Improved performance by reworking kyber_ntt, kyber_invtt,
kyber_basemul_mont, kyber_basemul_mont_add, kyber_rej_uniform_c to be
in assembly.
Replace WOLFSSL_SP_NO_UMAAL with WOLFSSL_ARM_ARCH_7M
* fix TLS layer to consistently use WOLFSSL_FATAL_ERROR for error retvals, rather than literal -1.
* add WC_NO_ERR_TRACE() wrapper around LENGTH_ONLY_E (it does not signify an error condition).
* refactor errcode handling for traceability in wolfSSL_DSA_do_sign(), wolfSSL_DH_size(), wolfSSL_EC_KEY_get_conv_form(), wolfSSL_d2i_DSA_SIG(), wolfSSL_DSA_do_sign(), SetDhInternal(), and wolfSSL_EC_KEY_get_conv_form().
When functions are inlined, the labels need to be unique.
Putting '%=' on the end of the label ensures that the compilers appends
a unique number to the end.
Make a separate AES for IAR that has AES_encrypt_block and
AES_decrypt_block inlined. Default code is relying on compiler to use
specific registers and not modify others.
Improve performance of small SP ASM code for RSA.
GCC doesn't like explicit wide branch instruction but will use
appropriate instruction implicitly.
IAR won't widen branch instruction unless explicitly told.
IAR doesn't parse register variable declarations with specified
registers. IAR doesn't even honor the register keyword.
Can use small negative but IAR doesn't like it.
Specify the positive value instead.
Add a small code size version of mont_reduce_full using umlal and umaal.
Make 'asm' usage in variables use keyword '__asm__'.
Explicitly don't inline some functions when compiling with IAR.
WOLFSSL_SP_ARM_ARCH no longer used.
Using WOLFSSL_ARM_ARCH instead.
Change umaal check to only available with WOLFSSL_ARM_ARCH > 6.
SAKKE mont_reduce with umaal not using correct registers at end.
Thumb2/ARM32: use umaal instruction to speed up mulitplication, squaring
and reduction. umaal not always available so use umlal instead.
Implementations for architectures less than 4 still kept - no umull.
Cleanup point arithmetic to not take shortcuts.
Make masking for constant time faster.
Add alternate asm for different compilers.
Get ARMv4 and ARMv6 compiling.
Remove whitespace at end of lines.
SP ECC signing code was generating signatures with r of 0.
This is not allowed by the algorithm description.
Retry sig gen when r is 0 like when s is 0.
used and size have no reason to be negative - change type.
Change code to match unsigned change. Mostly change variables to be
unsigned where possible.
integer.c: Only have mp_rand_prime available when needed and
mp_prime_is_prime_ex is available.
Fixes from regression testing.
Fix for GeneratePublicDh was not right in #6002.
sp_DhExp_* are called from multiple functions.
Sometimes outLen contains a value and sometimes not.
Check public key output size in GeneratePublicDh before calling SP.
Enabling SP with ASM didn't enable SP or error out when SP wasn't
configured. Now enables SP when '' and errors when 'no'.
SAKKE modinv used large amounts of stack. Change to have more temporary
memory allocated increased to cover the usage.
ECC, SAKKE: sp_<bits>_ecc_mulmod_<cpu><words>() used large amounts of
stack. Allocate when WOLFSSL_SMALL_STACK.
wc_DhCheckKeyPair() not available when HAVE_SELFTEST.
Wasn't compiled in before as WOLFSSL_HAVE_SP_DH wasn't defined.
Specific compress key code for P521 doesn't need a n square function.
Fixing generation of x86_64 ASM scripts resulted in adding carriage
return to chacha_asm.S.
P-256/384/521.
New functions:
- sp_ecc_make_key_256_nb
- sp_ecc_make_key_384_nb
- sp_ecc_make_key_521_nb
- sp_ecc_secret_gen_256_nb
- sp_ecc_secret_gen_384_nb
- sp_ecc_secret_gen_521_nb
This commit also tweaks the testing for ECDSA testing in test.c. Instead of
testing with one of P-256/384/521, we test with all that are available.
