New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Windows and incorrect results for AES when used on CPUs without AES-NI #649

Closed
rajkosto opened this Issue Apr 30, 2018 · 14 comments

Comments

Projects
None yet
6 participants
@rajkosto

rajkosto commented Apr 30, 2018

Crypto++ Issue Report

Windows 7 - Windows 10 latest x64
Crypto++ 7.0.0
Compiled with Visual Studio 2017 latest version as of this writing (15.6.7) via cryptest.sln
(Building everything exactly the same with Visual Studio 2013 version 12.0.40629.00 Update 5 or Visual Studio 2015 Update 3, this bug does not happen)
After building either the dll or static library in Release x64 mode (Debug mode is fine, as are both Win32 builds), running dlltest.exe/cryptest.exe on a CPU with AES-NI instructions passes the AES tests, but when run on a CPU without AES-NI instructions the AES test fails (due to completely wrong output bytes). This can also be simulated on AES-NI CPUs by just setting g_AESNI = false; in DetectX86Features instead of reading it from CPUID.

rajkosto added a commit to rajkosto/deps-cryptopp that referenced this issue Apr 30, 2018

@noloader

This comment has been minimized.

Collaborator

noloader commented May 1, 2018

Thanks @rajkosto.

So I am clear, this is the summary:

  • Visual Studio 2017 (15.6.7), Release, AESNI - PASS
  • Visual Studio 2017 (15.6.7), Release, no AESNI - FAIL
  • Visual Studio 2015, Release, AESNI - PASS
  • Visual Studio 2015, Release, no AESNI - PASS
  • Visual Studio 2013, Release, AESNI - PASS
  • Visual Studio 2013, Release, no AESNI - PASS

Is that correct?

Also, could you download Sysinternal's Coreinfo and post the results?

This may be tough for me to work on because I may not be able to duplicate it. Let's ping @MarcelRaad since he performs a lot of Windows work.


This can also be simulated on AES-NI CPUs by just setting g_AESNI = false; in DetectX86Features instead of reading it from CPUID.

Setting just g_AESNI = false may miss the mark a bit. I think both g_AESNI and g_hasCLMUL should probably be either set or unset. But splitting them may make for a good test case, too.

Are you aware of any CPUs that split AES and CLMUL?

@noloader

This comment has been minimized.

Collaborator

noloader commented May 1, 2018

So it looks like encryption is OK. The problem appears to be on the decryption path for ECB and CBC mode. Below, notice the "incorrectly decrypted". That is the second known answer test (with the first being encryption).

The results below were produced with the following change. Windows is bad while Linux is OK:

$ git diff cpu.cpp
diff --git a/cpu.cpp b/cpu.cpp
index ef0ddf6..c5bc360 100644
--- a/cpu.cpp
+++ b/cpu.cpp
@@ -242,7 +242,7 @@ void DetectX86Features()
        g_hasSSSE3 = g_hasSSE2 && ((cpuid1[2] & (1<< 9)) != 0);
        g_hasSSE41 = g_hasSSE2 && ((cpuid1[2] & (1<<19)) != 0);
        g_hasSSE42 = g_hasSSE2 && ((cpuid1[2] & (1<<20)) != 0);
-       g_hasAESNI = g_hasSSE2 && ((cpuid1[2] & (1<<25)) != 0);
+       //g_hasAESNI = g_hasSSE2 && ((cpuid1[2] & (1<<25)) != 0);^M
        g_hasCLMUL = g_hasSSE2 && ((cpuid1[2] & (1<< 1)) != 0);

And the failed decryption:

c:\Users\Test\cryptopp>.\cryptest.exe tv aes
Using seed: 1525138484

Testing SymmetricCipher algorithm AES/ECB.

