Merge pull request #10775 from SparkiDev/regression_fixes_26

Regression testing fixes: ARM/PP64 asm fixes, plus more
This commit is contained in:
David Garske
2026-06-25 14:47:08 -07:00
committed by GitHub
12 changed files with 1035 additions and 1048 deletions
+19
View File
@@ -8441,6 +8441,7 @@ static void GMULT(byte *x, byte m[256][WC_AES_BLOCK_SIZE])
XMEMCPY(x, Z, WC_AES_BLOCK_SIZE);
#elif defined(WC_32BIT_CPU)
#ifndef WOLFSSL_USE_ALIGN
byte Z[WC_AES_BLOCK_SIZE + WC_AES_BLOCK_SIZE];
byte a;
word32* pZ;
@@ -8472,6 +8473,24 @@ static void GMULT(byte *x, byte m[256][WC_AES_BLOCK_SIZE])
pm = (word32*)(m[x[0]]);
px[0] = pZ[0] ^ pm[0]; px[1] = pZ[1] ^ pm[1];
px[2] = pZ[2] ^ pm[2]; px[3] = pZ[3] ^ pm[3];
#else
byte Z[WC_AES_BLOCK_SIZE + WC_AES_BLOCK_SIZE];
byte a;
int i;
XMEMCPY(Z + 16, m[x[15]], WC_AES_BLOCK_SIZE);
a = Z[16 + 15];
Z[15] = R[a][0];
Z[16] ^= R[a][1];
for (i = 14; i > 0; i--) {
xorbuf(Z + i + 1, m[x[i]], WC_AES_BLOCK_SIZE);
a = Z[16 + i];
Z[i] = R[a][0];
Z[i+1] ^= R[a][1];
}
xorbuf(Z + 1, m[x[0]], WC_AES_BLOCK_SIZE);
XMEMCPY(x, Z + 1, WC_AES_BLOCK_SIZE);
#endif
#else
byte Z[WC_AES_BLOCK_SIZE + WC_AES_BLOCK_SIZE];
byte a;
+6 -5
View File
@@ -239,8 +239,8 @@ void wc_MemZero_Free(void)
int i;
fprintf(stderr, "[MEM_ZERO] Unseen: %d\n", nextIdx);
for (i = 0; i < nextIdx; i++) {
fprintf(stderr, " %s - %p:%ld\n", memZero[i].name, memZero[i].addr,
memZero[i].len);
fprintf(stderr, " %s - %p:%lu\n", memZero[i].name, memZero[i].addr,
(unsigned long)memZero[i].len);
}
}
/* Uninitialized value in next index. */
@@ -301,9 +301,10 @@ void wc_MemZero_Check(void* addr, size_t len)
for (j = 0; j < memZero[i].len; j++) {
if (((unsigned char*)memZero[i].addr)[j] != 0) {
/* Byte not zero - abort! */
fprintf(stderr, "\n[MEM_ZERO] %s:%p + %ld is not zero\n",
memZero[i].name, memZero[i].addr, j);
fprintf(stderr, "[MEM_ZERO] Checking %p:%ld\n", addr, len);
fprintf(stderr, "\n[MEM_ZERO] %s:%p + %lu is not zero\n",
memZero[i].name, memZero[i].addr, (unsigned long)j);
fprintf(stderr, "[MEM_ZERO] Checking %p:%lu\n", addr,
(unsigned long)len);
#ifndef TEST_ALWAYS_RUN_TO_END
abort();
#endif
+16 -16
View File
@@ -59,9 +59,9 @@
#if !defined(CURVE25519_SMALL) || !defined(ED25519_SMALL)
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
WC_OMIT_FRAME_POINTER void fe_init()
WC_OMIT_FRAME_POINTER void fe_init(void)
#else
WC_OMIT_FRAME_POINTER void fe_init()
WC_OMIT_FRAME_POINTER void fe_init(void)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
@@ -81,9 +81,9 @@ WC_OMIT_FRAME_POINTER void fe_init()
void fe_add_sub_op(void);
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
WC_OMIT_FRAME_POINTER void fe_add_sub_op()
WC_OMIT_FRAME_POINTER void fe_add_sub_op(void)
#else
WC_OMIT_FRAME_POINTER void fe_add_sub_op()
WC_OMIT_FRAME_POINTER void fe_add_sub_op(void)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
@@ -300,9 +300,9 @@ WC_OMIT_FRAME_POINTER void fe_add_sub_op()
void fe_sub_op(void);
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
WC_OMIT_FRAME_POINTER void fe_sub_op()
