le/nettle/-/merge_requests/64).
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list -- nettle-bugs@lists.lysator.liu.se
To unsubsc
quote (defined and briefly documented in m4-utils.m4) might
solve this problem. Not tested, but something like
define(`IV', `m4_unquote(v`'eval((($1) % 16) + 16))')
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Int
Niels Möller writes:
> I've added tests that set the intial counter so that the four counter
> bytes wraps around 2^32, and I've verified that if these instructions
> should be changed to vadduwm, to get output that agrees with nettle's
> other gcm implementations.
I've commit
Daiki Ueno writes:
> Yes, I've consolidated the description and put it at the introduction.
Thanks, merged now!
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveilla
8-bit security, for which there's no corresponding
plain hash function defined.
It might also make sense to explain the difference between _shake and
_shake_output functions here, and make the description under each
function a bit shorter.
Regards,
/Niels
--
Niels Möller. PGP key CB4962
ation into this macro,
define(`IV', `v`'eval((($1) % 16) + 16)')
which should make it clear that it can't expand to a register outside of
the intended v16-v31 range.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale go
ds,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list -- nettle-bugs@lists.lysator.liu.se
To unsubscribe send an email to nett
, so spare human error in deriving the
> version for Nettle, it is expected to be functional.
There are big-endian tests in the ci pipeline (hosted on the mirror repo
at https://gitlab.com/gnutls/nettle), using cross-compiling + qemu-user.
And I also have a similar setup l
Niels Möller writes:
> Hi, I've got a bug report that sha512_224 and sha512_256 are missing in
> the list returned by nettle_get_hashes, and I'm about to add them.
>
> But then there's a question of naming convention. Currently, the
>
> extern const struct nettle_hash
e
completed.
>> 3. Update docs.
>
> I can do that once we settle the interface.
Excellent. To me, interface in sha3.h now looks good.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
__
needs brief updates to the tests and the
manual (nettle.texinfo).
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list -- nettl
function doesn't need to be that strong:
https://eprint.iacr.org/2006/223).
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailin
Niels Möller writes:
> One other question: In the counter updates,
>
>> C increase ctr value as input to aes_encrypt
>> vaddudm S1, S0, CNT1
>> vaddudm S2, S1, CNT1
>> vaddudm S3, S2, CNT1
>> vaddudm S4, S3, CNT1
>> vaddud
6_64.c
mini-gmp.c
diff --git a/hpke-kem.h b/hpke-kem.h
new file mode 100644
index ..00b4610b
--- /dev/null
+++ b/hpke-kem.h
@@ -0,0 +1,71 @@
+/* hpke-kem.h
+
+ Key encapsulation mechanism, suitable for HPKE (RFC 9180).
+
+ Copyright (C) 2024 Niels Möller
+
+ This file is part
Niels Möller writes:
> I'll try to clean up and post or commit some of my changes, I'm sorry
> that will cause some conflicts.
I've pushed my changes to a branch sha3-shake-updates, does that look
reasonable to you? If so, I think the next steps are
1. Decide what should be r
sorry
that will cause some conflicts.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list -- nettle-bugs@lists.lysator.liu.se
Niels Möller writes:
> Below is an updated version of gcm-aes-encrypt.asm, seems to work for
> me, and uses fewer of the regular registers. Some comments and
> questions:
>
> 1. What about the vsrX registers, 0 <= X < 32? They are used to copy
>values from and to t
Niels Möller writes:
> Next, I'll have a look at register usage in the assembly code.
Below is an updated version of gcm-aes-encrypt.asm, seems to work for
me, and uses fewer of the regular registers. Some comments and
questions:
1. What about the vsrX registers, 0 <= X < 32? They
Niels Möller writes:
> Danny Tsen writes:
>
>> My fault. I did not include the gym-aes-crypt.c in the patch. Here is
>> the updated patch. Please apply this one and we can work from there.
>
> Thanks, now pushed onto a new branch ppc64-gcm-aes.
