Hello,
пт, 22 нояб. 2019 г. в 09:28, Niels Möller nisse@lysator.liu.se:
nisse@lysator.liu.se (Niels Möller) writes:
The gnutls tests failed, see https://gitlab.com/gnutls/nettle/-/jobs/357863630.
These are the failing gnutls tests:
FAIL: chainverify FAIL: key-import-export FAIL: privkey-keygen FAIL: x509sign-verify-gost FAIL: key-export-pkcs8 FAIL: pkcs11/pkcs11-chainverify
Unclear to me if it's the nettle change or some unrelated problem.
Some look related to gost curves, and the privkey-keygen failure is for a variant of ed25519.
GOST curves support in GnuTLS depends on exact Nettle ABI. I'd propose to add --disable-gost to Nettle's GnuTLS execution for now, till ECC ABI gets stable again.
An alternative approach would be to define a symbol like NETTLE_ECC_ABI_2 which can be used to detect ECC ABI compatibility.
ed25519 should not be directly tied to ABI compat. I'll take a look.
Generated key with EdDSA (Ed25519)-160 FAIL privkey-keygen (exit status: 139)
There are similar failures on the ecc-sqrt branch,
https://gitlab.com/gnutls/nettle/-/jobs/321736090
from a few weeks ago.
Both branches included changes to the internal struct ecc_curve. So either gnutls is exercising some nettle features with poor test coverage in nettle's own tests, or gnutls is somehow depending on internals.