Implementation notes: amd64, saber214, crypto_sign/picnic3l1

Test failure

error 111

Compiler output

picnic_impl.c: picnic_impl.c: In function 'mpc_LowMC_verify':
picnic_impl.c: picnic_impl.c:533:5: warning: 'mpc_matrix_mul' accessing 24 bytes in a region of size 16 [-Wstringop-overflow=]
picnic_impl.c:   533 |     mpc_matrix_mul(roundKey, keyShares, KMatrix(0, params), params, 2);
picnic_impl.c:       |     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
picnic_impl.c: picnic_impl.c:533:5: note: referencing argument 1 of type 'uint32_t **' {aka 'unsigned int **'}
picnic_impl.c: picnic_impl.c:533:5: warning: 'mpc_matrix_mul' accessing 24 bytes in a region of size 16 [-Wstringop-overflow=]
picnic_impl.c: picnic_impl.c:533:5: note: referencing argument 2 of type 'uint32_t **' {aka 'unsigned int **'}
picnic_impl.c: picnic_impl.c:506:6: note: in a call to function 'mpc_matrix_mul'
picnic_impl.c:   506 | void mpc_matrix_mul(uint32_t* output[3], uint32_t* state[3], const uint32_t* matrix,
picnic_impl.c:       |      ^~~~~~~~~~~~~~
picnic_impl.c: picnic_impl.c:534:5: warning: 'mpc_xor' accessing 24 bytes in a region of size 16 [-Wstringop-overflow=]
picnic_impl.c:   534 |     mpc_xor(state, roundKey, params->stateSizeWords, 2);
picnic_impl.c:       |     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
picnic_impl.c: picnic_impl.c:534:5: note: referencing argument 1 of type 'uint32_t **' {aka 'unsigned int **'}
picnic_impl.c: picnic_impl.c:534:5: warning: 'mpc_xor' accessing 24 bytes in a region of size 16 [-Wstringop-overflow=]
picnic_impl.c: picnic_impl.c:534:5: note: referencing argument 2 of type 'uint32_t **' {aka 'unsigned int **'}
picnic_impl.c: picnic_impl.c:260:6: note: in a call to function 'mpc_xor'
picnic_impl.c:   260 | void mpc_xor(uint32_t* state[3], uint32_t* in[3], uint32_t len, int players)
picnic_impl.c:       |      ^~~~~~~
picnic_impl.c: picnic_impl.c:537:9: warning: 'mpc_matrix_mul' accessing 24 bytes in a region of size 16 [-Wstringop-overflow=]
picnic_impl.c:   537 |         mpc_matrix_mul(roundKey, keyShares, KMatrix(r, params), params, 2);
picnic_impl.c:       |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
picnic_impl.c: picnic_impl.c:537:9: note: referencing argument 1 of type 'uint32_t **' {aka 'unsigned int **'}
picnic_impl.c: picnic_impl.c:537:9: warning: 'mpc_matrix_mul' accessing 24 bytes in a region of size 16 [-Wstringop-overflow=]
picnic_impl.c: picnic_impl.c:537:9: note: referencing argument 2 of type 'uint32_t **' {aka 'unsigned int **'}
picnic_impl.c: ...

TIMECOP error (can be valgrind bug)

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x10B9DD
   at 0x...: salsa20.part.0 (try-anything.c:102)
   by 0x...: salsa20 (try-anything.c:85)
   by 0x...: testvector (try-anything.c:124)
   by 0x...: myrandom (try-anything.c:132)
   by 0x...: test (try.c:124)
   by 0x...: main (try-anything.c:345)

TIMECOP error (can be valgrind bug)

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x10B62A
   at 0x...: core (try-anything.c:53)
   by 0x...: salsa20 (try-anything.c:101)
   by 0x...: salsa20 (try-anything.c:81)
   by 0x...: testvector (try-anything.c:124)
   by 0x...: myrandom (try-anything.c:132)
   by 0x...: test (try.c:124)
   by 0x...: main (try-anything.c:345)

TIMECOP error (can be valgrind bug)