WC_OMIT_FRAME_POINTER void fe_sub_op(void)
#else
WC_OMIT_FRAME_POINTER void fe_sub_op()
WC_OMIT_FRAME_POINTER void fe_sub_op(void)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
@@ -379,9 +379,9 @@ WC_OMIT_FRAME_POINTER void fe_sub(fe r, const fe a, const fe b)
void fe_add_op(void);
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
WC_OMIT_FRAME_POINTER void fe_add_op()
WC_OMIT_FRAME_POINTER void fe_add_op(void)
#else
WC_OMIT_FRAME_POINTER void fe_add_op()
WC_OMIT_FRAME_POINTER void fe_add_op(void)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
@@ -2510,9 +2510,9 @@ WC_OMIT_FRAME_POINTER void fe_cmov_table(fe* r, const fe* base, signed char b)
#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
void fe_mul_op(void);
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
WC_OMIT_FRAME_POINTER void fe_mul_op()
WC_OMIT_FRAME_POINTER void fe_mul_op(void)
#else
WC_OMIT_FRAME_POINTER void fe_mul_op()
WC_OMIT_FRAME_POINTER void fe_mul_op(void)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
@@ -2905,9 +2905,9 @@ WC_OMIT_FRAME_POINTER void fe_mul_op()
#else
void fe_mul_op(void);
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
WC_OMIT_FRAME_POINTER void fe_mul_op()
WC_OMIT_FRAME_POINTER void fe_mul_op(void)
#else
WC_OMIT_FRAME_POINTER void fe_mul_op()
WC_OMIT_FRAME_POINTER void fe_mul_op(void)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
@@ -3086,9 +3086,9 @@ WC_OMIT_FRAME_POINTER void fe_mul(fe r, const fe a, const fe b)
#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6)
void fe_sq_op(void);
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
WC_OMIT_FRAME_POINTER void fe_sq_op()
WC_OMIT_FRAME_POINTER void fe_sq_op(void)
#else
WC_OMIT_FRAME_POINTER void fe_sq_op()
WC_OMIT_FRAME_POINTER void fe_sq_op(void)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
@@ -3374,9 +3374,9 @@ WC_OMIT_FRAME_POINTER void fe_sq_op()
#else
void fe_sq_op(void);
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
WC_OMIT_FRAME_POINTER void fe_sq_op()
WC_OMIT_FRAME_POINTER void fe_sq_op(void)
#else
WC_OMIT_FRAME_POINTER void fe_sq_op()
WC_OMIT_FRAME_POINTER void fe_sq_op(void)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+46 -38
View File
@@ -5736,7 +5736,7 @@ L_aes_gcm_encrypt_arm64_crypto_nonce_end_bytes:
# Done GHASH
L_aes_gcm_encrypt_arm64_crypto_nonce_partial_done:
eor x14, x14, x14
lsl x24, x4, #3
ubfiz x24, x4, #3, #32
mov v28.d[0], x14
mov v28.d[1], x24
rev64 v28.16b, v28.16b
@@ -7099,10 +7099,10 @@ L_aes_gcm_encrypt_arm64_crypto_192_start_zero:
# Done GHASH
L_aes_gcm_encrypt_arm64_crypto_192_partial_done:
ld1 {v14.2d}, [x12]
lsl x8, x8, #3
ubfiz x8, x8, #3, #32
rbit x8, x8
mov v28.d[0], x8
lsl x2, x2, #3
ubfiz x2, x2, #3, #32
rbit x2, x2
mov v28.d[1], x2
eor v26.16b, v26.16b, v28.16b
@@ -8637,10 +8637,10 @@ L_aes_gcm_encrypt_arm64_crypto_256_start_zero:
# Done GHASH
L_aes_gcm_encrypt_arm64_crypto_256_partial_done:
ld1 {v14.2d}, [x12]
lsl x8, x8, #3
ubfiz x8, x8, #3, #32
rbit x8, x8
mov v28.d[0], x8
lsl x2, x2, #3
