[openssl-dev] [openssl.org #4439] poly1305-x86.pl produces incorrect output
David Benjamin via RT
rt at openssl.org
Thu Mar 17 21:22:26 UTC 2016
Hi folks,
You know the drill. See the attached poly1305_test2.c.
$ OPENSSL_ia32cap=0 ./poly1305_test2
PASS
$ ./poly1305_test2
Poly1305 test failed.
got: 2637408fe03086ea73f971e3425e2820
expected: 2637408fe13086ea73f971e3425e2820
I believe this affects both the SSE2 and AVX2 code. It does seem to be
dependent on this input pattern.
This was found because a run of our SSL tests happened to find a
problematic input. I've trimmed it down to the first block where they
disagree.
I'm probably going to write something to generate random inputs and stress
all your other poly1305 codepaths against a reference implementation. I
recommend doing the same in your own test harness, to make sure there
aren't others of these bugs lurking around.
David
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4439
Please log in as guest with password guest if prompted
-------------- next part --------------
A non-text attachment was scrubbed...
Name: poly1305_test2.c
Type: text/x-csrc
Size: 5436 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160317/1fdda0b9/attachment.c>
More information about the openssl-dev
mailing list