Package: gnutls-bin
Version: 3.6.5-2
Severity: normal
Dear Maintainer,
Some fast ciphers(suites) are strange results.
$ gnutls-cli --benchmark-ciphers
Checking AEAD ciphers, payload size: 16384
AES-128-GCM 96.93 MB/sec
AES-128-CCM 0.31 GB/sec
CHACHA20-POLY1305 157.18 MB/sec
(snip)
NULL 177.63 MB/sec
$ gnutls-cli --benchmark-tls-ciphers
Testing throughput in cipher/MAC combinations (payload: 1400 bytes)
AES-128-GCM - TLS1.2 45.26 MB/sec
AES-128-GCM - TLS1.3 45.01 MB/sec
AES-128-CCM - TLS1.2 129.46 MB/sec
(snip)
The following code is the cause.
"gnutls-3.6.5/src/benchmark.h" line 45
struct benchmark_st {
struct timespec start;
unsigned long size; <== 32bit in i386 arch.
sighandler_t old_handler;
#if defined(_WIN32)
HANDLE wtimer;
HANDLE wthread;
LARGE_INTEGER alarm_timeout;
#endif
};
This size variable will overflow.
Thank you,
Hiroyuki YAMAMORI
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 4.19.0-1-686-pae (SMP w/2 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages gnutls-bin depends on:
ii libc6 2.28-5
ii libgmp10 2:6.1.2+dfsg-4
ii libgnutls-dane0 3.6.5-2
ii libgnutls30 3.6.5-2
ii libhogweed4 3.4.1~rc1-1
ii libidn2-0 2.0.5-1
ii libnettle6 3.4.1~rc1-1
ii libopts25 1:5.18.12-4
ii libp11-kit0 0.23.14-2
ii libtasn1-6 4.13-3
ii libunistring2 0.9.10-1
gnutls-bin recommends no packages.
gnutls-bin suggests no packages.
-- no debconf information
