Bug#982482: libnettle8: chacha breakage on ppc64(el)

2021-02-21 Thread Andreas Metzler 
On 2021-02-13 Andreas Metzler  wrote:
[...]
> Find attached a proposed debdiff.

Uploaded to delayed/5.

cu Andreas

Bug#982482: libnettle8: chacha breakage on ppc64(el)

2021-02-12 Thread Andreas Metzler 
On 2021-02-10 Andreas Metzler  wrote:
> Package: libnettle8
> Version: 3.7-1
> Severity: serious
> Tags: upstream patch fixed-upstream

> nettle 3.7 breaks GnuTLS testsuite on ppc64(el). I had forwarded this
> upstream
> https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009418.html and
> there is now a fix (+ testsuite coverage) in nettle GIT master.
[...]

Find attached a proposed debdiff.

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
diff -Nru nettle-3.7/debian/changelog nettle-3.7/debian/changelog
--- nettle-3.7/debian/changelog	2021-02-01 00:01:59.0 +0100
+++ nettle-3.7/debian/changelog	2021-02-13 08:34:20.0 +0100
@@ -1,3 +1,12 @@
+nettle (3.7-2.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Fix chacha breakage on ppc64(el). Closes: #982482
++ 0001-Improve-chacha-test-coverage.patch
++ 0002-Fix-chacha-counter-update-for-_4core-variants.patch
+
+ -- Andreas Metzler   Sat, 13 Feb 2021 08:34:20 +0100
+
 nettle (3.7-2) unstable; urgency=low
 
   * Adjust libnettle8.symbols.
diff -Nru nettle-3.7/debian/patches/0001-Improve-chacha-test-coverage.patch nettle-3.7/debian/patches/0001-Improve-chacha-test-coverage.patch
--- nettle-3.7/debian/patches/0001-Improve-chacha-test-coverage.patch	1970-01-01 01:00:00.0 +0100
+++ nettle-3.7/debian/patches/0001-Improve-chacha-test-coverage.patch	2021-02-13 08:29:19.0 +0100
@@ -0,0 +1,910 @@
+From dd1867efa005704fbac438896369694a44fd474b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Niels=20M=C3=B6ller?= 
+Date: Wed, 10 Feb 2021 10:26:52 +0100
+Subject: [PATCH 1/2] Improve chacha test coverage.
+
+---
+ ChangeLog   |  12 +
+ testsuite/chacha-test.c | 746 ++--
+ 2 files changed, 504 insertions(+), 254 deletions(-)
+
+ a/ChangeLog
+ b/ChangeLog
+ 2021-02-10  Niels Möller  
+
+	* testsuite/chacha-test.c (test_chacha_rounds): New function, for
+	tests with non-standard round count. Extracted from _test_chacha.
+	(_test_chacha): Deleted rounds argument. Reorganized crypt/crypt32
+	handling. When testing message prefixes of varying length, also
+	encrypt the remainder of the message, to catch errors in counter
+	value update.
+	(test_main): Add a few tests with large messages (16 blocks, 1024
+	octets), to improve test coverage for _nettle_chacha_crypt_4core
+	and _nettle_chacha_crypt32_4core.
+
+diff --git a/testsuite/chacha-test.c b/testsuite/chacha-test.c
+index 5efe4ee2..8bbdd4ad 100644
+--- a/testsuite/chacha-test.c
 b/testsuite/chacha-test.c
+@@ -121,119 +121,140 @@ test_chacha_core(void)
+ }
+ }
+ 
++/* For tests with non-standard number of rounds, calling
++   _nettle_chacha_core directly. */
+ static void
+-_test_chacha(const struct tstring *key, const struct tstring *nonce,
+-	 const struct tstring *expected, unsigned rounds,
+-	 const struct tstring *counter)
++test_chacha_rounds(const struct tstring *key, const struct tstring *nonce,
++		   const struct tstring *expected, unsigned rounds)
+ {
+   struct chacha_ctx ctx;
++  uint32_t out[_CHACHA_STATE_LENGTH];
++  ASSERT (expected->length == CHACHA_BLOCK_SIZE);
+ 
+   ASSERT (key->length == CHACHA_KEY_SIZE);
+   chacha_set_key (, key->data);
+ 
+-  if (rounds == 20)
++  ASSERT (nonce->length == CHACHA_NONCE_SIZE);
++  chacha_set_nonce(, nonce->data);
++
++  _nettle_chacha_core (out, ctx.state, rounds);
++
++  if (!MEMEQ(CHACHA_BLOCK_SIZE, out, expected->data))
+ {
+-  uint8_t *data = xalloc (expected->length + 2);
+-  size_t length;
+-  data++;
++  printf("Error, expected:\n");
++  tstring_print_hex (expected);
++  printf("Got:\n");
++  print_hex(CHACHA_BLOCK_SIZE, (uint8_t *) out);
++  FAIL ();
++}
+ 
+-  for (length = 1; length <= expected->length; length++)
+-	{
+-	  data[-1] = 17;
+-	  memset (data, 0, length);
+-	  data[length] = 17;
+-	  if (nonce->length == CHACHA_NONCE_SIZE)
+-	chacha_set_nonce(, nonce->data);
+-	  else if (nonce->length == CHACHA_NONCE96_SIZE)
+-	{
+-	  chacha_set_nonce96(, nonce->data);
+-	  /* Use initial counter 1, for
+-		 draft-irtf-cfrg-chacha20-poly1305-08 test cases. */
+-	  ctx.state[12]++;
+-	}
+-	  else
+-	die ("Bad nonce size %u.\n", (unsigned) nonce->length);
++  if (verbose)
++{
++  printf("Result after encryption:\n");
++  print_hex(CHACHA_BLOCK_SIZE, (uint8_t *) out);
++}
++}
+ 
+-	  if (counter)
+-	{
+-	  if (counter->length == CHACHA_COUNTER_SIZE)
+-		{
+-		  ASSERT (nonce->length == CHACHA_NONCE_SIZE);
+-		  chacha_set_counter(, counter->data);
+-		}
+-	  else if (counter->length == CHACHA_COUNTER32_SIZE)
+-		{
+-		  ASSERT (nonce->length == CHACHA_NONCE96_SIZE);
+-		  chacha_set_counter32(, counter->data);
+-		}
+-	}
++static void
++_test_chacha(const struct tstring *key, const struct tstring *nonce,
++	 const struct tstring *expected, const struct

Bug#982482: libnettle8: chacha breakage on ppc64(el)

2021-02-10 Thread Andreas Metzler 
Package: libnettle8
Version: 3.7-1
Severity: serious
Tags: upstream patch fixed-upstream

nettle 3.7 breaks GnuTLS testsuite on ppc64(el). I had forwarded this
upstream
https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009418.html and
there is now a fix (+ testsuite coverage) in nettle GIT master.

I am submitting with severity serious because chacha (assembly) does not
work correctly on ppc64(el). Technically you might see this as "a bug
which has a major effect on the usability of a package, without
rendering it completely unusable to everyone." (important). - I chose
to err on the side of caution to (temporarily) delay testing migration.
Please downgrade if you disagree.

If you want me to do so I can also do NMU.

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'