incorrectly decrypted: D6D069162B19B0E8D0D9401D973B80107EE162BB46A80A88896878CDB
9416DE41E3778C479C18459673AFD875D84213A1A8427CBC3FAAB9C1DB4C458101EB1B4
AlgorithmType: SymmetricCipher
Ciphertext: 3ad77bb40d7a3660a89ecaf32466ef97 f5d3d58503b9699de785895a96fdbaaf 43
b1cd7f598ece23881b00e3ed030688 7b0c785e27e8ad3f8223207104725dd4
Comment: F.1.1 ECB-AES128.Encrypt
Key: 2b7e151628aed2a6abf7158809cf4f3c
Name: AES/ECB
Plaintext: 6bc1bee22e409f96e93d7e117393172a ae2d8a571e03ac9c9eb76fac45af8e51 30c
81c46a35ce411e5fbc1191a0a52ef f69f2445df4f9b17ad2b417be66c3710
Source: NIST Special Publication 800-38A
Test: Encrypt

Test FAILED.
Skipping to next test.

incorrectly decrypted: 921237DF0D3EB491E5C1FD2150294B3A094E4C5898B68A9FF7A2BE05F
6F47ED659B1F5E268DB2E968D675C937C1E5D807851D6CDD81DF62555B463F048537343
AlgorithmType: SymmetricCipher
Ciphertext: bd334f1d6e45f25ff712a214571fa5cc 974104846d0ad3ad7734ecb3ecee4eef ef
7afd2270e2e60adce0ba2face6444e 9a4b41ba738d6c72fb16691603c18e0e
Comment: F.1.3 ECB-AES192.Encrypt
Key: 8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b
Name: AES/ECB
Plaintext: 6bc1bee22e409f96e93d7e117393172a ae2d8a571e03ac9c9eb76fac45af8e51 30c
81c46a35ce411e5fbc1191a0a52ef f69f2445df4f9b17ad2b417be66c3710
Source: NIST Special Publication 800-38A
Test: Encrypt

Test FAILED.
Skipping to next test.

incorrectly decrypted: 6200164DC594B5C590D7F3D7D4CBD6AD79E539D269B9A2B279B8F3D7F
790B60346457BAA6CBC243AA5406563A890B2F1B7DC0F989FFF0E1FAF61E39605FAFD53
AlgorithmType: SymmetricCipher
Ciphertext: f3eed1bdb5d2a03c064b5a7e3db181f8 591ccb10d410ed26dc5ba74a31362870 b6
ed21b99ca6f4f9f153e7b1beafed1d 23304b7a39f9f3ff067d8d8f9e24ecc7
Comment: F.1.5 ECB-AES256.Encrypt
Key: 603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4
Name: AES/ECB
Plaintext: 6bc1bee22e409f96e93d7e117393172a ae2d8a571e03ac9c9eb76fac45af8e51 30c
81c46a35ce411e5fbc1191a0a52ef f69f2445df4f9b17ad2b417be66c3710
Source: NIST Special Publication 800-38A
Test: Encrypt

Test FAILED.
Skipping to next test.