ubfiz x2, x2, #3, #32
rbit x2, x2
mov v28.d[1], x2
aese v14.16b, v0.16b
@@ -9944,10 +9944,10 @@ L_aes_gcm_encrypt_arm64_crypto_128_start_zero:
# Done GHASH
L_aes_gcm_encrypt_arm64_crypto_128_partial_done:
ld1 {v14.2d}, [x12]
lsl x8, x8, #3
ubfiz x8, x8, #3, #32
rbit x8, x8
mov v28.d[0], x8
lsl x2, x2, #3
ubfiz x2, x2, #3, #32
rbit x2, x2
mov v28.d[1], x2
eor v26.16b, v26.16b, v28.16b
@@ -10537,7 +10537,7 @@ L_aes_gcm_decrypt_arm64_crypto_nonce_end_bytes:
# Done GHASH
L_aes_gcm_decrypt_arm64_crypto_nonce_partial_done:
eor x14, x14, x14
lsl x24, x4, #3
ubfiz x24, x4, #3, #32
mov v28.d[0], x14
mov v28.d[1], x24
rev64 v28.16b, v28.16b
@@ -11893,10 +11893,10 @@ L_aes_gcm_decrypt_arm64_crypto_192_out_start_byte:
L_aes_gcm_decrypt_arm64_crypto_192_out_end_bytes:
L_aes_gcm_decrypt_arm64_crypto_192_partial_done:
ld1 {v14.2d}, [x12]
lsl x8, x8, #3
ubfiz x8, x8, #3, #32
rbit x8, x8
mov v28.d[0], x8
lsl x2, x2, #3
ubfiz x2, x2, #3, #32
rbit x2, x2
mov v28.d[1], x2
eor v26.16b, v26.16b, v28.16b
@@ -11945,6 +11945,7 @@ L_aes_gcm_decrypt_arm64_crypto_192_partial_done:
ld1 {v28.16b}, [x5]
b L_aes_gcm_decrypt_arm64_crypto_192_tag_loaded
L_aes_gcm_decrypt_arm64_crypto_192_part_tag:
ubfiz x6, x6, #0, #32
eor v28.16b, v28.16b, v28.16b
mov x17, x6
st1 {v28.2d}, [x11]
@@ -13446,10 +13447,10 @@ L_aes_gcm_decrypt_arm64_crypto_256_out_start_byte:
L_aes_gcm_decrypt_arm64_crypto_256_out_end_bytes:
L_aes_gcm_decrypt_arm64_crypto_256_partial_done:
ld1 {v14.2d}, [x12]
lsl x8, x8, #3
ubfiz x8, x8, #3, #32
rbit x8, x8
mov v28.d[0], x8
lsl x2, x2, #3
ubfiz x2, x2, #3, #32
rbit x2, x2
mov v28.d[1], x2
aese v14.16b, v0.16b
@@ -13506,6 +13507,7 @@ L_aes_gcm_decrypt_arm64_crypto_256_partial_done:
ld1 {v28.16b}, [x5]
b L_aes_gcm_decrypt_arm64_crypto_256_tag_loaded
L_aes_gcm_decrypt_arm64_crypto_256_part_tag:
ubfiz x6, x6, #0, #32
eor v28.16b, v28.16b, v28.16b
mov x17, x6
st1 {v28.2d}, [x11]
@@ -14768,10 +14770,10 @@ L_aes_gcm_decrypt_arm64_crypto_128_out_start_byte:
L_aes_gcm_decrypt_arm64_crypto_128_out_end_bytes:
L_aes_gcm_decrypt_arm64_crypto_128_partial_done:
ld1 {v14.2d}, [x12]
lsl x8, x8, #3
ubfiz x8, x8, #3, #32
rbit x8, x8
mov v28.d[0], x8
lsl x2, x2, #3
ubfiz x2, x2, #3, #32
rbit x2, x2
mov v28.d[1], x2
eor v26.16b, v26.16b, v28.16b
@@ -14816,6 +14818,7 @@ L_aes_gcm_decrypt_arm64_crypto_128_partial_done:
ld1 {v28.16b}, [x5]
b L_aes_gcm_decrypt_arm64_crypto_128_tag_loaded
L_aes_gcm_decrypt_arm64_crypto_128_part_tag:
ubfiz x6, x6, #0, #32
eor v28.16b, v28.16b, v28.16b
mov x17, x6
st1 {v28.2d}, [x11]
@@ -15364,7 +15367,7 @@ L_aes_gcm_encrypt_arm64_crypto_eor3_nonce_end_bytes:
# Done GHASH
L_aes_gcm_encrypt_arm64_crypto_eor3_nonce_partial_done:
eor x14, x14, x14
lsl x24, x4, #3
ubfiz x24, x4, #3, #32
mov v28.d[0], x14
mov v28.d[1], x24
rev64 v28.16b, v28.16b
@@ -16698,10 +16701,10 @@ L_aes_gcm_encrypt_arm64_crypto_eor3_192_start_zero:
# Done GHASH
L_aes_gcm_encrypt_arm64_crypto_eor3_192_partial_done:
ld1 {v14.2d}, [x12]
lsl x8, x8, #3
ubfiz x8, x8, #3, #32
rbit x8, x8
mov v28.d[0], x8
