Thanks for report. I reproduced this by building i386 with optimizations disabled "-O0" (gcc 10). With normal optimization level such as "-O2", the issue does not appear.

Jan 20 2021, 3:47 PM · Bug Report, Cross-Compiler, libgcrypt

jukivili edited parent tasks for T5256: libgcrypt, convert Intel syntax x86_64 assembly files to AT&T syntax, added: T5255: libgcrypt: build "error: invalid operand for instruction" when compiling with Clang & LTO; removed: T5251: Compile error on ARMv7 for libgcrypt .

Jan 20 2021, 1:24 PM · asm, clang, libgcrypt

jukivili removed a subtask for T5251: Compile error on ARMv7 for libgcrypt : T5256: libgcrypt, convert Intel syntax x86_64 assembly files to AT&T syntax.

Jan 20 2021, 1:24 PM · asm, libgcrypt, Bug Report

jukivili added a subtask for T5255: libgcrypt: build "error: invalid operand for instruction" when compiling with Clang & LTO: T5256: libgcrypt, convert Intel syntax x86_64 assembly files to AT&T syntax.

Jan 20 2021, 1:24 PM · asm, libgcrypt, clang, Bug Report

jukivili added a subtask for T5251: Compile error on ARMv7 for libgcrypt : T5256: libgcrypt, convert Intel syntax x86_64 assembly files to AT&T syntax.

Jan 20 2021, 1:22 PM · asm, libgcrypt, Bug Report

jukivili added a parent task for T5256: libgcrypt, convert Intel syntax x86_64 assembly files to AT&T syntax: T5251: Compile error on ARMv7 for libgcrypt .

Jan 20 2021, 1:22 PM · asm, clang, libgcrypt

jukivili created T5256: libgcrypt, convert Intel syntax x86_64 assembly files to AT&T syntax in the S1 Public space.

Jan 20 2021, 1:21 PM · asm, clang, libgcrypt

jukivili added a comment to T5255: libgcrypt: build "error: invalid operand for instruction" when compiling with Clang & LTO.

Breakage appears to happen in configure.ac. When building with clang without LTO following check gives "no":

Jan 20 2021, 1:14 PM · asm, libgcrypt, clang, Bug Report

Jan 19 2021

jukivili added a comment to T5255: libgcrypt: build "error: invalid operand for instruction" when compiling with Clang & LTO.

Yes, clang + LTO is broken. Maybe there is issue in clang bug tracker for this already?

Jan 19 2021, 11:08 PM · asm, libgcrypt, clang, Bug Report

jukivili added a comment to T5254: libgcrypt 1.9.0 fails make check (selftest).

Maybe this patch helps:

0001-kdf-add-missing-null-terminator-for-self-test-test-v.patch977 BDownload

Jan 19 2021, 11:05 PM · patch, libgcrypt, Bug Report

jukivili added a comment to T5251: Compile error on ARMv7 for libgcrypt .

Thanks for you report.

Jan 19 2021, 7:53 PM · asm, libgcrypt, Bug Report

Jan 16 2021

jukivili committed rC1f75681cbba8: Add s390x/zSeries implementation of Poly1305 (authored by jukivili).

Add s390x/zSeries implementation of Poly1305

Jan 16 2021, 7:06 PM

jukivili committed rC6a0bb9ab7f88: Add s390x/zSeries implementation of ChaCha20 (authored by jukivili).

Add s390x/zSeries implementation of ChaCha20

Jan 16 2021, 7:06 PM

jukivili committed rC1d13794780e3: hwf-s390x: add VX vector instruction set detection (authored by jukivili).

hwf-s390x: add VX vector instruction set detection

Jan 16 2021, 7:06 PM

jukivili committed rC0252cc9b62df: mpi/longlong: add s390x/zSeries macros (authored by jukivili).

mpi/longlong: add s390x/zSeries macros

Jan 16 2021, 7:06 PM

Jan 7 2021

jukivili added a comment to T5195: Incorrect HWCAP2 check for AArch32.

Yes, bug is also in 1.8 branch.

Jan 7 2021, 11:00 PM · libgcrypt, backport, Bug Report

Dec 30 2020

jukivili added a comment to T5201: libgcrypt: s390x/zSeries 128-bit vector implementation of ChaCha20.

Reimplemented 8 block parallel in "vertical" orientation.

Dec 30 2020, 12:29 PM · libgcrypt

jukivili added a comment to T5202: libgcrypt: s390x/zSeries implementation of Poly1305 / ChaCha20-Poly1305 AEAD.

With little extra effort, stitched implementation turned out ok after all.

