From e19295bb6498eb204e8dc45cbe9f8404f887fe32 Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Sun, 11 May 2025 12:06:23 -0500
Subject: [PATCH] wolfssl/wolfcrypt/settings.h: #define
 WOLFSSL_CURVE25519_BLINDING if defined(NO_CURVED25519_X64);

wolfcrypt/src/curve25519.c: if defined(NO_CURVED25519_X64), #undef USE_INTEL_SPEEDUP;

wolfcrypt/src/fe_operations.c: fixes for -m32 -Wconversions;

.github/workflows/wolfCrypt-Wconversion.yml: add -m32 scenario;

.wolfssl_known_macro_extras: remove unneeded entry for WOLFSSL_CURVE25519_BLINDING.
---
 .github/workflows/wolfCrypt-Wconversion.yml | 6 +++++-
 .wolfssl_known_macro_extras                 | 1 -
 wolfcrypt/src/curve25519.c                  | 4 ++++
 wolfcrypt/src/fe_operations.c               | 6 +++---
 wolfssl/wolfcrypt/settings.h                | 2 +-
 5 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/wolfCrypt-Wconversion.yml b/.github/workflows/wolfCrypt-Wconversion.yml
index 77eac8531..60c86f676 100644
--- a/.github/workflows/wolfCrypt-Wconversion.yml
+++ b/.github/workflows/wolfCrypt-Wconversion.yml
@@ -22,7 +22,8 @@ jobs:
           '--enable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion"',
           '--enable-smallstack --disable-asm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion"',
           '--enable-smallstack --enable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion"',
-          '--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -DNO_INT128"'
+          '--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -DNO_INT128"',
+          '--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wdeclaration-after-statement -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion" --enable-32bit CFLAGS=-m32'
         ]
     name: build library
     if: github.repository_owner == 'wolfssl'
@@ -33,6 +34,9 @@ jobs:
       - uses: actions/checkout@v4
         name: Checkout wolfSSL
 
+      - name: install_multilib
+        run: sudo apt-get install -y gcc-multilib
+
       - name: Build wolfCrypt with extra type conversion warnings
         run: |
           ./autogen.sh || $(exit 2)
diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras
index 9ca281786..5099e72cd 100644
--- a/.wolfssl_known_macro_extras
+++ b/.wolfssl_known_macro_extras
@@ -641,7 +641,6 @@ WOLFSSL_CLIENT_EXAMPLE
 WOLFSSL_COMMERCIAL_LICENSE
 WOLFSSL_CONTIKI
 WOLFSSL_CRL_ALLOW_MISSING_CDP
-WOLFSSL_CURVE25519_BLINDING
 WOLFSSL_CUSTOM_CONFIG
 WOLFSSL_DILITHIUM_ASSIGN_KEY
 WOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM
diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c
index 789db3fa2..8709d8330 100644
--- a/wolfcrypt/src/curve25519.c
+++ b/wolfcrypt/src/curve25519.c
@@ -24,6 +24,10 @@
 
 #include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
+#ifdef NO_CURVED25519_X64
+    #undef USE_INTEL_SPEEDUP
+#endif
+
 #ifdef HAVE_CURVE25519
 
 #include <wolfssl/wolfcrypt/curve25519.h>
diff --git a/wolfcrypt/src/fe_operations.c b/wolfcrypt/src/fe_operations.c
index 135d7030d..60aa366f8 100644
--- a/wolfcrypt/src/fe_operations.c
+++ b/wolfcrypt/src/fe_operations.c
@@ -192,7 +192,7 @@ int curve25519_blind(byte* q, const byte* n, const byte* mask, const byte* p,
   fe z3 = {0};
   fe tmp0 = {0};
   fe tmp1 = {0};
-  int pos = 0;
+  unsigned int pos;
   unsigned int b;
 
   fe_frombytes(x1,p);
@@ -208,7 +208,7 @@ int curve25519_blind(byte* q, const byte* n, const byte* mask, const byte* p,
   fe_cswap(x2,x3,(int)b);
   fe_cswap(z2,z3,(int)b);
   for (pos = 255;pos >= 1;--pos) {
-    b = n[pos / 8] >> (pos & 7);
+    b = (unsigned int)n[pos / 8] >> (pos & 7);
     b &= 1;
     fe_cswap(x2,x3,(int)b);
     fe_cswap(z2,z3,(int)b);
@@ -233,7 +233,7 @@ int curve25519_blind(byte* q, const byte* n, const byte* mask, const byte* p,
     fe_mul(z3,x1,z2);
     fe_mul(z2,tmp1,tmp0);
 
-    b = mask[(pos-1) / 8] >> ((pos-1) & 7);
+    b = (unsigned int)mask[(pos-1) / 8] >> ((pos-1) & 7);
     b &= 1;
     fe_cswap(x2,x3,(int)b);
     fe_cswap(z2,z3,(int)b);
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index 39b9b24c7..59d5dd63a 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -3826,7 +3826,7 @@ extern void uITRON4_free(void *p) ;
 /* Enable blinding by default for C-only, non-small curve25519 implementation */
 #if defined(HAVE_CURVE25519) && !defined(CURVE25519_SMALL) && \
     !defined(FREESCALE_LTC_ECC) && !defined(WOLFSSL_ARMASM) && \
-    !defined(USE_INTEL_SPEEDUP) && \
+    (!defined(USE_INTEL_SPEEDUP) || defined(NO_CURVED25519_X64)) && \
     !defined(WOLFSSL_CURVE25519_BLINDING) && !defined(NO_CURVE25519_BLINDING)
     #define WOLFSSL_CURVE25519_BLINDING
 #endif