I've now pushed some mor
_shake and shake_output. One could define
_shake as _shake_output + _init. The drawback I see is that (i) we would
allow _shake_output followed by _shake, which isn't proper api usage,
and (ii) _shake needs a lot less logic since it should always start by
padding, and it doesn't need to buffer any d
"sha384",
"sha512",
+ "sha512_224",
+ "sha512_256",
"sha3_224",
"sha3_256",
"sha3_384",
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government sur
ways have length > 0 at this
place. So either delete the if conditional, or change the condition of
the loop above from (length > sizeof (ctx->block)) to (length >= sizeof
(ctx->block)). The latter option would avoid a memcpy in the case that
the requested digest ends with a full bloc
E, digest += SHA3_256_BLOCK_SIZE)
{
... output a full block ...
}
if (length > 0)
{
... do final partial block ...
ctx->index = length | INDEX_HIGH_BIT;
}
else
ctx->index = SHA3_256_BLOCK_SIZE | INDEX_HIGH_BIT;
--
Niels Möller. PGP key CB4962D070
Niels Möller writes:
> Would it be worthwhile to drop the restriction of the last sentence, and
> allow all calls to gcm_update to use any size? This requirement may be
> particularly surprising when using nettle_aead; then gcm has different
> requirements for the update function th
that each call is appropriate for the current state.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list -- ne
.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list -- nettle-bugs@lists.lysator.liu.se
To unsubscribe send an email to nettle
Niels Möller writes:
> Below patch seems to fix this issue, but not entirely sure that's the
> way I want to do it.
I've pushed a fix, along the same lines, see
https://git.lysator.liu.se/nettle/nettle/-/commit/99e62003c3916fdef04a2d3327281f8f498b609e
I believe that should fix all hash
Danny Tsen writes:
> My fault. I did not include the gym-aes-crypt.c in the patch. Here is
> the updated patch. Please apply this one and we can work from there.
Thanks, now pushed onto a new branch ppc64-gcm-aes.
Regards,
/Niels
--
Niels Möller. P
-power-crypto-ext.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list -- nettle-bugs@lists.lysator.liu.se
To unsubscribe
code. I'm particularly interested in the kind of arithmetic that is
used. Thanks for the references.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bug
put */
/* If we need a partial block at the end, generate one into buffer,
copy prefix of it to the output, and set index accordingly */
}
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
__
CNT1
> +vaddudm S5, S4, CNT1
> +vaddudm S6, S5, CNT1
> +vaddudm S7, S6, CNT1
This is a rather long dependency chain; I wonder if you could make a
measurable saving of a cycle or two by using additional CNT2 or CNT4
registers (if not, it's preferable to keep the current simple ch
Niels Möller writes:
>> This is similar to this issue:
>> https://gitlab.com/gnutls/gnutls/-/issues/1306
>> where we passed NULL to sha*_update in the GnuTLS code, though it turned
>> to be a non-issue.
>
> I don't remember seeing that issue. I think it should be
Daiki Ueno writes:
> Niels Möller writes:
>> One failure is the new side-channel test failing with mini-gmp. Which is
>> expected, the test should just be skipped in mini-gmp builds (similar to
>> several other sc tests).
>
> Yes, I'm attaching the patch for this.
what's the proper place for a fix, maybe it's
not in the new code. I think the Nettle APIs should generally allow size
== 0, ptr == NULL more or less everywhere, even where libc functions we
use formally require ptr != NULL.
Can you have a look?
Regards,
/Niels
--
Niels Möller. P
n input and output argument. The text
for the older function rsa_decrypt could be reused (or possibly
improved).
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
9BDCEE3 6B692153 D0A9877C C62A4740 02DF32E5 2139F0A0
But for this parameters, we have a = p - 3 = -3 (mod p), like for all
other Weierstrass curves currently supported by Nettle! Which is good
news, since then the same point addition functions can be used, but it
also means that maybe you have done some work that isn'
ction. Maybe you don't need
separate registers for all of the F, F2, F3, F4 registers, and all of D,
R, R2, R3, R4?