incorrectly decrypted: 79EB66F64B5861BC0521238B2CCBCE1E79696768C2ED02ED074DEE9FE
12E43091DE97B5A7465FA486F7883FBED9AAB77C46F0D58FC1BAA130772C2EF8EFC7D33FF48A480A
C06C9BF6599BE6553B2637691B2EA1A157C3E70377E4E686B6598FFC4007C1EB7454A75B6F4F36B6
F5634C268798F9DACA2E99DD7FB5CCECB66245DE18B74A5F9D47D49C3F1F97C67FF6412FC8FEECB9
3220349EFCD3246FD5391B80301B55BE6B167B27C81243F563591FEFBB0E43B9371214CB116F4718
EA909CEB6AB3D2C36DA2CADBE7EFD7C10A96618EC6148BD7C7EEB4980AE710534EF1CC59A8735557
3B1298E5E17CEE3FBDB0CB96D71E0389395E76DF05727484FBFB0C1
AlgorithmType: SymmetricCipher
Ciphertext: 84C6CBDC2B5A39985774B23BAB066A6AF8CB66C08E4F058E5D3E7C351EA845CEC7B2
09210EE7EFD38269628687F21CB9BCEA349DC0418ADBA2BF2364DF4DB1A11AD84CF6A422CE95C37B
2CF81196245CD857D0B954B83985C1888230F3C301847AAF714253EF768C17E89E4F5513DBD5BEE1
266A2B2D7063CE3D0BA8716252C5BCBB9922CD46F374B52FDFF1FEBF155FF4AFEE18788999BC7423
4A3FFBA7B2858BB2552F172E56EC47456878440ABB5ADAE49941C1E43616AC5D6E31A011611B829F
6A77BE1F50754F81F35D24ED89FDE804B17363F9A81C3F12AE067FDD41A2984912CAE1926C5FB3AC
18E541FA4AD1E171888E61428F2A8F2E981AE16D0D4E41D33E5E675F446DAE0F454FC4CA056F41F3
CC4744A9E948428B2280F96663B7230C09692503C95B3E34F8DE8DF23157F45BDF689B258D994D9E
6CE5D4DD6BDB96763CCC41DBBE57A4778D5A9E90226D614C335E44CA8AB41EFEA898BC170C65412F
77194A43A1305EF23AC70B059E6E047796EF518D7696BC3DAD5E2634F92DD1C90D206A2B6D3A7CE8
8668BEAD64614E9000ACFBA79EB3601606214E21E08F14CE77E36BB66FE4A0FCD2A21BCAA2391A9C
2016AC3BC7CDF1438EB6DD26696644583E2B0A0C68629D736F6723DF66859CF80B4E5B5C5BF03F33
4D65C48DB3B2660E2CE33B510FD60C912B85D16AEE7CDBFDF6285B0A77BAE07D987F9CE172A548E6
BF0A30CF099AA82BE0A25E0E8919
Comment: long test vector
Key: 2b7e151628aed2a6abf7158809cf4f3c
Name: AES/ECB
Plaintext: r8 006bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51
30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c371000
Source: Generated by Crypto++ 5.6.1
Test: Encrypt

Test FAILED.
Skipping to next test.

Testing SymmetricCipher algorithm AES/CBC.

incorrectly decrypted: 314F49DEEE6BFE3F039F04872CE6464DC61F845708754DB5EFC821B74
95B1738B80178DF176BF56FBA6612C30B05BCE451ECE854B1CFEC5AF56531CABCFB3556
AlgorithmType: SymmetricCipher
Ciphertext: 7649abac8119b246cee98e9b12e9197d 5086cb9b507219ee95db113a917678b2 73
bed6b8e3c1743b7116e69e22229516 3ff1caa1681fac09120eca307586e1a7
Comment: F.2.1 CBC-AES128.Encrypt
IV: 000102030405060708090a0b0c0d0e0f
Key: 2b7e151628aed2a6abf7158809cf4f3c
Name: AES/CBC
Plaintext: 6bc1bee22e409f96e93d7e117393172a ae2d8a571e03ac9c9eb76fac45af8e51 30c
81c46a35ce411e5fbc1191a0a52ef f69f2445df4f9b17ad2b417be66c3710
Source: NIST Special Publication 800-38A
Test: Encrypt

Test FAILED.
Skipping to next test.

incorrectly decrypted: FA34BB33F17DAA3E3573D54E86D384D52069F2226B1BC3FE0BBE6F84F
40BEBF64F26C5C1D8B57F24F91175A8C7685BE714A5C695153E7555D3C1658956EE07FD
AlgorithmType: SymmetricCipher
Ciphertext: 4f021db243bc633d7178183a9fa071e8 b4d9ada9ad7dedf4e5e738763f69145a 57
1b242012fb7ae07fa9baac3df102e0 08b0e27988598881d920a9e64f5615cd
Comment: F.2.3 CBC-AES192.Encrypt
IV: 000102030405060708090a0b0c0d0e0f
Key: 8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b
Name: AES/CBC
Plaintext: 6bc1bee22e409f96e93d7e117393172a ae2d8a571e03ac9c9eb76fac45af8e51 30c
81c46a35ce411e5fbc1191a0a52ef f69f2445df4f9b17ad2b417be66c3710
Source: NIST Special Publication 800-38A
Test: Encrypt

Test FAILED.
Skipping to next test.

