[sr #107822] Testing 3.0.2 on AIX

Bjørn Christensen bhc at insight.dk
Thu Sep 29 18:33:05 CEST 2011


Hello Nikos


Sorry once again! You are getting this in small bits.



ret = _gnutls_init_record_state (params, ver, 0, &params->write);   in line 440 of gnutls_constate.c

the params->write seems empty.

Causing the key to be null further up(down) the call stack 

params	0x2021b1b8 -> { ... }	
	params	0x2021b1b8	
	*(params)	{ 1, 0, 4 /* GNUTLS_CIPHER_AES_128_CBC */, 6 /* GNUTLS_MAC_SHA256 */, 1 /* GNUTLS_COMP_NULL */, { ... }, { ... }, 0 }	
		epoch	1	
		initialized	0	
		cipher_algorithm	4 /* GNUTLS_CIPHER_AES_128_CBC */	
		mac_algorithm	6 /* GNUTLS_MAC_SHA256 */	
		compression_algorithm	1 /* GNUTLS_COMP_NULL */	
		read	{ { ... }, { ... }, { ... }, { ... }, 0x2021a3a8 -> { ... }, { ... } }	
			mac_secret	{ " !Ï\x4ð.ö\fðMÙ(Ñ\x1aKÀ", 32 }	
			IV	{ " !Îa", 16 }	
			key	{ " \x1d<ÀðMÙ(N„s_Ñ\x1aZø", 16 }	
			cipher_state	{ { ... }, { ... }, 1, 0, 32 }	
			compression_state	0x2021a3a8 -> { ... }	
			sequence_number	{ "" }	
		write	{ { ... }, { ... }, { ... }, { ... }, 0x00000000 -> { ... }, { ... } }	
			mac_secret	{ NULL, 0 }	
			IV	{ NULL, 0 }	
			key	{ NULL, 0 }	
			cipher_state	{ { ... }, { ... }, 0, 0, 0 }	
			compression_state	0x00000000 -> { ... }	
			sequence_number	{ "" }	
		usage_cnt	0	

/bhc

-----Original Message-----
From: Nikos Mavrogiannopoulos [mailto:INVALID.NOREPLY at gnu.org] 
Sent: 29. september 2011 18:22
To: Nikos Mavrogiannopoulos; Bjørn Christensen; gnutls-devel at gnu.org
Subject: [sr #107822] Testing 3.0.2 on AIX

Follow-up Comment #10, sr #107822 (project gnutls):

Nettle complains because the size of the AES keys provided is invalid. That's
not expected. What are the values put to _gnutls_set_keys(), key_size,
hash_size and IV_size?

The assertion that you mention at:
gnutls_hash_int.c:55 is indeed worrying because _gnutls_mac_is_ok() is called
in _gnutls_epoch_set_keys() at gnutls_constate.c which would have ensured that
it is not called with random data.

I'd suggest that would single-step _gnutls_epoch_set_keys() and find out where
the values of the cipher algorithms and lengths go out of range.

    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/support/?107822>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/



More information about the Gnutls-devel mailing list