From 902087df6f0596bdabd0e8000733503ea183175b Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Thu, 18 Jul 2024 07:21:57 -0600 Subject: [PATCH 01/71] add w64wrapper support in poly1305 --- wolfcrypt/src/misc.c | 53 ++++++++++++++++++++++- wolfcrypt/src/poly1305.c | 84 ++++++++++++++++++++++++++++++++++++ wolfssl/wolfcrypt/misc.h | 2 + wolfssl/wolfcrypt/poly1305.h | 2 +- 4 files changed, 138 insertions(+), 3 deletions(-) diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c index 10f733bd02..c08dd30571 100644 --- a/wolfcrypt/src/misc.c +++ b/wolfcrypt/src/misc.c @@ -796,6 +796,13 @@ WC_MISC_STATIC WC_INLINE w64wrapper w64ShiftLeft(w64wrapper a, int shift) return a; } +WC_MISC_STATIC WC_INLINE w64wrapper w64Mul(unsigned int a, unsigned int b) +{ + w64wrapper ret; + ret.n = (word64)a * (word64)b; + return ret; +} + #else WC_MISC_STATIC WC_INLINE void w64Increment(w64wrapper *n) @@ -841,6 +848,24 @@ WC_MISC_STATIC WC_INLINE w64wrapper w64Add32(w64wrapper a, word32 b, byte *wrap) return a; } +WC_MISC_STATIC WC_INLINE w64wrapper w64Add(w64wrapper a, w64wrapper b, + byte *wrap) +{ + a.n[1] = a.n[1] + b.n[1]; + if (a.n[1] < b.n[1]) { + a.n[0]++; + if (wrap != NULL && a.n[0] == 0) + *wrap = 1; + } + + a.n[0] = a.n[0] + b.n[0]; + if (a.n[0] < b.n[0]) { + *wrap = 1; + } + + return a; +} + WC_MISC_STATIC WC_INLINE w64wrapper w64Sub32(w64wrapper a, word32 b, byte *wrap) { byte _underflow = 0; @@ -939,7 +964,7 @@ WC_MISC_STATIC WC_INLINE byte w64LT(w64wrapper a, w64wrapper b) WC_MISC_STATIC WC_INLINE w64wrapper w64ShiftRight(w64wrapper a, int shift) { if (shift < 32) { - a.n[1] = (a.n[1] >> shift) || (a.n[0] << (32 - shift)); + a.n[1] = (a.n[1] >> shift) | (a.n[0] << (32 - shift)); a.n[0] >>= shift; } else { @@ -951,7 +976,7 @@ WC_MISC_STATIC WC_INLINE w64wrapper w64ShiftRight(w64wrapper a, int shift) WC_MISC_STATIC WC_INLINE w64wrapper w64ShiftLeft(w64wrapper a, int shift) { if (shift < 32) { - a.n[0] = (a.n[0] << shift) || (a.n[1] >> (32 - shift)); + a.n[0] = (a.n[0] << shift) | (a.n[1] >> (32 - shift)); a.n[1] <<= shift; } else { @@ -961,6 +986,30 @@ WC_MISC_STATIC WC_INLINE w64wrapper w64ShiftLeft(w64wrapper a, int shift) return a; } +WC_MISC_STATIC WC_INLINE w64wrapper w64Mul(word32 a, word32 b) +{ + w64wrapper ret; + word16 ltlA, ltlB, ltlC, ltlD; + word32 bigA, bigB, bigC, bigD; + + ltlA = a & 0xFFFF; + ltlB = (a >> 16) & 0xFFFF; + ltlC = b & 0xFFFF; + ltlD = (b >> 16) & 0xFFFF; + + bigA = ltlA * ltlC; + bigC = ltlB * ltlC; + bigD = ltlA * ltlD; + bigB = ltlB * ltlD; + + ret = w64From32(0, bigB); + ret = w64ShiftLeft(ret, 16); + ret = w64Add32(ret, bigD, NULL); + ret = w64Add32(ret, bigC, NULL); + ret = w64ShiftLeft(ret, 16); + return w64Add32(ret, bigA, NULL); +} + #endif /* WORD64_AVAILABLE && !WOLFSSL_W64_WRAPPER_TEST */ #endif /* WOLFSSL_W64_WRAPPER */ diff --git a/wolfcrypt/src/poly1305.c b/wolfcrypt/src/poly1305.c index cde754752a..7fd57c42de 100644 --- a/wolfcrypt/src/poly1305.c +++ b/wolfcrypt/src/poly1305.c @@ -29,6 +29,13 @@ and Daniel J. Bernstein */ +/* + * WOLFSSL_W64_WRAPPER Uses wrappers around word64 types for a system that does + * not have word64 available. As expected it reduces + * performance. Benchmarks collected July 2024 show + * 303.004 MiB/s with and 