From c0f3b433b29ec21feb1a292990c1657d2dfab8f5 Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Wed, 11 Dec 2024 12:49:21 +1000
Subject: [PATCH] Aarch64 Poly1305: fix corner case

Don't mask top 26 bits as it may have next bit set as reduction step was
only approximate.
---
 wolfcrypt/src/port/arm/armv8-poly1305.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/wolfcrypt/src/port/arm/armv8-poly1305.c b/wolfcrypt/src/port/arm/armv8-poly1305.c
index a258f3607..fc0c39e63 100644
--- a/wolfcrypt/src/port/arm/armv8-poly1305.c
+++ b/wolfcrypt/src/port/arm/armv8-poly1305.c
@@ -146,7 +146,6 @@ static WC_INLINE void poly1305_blocks_aarch64_16(Poly1305* ctx,
         "AND        x5, x10, x4, LSR #26\n\t"
         "AND        x4, x4, x10\n\t"
         "AND        x6, x6, x10\n\t"
-        "AND        x8, x8, x10\n\t"
         "STP        w4, w5, [%[ctx_h], #0]   \n\t"
         "STP        w6, w7, [%[ctx_h], #8]   \n\t"
         "STR        w8, [%[ctx_h], #16]   \n\t"