lsl x2, x2, #3
ubfiz x2, x2, #3, #32
rbit x2, x2
mov v28.d[1], x2
eor v26.16b, v26.16b, v28.16b
@@ -18207,10 +18210,10 @@ L_aes_gcm_encrypt_arm64_crypto_eor3_256_start_zero:
# Done GHASH
L_aes_gcm_encrypt_arm64_crypto_eor3_256_partial_done:
ld1 {v14.2d}, [x12]
lsl x8, x8, #3
ubfiz x8, x8, #3, #32
rbit x8, x8
mov v28.d[0], x8
lsl x2, x2, #3
ubfiz x2, x2, #3, #32
rbit x2, x2
mov v28.d[1], x2
aese v14.16b, v0.16b
@@ -19485,10 +19488,10 @@ L_aes_gcm_encrypt_arm64_crypto_eor3_128_start_zero:
# Done GHASH
L_aes_gcm_encrypt_arm64_crypto_eor3_128_partial_done:
ld1 {v14.2d}, [x12]
lsl x8, x8, #3
ubfiz x8, x8, #3, #32
rbit x8, x8
mov v28.d[0], x8
lsl x2, x2, #3
ubfiz x2, x2, #3, #32
rbit x2, x2
mov v28.d[1], x2
eor v26.16b, v26.16b, v28.16b
@@ -20056,7 +20059,7 @@ L_aes_gcm_decrypt_arm64_crypto_eor3_nonce_end_bytes:
# Done GHASH
L_aes_gcm_decrypt_arm64_crypto_eor3_nonce_partial_done:
eor x14, x14, x14
lsl x24, x4, #3
ubfiz x24, x4, #3, #32
mov v28.d[0], x14
mov v28.d[1], x24
rev64 v28.16b, v28.16b
@@ -21383,10 +21386,10 @@ L_aes_gcm_decrypt_arm64_crypto_eor3_192_out_start_byte:
L_aes_gcm_decrypt_arm64_crypto_eor3_192_out_end_bytes:
L_aes_gcm_decrypt_arm64_crypto_eor3_192_partial_done:
ld1 {v14.2d}, [x12]
lsl x8, x8, #3
ubfiz x8, x8, #3, #32
rbit x8, x8
mov v28.d[0], x8
lsl x2, x2, #3
ubfiz x2, x2, #3, #32
rbit x2, x2
mov v28.d[1], x2
eor v26.16b, v26.16b, v28.16b
@@ -21434,6 +21437,7 @@ L_aes_gcm_decrypt_arm64_crypto_eor3_192_partial_done:
ld1 {v28.16b}, [x5]
b L_aes_gcm_decrypt_arm64_crypto_eor3_192_tag_loaded
L_aes_gcm_decrypt_arm64_crypto_eor3_192_part_tag:
ubfiz x6, x6, #0, #32
eor v28.16b, v28.16b, v28.16b
mov x17, x6
st1 {v28.2d}, [x11]
@@ -22907,10 +22911,10 @@ L_aes_gcm_decrypt_arm64_crypto_eor3_256_out_start_byte:
L_aes_gcm_decrypt_arm64_crypto_eor3_256_out_end_bytes:
L_aes_gcm_decrypt_arm64_crypto_eor3_256_partial_done:
ld1 {v14.2d}, [x12]
lsl x8, x8, #3
ubfiz x8, x8, #3, #32
rbit x8, x8
mov v28.d[0], x8
lsl x2, x2, #3
ubfiz x2, x2, #3, #32
rbit x2, x2
mov v28.d[1], x2
aese v14.16b, v0.16b
@@ -22966,6 +22970,7 @@ L_aes_gcm_decrypt_arm64_crypto_eor3_256_partial_done:
ld1 {v28.16b}, [x5]
b L_aes_gcm_decrypt_arm64_crypto_eor3_256_tag_loaded
L_aes_gcm_decrypt_arm64_crypto_eor3_256_part_tag:
ubfiz x6, x6, #0, #32
eor v28.16b, v28.16b, v28.16b
mov x17, x6
st1 {v28.2d}, [x11]
@@ -24200,10 +24205,10 @@ L_aes_gcm_decrypt_arm64_crypto_eor3_128_out_start_byte:
L_aes_gcm_decrypt_arm64_crypto_eor3_128_out_end_bytes:
L_aes_gcm_decrypt_arm64_crypto_eor3_128_partial_done:
ld1 {v14.2d}, [x12]
lsl x8, x8, #3
ubfiz x8, x8, #3, #32
rbit x8, x8
mov v28.d[0], x8
lsl x2, x2, #3
ubfiz x2, x2, #3, #32
rbit x2, x2
mov v28.d[1], x2
eor v26.16b, v26.16b, v28.16b
@@ -24247,6 +24252,7 @@ L_aes_gcm_decrypt_arm64_crypto_eor3_128_partial_done:
ld1 {v28.16b}, [x5]
b L_aes_gcm_decrypt_arm64_crypto_eor3_128_tag_loaded
L_aes_gcm_decrypt_arm64_crypto_eor3_128_part_tag:
ubfiz x6, x6, #0, #32
eor v28.16b, v28.16b, v28.16b
mov x17, x6
st1 {v28.2d}, [x11]
@@ -24420,7 +24426,7 @@ L_aes_gcm_init_arm64_crypto_end_bytes:
# Done GHASH
L_aes_gcm_init_arm64_crypto_partial_done:
eor x7, x7, x7
lsl x13, x3, #3
ubfiz x13, x3, #3, #32
mov v7.d[0], x7
mov v7.d[1], x13
rev64 v7.16b, v7.16b
@@ -28782,10 +28788,10 @@ _AES_GCM_encrypt_final_AARCH64:
ld1 {v4.2d}, [x5]
ushr v6.2d, v6.2d, #56
ld1 {v7.2d}, [x6]
lsl x4, x4, #3
ubfiz x4, x4, #3, #32
rbit x4, x4
mov v0.d[0], x4
lsl x3, x3, #3
ubfiz x3, x3, #3, #32
rbit x3, x3
mov v0.d[1], x3
eor v5.16b, v5.16b, v0.16b
@@ -32668,10 +32674,10 @@ _AES_GCM_decrypt_final_AARCH64:
ld1 {v4.2d}, [x5]
ushr v6.2d, v6.2d, #56
ld1 {v7.2d}, [x6]
lsl x4, x4, #3
ubfiz x4, x4, #3, #32
rbit x4, x4
mov v0.d[0], x4
lsl x3, x3, #3
ubfiz x3, x3, #3, #32
rbit x3, x3
mov v0.d[1], x3
eor v5.16b, v5.16b, v0.16b
@@ -32696,6 +32702,7 @@ _AES_GCM_decrypt_final_AARCH64:
ld1 {v0.16b}, [x1]
b L_aes_gcm_decrypt_final_arm64_crypto_tag_loaded
L_aes_gcm_decrypt_final_arm64_crypto_part_tag:
ubfiz x2, x2, #0, #32
eor v0.16b, v0.16b, v0.16b
mov x10, x2
st1 {v0.2d}, [x0]
@@ -32856,7 +32863,7 @@ L_aes_gcm_init_arm64_crypto_eor3_end_bytes:
# Done GHASH
L_aes_gcm_init_arm64_crypto_eor3_partial_done:
eor x7, x7, x7
lsl x13, x3, #3
ubfiz x13, x3, #3, #32
mov v7.d[0], x7
mov v7.d[1], x13
rev64 v7.16b, v7.16b
@@ -37114,10 +37121,10 @@ _AES_GCM_encrypt_final_AARCH64_EOR3:
ld1 {v4.2d}, [x5]
ushr v6.2d, v6.2d, #56
ld1 {v7.2d}, [x6]
lsl x4, x4, #3
ubfiz x4, x4, #3, #32
rbit x4, x4
mov v0.d[0], x4
lsl x3, x3, #3
ubfiz x3, x3, #3, #32
rbit x3, x3
mov v0.d[1], x3
eor v5.16b, v5.16b, v0.16b
@@ -40915,10 +40922,10 @@ _AES_GCM_decrypt_final_AARCH64_EOR3:
ld1 {v4.2d}, [x5]
ushr v6.2d, v6.2d, #56
ld1 {v7.2d}, [x6]
lsl x4, x4, #3
ubfiz x4, x4, #3, #32
rbit x4, x4
mov v0.d[0], x4
lsl x3, x3, #3
ubfiz x3, x3, #3, #32
rbit x3, x3
mov v0.d[1], x3
eor v5.16b, v5.16b, v0.16b
@@ -40942,6 +40949,7 @@ _AES_GCM_decrypt_final_AARCH64_EOR3:
ld1 {v0.16b}, [x1]
b L_aes_gcm_decrypt_final_arm64_crypto_eor3_tag_loaded
L_aes_gcm_decrypt_final_arm64_crypto_eor3_part_tag:
ubfiz x2, x2, #0, #32
eor v0.16b, v0.16b, v0.16b
mov x10, x2
st1 {v0.2d}, [x0]
File diff suppressed because it is too large Load Diff
+5 -5
View File
@@ -38,7 +38,7 @@
#if !defined(CURVE25519_SMALL) || !defined(ED25519_SMALL)
#include <wolfssl/wolfcrypt/fe_operations.h>
void fe_init()
void fe_init(void)
{
__asm__ __volatile__ (
"\n\t"
@@ -229,8 +229,8 @@ int fe_isnonzero(const fe a)
"orr %x[a], x1, x2\n\t"
"orr x3, x3, x4\n\t"
"orr %x[a], %x[a], x3\n\t"
: [a] "+r" (a)
:
: [a] "r" (a)
: "memory", "cc", "x1", "x2", "x3", "x4", "x5", "x6"
);
return (word32)(size_t)a;
@@ -248,8 +248,8 @@ int fe_isnegative(const fe a)
"adc x5, x4, xzr\n\t"
"and %x[a], x1, #1\n\t"
"eor %x[a], %x[a], x5, lsr 63\n\t"
: [a] "+r" (a)
:
: [a] "r" (a)
: "memory", "cc", "x1", "x2", "x3", "x4", "x5", "x6"
);
return (word32)(size_t)a;
@@ -4362,7 +4362,7 @@ int curve25519_base(byte* r, const byte* n)
/* Store */
"stp x14, x15, [%x[r]]\n\t"
"stp x16, x17, [%x[r], #16]\n\t"
"mov x0, xzr\n\t"
"mov %x[r], xzr\n\t"
"ldp x29, x30, [sp], #0xb0\n\t"
: [r] "+r" (r)