incorrectly decrypted: A0B9FB65B1F3D181F38C457BBE48A03F07EE79AD36E34FEB4B5058515
1C57766DBC92CC57A470AE715733A202CC247873EE10597FB65EF6D0631C6EE9A5F6177
AlgorithmType: SymmetricCipher
Ciphertext: f58c4c04d6e5f1ba779eabfb5f7bfbd6 9cfc4e967edb808d679f777bc6702c7d 39
f23369a9d9bacfa530e26304231461 b2eb05e2c39be9fcda6c19078c6a9d1b
Comment: F.2.5 CBC-AES256.Encrypt
IV: 000102030405060708090a0b0c0d0e0f
Key: 603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4
Name: AES/CBC
Plaintext: 6bc1bee22e409f96e93d7e117393172a ae2d8a571e03ac9c9eb76fac45af8e51 30c
81c46a35ce411e5fbc1191a0a52ef f69f2445df4f9b17ad2b417be66c3710
Source: NIST Special Publication 800-38A
Test: Encrypt

Test FAILED.
Skipping to next test.

incorrectly decrypted: 05704C39B186F020E69A94CBBE6D70D9
AlgorithmType: SymmetricCipher
Ciphertext: 0xe353779c1079aeb82708942dbe77181a
Comment: Case 1: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
IV: 0x3dafba429d9eb430b422da802c9fac41
Key: 0x06a9214036b8a15b512e03d534120006
Name: AES/CBC
Plaintext: "Single block msg"
Source: RFC 3602
Test: Encrypt

Test FAILED.
Skipping to next test.

incorrectly decrypted: A078D6E183882264FF0FD2C04E7A6285263E4B71846F5D38DC4918A3F
99DCAEA
AlgorithmType: SymmetricCipher
Ciphertext: 0xd296cd94c2cccf8a3a863028b5e1dc0a              7586602d253cfff91b82
66bea6d61ab1
Comment: Case 2: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
IV: 0x562e17996d093d28ddb3ba695a2e6f58
Key: 0xc286696d887c9aa0611bbb3e2025a45a
Name: AES/CBC
Plaintext: 0x000102030405060708090a0b0c0d0e0f              101112131415161718191
a1b1c1d1e1f
Source: RFC 3602
Test: Encrypt

Test FAILED.
Skipping to next test.

incorrectly decrypted: 0AB24F26E95A18AD050CC60F6A40B67E9817910E599A6AE01AD5B8DDC
DEE91E28D5D1B88A4D9802A697DEE2AF25FC859
AlgorithmType: SymmetricCipher
Ciphertext: 0xd0a02b3836451753d493665d33f0e886              2dea54cdb293abc75069
39276772f8d5              021c19216bad525c8579695d83ba2684
Comment: Case 3: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
IV: 0xc782dc4c098c66cbd9cd27d825682c81
Key: 0x6c3ea0477630ce21a2ce334aa746c2cd
Name: AES/CBC
Plaintext: "This is a 48-byte message (exactly 3 AES blocks)"
Source: RFC 3602
Test: Encrypt

Test FAILED.
Skipping to next test.

incorrectly decrypted: 3C763B4ACE39312559C92383B6C722C5DE4673E8E089A4745AFBF2098
9C75F6D295E27DA3639AEA134F774481DEB17CF62709B804BE6213AE5F494CAE553B023
AlgorithmType: SymmetricCipher
Ciphertext: 0xc30e32ffedc0774e6aff6af0869f71aa              0f3af07a9a31a9c684db
207eb0ef8e4e              35907aa632c3ffdf868bb7b29d3d46ad              83ce9f9a
102ee99d49a53e87f4c3da55
Comment: Case 4: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
IV: 0x8ce82eefbea0da3c44699ed7db51b7d9
Key: 0x56e47a38c5598974bc46903dba290349
Name: AES/CBC
Plaintext: 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf              b0b1b2b3b4b5b6b7b8b9b
abbbcbdbebf              c0c1c2c3c4c5c6c7c8c9cacbcccdcecf              d0d1d2d3d
4d5d6d7d8d9dadbdcdddedf
Source: RFC 3602
Test: Encrypt

Test FAILED.
Skipping to next test.

