[gnutls-devel] GnuTLS | aead_decrypt broken on armeb (#941)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Mon Feb 17 23:16:28 CET 2020

Andrew Aladjev commented:


if (gnutls_memcmp(((uint8_t*)encr)+encr_size, tag, tag_size) != 0) {
  fprintf(stderr, "algo: %d\n", ctx->cipher->algo);
  return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);

This is the place where `GNUTLS_E_DECRYPTION_FAILED` was born. `algo` equals `11 GNUTLS_CIPHER_AES_256_GCM`.

static void
_gcm_decrypt(struct nettle_cipher_ctx *ctx, size_t length, uint8_t * dst,
		 const uint8_t * src)
	gcm_decrypt(GCM_CTX_GET_CTX(ctx->ctx_ptr), GCM_CTX_GET_KEY(ctx->ctx_ptr),
		    GCM_CTX_GET_CIPHER(ctx->ctx_ptr), ctx->cipher->encrypt_block,
		    length, dst, src);

This is the function called as `ctx->cipher->decrypt(ctx, encr_size, plain, encr);` before `gnutls_memcmp` in `lib/nettle/cipher.c`. This function comes from `nettle` library and it is broken.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/941#note_289743162
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200217/c878357e/attachment.html>

More information about the Gnutls-devel mailing list