: [n] "r" (n), [x2] "r" (x2)
@@ -6969,7 +6969,7 @@ int curve25519(byte* r, const byte* n, const byte* a)
/* Store */
"stp x14, x15, [%x[r]]\n\t"
"stp x16, x17, [%x[r], #16]\n\t"
"mov x0, xzr\n\t"
"mov %x[r], xzr\n\t"
"ldp x29, x30, [sp], #0xc0\n\t"
: [r] "+r" (r)
: [n] "r" (n), [a] "r" (a)
+6 -6
View File
@@ -8406,11 +8406,11 @@ int mlkem_cmp_neon(const byte* a, const byte* b, int sz)
"orr v8.16b, v8.16b, v10.16b\n\t"
"ext v9.16b, v8.16b, v8.16b, #8\n\t"
"orr v8.16b, v8.16b, v9.16b\n\t"
"mov x0, v8.d[0]\n\t"
"subs x0, x0, xzr\n\t"
"csetm w0, ne\n\t"
: [sz] "+r" (sz)
: [a] "r" (a), [b] "r" (b)
"mov %x[a], v8.d[0]\n\t"
"subs %x[a], %x[a], xzr\n\t"
"csetm %w[a], ne\n\t"
: [a] "+r" (a), [sz] "+r" (sz)
: [b] "r" (b)
: "memory", "cc", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8",
"v9", "v10", "v11"
);
@@ -9089,7 +9089,7 @@ unsigned int mlkem_rej_uniform_neon(sword16* p, unsigned int len, const byte* r,
"b L_mlkem_rej_uniform_loop_lt_4_%=\n\t"
"\n"
"L_mlkem_rej_uniform_done_%=:\n\t"
"mov x0, x12\n\t"
"mov %x[p], x12\n\t"
: [p] "+r" (p), [len] "+r" (len), [rLen] "+r" (rLen)
: [r] "r" (r), [mask] "r" (mask), [q] "r" (q), [bits] "r" (bits),
[indices] "r" (indices)
+16 -16
View File
@@ -59,9 +59,9 @@
#if !defined(CURVE25519_SMALL) || !defined(ED25519_SMALL)
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
WC_OMIT_FRAME_POINTER void fe_init()
WC_OMIT_FRAME_POINTER void fe_init(void)
#else
WC_OMIT_FRAME_POINTER void fe_init()
WC_OMIT_FRAME_POINTER void fe_init(void)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
@@ -81,9 +81,9 @@ WC_OMIT_FRAME_POINTER void fe_init()
void fe_add_sub_op(void);
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
WC_OMIT_FRAME_POINTER void fe_add_sub_op()
WC_OMIT_FRAME_POINTER void fe_add_sub_op(void)
#else
WC_OMIT_FRAME_POINTER void fe_add_sub_op()
WC_OMIT_FRAME_POINTER void fe_add_sub_op(void)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
@@ -189,9 +189,9 @@ WC_OMIT_FRAME_POINTER void fe_add_sub_op()
void fe_sub_op(void);
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
WC_OMIT_FRAME_POINTER void fe_sub_op()
WC_OMIT_FRAME_POINTER void fe_sub_op(void)
#else
WC_OMIT_FRAME_POINTER void fe_sub_op()
WC_OMIT_FRAME_POINTER void fe_sub_op(void)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
@@ -261,9 +261,9 @@ WC_OMIT_FRAME_POINTER void fe_sub(fe r, const fe a, const fe b)
void fe_add_op(void);
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
WC_OMIT_FRAME_POINTER void fe_add_op()
WC_OMIT_FRAME_POINTER void fe_add_op(void)
#else
WC_OMIT_FRAME_POINTER void fe_add_op()
WC_OMIT_FRAME_POINTER void fe_add_op(void)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
@@ -1764,9 +1764,9 @@ WC_OMIT_FRAME_POINTER void fe_cmov_table(fe* r, const fe* base, signed char b)
#ifdef WOLFSSL_ARM_ARCH_7M
void fe_mul_op(void);
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
WC_OMIT_FRAME_POINTER void fe_mul_op()
WC_OMIT_FRAME_POINTER void fe_mul_op(void)
#else
WC_OMIT_FRAME_POINTER void fe_mul_op()
