[openssl-dev] [openssl.org #4439] poly1305-x86.pl produces incorrect output

David Benjamin via RT rt at openssl.org
Fri Mar 18 20:23:42 UTC 2016

On Thu, Mar 17, 2016 at 5:22 PM David Benjamin via RT <rt at openssl.org>

> I'm probably going to write something to generate random inputs and stress
> all your other poly1305 codepaths against a reference implementation. I
> recommend doing the same in your own test harness, to make sure there
> aren't others of these bugs lurking around.

That gave a much shorter test case (or a different bug altogether?):

Key = 2d773be37adb1e4d683bf0075e79c4ee037918535a7f99ccb7040fb5f5f43aea
Input =
MAC = c85d15ed44c378d6b00e23064c7bcd51

This time there's no need for the funny update pattern. Feed it all into
poly1305 in one call.
$ OPENSSL_ia32cap=0 ./poly1305_test3
$ ./poly1305_test3
Poly1305 test failed.
got:      c85d15ed43c378d6b00e23064c7bcd51
expected: c85d15ed44c378d6b00e23064c7bcd51


Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4439
Please log in as guest with password guest if prompted

More information about the openssl-dev mailing list