Nicolas Mora <[email protected]> writes: > The problem is the value returned by gnutls_cipher_init which is > different between architectures. > > - On an amd64 architecture, gnutls_cipher_init with an incorrect key > length returns GNUTLE_E_SUCCESS > - On an ArmV7 architecture, gnutls_cipher_init with an incorrect key > length returns GNUTLS_E_INVALID_REQUEST
Key length mismatch is just my random guess, so I would like to first confirm that it works if you truncate the key to 16 bytes? If so, it's likely that we miss some checks when calling out our accelerated code (lib/accelerated/x86/aes-gcm-*.c) or nettle functions (I'm more worried about what happens -- under valgrind or ASan -- if you use a shorter key). > The documentation on gnutls_cipher_init doesn't mention what must be > returned on incorrect parameters. Absolutely. Regards, -- Daiki Ueno _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
