Fwd: Strange bug in the TLS application protocol with PSK

[Vladimir Estis]

Hi Nikos,

Thanks for your answer. I've solved this problem. It was my error. I've reset IV for cipher after every message. But TLS uses the last cipher block of record as the CBC IV for next block. Thus, IV for first block of every new message was lost, and I wasn't able to decrypt the first cipher block of message. Now I call update() function instead of doFinal() and GNUTLS works fine.

Thank you again,
regards, Vlad.

2009/10/27 Nikos Mavrogiannopoulos <address@hidden>

If you think this is a gnutls bug please send an example program that
reproduces this bug.

regards,
Nikos

On Tue, Oct 27, 2009 at 10:09 AM, Vladimir Estis <address@hidden> wrote:
> Hello,
>
> I've used GNUTLS for testing of the TLS with the PSK cipher suite
> (TLS_PSK_WITH_3DES_EDE_CBC_SHA). But I've faced a problem with PSK kind of
> authentication in the gnutls-cli. I see that handshake was successfully
> done. But then I tried to send part of application data, and I found that
> first cipher block (8 bytes) was corrupted. I think, GNUTLS calculates
> checksum for application data, injures first block and then do ciphering
> across all data. I think this is bug in GNUTLS, but I couldn't find any
> discussion at the forums about this fact.
>
> Has anyone else encountered this behaviour of the GNUTLS?
> Thanks very much in advance for any help!
>
> With best regards, Vlad.
>

> _______________________________________________
> Help-gnutls mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/help-gnutls
>
>