I wish GCC would get its head out of its ass and define the apprpriate defines. NEON/ASIMD cannot be disgorged from Aarch32/Aarch64 just like SSE2 cannot be disgorged from x86_64. They are core instruction sets
Clang causes too many problems. Early versions of the compiler simply crashes. Later versions of the compiler still have trouble with Intel ASM and still produce incorrect results on occassion. Additionally, we have to special case the integrated assemvler. Its making a mess of the code and causing self test failures
This shows up under debug builds when testing instantiations.
warning: binding dereferenced null pointer to reference has
undefined behavior [-Wnull-dereference]
DH2 dh(*(SimpleKeyAgreementDomain*)NULLPTR);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The implementation came from Jack Lloyd and the Botan team. Jack and the Botan was gracious and allowed us to use Botan's x86_encrypt_blocks function. They also allowed us to release it under the Crypto++ licensing terms. Also see https://github.com/randombit/botan/pull/1151/files
passed: 128 deflates and inflates
passed: 128 zlib decompress and compress
default.cpp:69:2: runtime error: null pointer passed as argument 2, which is declared to never be null
/usr/include/x86_64-linux-gnu/bits/string3.h:53:71: runtime error: null pointer passed as argument 2, which is declared to never be null
Information Dispersal and Secret Sharing...
GCC117 is a Aarch64/ARM64 server with AMD's ARM chip and GCC 7.10. It looks like GCC is performing some std::string optimizations that generates a finding. We did not witness the finding on other platforms, like other Aarch64 devices and x86_64.
We will need to check if taking the address of element-0 is still approved way to get the non-const pointer to the elements
GCC117 is a Aarch64/ARM64 server powered by AMD's ARM chip. It runs GCC 7.10. It looks like GCC is performing some std::string optimizations that generates a finding. We have not witnessed the finding on other platforms
Reworked SHA class internals to align all the implementations. Formerly all hashes were software based, IterHashBase handled endian conversions, IterHashBase repeatedly called the single block SHA{N}::Transform. The rework added SHA{N}::HashMultipleBlocks, and the SHA classes attempt to always use it.
Now SHA{N}::Transform calls into SHA{N}_HashMultipleBlocks, which is a free standing function. An added wrinkle is hardware wants little endian data and software presents big endian data, so HashMultipleBlocks accepts a ByteOrder for the incoming data. Hardware based SHA{N}_HashMultipleBlocks can often perform the endian swap much easier by setting an EPI mask so it was profitable to defer to hardware when available.
The rework also removed the hacked-in pointers to implementations. The class now looks more like AES, GCM, etc.
kalyna.cpp:432: error: integer constant is too large for 'long' type
kalyna.cpp:509: error: integer constant is too large for 'long' type
kalyna.cpp:608: error: integer constant is too large for 'long' type
kalyna.cpp:713: error: integer constant is too large for 'long' type
kalyna.cpp:833: error: integer constant is too large for 'long' type
...
Effectively this creates a workspace for encrypting the nonce. The zeroizer will run when the class is destroyed, rather than each invocation of UncheckedSetKey.
Performance went from 3.6 cpb as a temporary to 2.9 cpb as a class member