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x1176A1
   at 0x...: crypto_stream_chacha20_moon_xop_64_constbranchindex_blocks_xop (chacha.S:101)
   by 0x...: ??? (in /home/djb/supercop-data/saber214/amd64/try/c/gcc_-march=native_-mtune=native_-O_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall/constbranchindex/crypto_sign/picnic3l1/optimizedct/avx2/work/try-timecop)
   by 0x...: crypto_stream_chacha20_moon_xop_64_constbranchindex (crypto_stream.c:14)
   by 0x...: crypto_rng_chacha20_ref_constbranchindex (rng.c:23)
   by 0x...: randombytes_internal (knownrandombytes.c:37)
   by 0x...: randombytes (knownrandombytes.c:56)
   by 0x...: rand_bytes (randomness.c:24)
   by 0x...: rand_bits (randomness.c:143)
   by 0x...: picnic_keygen (picnic.c:116)
   by 0x...: crypto_sign_picnic3l1_optimizedct_avx2_constbranchindex_keypair (sign.c.i:22)
   by 0x...: test (try.c:128)
   by 0x...: main (try-anything.c:345)

TIMECOP error (can be valgrind bug)

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x10A9ED
   at 0x...: salsa20.part.0 (try-anything.c:102)
   by 0x...: salsa20 (try-anything.c:85)
   by 0x...: testvector (try-anything.c:124)
   by 0x...: myrandom (try-anything.c:132)
   by 0x...: test (try.c:124)
   by 0x...: main (try-anything.c:345)

TIMECOP error (can be valgrind bug)

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x10A63A
   at 0x...: core (try-anything.c:53)
   by 0x...: salsa20 (try-anything.c:101)
   by 0x...: salsa20 (try-anything.c:81)
   by 0x...: testvector (try-anything.c:124)
   by 0x...: myrandom (try-anything.c:132)
   by 0x...: test (try.c:124)
   by 0x...: main (try-anything.c:345)

TIMECOP error (can be valgrind bug)

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x114061
   at 0x...: crypto_stream_chacha20_moon_xop_64_constbranchindex_blocks_xop (chacha.S:101)
   by 0x...: ??? (in /home/djb/supercop-data/saber214/amd64/try/c/gcc_-march=native_-mtune=native_-O_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall/constbranchindex/crypto_sign/picnic3l1/optimizedct/c/work/try-timecop)
   by 0x...: crypto_stream_chacha20_moon_xop_64_constbranchindex (crypto_stream.c:14)
   by 0x...: crypto_rng_chacha20_ref_constbranchindex (rng.c:23)
   by 0x...: randombytes_internal (knownrandombytes.c:37)
   by 0x...: randombytes (knownrandombytes.c:56)
   by 0x...: rand_bytes (randomness.c:24)
   by 0x...: rand_bits (randomness.c:143)
   by 0x...: picnic_keygen (picnic.c:116)
   by 0x...: crypto_sign_picnic3l1_optimizedct_c_constbranchindex_keypair (sign.c.i:22)
   by 0x...: test (try.c:128)
   by 0x...: main (try-anything.c:345)

TIMECOP error (can be valgrind bug)

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x114B21
   at 0x...: crypto_stream_chacha20_moon_xop_64_constbranchindex_blocks_xop (chacha.S:101)
   by 0x...: ??? (in /home/djb/supercop-data/saber214/amd64/try/c/gcc_-march=native_-mtune=native_-O_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall/constbranchindex/crypto_sign/picnic3l1/optimizedct/sse2/work/try-timecop)
   by 0x...: crypto_stream_chacha20_moon_xop_64_constbranchindex (crypto_stream.c:14)
   by 0x...: crypto_rng_chacha20_ref_constbranchindex (rng.c:23)
   by 0x...: randombytes_internal (knownrandombytes.c:37)
   by 0x...: randombytes (knownrandombytes.c:56)
   by 0x...: rand_bytes (randomness.c:24)
   by 0x...: rand_bits (randomness.c:143)
   by 0x...: picnic_keygen (picnic.c:116)
   by 0x...: crypto_sign_picnic3l1_optimizedct_sse2_constbranchindex_keypair (sign.c.i:22)
   by 0x...: test (try.c:128)
   by 0x...: main (try-anything.c:345)