incorrectly decrypted: 34BFE889866736EBFBEC1222152644FB1C415CF371B9271845B3677A9
1F8DC5644871412B1AE9E2455C84BF1CF08B3EF56DDA6F5D8BAD05BA73660561D9F611539BE20777
8BEE3393AA0948FC4D3DE3D6300EC891A49F357EAF549AB85C5F26C3BF929226624DCF376A9E4A81
526D2CD4C00409E86F011707140538787E5E8CF1DAF91436DDB4BC0CEE03052CEDC1E09302599232
D415C25BC1707DC797E170145CA9505DE5B3E0B649C256CF715884B76D7C0D15F7636BBB44128BAE
D5A069EAD84EE9C817C1CBDC2781483AB3AFE92F7FC3523F209F2146E9146C602F74CABF075E8D26
523FCA1BB67F009667F4A3AFE30B591BC2616232D436449C5852886
AlgorithmType: SymmetricCipher
Ciphertext: 6544CCA076C4D67C1A69DD7E504C6586FBD22912505E187D8628E19FA067D6C339D0
78E3032B8596DA74BB0E23434F83E153D5ACD5DEF7D264F58EC685317BF50C93430791718D6E09CC
C4804FFE4EEB5C6AD8E9B5DFD456EDE81081627A97FC2FAE9F1955377D7774E68EAB541B20CE3C91
5185BCA208EE08428C400043F2DC90B0390756762C9271946FCE214B9576F74399E466DAC48C6DD1
0B420F302941DCC27D55CF1FB59D71954950CAD893FFFA70970D128C77BFA34F3C84B0B64A01194A
086ACDD9847D6B91B7F870D0E7591CA07F0B407005F1473C37A648F6E18044336F30418BA43FD7AA
5B5BAE01A0E33B1EDA4487730F043E202DE44CB901BD3AED13D790D05F325C414831EB601BD91867
8C1B8E116877CE1167F87204B49619D323713F95C04CA9621FDCF44BD21C5E36A299C486C8FC0D30
43EDFF424B9A7AA5500DC3BD7BF6FAB256E6B45B458058DC933F1FF8C5E841BFC7F405761E14B12B
48C1C108F33BF8D65BB8DBB9ED7E92398E779333730F4C68922AA76409E842E76B649B981B826918
6220ACFF9DFA198D62CBF4CFA0FE05C1427CE63A345A61FE460D14EF25D7A89E2E228B415757B4E4
110B6AFA7D85D48C3BCF184FDD7366F06D9E3D29896B0D3C0D83FCFA881E6EC5F29B0294628EDFF2
84E58B7BE19D37A6B28D70DC0F165A4B60CE5536D76D1A71849C36B0837E4E5082A05208CEEB320C
57F0F5B86DC3CAAC8A32DEA9552D
Comment: long test vector
IV: f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
Key: 2b7e151628aed2a6abf7158809cf4f3c
Name: AES/CBC
Plaintext: r8 006bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51
30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c371000
Source: Generated by Crypto++ 5.6.1
Test: Encrypt

Test FAILED.
Skipping to next test.

Testing SymmetricCipher algorithm AES/CFB.
.......
Testing SymmetricCipher algorithm AES/OFB.
....
Testing SymmetricCipher algorithm AES/CTR.
.............
Tests complete. Total tests = 36. Failed tests = 12.
SOME TESTS FAILED!
@rajkosto

This comment has been minimized.

rajkosto commented May 1, 2018

You asked for coreinfos for some reason:
main computer that has AES-NI: https://pastebin.com/uygYZs0W
old laptop that doesn't have AES-NI: https://pastebin.com/v0dmjW9Z

while no CPUs before Sandy Bridge have AES-NI, it's not strictly an age thing, recently released Pentiums also don't have AES-NI (Intel considers it some sort of exclusive feature, so the cheapest CPUs don't get it)

And yes, the Visual Studio version breakdown you posted is correct, unfortunately due to the web installer I cannot retrieve 2017 initial release version to test with (and there have been at least 3 compiler updates since then)

@noloader

This comment has been minimized.

Collaborator

noloader commented May 2, 2018

Thanks @rajkosto.

It looks like (to me) there's nothing unusual with the cpu features.

I'm guessing the issue has something to do with decryption key setup, but it is just a guess at this point.

