I dug a little deeper and recompiled gnutls28-3.2.11 from sources
provided by "apt-get source" and commented out the block at
gnutls_cipher.c:951(see snippet below) which caused the first assertion
in the log above. This fixes the problem, that is, I can download
attachments in mutt seemingly without problem.
My question now is, what are the implications of removing this check?
Any idea why this is only happening on armhf?
/* Here there could be a timing leakage in CBC ciphersuites that
* could be exploited if the cost of a successful memcmp is high.
* A constant time memcmp would help there, but it is not easy to maintain
* against compiler optimizations. Currently we rely on the fact that
* a memcmp comparison is negligible over the crypto operations.
*/
// if (unlikely
if (0 && unlikely
(memcmp(tag, tag_ptr, tag_size) != 0 || pad_failed != 0)) {
/* HMAC was not the same. */
dummy_wait(params, compressed, pad_failed, pad,
length + preamble_size);
return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
}
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1419436
Title:
tls_socket_read (Decryption has failed.)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1419436/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
