Re: sync rijndael-alg-fst.c with OpenBSD

[Alexander Nasonov <alnsn%yandex.ru@localhost>]

Taylor R Campbell wrote:
> ...
> ...
> My main concern is that we ought to have automatic internal self-tests
> for any new changes to the crypto code, especially if there might be
> any hardware-specific code added such as AES-NI or any analogues on
> ARM, RISC-V, &c.  Exactly how that figures into the code isn't
> important to me as long as it always runs no matter what AES code
> we're using.

If the goal is switching cgd to opencrypto, this is where all
self-tests should be implemented.

>    While we're here, two const arrays can be made static in
>    crypto_core_selftest():
> 
> I don't see an obvious advantage, but no objection here if you see one
> and want to make that change.  This code isn't performance-critical,
> so the main metric to optimize in this case would be kernel code size.

I inspected the assembly and I see that gcc still copies literal's
bytes to the stack. I don't know if gcc has special rules for
literals but I often see that it converts 2, 4 or 8 consecutive
literal bytes to numbers. In this particular function, though, the
compiler wasn't smart enough to compute le32dec(&sigma[n]) values.
Optimizers never cease to amaze me.

Those two arrays are small and they won't make any noticeable
differences anyway.

Alex