[gnutls-dev] GNUTLS_E_INTERNAL_ERROR in _gnutls_ciphertext2compressed

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Thu Nov 15 15:32:24 CET 2007


Or if you just want a quick and dirty fix for your copy in gnutls_record.c
at the call _gnutls_encrypt() the last parameter is 1. Just turn it to
zero (disables random padding).

regards,
Nikos

On Nov 15, 2007 4:21 PM, Nikos Mavrogiannopoulos
<n.mavrogiannopoulos at gmail.com> wrote:
> I was talking about this patch (quite big):
> http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=a923cc605a40cf73dbb40de0ac46978674e388fd
> and use gnutls_session_enable_compatibility_mode() on your server.
>
> On Nov 15, 2007 4:06 PM, Ludovic Courtès <ludovic.courtes at laas.fr> wrote:
> > With the attached patch against 2.0.1 (your 2 fixes + additional
> > `gnutlsassert's) and `NULL' encryption, I nailed it down to this part
>
> > of `gnutls_cipher.c':
> >
> >   /* This one was introduced to avoid a timing attack against the TLS
> >    * 1.0 protocol.
> >    */
> >   if (pad_failed != 0)
> >     {
> >       gnutls_assert (); /* <-- This is where we fail */
> >       return pad_failed;
> >     }
> >
> > That's the first `assert' I see, which seems to indicate that PAD_FAILED
> > was set here:
> >
> >    /* Check the pading bytes (TLS 1.x)
> >     */
> >    if (ver >= GNUTLS_TLS1 && pad_failed == 0)
> >      for (i = 2; i < pad; i++)
> >        {
> >          if (ciphertext.data[ciphertext.size - i] !=
> >              ciphertext.data[ciphertext.size - 1])
> >            pad_failed = GNUTLS_E_DECRYPTION_FAILED;
> >        }
> >
> > It's pretty hard for me to debug this on a Nokia so I hope you'll come
> > up with a bright idea.  :-)
> >
> > Thanks,
> > Ludovic.
> >
> >
>
> > _______________________________________________
> > Gnutls-dev mailing list
> > Gnutls-dev at gnupg.org
> > http://lists.gnupg.org/mailman/listinfo/gnutls-dev
> >
> >
>




More information about the Gnutls-devel mailing list