WC_OMIT_FRAME_POINTER void fe_mul_op(void)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
@@ -2155,9 +2155,9 @@ WC_OMIT_FRAME_POINTER void fe_mul_op()
#else
void fe_mul_op(void);
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
WC_OMIT_FRAME_POINTER void fe_mul_op()
WC_OMIT_FRAME_POINTER void fe_mul_op(void)
#else
WC_OMIT_FRAME_POINTER void fe_mul_op()
WC_OMIT_FRAME_POINTER void fe_mul_op(void)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
@@ -2327,9 +2327,9 @@ WC_OMIT_FRAME_POINTER void fe_mul(fe r, const fe a, const fe b)
#ifdef WOLFSSL_ARM_ARCH_7M
void fe_sq_op(void);
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
WC_OMIT_FRAME_POINTER void fe_sq_op()
WC_OMIT_FRAME_POINTER void fe_sq_op(void)
#else
WC_OMIT_FRAME_POINTER void fe_sq_op()
WC_OMIT_FRAME_POINTER void fe_sq_op(void)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
@@ -2611,9 +2611,9 @@ WC_OMIT_FRAME_POINTER void fe_sq_op()
#else
void fe_sq_op(void);
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
WC_OMIT_FRAME_POINTER void fe_sq_op()
WC_OMIT_FRAME_POINTER void fe_sq_op(void)
#else
WC_OMIT_FRAME_POINTER void fe_sq_op()
WC_OMIT_FRAME_POINTER void fe_sq_op(void)
#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */
{
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
+16
View File
@@ -15616,6 +15616,18 @@ static wc_test_ret_t aes_cbc_large_msg_test(Aes* enc, Aes* dec)
/* Iterate from one WC_AES_BLOCK_SIZE of bigMsg through the whole
* message by WC_AES_BLOCK_SIZE for each size of AES key. */
for (keySz = 16; keySz <= 32; keySz += 8) {
#ifdef NO_AES_128
if (keySz == 16)
continue;
#endif
#ifdef NO_AES_192
if (keySz == 24)
continue;
#endif
#ifdef NO_AES_256
if (keySz == 32)
continue;
#endif
for (msgSz = WC_AES_BLOCK_SIZE;
msgSz <= sizeof(bigMsg);
msgSz += WC_AES_BLOCK_SIZE) {
@@ -16377,7 +16389,9 @@ static wc_test_ret_t aes_xts_partial_test_common(XtsAes *aes,
const unsigned char *c2, word32 c2Sz)
{
wc_test_ret_t ret = 0;
#if defined(WOLFSSL_AESXTS_STREAM) || defined(HAVE_AES_DECRYPT)
byte buf[WC_AES_BLOCK_SIZE * 2 + 8];
#endif
byte cipher[WC_AES_BLOCK_SIZE * 2 + 8];
#ifdef WOLFSSL_AESXTS_STREAM
struct XtsAesStreamData stream;
@@ -56116,7 +56130,9 @@ static wc_test_ret_t test_mldsa_decode_level(const byte* rawKey,
byte* der = NULL;
wc_MlDsaKey *key = NULL;
#else
#if !defined(WOLFSSL_MLDSA_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE)
byte der[MLDSA_MAX_PRV_KEY_DER_SIZE];
#endif
wc_MlDsaKey key[1];
#endif
+23 -18
View File
@@ -50,24 +50,43 @@
#endif
/* in bytes */
/* Digest and block sizes are macros (like the other hash headers, e.g.
* sha256.h) rather than enum values so they are visible to the preprocessor -
* e.g. the WC_MIN_DIGEST_SIZE selection in hash.h evaluates them in #if. */
#define WC_SHA3_224_DIGEST_SIZE 28
#define WC_SHA3_256_DIGEST_SIZE 32
#define WC_SHA3_384_DIGEST_SIZE 48
#define WC_SHA3_512_DIGEST_SIZE 64
#if !defined(HAVE_SELFTEST) || \
defined(HAVE_SELFTEST_VERSION) && (HAVE_SELFTEST_VERSION >= 2)
/* These values are used for HMAC, not SHA-3 directly.
