Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp736186yba; Sun, 31 Mar 2019 11:19:22 -0700 (PDT) X-Google-Smtp-Source: APXvYqxuJ+60iya0uFRyow9903S99Vc880/bRJZfMcc1+7E6eTtuwjExlWZRNpDG76dk+zUTgfBA X-Received: by 2002:a63:cd47:: with SMTP id a7mr27221361pgj.434.1554056362378; Sun, 31 Mar 2019 11:19:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1554056362; cv=none; d=google.com; s=arc-20160816; b=Dza8Pl/tgbfK1Nzdnt4bDSqXFCfRDF2534U38karVRKAjVJ8xsWB0aDYTQa9SzAyCE wsNR7WZC06I0EQu/mUaaLPQlraxL8QMIHfz9S7KxwIiR1ZcdYTf+9tQU6WH8k8jL92Zs 1K/BZTqT/UqsrDTf6p87mo/A8Qj1et8jWCSwMWCn9jvswhGi2geMW+/MTemfl0IK6U2N OK2vwT72mF/WNd7q3IvrEuOI1vAXq52purCAWIotb6MoO04MXzhncef/jxsQvO0burQx PmRAGqYoyZoqIGLvr/tiLBE8tt0G3m6+YK3mzVrSW7Xr7fINA6ADS727FaPKt4X0Bscv f/oQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=L+4pxkGvMbZMU7Sxq3ctnO+nIA14/4GBgCmeSvoyrFg=; b=KbP8iE2OLUUl0ofHS+X3G5ruWIudJ3//x7kSFk8nOZkc+Bz3/HM/ZgPRlnuUfJui0t LWwFV9hANre8U3pbJjxZ1U1IkH3trjjzgJjosOqsKRmMwCqZDWkuP0+q8It4r4cXGC7L ji9B3aHDCpbaxDYhGEg2mpabel1xhMFwlQjBIU7nLwYB+D5HyOOVPu/BcL0PsT9eAeIR /KINe9LmofvGEwjBr2qNhAuZ8tUB5BQChdQKABE3fKLhzrSG5w79TmlZ1dccwXAP3PV6 TkYo72A6Fmlx8JRB5FJO1xq31e5Mz6716sLtR0O3AudH62nstu8ZJub3C1nWT0ATE41v vV5A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@zx2c4.com header.s=mail header.b=Sj++ggZX; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y17si6926471plr.204.2019.03.31.11.19.06; Sun, 31 Mar 2019 11:19:22 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@zx2c4.com header.s=mail header.b=Sj++ggZX; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zx2c4.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731381AbfCaSSb (ORCPT + 99 others); Sun, 31 Mar 2019 14:18:31 -0400 Received: from frisell.zx2c4.com ([192.95.5.64]:54851 "EHLO frisell.zx2c4.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726170AbfCaSSa (ORCPT ); Sun, 31 Mar 2019 14:18:30 -0400 Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 609fb3c8; Sun, 31 Mar 2019 17:55:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=zx2c4.com; h=mime-version :references:in-reply-to:from:date:message-id:subject:to:cc :content-type; s=mail; bh=Ti4V61HDeZDVBAG3CXQ/8uid5S0=; b=Sj++gg ZXXI0knSqB2hbxyWvqVtiqIBIGzUoaAEMsdKrME55Gd269XxAhJE/lRxpfNSsCk7 jLUehyHGNHjcgxGSn5F50yT9YoFcEPxVjkoo/iAWnaBoCOlmG8zalOAqkWJpb/y1 BX2XMlHE7nEhjEGyFzoL7q4pDNFqgvo/XAlKvJIQJ7pOc0RgQlAO8vcljJRsv0TR 1EGUbQndd9mcpfkLueFFoq01407l8cfYJdF3/Q9goJTGhIpo5cwpYufMkCb3qYKV PDj/KSNCpQt30EKEjUjjDEFevRvczt8Hu+ifERHb0kkUkUM5FLAbxiKR7ajrIUwD 1zlWLJinGk3E2IPw== Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id f2b473e4 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Sun, 31 Mar 2019 17:55:30 +0000 (UTC) Received: by mail-ot1-f43.google.com with SMTP id e5so6475957otk.12; Sun, 31 Mar 2019 11:18:26 -0700 (PDT) X-Gm-Message-State: APjAAAXotfLyoGy4FPSOYV+zNz9b6OUKNvkTPa1JXGdJE2PO3B8XzLWu HUBwO9ufsW2oAUcQRQ4dyV/QZ12C99nOowAXpe4= X-Received: by 2002:a9d:7d0e:: with SMTP id v14mr2355535otn.225.1554056305103; Sun, 31 Mar 2019 11:18:25 -0700 (PDT) MIME-Version: 1.0 References: <20190322071122.6677-1-Jason@zx2c4.com> <20190325115156.wj4verbfdd2rspo5@gondor.apana.org.au> <20190330055307.GA8001@sol.localdomain> In-Reply-To: <20190330055307.GA8001@sol.localdomain> From: "Jason A. Donenfeld" Date: Sun, 31 Mar 2019 20:18:13 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH net-next v9 00/19] WireGuard: Secure Network Tunnel To: Eric Biggers Cc: Herbert Xu , Linux Crypto Mailing List , LKML , Netdev , Linus Torvalds , David Miller , Greg Kroah-Hartman , Ard Biesheuvel , Samuel Neves Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Mar 30, 2019 at 6:53 AM Eric Biggers wrote: > poly1305-simd is among the failing algorithms because it loses carry bits when > handling long "all 0xff bytes" inputs. poly1305-avx2-x86_64.S is definitely > broken, and poly1305-sse2-x86_64.S *might* be too. I am working on a patch... Yea.... yikes. I'm kind of souring on this plan of having to deal with that code in Zinc, versus the extensively studied, fuzzed, and scrutinized code from Andy. Subtle carry bugs like that are kind of a testament to my overall plan of preferring formally verified or heavily used implementations to bespoke ones. This stuff is hard to get right. Jason