If you have any short-lived registers used for the AES part, they could
also overlap with short-lived registers used for ghash.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77
,
NULL if not needed. And if used, the same label must be used for both
encrypt and decrypt.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettl
ndning changes recently
posted to the list) until next week.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list -- nettl
3
summarizes the latest round of changes? I'll try to have another look
over the weekend, and provide a round feedback limited to how much time
I get to spend on it. I appreciate your effort to trim it down, but it's
neverheless rather complex (some 1500 lines excluding the tests).
Regards,
/Niel
n't think that gives any real benefit over valgrind's default
behavior with (1), but might make sense if done in combination with
(2).
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government sur
Niels Möller writes:
> While the powerpc64 vncipher instruction really wants the original
> subkeys, not transformed. So on power, it would be better to have a
> _nettle_aes_invert that is essentially a memcpy, and then the aes
> decrypt assembly code could be reworked without the x
I think nettle_mpz_to_octets is fine. The problem was when the length
passed to this function was computed using nettle_mpz_sizeinbase_256_u,
like it was in a previous revision.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to who
ould make things a bit simpler, only overriding the
internal _nettle_aes_set_key and _nettle_aes_invert_key, instead of all
9 of aes{128,192,256}_{set_encrypt,set_decrypt,invert}_key.
Are there s390x machines out there that have hardware support for just
some of the aes key sizes but not all?
Re
, but I remember I had
redhat linux installed on it rather than solaris) are out of support
since the late 1990s. 64-bit sparcs, aka sparc v9, were introduced with
the ultrasparc machines from 1995.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email
h what you need (feel free to have additional
macros, where you find that useful).
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailin
en you work with git locally, you can have both your own "fork" repo
and the original repo as git "remotes".
And if gitlab doesn't work out for you, you could also send the updated
patch to this list.
Best regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F
rt also changes
the order of the subkeys, with a FIXME comment suggesting that it would
be better to update the order keys are accessed in the aes decryption
functions.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesal
ext length *always*
equals key->size; then one could delete passing and checking of the
ciphertext_length argument. In the current MR, it looks like leading
zero bytes are trimmed (behavior of nettle_mpz_sizeinbase_256_u), so
that ciphertext may sometimes be shorter.
Regards,
/Niels
--
Niels M
gf1, though (which looks like it needs a
separate hashing context).
* I think it was a design mistake to represent RSA ciphertexts as mpz_t
rather then octet strings in Nettle's original RSA interfaces. I
wonder if it would make sense to let the new functions take
octet strings instead?
Re
Niels Möller writes:
> For next step, I'm considering the refactoring of ghash to use the
> new macros.
I actually started with the macros relevant for the AES code. And it
turned out to be rather easy to do the m4 loops to operate on an
arbitrary list of registers. See branch ppc-aes-
s. I haven't yet been able to look closer, but to make progress and
start with the easy parts, I've committed the new test case. For next
step, I'm considering the refactoring of ghash to use the new macros.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
In
One could possibly have
macros that take a range of registers, but not sure that's worth the
effort.
> +.align 5
> +L8x_round_loop1:
> +lxvd2x VSR(K),r11,RK
> +vperm K,K,K,LE_MASK
> +VCIPHER4(vcipher, S0, S1, S2, S3, K)
> +VCIPHER4(v
ni...@lysator.liu.se (Niels Möller) writes:
> Simon Josefsson writes:
>
>> Also, remember that Niels proposal is not about removing these
>> algorithms, just dropping the assembler variant. So they will continue
>> to work fine on these platforms, but will tak
is, will you be doing any
more work on that in the near future? In the meantime, I've reworked the
testing for side-channel silence, so it should be rather
straight-forward to add such tests for sntrup761.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet emai
Tim Kosse writes:
> Whoops, I made a typo in the constant for SHA256, please use this
> revised patch instead.
Thanks, applied and pushed to the master-updates branch for testing.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is s
il now isn't archived anywhere
near the list server.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list -- nettle-bugs@lists.ly
ical attack against the cipher, it
only has a 64-bit block length and was optimized for 32-bit CPUs. If you
are thinking of using this algorithm, I recommend that you use Twofish
instead").