Dec 30 2020, 12:28 PM · libgcrypt

jukivili renamed T5202: libgcrypt: s390x/zSeries implementation of Poly1305 / ChaCha20-Poly1305 AEAD from libgcrypt: s390x/zSeries 128-bit vector implementation of Poly1305 to libgcrypt: s390x/zSeries implementation of Poly1305 / ChaCha20-Poly1305 AEAD.

Dec 30 2020, 12:24 PM · libgcrypt

Dec 28 2020

jukivili committed rC6b6bfd57d0a6: hwf-arm: fix incorrect HWCAP2 for SHA1 and SHA2 on AArch32 (authored by jukivili).

hwf-arm: fix incorrect HWCAP2 for SHA1 and SHA2 on AArch32

Dec 28 2020, 5:49 PM

jukivili committed rCe47f04b4a289: Add missing prototype for _gcry_mac_selftest (authored by jukivili).

Add missing prototype for _gcry_mac_selftest

Dec 28 2020, 5:49 PM

Dec 22 2020

jukivili added a comment to T5200: libgcrypt: s390x/zSeries SHA3 acceleration.

Applied to s390x optimizations feature branch:
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=7532e27cacb74c92fd561524a0897163b0fcd7f4

Dec 22 2020, 9:03 PM · libgcrypt

jukivili added a comment to T5198: libgcrypt: s390x/zSeries SHA256/SHA512 acceleration.

Applied to s390x optimizations feature branch:
SHA256: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=0b555c3cc7c2b80ec2628685946a6139a1996911
SHA512: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=45f0ec0c4e3b08627cbf7e65f5f110c321710d01

Dec 22 2020, 9:02 PM · libgcrypt

jukivili added a comment to T5203: libgcrypt: s390x/zSeries SHA1 acceleration.

Applied to s390x optimizations feature branch:
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=88570515b4ca92a44c4e40c31f877c11cc00ab68

Dec 22 2020, 9:02 PM · libgcrypt

jukivili added a comment to T5199: libgcrypt: s390x/zSeries GHASH/AES-GCM acceleration.

Applied to s390x optimizations feature branch:
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=5aeb091f911398217b2e9facb9bdeb05c63d7844

Dec 22 2020, 9:01 PM · libgcrypt

jukivili added a comment to T5197: libgcrypt: s390x/zSeries AES acceleration.

Applied to s390x optimizations feature branch:
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9219d9d1b60c01a4c7dbde05ee6b5b52e0d7d072

Dec 22 2020, 9:00 PM · libgcrypt

jukivili added a comment to T5202: libgcrypt: s390x/zSeries implementation of Poly1305 / ChaCha20-Poly1305 AEAD.

Implemented stitched ChaCha20-Poly1305 (vector ChaCha20 & ALU Poly1305). Unfortunately performance is less than OpenSSL (vector ChaCha20 & vector Poly1305). Instruction latencies make Poly1305 slower than combined OpenSSL ChaCha20+Poly1305, thus it is not possible to reach same performance with stitching. Vector Poly1305 implementation is therefore needed.

Dec 22 2020, 9:24 AM · libgcrypt

jukivili added a comment to T5201: libgcrypt: s390x/zSeries 128-bit vector implementation of ChaCha20.

Currently have 8 block parallel implementation done. Need to check if 6 block parallel approach is better (as used in OpenSSL - benefit being less register pressure and less moving of data between registers and stack).

Dec 22 2020, 9:20 AM · libgcrypt

jukivili renamed T5198: libgcrypt: s390x/zSeries SHA256/SHA512 acceleration from libgcrypt: s390x/zSeries SHA1/SHA256/SHA512 acceleration to libgcrypt: s390x/zSeries SHA256/SHA512 acceleration.

Dec 22 2020, 9:14 AM · libgcrypt

jukivili created T5203: libgcrypt: s390x/zSeries SHA1 acceleration in the S1 Public space.

Dec 22 2020, 9:14 AM · libgcrypt

jukivili created T5202: libgcrypt: s390x/zSeries implementation of Poly1305 / ChaCha20-Poly1305 AEAD in the S1 Public space.

Dec 22 2020, 9:04 AM · libgcrypt

jukivili created T5201: libgcrypt: s390x/zSeries 128-bit vector implementation of ChaCha20 in the S1 Public space.

Dec 22 2020, 9:03 AM · libgcrypt

jukivili created T5200: libgcrypt: s390x/zSeries SHA3 acceleration in the S1 Public space.

Dec 22 2020, 9:00 AM · libgcrypt

jukivili renamed T5198: libgcrypt: s390x/zSeries SHA256/SHA512 acceleration from libgcrypt: s380x/zSeries SHA1/SHA256/SHA512 acceleration to libgcrypt: s390x/zSeries SHA1/SHA256/SHA512 acceleration.