* They come from from FIPS PUB 202. */
#define WC_SHA3_128_BLOCK_SIZE 168
#define WC_SHA3_224_BLOCK_SIZE 144
#define WC_SHA3_256_BLOCK_SIZE 136
#define WC_SHA3_384_BLOCK_SIZE 104
#define WC_SHA3_512_BLOCK_SIZE 72
#else
/* For SELFTEST version < 2, define WC_SHA3_128_BLOCK_SIZE
* for Kyber/Dilithium */
#define WC_SHA3_128_BLOCK_SIZE 168
#endif
enum {
/* SHAKE-128 */
WC_SHA3_128_COUNT = 21,
WC_SHA3_224 = WC_HASH_TYPE_SHA3_224,
WC_SHA3_224_DIGEST_SIZE = 28,
WC_SHA3_224_COUNT = 18,
WC_SHA3_256 = WC_HASH_TYPE_SHA3_256,
WC_SHA3_256_DIGEST_SIZE = 32,
WC_SHA3_256_COUNT = 17,
WC_SHA3_384 = WC_HASH_TYPE_SHA3_384,
WC_SHA3_384_DIGEST_SIZE = 48,
WC_SHA3_384_COUNT = 13,
WC_SHA3_512 = WC_HASH_TYPE_SHA3_512,
WC_SHA3_512_DIGEST_SIZE = 64,
WC_SHA3_512_COUNT = 9,
#ifdef WOLFSSL_SHAKE128
@@ -77,20 +96,6 @@ enum {
WC_SHAKE256 = WC_HASH_TYPE_SHAKE256,
#endif
#if !defined(HAVE_SELFTEST) || \
defined(HAVE_SELFTEST_VERSION) && (HAVE_SELFTEST_VERSION >= 2)
/* These values are used for HMAC, not SHA-3 directly.
* They come from from FIPS PUB 202. */
WC_SHA3_128_BLOCK_SIZE = 168,
WC_SHA3_224_BLOCK_SIZE = 144,
WC_SHA3_256_BLOCK_SIZE = 136,
WC_SHA3_384_BLOCK_SIZE = 104,
WC_SHA3_512_BLOCK_SIZE = 72,
#else
/* For SELFTEST version < 2, define WC_SHA3_128_BLOCK_SIZE
* for Kyber/Dilithium */
WC_SHA3_128_BLOCK_SIZE = 168,
#endif
WOLF_ENUM_DUMMY_LAST_ELEMENT(WC_SHA3)
};
+6 -2
View File
@@ -224,7 +224,9 @@ struct wc_Sha512 {
#endif /* HAVE_FIPS */
#if defined(WOLFSSL_SHA512)
/* SHA-384 reuses the SHA-512 transform, so these internal functions are
* needed whenever either algorithm is enabled. */
#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
#ifdef WOLFSSL_ARMASM
#if !defined(WOLFSSL_ARMASM_NO_NEON)
@@ -239,8 +241,10 @@ WOLFSSL_LOCAL void Transform_Sha512_Len_crypto(wc_Sha512* sha512,
WOLFSSL_LOCAL void Transform_Sha512_Len_base(wc_Sha512* sha512,
const byte* data, word32 len);
#endif
#endif
#endif /* WOLFSSL_ARMASM */
#endif /* WOLFSSL_SHA512 || WOLFSSL_SHA384 */
#if defined(WOLFSSL_SHA512)
WOLFSSL_API int wc_InitSha512(wc_Sha512* sha);
WOLFSSL_API int wc_InitSha512_ex(wc_Sha512* sha, void* heap, int devId);
WOLFSSL_API int wc_Sha512Update(wc_Sha512* sha, const byte* data, word32 len);
+4 -3
View File
@@ -453,9 +453,10 @@ typedef struct sp_dh_ctx {
#ifdef WOLFSSL_MYSQL_COMPATIBLE
/* MySQL wants to be able to use 8192-bit numbers. */
#define SP_INT_BITS 8192
#elif !defined(WOLFSSL_HAVE_SP_RSA) && !defined(WOLFSSL_HAVE_SP_DH) && \
!defined(WOLFSSL_HAVE_SP_ECC)
/* Not using SP - must be SP math all. */
#elif defined(WOLFSSL_SP_MATH_ALL) || \
(!defined(WOLFSSL_HAVE_SP_RSA) && \
!defined(WOLFSSL_HAVE_SP_DH) && !defined(WOLFSSL_HAVE_SP_ECC))
/* Using multi-precision implementation. */
#if !defined(NO_RSA) || !defined(NO_DH) || !defined(NO_DSA)
/* Support max size FFHDE parameters compiled in. */
#if !defined(NO_DH) && defined(HAVE_FFDHE_8192)