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
also unclear to me when the e bignum above can be
deallocated, does EVP_PKEY_CTX_set1_rsa_keygen_pubexp imply a full copy
into the context?
Next is updating the ecdsa benchmarks, since, e.g.,
EC_KEY_new_by_curve_name, generates deprecation warnings.
Regards,
/Niels
--
Niels Möller. PGP key C
ri params, that's special stuff for the pkcs11
> provider).
What about the first call,
ctx = EVP_PKEY_CTX_new_from_name(NULL, key_type, "provider=pkcs11");
What should I pass for the last argument if I just want openssl's
software implementation, no hardware tokens?
Regards,
/Niels
-benchmark (and
nettle-benchmark) running comparative benchmarks to OpenSSL? Otherwise,
maybe it's not worth the effort to keep and maintain that code.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance
diction? I'm not so familiar with power assembly, but from the AES
code it looks like the relevant instructions are mtctr to initialize the
counter, and bdnz to decrement and branch.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject
S rounds.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list -- nettle-bugs@lists.lysator.liu.se
To unsubscribe send an email
erpc64/p8/ghash-update.asm
> @@ -281,6 +281,48 @@ IF_LE(`
> blr
> EPILOGUE(_nettle_ghash_update)
>
> +C
> +C GCM multification and reduction
> +C All inputs depends on definitions
> +C
> +C .align 5
> +C .global _nettle_gf_mul_4x
> +C
t. But then maybe the side-channel test
shouldn't mark the cryptotext input as secret at all, only the private
key?
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
_
, or somehow run valgrind under qemu.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list -- nettle-bugs@lists.lysator.liu.se
NIIBE Yutaka writes:
> Niels Möller wrote:
>> 1. Do the changes on branch
>>https://git.lysator.liu.se/nettle/nettle/-/tree/sc-is_zero?ref_type=heads
>>help?
>
> Yes. It helps. I confirmed the function cnd_copy has no problem
> with the change (remo
ion is leaky.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list -- nettle-bugs@lists.lysator.liu.se
To unsubscribe send an em
uff until I'm back.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list -- nettle-bugs@lists.lysator.liu.se
To unsubsc
ation. While it can always be
> expanded a lot more, I can't think of any further modifications.
Let's use those docs, then. I don't think I've seen any revision of the
patch after my first round of review, could you post an update (on list
or as a merge request)?
Regards,
/Niels
--
Niels M
nd. Maybe that requires native builds (on real
hardware, or qemu system emulation), maybe it would be possible to do
something like
qemu-aarch64 /usr/aarch64-linux-gnu/bin/valgrind ./foo-test
where foo-test is a cross-compiled arm64 executable? Other options?
Regards,
/Niels
--
Niels Möller. PG
Niels Möller writes:
> I'm migrating nettle's CI setup on this branch,
> https://gitlab.com/gnutls/nettle/-/tree/ci-nettle-build-images?ref_type=heads,
> which is now partly working, both for native and cross builds.
Everything seems to be up and working now, and merged to the mast
appear valid
(but harmless). Test failures of poly1305 on powerpc64el, which I
haven't been able to reproduce in a local cross build + qemu. (poly1305 happens
to be the only ppc assembly depending om power9 features).
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C66
a cross valgrind?
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list -- nettle-bugs@lists.lysator.liu.se
To unsubscribe send an email to nettle
Hi,
I plan to be at PETS 2023 (Privacy Enhancing Technologies Symposium,
https://petsymposium.org/) in Lausanne next week. I'm attending with
my sigsum.org and glasklarteknik.se hats on.
Let me know if you're at the conference (or nearby) and want to meet up.
Regards,
/Niels
--
Niels Möller
ternal.
Since the interface (of the subset you support) is rather simple, and
according to Joachim there are some use cases, I'd lean towards
documenting it.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is s
for consistency, the public/private key should be the first
argument to the encapsulation and decapsulation functions.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
__
Niels Möller writes:
> And int32_divmod_uint14 looked unused.
My mistake, it's not unused. It is used (via int32_mod_uint14) by
F3_freeze and Fq_freeze, which appear to use signed representation, |x|
<= 1 and |x| <= (q-1)/2 respectively.
