On Thu, Mar 17, 2016 at 5:22 PM David Benjamin via RT <[email protected]> wrote:
> I'm probably going to write something to generate random inputs and stress > all your other poly1305 codepaths against a reference implementation. I > recommend doing the same in your own test harness, to make sure there > aren't others of these bugs lurking around. > That gave a much shorter test case (or a different bug altogether?): Key = 2d773be37adb1e4d683bf0075e79c4ee037918535a7f99ccb7040fb5f5f43aea Input = 89dab80b7717c1db5db437860a3f70218e93e1b8f461fb677f16f35f6f87e2a91c99bc3a47ace47640cc95c345be5ecca5a3523c35cc01893af0b64a620334270372ec12482d1b1e363561698a578b359803495bb4e2ef1930b17a5190b580f141300df30adbeca28f6427a8bc1a999fd51c554a017d095d8c3e3127daf9f595 MAC = c85d15ed44c378d6b00e23064c7bcd51 This time there's no need for the funny update pattern. Feed it all into poly1305 in one call. $ OPENSSL_ia32cap=0 ./poly1305_test3 PASS $ ./poly1305_test3 Poly1305 test failed. got: c85d15ed43c378d6b00e23064c7bcd51 expected: c85d15ed44c378d6b00e23064c7bcd51 David -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4439 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
