wolfssl/wolfcrypt/settings.h: #define WOLFSSL_CURVE25519_BLINDING if defined(NO_CURVED25519_X64);

wolfcrypt/src/curve25519.c: if defined(NO_CURVED25519_X64), #undef USE_INTEL_SPEEDUP;

wolfcrypt/src/fe_operations.c: fixes for -m32 -Wconversions;

.github/workflows/wolfCrypt-Wconversion.yml: add -m32 scenario;

.wolfssl_known_macro_extras: remove unneeded entry for WOLFSSL_CURVE25519_BLINDING.

.github/workflows/wolfCrypt-Wconversion.yml

@@ -22,7 +22,8 @@ jobs:
           '--enable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion"',
           '--enable-smallstack --disable-asm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion"',
           '--enable-smallstack --enable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion"',
-          '--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -DNO_INT128"'
+          '--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -DNO_INT128"',
+          '--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wdeclaration-after-statement -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion" --enable-32bit CFLAGS=-m32'
         ]
     name: build library
     if: github.repository_owner == 'wolfssl'
@@ -33,6 +34,9 @@ jobs:
       - uses: actions/checkout@v4
         name: Checkout wolfSSL
 
+      - name: install_multilib
+        run: sudo apt-get install -y gcc-multilib
+
       - name: Build wolfCrypt with extra type conversion warnings
         run: |
           ./autogen.sh || $(exit 2)

.wolfssl_known_macro_extras

@@ -641,7 +641,6 @@ WOLFSSL_CLIENT_EXAMPLE
 WOLFSSL_COMMERCIAL_LICENSE
 WOLFSSL_CONTIKI
 WOLFSSL_CRL_ALLOW_MISSING_CDP
-WOLFSSL_CURVE25519_BLINDING
 WOLFSSL_CUSTOM_CONFIG
 WOLFSSL_DILITHIUM_ASSIGN_KEY
 WOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM

wolfcrypt/src/curve25519.c

@@ -24,6 +24,10 @@
 
 #include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
+#ifdef NO_CURVED25519_X64
+    #undef USE_INTEL_SPEEDUP
+#endif
+
 #ifdef HAVE_CURVE25519
 
 #include <wolfssl/wolfcrypt/curve25519.h>

wolfcrypt/src/fe_operations.c

@@ -192,7 +192,7 @@ int curve25519_blind(byte* q, const byte* n, const byte* mask, const byte* p,
   fe z3 = {0};
   fe tmp0 = {0};
   fe tmp1 = {0};
-  int pos = 0;
+  unsigned int pos;
   unsigned int b;
 
   fe_frombytes(x1,p);
@@ -208,7 +208,7 @@ int curve25519_blind(byte* q, const byte* n, const byte* mask, const byte* p,
   fe_cswap(x2,x3,(int)b);
   fe_cswap(z2,z3,(int)b);
   for (pos = 255;pos >= 1;--pos) {
-    b = n[pos / 8] >> (pos & 7);
+    b = (unsigned int)n[pos / 8] >> (pos & 7);
     b &= 1;
     fe_cswap(x2,x3,(int)b);
     fe_cswap(z2,z3,(int)b);
@@ -233,7 +233,7 @@ int curve25519_blind(byte* q, const byte* n, const byte* mask, const byte* p,
     fe_mul(z3,x1,z2);
     fe_mul(z2,tmp1,tmp0);
 
-    b = mask[(pos-1) / 8] >> ((pos-1) & 7);
+    b = (unsigned int)mask[(pos-1) / 8] >> ((pos-1) & 7);
     b &= 1;
     fe_cswap(x2,x3,(int)b);
     fe_cswap(z2,z3,(int)b);

wolfssl/wolfcrypt/settings.h

@@ -3826,7 +3826,7 @@ extern void uITRON4_free(void *p) ;
 /* Enable blinding by default for C-only, non-small curve25519 implementation */
 #if defined(HAVE_CURVE25519) && !defined(CURVE25519_SMALL) && \
     !defined(FREESCALE_LTC_ECC) && !defined(WOLFSSL_ARMASM) && \
-    !defined(USE_INTEL_SPEEDUP) && \
+    (!defined(USE_INTEL_SPEEDUP) || defined(NO_CURVED25519_X64)) && \
     !defined(WOLFSSL_CURVE25519_BLINDING) && !defined(NO_CURVE25519_BLINDING)
     #define WOLFSSL_CURVE25519_BLINDING
 #endif