> For sorting, it may need a minor reor
of an uint64). But aligned is C11, and I
hesitate to require that (while I'm considering requiring C99). And
since this is in public header files and part of the abi, it doesn't
make sense with compiler specific ifdefs.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF3
abi should look like (but, e.g.,
use of union nettle_block16 does affect the abi, I think).
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
seems we divide exclusively with one or a few constants, then we could
precompute needed constants and perhaps simplify a bit.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government survei
g completely different)?
> +Our suggested use-case for DRBG-CTR is to deterministically generate
> +known values from a seed when comparing against expected values for some
> +other algorithm.
That's a rather limited usecase. Do you think it's inappropriate to use,
e.g., to expand a
leak in eccdata. Reported by Noah
Watkins.
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
signature.asc
Description: PGP signature
___
nettle-bugs mailing list
Jussi Kivilinna writes:
> On 15.5.2023 23.21, Niels Möller wrote:
>> Jussi Kivilinna writes:
>>
>>> I ran into memory corruption issue when benchmarking new OCB code.
>>>
>>> I think "dst -= size;" in ocb_crypt_n() should be "dst +=
get all sorts
of weird errors if you have inconsstent object files lying around.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailin
o reproduce the problem.
> Also it would be nice if ocb_aes128 could be added to nettle_aeads
> array for easy access.
Which combination(s) of nonce size and tag size would it be useful to
advertise like that?
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Thanks for the report,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list -- nettle-bugs@lists.lysator.liu.se
To unsubscribe send an
.tar.gz
Happy hacking,
/Niels Möller
NEWS for the Nettle 3.9 release
This release includes bug fixes, several new features, a few
performance improvements, and one performance regression
affecting GCM on certain platforms.
The new version is intended to be fully
Simon Josefsson writes:
> Hi
>
> What do you think?
Looks good, thanks. Merged this, as well as your other doc fix.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government sur
update config.guess and config.sub to
latest versions (previous update in Nettle was a year ago).
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettl
Niels Möller writes:
> If there are no show-stoppers, I may make the release as soon as this
> Wednesday evening (May 10, and for me, evening starts around 17 UTC).
Testing is going rather well. I've found and fixed one bug giving a
compile error in the tests when configured with --d
at tries to handle multiple blocks
more efficiently. See
https://git.lysator.liu.se/nettle/nettle/-/blob/master/testsuite/ocb-test.c#L222
and below.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale gover
and 64-bit sparc.
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list -- nettle-bugs@lists.lysator.liu.se
To unsubscribe send an email
Noah Watkins writes:
> (fwiw sanitizer does report a memory leak when eccdata is
> running at the end of make).
If it looks like the sanitizer could be right, can you share the error
report?
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet
bly files are missing completely, or if they're there but with some
other symbol names (those are tweaked a bit by fat build logic: names
with suffixes like _aesni and _pclmul are typical for fat builds, and
setup by the wrapper files in x86_64/fat/).
Regards,
/Niels
--
Niels Möller. P
Niels Möller writes:
> I've got the code to work, and I've written an x86_64 assembly
> implementation using sse2 instructions. Code on the
> ghash-sidechannel-silent branch. On my laptop, I seem toget these
> numbers:
>
> Old C implementation: 350 MB/s
> Old asm imp
Niels Möller writes:
> In initial benchmarking, this loop appears to run in 4.2 cycles per
> iteration on my laptop, and a slowdown by a factor of 3 compared to the
> current C implementation of ghash_update. Penalty may be a bit less for
> assembly implementation, but I haven't trie
mplementation of AES. It's possible to replace sbox lookups by
bit-slicing techniques (I'm told boringssl includes an aes
implementation doing that), but I haven't look into how that works out.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet em
YMM register holds 26 bits from one of 4 powers,
but then you need more than 5 registers if you need pieces with and with
the premultiply by 5? And also layout of registers used for accumulation.
Sorry I'm a bit slow reviewing.
Regards,
/Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8
1 - 100 of 1221 matches
Mail list logo