kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
2,577 Commits 12 Branches 0 Tags 38 MiB
7909aa7c23
Commit Graph

6 Commits

Author SHA1 Message Date
David Benjamin
aa0bea7bc1 Add additional poly1305 tests. 
Thanks to Hanno Boeck for reporting them in
https://rt.openssl.org/Ticket/Display.html?id=4483

Change-Id: Ic902c0ceea32c76cad924a1ffc462d39ae6ca3de
Reviewed-on: https://boringssl-review.googlesource.com/7603
Reviewed-by: Emily Stark (Dunn) <estark@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
 2016-03-29 22:54:39 +00:00
David Benjamin
4c34026d12 Fix poly1305-x86.pl. 
Imported from patch attached to
https://rt.openssl.org/Ticket/Display.html?id=4439.

But with the extra vs $extra typo fixed.

The root problem appears to be that lazy_reduction tries to use paddd instead
of paddq when they believe the sum will not overflow a u32. In the final call
to lazy_reduction, this is not true. svaldez and I attempted to work through
the bounds, but the bounds derived from the cited paper imply paddd is always
fine. Empirically in a debugger, the bounds are exceeded in the test case.

I requested more comments from upstream on the bug. When upstream lands their
final fix (hopefully with comments), I will update this code. In the meantime,
let's stop carrying known-broken stuff.

(vlazy_reduction is probably something similar, but since we don't enable that
code, we haven't bothered analyzing it.)

Also add the smaller of the two test cases that catch the bug. (The other uses
an update pattern which isn't quite what poly1305_test does.)

Change-Id: I446ed47c21f10b41a0745de96ab119a3f6fd7801
Reviewed-on: https://boringssl-review.googlesource.com/7544
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
 2016-03-24 15:04:23 +00:00
David Benjamin
8ccc3c383a Test poly1305 more aggressively. 
OpenSSL upstream's SIMD assembly is rather complex. This pattern of update
calls should be sufficient to stress all the codepaths.

Change-Id: I50dea8351e4203b6b2cd9b23456eb4a592d31b5e
Reviewed-on: https://boringssl-review.googlesource.com/7223
Reviewed-by: Adam Langley <agl@google.com>
 2016-02-26 00:32:41 +00:00
Adam Langley
5f88999a1e Fix up several comments and detect problems in the future. 
This change fixes up several comments (many of which were spotted by
Kenny Root) and also changes doc.go to detect cases where comments don't
start with the correct word. (This is a common error.)

Since we have docs builders now, these errors will be found
automatically in the future.

Change-Id: I58c6dd4266bf3bd4ec748763c8762b1a67ae5ab3
Reviewed-on: https://boringssl-review.googlesource.com/6440
Reviewed-by: Adam Langley <agl@google.com>
 2015-11-05 20:12:45 +00:00
Brian Smith
b8c1446c1f Fix comment typo in poly1305_test.txt. 
Change-Id: Id7391502f08651d018d88400057b18aae9e514e3
Reviewed-on: https://boringssl-review.googlesource.com/6102
Reviewed-by: Adam Langley <alangley@gmail.com>
Reviewed-by: Adam Langley <agl@google.com>
 2015-10-13 18:14:26 +00:00
David Benjamin
0851f67480 Add standalone tests for Poly1305. 
RFC 7359 includes tests for various edge cases. Also, as
CRYPTO_poly1305_update can be used single-shot and streaming, we should
explicitly stress both.

Change-Id: Ie44c203a77624be10397ad05f06ca98d937db76f
Reviewed-on: https://boringssl-review.googlesource.com/5410
Reviewed-by: Adam Langley <agl@google.com>
 2015-07-10 18:44:01 +00:00