Dec 22 2020, 8:59 AM · libgcrypt

jukivili created T5199: libgcrypt: s390x/zSeries GHASH/AES-GCM acceleration in the S1 Public space.

Dec 22 2020, 8:59 AM · libgcrypt

jukivili created T5198: libgcrypt: s390x/zSeries SHA256/SHA512 acceleration in the S1 Public space.

Dec 22 2020, 8:58 AM · libgcrypt

jukivili created T5197: libgcrypt: s390x/zSeries AES acceleration in the S1 Public space.

Dec 22 2020, 8:56 AM · libgcrypt

jukivili added a parent task for T5196: libgcrypt: s390x/zSeries performance improvements: T4460: libgcrypt performance TODOs.

Dec 22 2020, 8:53 AM · libgcrypt

jukivili added a subtask for T4460: libgcrypt performance TODOs: T5196: libgcrypt: s390x/zSeries performance improvements.

Dec 22 2020, 8:53 AM · libgcrypt

jukivili updated the task description for T5196: libgcrypt: s390x/zSeries performance improvements.

Dec 22 2020, 8:53 AM · libgcrypt

jukivili created T5196: libgcrypt: s390x/zSeries performance improvements in the S1 Public space.

Dec 22 2020, 8:51 AM · libgcrypt

jukivili claimed T5195: Incorrect HWCAP2 check for AArch32.

Thanks for reporting this. You are correct, those HWCAP2_SHA1 and HWCAP2_SHA2 defines are wrong.

Dec 22 2020, 8:42 AM · libgcrypt, backport, Bug Report

Dec 18 2020

jukivili committed rC7532e27cacb7: Add s390x/zSeries acceleration for SHA3 (authored by jukivili).

Add s390x/zSeries acceleration for SHA3

Dec 18 2020, 9:49 PM

jukivili committed rC45f0ec0c4e3b: Add s390x/zSeries acceleration for SHA512 (authored by jukivili).

Add s390x/zSeries acceleration for SHA512

Dec 18 2020, 9:49 PM

jukivili committed rC0b555c3cc7c2: Add s390x/zSeries acceleration for SHA256 (authored by jukivili).

Add s390x/zSeries acceleration for SHA256

Dec 18 2020, 9:49 PM

jukivili committed rC5aeb091f9113: Add bulk AES-GCM acceleration for s390x/zSeries (authored by jukivili).

Add bulk AES-GCM acceleration for s390x/zSeries

Dec 18 2020, 9:49 PM

jukivili committed rC88570515b4ca: Add s390x/zSeries acceleration for SHA1 (authored by jukivili).

Add s390x/zSeries acceleration for SHA1

Dec 18 2020, 9:49 PM

jukivili committed rCf4e63e92dc0b: Add bulk function interface for GCM mode (authored by jukivili).

Add bulk function interface for GCM mode

Dec 18 2020, 9:49 PM

jukivili committed rC9219d9d1b60c: Add s390x/zSeries acceleration for AES (authored by jukivili).

Add s390x/zSeries acceleration for AES

Dec 18 2020, 9:49 PM

jukivili committed rCf12b6788f229: Add bulk function interface for OFB mode (authored by jukivili).

Add bulk function interface for OFB mode

Dec 18 2020, 9:49 PM

jukivili committed rC128054767d5f: hwf: add detection of s390x/zSeries hardware features (authored by jukivili).

hwf: add detection of s390x/zSeries hardware features

Dec 18 2020, 9:49 PM

jukivili committed rC0e37bb32e215: tests/bench-slope: use same benchmarking for XTS as for other modes (authored by jukivili).

tests/bench-slope: use same benchmarking for XTS as for other modes

Dec 18 2020, 9:49 PM

jukivili committed rCc59b5b03a063: aarch64: mpi/longlong.h: fix operand size mismatch (authored by jukivili).

aarch64: mpi/longlong.h: fix operand size mismatch

Dec 18 2020, 7:23 PM

jukivili committed rC8352b0ece523: aarch64: use configure check for assembly ELF directives support (authored by jukivili).

aarch64: use configure check for assembly ELF directives support

Dec 18 2020, 7:23 PM

Dec 3 2020

jukivili committed rC2065720b5b06: tests/basic: check 32-bit and 64-bit overflow for CTR and ChaCha20 (authored by jukivili).

tests/basic: check 32-bit and 64-bit overflow for CTR and ChaCha20

Dec 3 2020, 8:04 PM

jukivili committed rC1a83df98b198: Prevent link-time optimization from inlining __gcry_burn_stack (authored by jukivili).

