Daiki Ueno <[email protected]> writes: > Thank you so much! The patch fixes the issue (tested on gcc cfarm).
Thanks for testing. Pushed to master branch now. BTW, I could test ppc64el locally on my laptop fairly easily, I used: # apt-get install -t testing gcc-powerpc64le-linux-gnu # dpkg --add-architecture ppc64el # apt-get update # apt-get install libc6:ppc64el (I already had qemu-user and binfmt magic installed) $ ~/hack/nettle/configure --host=powerpc64le-linux-gnu --enable-mini-gmp CXX=/bin/false $ make -j10 && make -j10 check > In the gdb trace, I see nettle_chacha_poly1305_encrypt() is called with > the following length pattern: 128, 63, 128, 64, 192, 1, 192, 2. I can > try to create a test case if necessary. I see. And then it's the first call with length 192 that updates the counter value incorrectly (incrementing it by 4 instead of 3), with incorrect encryption on the next call. No calls with length 129, which would be the smallest one to trigger the bug. You can have a look at the updated test and see if you think an additional test would be worthwhile. The loop testing various lengths start at https://git.lysator.liu.se/nettle/nettle/-/blob/master/testsuite/chacha-test.c#L193, and the code from line 219 and on is new. Regards, /Niels -- Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677. Internet email is subject to wholesale government surveillance. _______________________________________________ nettle-bugs mailing list [email protected] http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
