Merge pull request #8306 from SparkiDev/kyber_no_avx2_fix

ML-KEM/Kyber: fix kyber_prf() for when no AVX2
2025-07-30 18:57:27 +02:00 · 2024-12-20 11:40:46 -07:00
parent 7cebe95138 e507c466d5
commit 67f3343a5d
1 changed files with 17 additions and 10 deletions
--- a/wolfcrypt/src/wc_kyber_poly.c
+++ b/wolfcrypt/src/wc_kyber_poly.c
@ -2074,17 +2074,24 @@ static int kyber_prf(wc_Shake* shake256, byte* out, unsigned int outLen,
        (25 - KYBER_SYM_SZ / 8 - 1) * sizeof(word64));
    state[WC_SHA3_256_COUNT - 1] = W64LIT(0x8000000000000000);

+    while (outLen > 0) {
+        unsigned int len = min(outLen, WC_SHA3_256_BLOCK_SIZE);
+
        if (IS_INTEL_BMI2(cpuid_flags)) {
            sha3_block_bmi2(state);
        }
-    else if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        else if (IS_INTEL_AVX2(cpuid_flags) &&
+                 (SAVE_VECTOR_REGISTERS2() == 0)) {
            sha3_block_avx2(state);
            RESTORE_VECTOR_REGISTERS();
        }
        else {
            BlockSha3(state);
        }
-    XMEMCPY(out, state, outLen);
+        XMEMCPY(out, state, len);
+        out += len;
+        outLen -= len;
+    }

    return 0;
 #else