On 2021-02-09 Niels Möller nisse@lysator.liu.se wrote:
Andreas Metzler ametzler@bebt.de writes:
I have bisected this[1] in nettle git and found
58a0301437e9beb23130423ff1063a67b6f2b43b ppc: New assembly for chacha_core4, doing four blocks in parallel.
This is indeed new code in nettle-3.7, and particularly suspect since the test fails only on ppc. Do you know what the code path is? Is GnuTLS using Nettle's chacha_poly1305_* functions, or is it calling chacha and poly1305 functions separately?
Hello,
Afaict from https://gitlab.com/gnutls/gnutls/-/blob/master/lib/nettle/cipher.c#L815 it does use chacha_poly1305_encrypt/decrypt/update/digest/set_key/set_nonce.
I am not 100% sure. - I thought I could brute-force this with ltrace, but I only got it to show direct library calls to gnutls_* but not the indirect ones (gnutls calling nettle).
cu Andreas