[gnutls-devel] GnuTLS | test-cipher-api.sh hits assertions in nettle when compiled without hardware acceleration (#1205)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Wed Apr 14 16:45:29 CEST 2021 


Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1205



When configured with `--disable-hardware-acceleration`, the test shows several assertion failures inside nettle functions:
```console
trying aes128-gcm
cipher-api-test: gcm.c:328: nettle_gcm_update: Assertion `ctx->auth_size % GCM_BLOCK_SIZE == 0' failed.
cipher-api-test: gcm.c:358: nettle_gcm_encrypt: Assertion `ctx->data_size % GCM_BLOCK_SIZE == 0' failed.
trying aes192-gcm
cipher-api-test: gcm.c:328: nettle_gcm_update: Assertion `ctx->auth_size % GCM_BLOCK_SIZE == 0' failed.
cipher-api-test: gcm.c:358: nettle_gcm_encrypt: Assertion `ctx->data_size % GCM_BLOCK_SIZE == 0' failed.
trying aes256-gcm
cipher-api-test: gcm.c:328: nettle_gcm_update: Assertion `ctx->auth_size % GCM_BLOCK_SIZE == 0' failed.
cipher-api-test: gcm.c:358: nettle_gcm_encrypt: Assertion `ctx->data_size % GCM_BLOCK_SIZE == 0' failed.
trying aes128-cbc
cipher-api-test: cbc.c:53: nettle_cbc_encrypt: Assertion `!(length % block_size)' failed.
trying aes192-cbc
cipher-api-test: cbc.c:53: nettle_cbc_encrypt: Assertion `!(length % block_size)' failed.
trying aes256-cbc
cipher-api-test: cbc.c:53: nettle_cbc_encrypt: Assertion `!(length % block_size)' failed.
trying 3des-cbc
cipher-api-test: cbc.c:53: nettle_cbc_encrypt: Assertion `!(length % block_size)' failed.
trying camellia128-gcm
cipher-api-test: gcm.c:328: nettle_gcm_update: Assertion `ctx->auth_size % GCM_BLOCK_SIZE == 0' failed.
cipher-api-test: gcm.c:358: nettle_gcm_encrypt: Assertion `ctx->data_size % GCM_BLOCK_SIZE == 0' failed.
trying camellia256-gcm
cipher-api-test: gcm.c:328: nettle_gcm_update: Assertion `ctx->auth_size % GCM_BLOCK_SIZE == 0' failed.
cipher-api-test: gcm.c:358: nettle_gcm_encrypt: Assertion `ctx->data_size % GCM_BLOCK_SIZE == 0' failed.
trying chacha20-poly1305
cipher-api-test: chacha-poly1305.c:131: nettle_chacha_poly1305_encrypt: Assertion `ctx->data_size % CHACHA_POLY1305_BLOCK_SIZE == 0' failed.
```

The similar errors are also in #764, where the solution was to skip the test depending on the host CPU, but I suspect we should make the nettle fallback functions work.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1205
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210414/0a363ea3/attachment.html>

More information about the Gnutls-devel mailing list