From b161aff379d6efcd593c75a0d17ef724e8daee63 Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Wed, 19 Sep 2018 04:42:56 +0200
Subject: poly1305: account for simd being toggled off midway

This is a very rare occurance, but we should account for it, so that the
calculations aren't wrong. Here we convert from base 2^26 back to base
2^64.
---
 src/crypto/zinc/selftest/poly1305.h | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'src/crypto/zinc/selftest')

diff --git a/src/crypto/zinc/selftest/poly1305.h b/src/crypto/zinc/selftest/poly1305.h
index 1439c98..71bee1b 100644
--- a/src/crypto/zinc/selftest/poly1305.h
+++ b/src/crypto/zinc/selftest/poly1305.h
@@ -862,6 +862,23 @@ static bool __init poly1305_selftest(void)
 					i + 1, j);
 				success = false;
 			}
+
+			memset(out, 0, sizeof(out));
+			memset(&poly1305, 0, sizeof(poly1305));
+			poly1305_init(&poly1305, poly1305_testvecs[i].key);
+			poly1305_update(&poly1305, poly1305_testvecs[i].input,
+					j, &simd_context);
+			poly1305_update(&poly1305,
+					poly1305_testvecs[i].input + j,
+					poly1305_testvecs[i].ilen - j,
+					(simd_context_t []){ HAVE_NO_SIMD });
+			poly1305_final(&poly1305, out, &simd_context);
+			if (memcmp(out, poly1305_testvecs[i].output,
+				   POLY1305_MAC_SIZE)) {
+				pr_info("poly1305 self-test %zu (split %zu, mixed simd): FAIL\n",
+					i + 1, j);
+				success = false;
+			}
 			simd_relax(&simd_context);
 		}
 	}
-- 
cgit v1.2.3-59-g8ed1b