[openssl-dev] [openssl.org #4439] poly1305-x86.pl produces incorrect output
David Benjamin via RT
rt at openssl.org
Thu Mar 17 21:22:26 UTC 2016
You know the drill. See the attached poly1305_test2.c.
$ OPENSSL_ia32cap=0 ./poly1305_test2
Poly1305 test failed.
I believe this affects both the SSE2 and AVX2 code. It does seem to be
dependent on this input pattern.
This was found because a run of our SSL tests happened to find a
problematic input. I've trimmed it down to the first block where they
I'm probably going to write something to generate random inputs and stress
all your other poly1305 codepaths against a reference implementation. I
recommend doing the same in your own test harness, to make sure there
aren't others of these bugs lurking around.
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4439
Please log in as guest with password guest if prompted
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5436 bytes
Desc: not available
More information about the openssl-dev