[openssl-dev] [openssl.org #4439] poly1305-x86.pl produces incorrect output
David Benjamin via RT
rt at openssl.org
Fri Mar 18 20:23:42 UTC 2016
On Thu, Mar 17, 2016 at 5:22 PM David Benjamin via RT <rt at openssl.org>
wrote:
> I'm probably going to write something to generate random inputs and stress
> all your other poly1305 codepaths against a reference implementation. I
> recommend doing the same in your own test harness, to make sure there
> aren't others of these bugs lurking around.
>
That gave a much shorter test case (or a different bug altogether?):
Key = 2d773be37adb1e4d683bf0075e79c4ee037918535a7f99ccb7040fb5f5f43aea
Input =
89dab80b7717c1db5db437860a3f70218e93e1b8f461fb677f16f35f6f87e2a91c99bc3a47ace47640cc95c345be5ecca5a3523c35cc01893af0b64a620334270372ec12482d1b1e363561698a578b359803495bb4e2ef1930b17a5190b580f141300df30adbeca28f6427a8bc1a999fd51c554a017d095d8c3e3127daf9f595
MAC = c85d15ed44c378d6b00e23064c7bcd51
This time there's no need for the funny update pattern. Feed it all into
poly1305 in one call.
$ OPENSSL_ia32cap=0 ./poly1305_test3
PASS
$ ./poly1305_test3
Poly1305 test failed.
got: c85d15ed43c378d6b00e23064c7bcd51
expected: c85d15ed44c378d6b00e23064c7bcd51
David
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4439
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list