Fwd: Strange bug in the TLS application protocol with PSK

Vladimir Estis techdisser at gmail.com
Tue Oct 27 14:09:01 CET 2009

Hi Nikos,

Thanks for your answer. I've solved this problem. It was my error. I've
reset IV for cipher after every message. But TLS uses the last cipher block
of record as the CBC IV for next block. Thus, IV for first block of every
new message was lost, and I wasn't able to decrypt the first cipher block of
message. Now I call update() function instead of doFinal() and GNUTLS works

Thank you again,
regards, Vlad.

2009/10/27 Nikos Mavrogiannopoulos <nmav at gnutls.org>

If you think this is a gnutls bug please send an example program that
> reproduces this bug.
> regards,
> Nikos
> On Tue, Oct 27, 2009 at 10:09 AM, Vladimir Estis <techdisser at gmail.com>
> wrote:
> > Hello,
> >
> > I've used GNUTLS for testing of the TLS with the PSK cipher suite
> > (TLS_PSK_WITH_3DES_EDE_CBC_SHA). But I've faced a problem with PSK kind
> of
> > authentication in the gnutls-cli. I see that handshake was successfully
> > done. But then I tried to send part of application data, and I found that
> > first cipher block (8 bytes) was corrupted. I think, GNUTLS calculates
> > checksum for application data, injures first block and then do ciphering
> > across all data. I think this is bug in GNUTLS, but I couldn't find any
> > discussion at the forums about this fact.
> >
> > Has anyone else encountered this behaviour of the GNUTLS?
> > Thanks very much in advance for any help!
> >
> > With best regards, Vlad.
> >
> > _______________________________________________
> > Help-gnutls mailing list
> > Help-gnutls at gnu.org
> > http://lists.gnu.org/mailman/listinfo/help-gnutls
> >
> >
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20091027/7a27209f/attachment.htm>

More information about the Gnutls-help mailing list