Prevent link-time optimization from inlining __gcry_burn_stack

Dec 3 2020, 8:04 PM

jukivili committed rCed45eac3b721: chacha20-ppc: fix 32-bit counter overflow handling (authored by jukivili).

chacha20-ppc: fix 32-bit counter overflow handling

Dec 3 2020, 8:04 PM

jukivili added a comment to T5157: libgcrypt: ARM64 Builds on macOS fail.

AArch64 clang support was added to 'master' on 2018-03-28. One would need to backport commits 8ee38806245ca8452051b1a245f44082323f37f6...9b58e4a03ba3aeff7bae3f40da706977870c9649 to 1.8 branch.

Dec 3 2020, 7:39 PM · toolchain, MacOS, libgcrypt, Bug Report

Nov 30 2020

jukivili added a comment to T5157: libgcrypt: ARM64 Builds on macOS fail.

Another issue that comes in to mind is that current ARM/ARM64 HW feature detection most likely wont work on MacOS. Thus HW accelerated AES&SHA&GHASH implementation wont be used.

Nov 30 2020, 8:54 AM · toolchain, MacOS, libgcrypt, Bug Report

jukivili added a comment to T5157: libgcrypt: ARM64 Builds on macOS fail.

HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS is never defined on ARM64 as it depends on "$mpi_cpu_arch" == "x86". Instead I think new check for GCC assembly ELF directives would be needed in configure.ac, similar to HAVE_GCC_ASM_CFI_DIRECTIVES check. Following check should work, but I have not yet tested it:

Nov 30 2020, 6:49 AM · toolchain, MacOS, libgcrypt, Bug Report

Oct 1 2020

jukivili committed rC4a50c6b88d6d: tests: Fix typo in comment (authored by Tianjia Zhang <tianjia.zhang@linux.alibaba.com>).

tests: Fix typo in comment

Oct 1 2020, 7:36 AM

jukivili committed rC2051d5bd6f73: rijndael: clean-up prepare_decryption function (authored by jukivili).

rijndael: clean-up prepare_decryption function

Oct 1 2020, 7:36 AM

jukivili committed rC7679c918ade9: rijndael: clean-up generic bulk functions (authored by jukivili).

rijndael: clean-up generic bulk functions

Oct 1 2020, 7:36 AM

jukivili committed rC51271eb86bcb: cipher: setup bulk functions at each algorithms key setup (authored by jukivili).

cipher: setup bulk functions at each algorithms key setup

Oct 1 2020, 7:36 AM

jukivili committed rCe0829ae648d9: rijndael: tidy do_setkey little bit (authored by jukivili).

rijndael: tidy do_setkey little bit

Oct 1 2020, 7:36 AM

Sep 30 2020

jukivili committed rCf96989f0e908: rijndael-aesni: tweak x86_64 AES-NI for better performance on AMD Zen2 (authored by jukivili).

rijndael-aesni: tweak x86_64 AES-NI for better performance on AMD Zen2

Sep 30 2020, 10:54 PM

Aug 29 2020

jukivili updated subscribers of D501: VPMSUMD accelleration for GCM mode on PPC.

So, things I see are needed to be done for inclusion of this patch are:

GNU C coding style fixes.
Adding comment about that this implementation is based on GHASH implementation by Andy Polyakov with original license. This needs to be checked with @werner , but I think following would be sufficient:

Aug 29 2020, 6:30 PM

Aug 3 2020

jukivili committed rC8d7b1d0a52bd: chacha20-aarch64: improve performance through higher SIMD interleaving (authored by jukivili).

chacha20-aarch64: improve performance through higher SIMD interleaving

Aug 3 2020, 10:23 PM

jukivili committed rC886120f33bd3: Enable jitter entropy also on non-x86 architectures (authored by jukivili).

Enable jitter entropy also on non-x86 architectures

Aug 3 2020, 10:23 PM

jukivili committed rCf1c3db3bf40e: tests/bench-slope: improve CPU frequency auto-detection (authored by jukivili).

tests/bench-slope: improve CPU frequency auto-detection

Aug 3 2020, 10:23 PM

jukivili committed rC4c0e244fc53e: Camellia AES-NI/AVX/AVX2 size optimization (authored by jukivili).

Camellia AES-NI/AVX/AVX2 size optimization

Aug 3 2020, 10:23 PM

jukivili committed rC4ed9b9494854: random/jitterentropy: fix USE_JENT == JENT_USES_GETTIME code path (authored by jukivili).

random/jitterentropy: fix USE_JENT == JENT_USES_GETTIME code path

Aug 3 2020, 10:23 PM

Jun 29 2020

jukivili added a comment to D501: VPMSUMD accelleration for GCM mode on PPC.

When I took side-by-side comparison of cryptogams version to this patch, what I find is that they are strikingly similar. Operation/instruction ordering matches closely to parts of ghashp8-ppc.pl. In many parts variable/register names are the same also.