I checked in a change that allowed us to test /permissive (Commit 91faa5d399e83f38):

c:\Users\Test\Desktop\cryptopp>msbuild /m /p:Configuration=Release;Platform=x64,
WindowsTargetPlatformVersion=10.0.16299.0,PlatformToolset=v141 /p:AdditionalOpti
ons=/permissive cryptlib.vcxproj

/permissive did not help the issue. I'm guessing this is a code generation problem with VC++. If you could, please file a bug report against Microsoft at MSDN Connect. It looks like you want "DevDiv / Visual Studio and .NET Framework (Connect Site ID 210)" nowadays.

noloader added a commit that referenced this issue May 2, 2018

@MarcelRaad

This comment has been minimized.

Contributor

MarcelRaad commented May 2, 2018

@noloader /permissive currently has no effect, only /permissive- has.

@noloader

This comment has been minimized.

Collaborator

noloader commented May 3, 2018

Thanks @MarcelRaad.

/permissive- did not help. Ugh...

@noloader

This comment has been minimized.

Collaborator

noloader commented May 6, 2018

@rajkosto,

I was looking at our Appveyor CI build results. Appveyor test Visual Studio 2013 through Visual Studio 2017 in both debug and release builds. We are still not showing a failure.

I don't see a version of the compiler listed with the Appveyor builds, however. I'm guessing this is a recent break on Microsoft's part.

@noloader noloader changed the title from AES crypto is giving completely wrong results when used on CPUs without AES-NI in CryptoPP 7.0.0 x64 Release build to Windows and incorrect results for AES when used on CPUs without AES-NI May 11, 2018

@kpi6288

This comment has been minimized.

kpi6288 commented May 15, 2018

We also observed this issue on a fairly new server machine E5-2690 where someone had turned off AES-NI for some reason.

Note that we saw this only in combination with DES DEFAULT_PADDING. Regeression tests run fine.

We found a workaround in adding the following statement as the first line in rijndael.cpp:
#pragma optimize ("", off)

@smessmer

This comment has been minimized.

smessmer commented Sep 26, 2018

What's the status on this? Can I build a release binary with MSVC 2017 and assume it works? Unfortunately, I don't have a non-AESNI CPU at hand.

@noloader

This comment has been minimized.

Collaborator

noloader commented Sep 26, 2018

@smessmer,

Can I build a release binary with MSVC 2017 and assume it works? Unfortunately, I don't have a non-AESNI CPU at hand.

I'm not sure at the moment.

@effolkronium

This comment has been minimized.

effolkronium commented Oct 5, 2018

This bug have broke a whole day for me!

@noloader

This comment has been minimized.

Collaborator

noloader commented Oct 8, 2018

@rajkosto, @MarcelRaad, @smessmer , @effolkronium

I have two questions.

  1. Did anyone with a MSDN account file an issue with Microsoft? (I don't have an account. I wrote to Microsoft and asked for one but they did not respond to my email).

  2. Do we know what versions of the Microsoft compiler are affected? (We need to determine the scope of the problem, but I lack a thorough Windows testing environment).

For (2) we will probably have to use !kpi6288 workaround until a better one comes along.

@noloader

This comment has been minimized.

Collaborator

noloader commented Nov 6, 2018

I think I have this isolated a bit, and I think we can mostly clear this issue. I'm working from the pragma optimize page on MSDN.

The following enables small or fast machine code optimizations and executes correctly:

#if defined(_MSC_VER) && (_MSC_VER >= 1910)
# pragma optimize("", off)
# pragma optimize("ts", on)
#endif

The following enables global optimizations and fails:

#if defined(_MSC_VER) && (_MSC_VER >= 1910)
# pragma optimize("", off)
# pragma optimize("g", on)
#endif

I think we can live without global optimizations.

noloader added a commit that referenced this issue Nov 6, 2018

@noloader

This comment has been minimized.

Collaborator

noloader commented Nov 6, 2018

Cleared at Commit f57df06c5e6d.

@noloader noloader closed this Nov 6, 2018

noloader added a commit that referenced this issue Nov 9, 2018

Fix global optimization bug for ChaCha AVX2 under VS2017 (GH #735)
Also see #649. The 649 issue is the one affecting AES. It appears to be the same problem.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment