport of libgnutls5
0.8.1-1 to woody, but it also is present in (at least) the libgnutls3
shipped with woody, and presumably also with the "official" sid 0.8.1-1.
I can't test this for lack of a sid alpha system, however.

The bug can be reproduced easily, for example using one of the following 

 * read your mail on an alpha machine with mutt on an IMAP server over ssl. 
   After some succesful reading you *will* get 
   "tls_socket_read (Decryption of the TLS record packet has failed.)"
   and your IMAP connection will be aborted

- or -

 * create a text file of some MB (for example uuencode your linux
   kernel > bigfile). Then, on an i386 machine, run "gnutls-serv". 
   On an alpha machine, run "gnutls-cli -p 5556 < bigfile i386.host.name"
   You will get, after some successful data transmission, on the server:
   "*** gnutls error[-24]: Decryption of the TLS record packet has failed. 
   and on the client:
   "*** Received corrupted data(-10) - server has terminated the connection 

- or -

 * on any machine (tested: i386 and alpha): create a example certificate,
   put it in a file "server.crt", then run "openssl s_server".
   Then, on your alpha machine, run "gnutls-cli -p 4433 < bigfile
   On the server you will soon get
   "21579:error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed
   or bad record mac:s3_pkt.c:457:"
   and on the client you will again get
   "*** Received corrupted data(-9) - server has terminated the
   connection abnormally"

To me, the facts that gnutls(alpha) to gnutls(i386) fails as well as
gnutls(alpha) to openssl(alpha) makes it look like gnutls has some 
issues on alpha, maybe regarding some effects of the 64 bit architecture.

Interestingly, gnutls(alpha) to gnutls(alpha) seems to work fine. So,
apparently, the bug seems to affect encoding and decoding equally.

-- System Information
Debian Release: 3.0
Architecture: alpha
Kernel: Linux clockwork 2.2.22 #2 Mon Oct 7 12:16:31 CEST 2002 alpha
Locale: LANG=de_CH.ISO-8859-1, LC_CTYPE=de_CH.ISO-8859-1

Versions of packages libgnutls5 depends on:
ii  libc6.1                2.2.5-11.2        GNU C Library: Shared libraries an
ii  libgcrypt1             1.1.12-0mywoody1  LGPL Crypto library - runtime libr
ii  liblzo1                1.07-1            A real-time data compression libra
ii  libopencdk4            1:0.4.2-0mywoody3 Open Crypto Development Kit (OpenC
ii  libpopt0               1.6.2-7           lib for parsing cmdline parameters
ii  libtasn1-0             0.1.2-0mywoody1   Manage ASN.1 structures (runtime)
ii  zlib1g                 1:1.1.4-1         compression library - runtime

----- End forwarded message -----


No, I just like to run around and scream real loud!
	- Dee Dee

More information about the Gnutls-devel mailing list