1874.194 MiB/s without. + */ + #ifdef HAVE_CONFIG_H #include #endif @@ -332,7 +339,11 @@ static int poly1305_blocks(Poly1305* ctx, const unsigned char *m, word32 r0,r1,r2,r3,r4; word32 s1,s2,s3,s4; word32 h0,h1,h2,h3,h4; +#ifdef WOLFSSL_W64_WRAPPER + w64wrapper d0,d1,d2,d3,d4; +#else word64 d0,d1,d2,d3,d4; +#endif word32 c; @@ -362,6 +373,41 @@ static int poly1305_blocks(Poly1305* ctx, const unsigned char *m, h4 += (U8TO32(m+12) >> 8) | hibit; /* h *= r */ +#ifdef WOLFSSL_W64_WRAPPER + { + w64wrapper tmp; + + d0 = w64Mul(h0, r0); tmp = w64Mul(h1, s4); + d0 = w64Add(d0, tmp, NULL); tmp = w64Mul(h2, s3); + d0 = w64Add(d0, tmp, NULL); tmp = w64Mul(h3, s2); + d0 = w64Add(d0, tmp, NULL); tmp = w64Mul(h4, s1); + d0 = w64Add(d0, tmp, NULL); + + d1 = w64Mul(h0, r1); tmp = w64Mul(h1, r0); + d1 = w64Add(d1, tmp, NULL); tmp = w64Mul(h2, s4); + d1 = w64Add(d1, tmp, NULL); tmp = w64Mul(h3, s3); + d1 = w64Add(d1, tmp, NULL); tmp = w64Mul(h4, s2); + d1 = w64Add(d1, tmp, NULL); + + d2 = w64Mul(h0, r2); tmp = w64Mul(h1, r1); + d2 = w64Add(d2, tmp, NULL); tmp = w64Mul(h2, r0); + d2 = w64Add(d2, tmp, NULL); tmp = w64Mul(h3, s4); + d2 = w64Add(d2, tmp, NULL); tmp = w64Mul(h4, s3); + d2 = w64Add(d2, tmp, NULL); + + d3 = w64Mul(h0, r3); tmp = w64Mul(h1, r2); + d3 = w64Add(d3, tmp, NULL); tmp = w64Mul(h2, r1); + d3 = w64Add(d3, tmp, NULL); tmp = w64Mul(h3, r0); + d3 = w64Add(d3, tmp, NULL); tmp = w64Mul(h4, s4); + d3 = w64Add(d3, tmp, NULL); + + d4 = w64Mul(h0, r4); tmp = w64Mul(h1, r3); + d4 = w64Add(d4, tmp, NULL); tmp = w64Mul(h2, r2); + d4 = w64Add(d4, tmp, NULL); tmp = w64Mul(h3, r1); + d4 = w64Add(d4, tmp, NULL); tmp = w64Mul(h4, r0); + d4 = w64Add(d4, tmp, NULL); + } +#else d0 = ((word64)h0 * r0) + ((word64)h1 * s4) + ((word64)h2 * s3) + ((word64)h3 * s2) + ((word64)h4 * s1); d1 = ((word64)h0 * r1) + ((word64)h1 * r0) + ((word64)h2 * s4) + @@ -372,13 +418,26 @@ static int poly1305_blocks(Poly1305* ctx, const unsigned char *m, ((word64)h3 * r0) + ((word64)h4 * s4); d4 = ((word64)h0 * r4) + ((word64)h1 * r3) + ((word64)h2 * r2) + ((word64)h3 * r1) + ((word64)h4 * r0); +#endif /* (partial) h %= p */ +#ifdef WOLFSSL_W64_WRAPPER + c = w64GetLow32(w64ShiftRight(d0, 26));h0 = w64GetLow32(d0) & 0x3ffffff; + d1 = w64Add32(d1, c, NULL); + c = w64GetLow32(w64ShiftRight(d1, 26));h1 = w64GetLow32(d1) & 0x3ffffff; + d2 = w64Add32(d2, c, NULL); + c = w64GetLow32(w64ShiftRight(d2, 26));h2 = w64GetLow32(d2) & 0x3ffffff; + d3 = w64Add32(d3, c, NULL); + c = w64GetLow32(w64ShiftRight(d3, 26));h3 = w64GetLow32(d3) & 0x3ffffff; + d4 = w64Add32(d4, c, NULL); + c = w64GetLow32(w64ShiftRight(d4, 26));h4 = w64GetLow32(d4) & 0x3ffffff; +#else c = (word32)(d0 >> 26); h0 = (word32)d0 & 0x3ffffff; d1 += c; c = (word32)(d1 >> 26); h1 = (word32)d1 & 0x3ffffff; d2 += c; c = (word32)(d2 >> 26); h2 = (word32)d2 & 0x3ffffff; d3 += c; c = (word32)(d3 >> 26); h3 = (word32)d3 & 0x3ffffff; d4 += c; c = (word32)(d4 >> 26); h4 = (word32)d4 & 0x3ffffff; +#endif h0 += c * 5; c = (h0 >> 26); h0 = h0 & 0x3ffffff; h1 += c; @@ -517,7 +576,11 @@ int wc_Poly1305Final(Poly1305* ctx, byte* mac) word32 h0,h1,h2,h3,h4,c; word32 g0,g1,g2,g3,g4; +#ifdef WOLFSSL_W64_WRAPPER + w64wrapper f; +#else word64 f; +#endif word32 mask; #endif @@ -656,10 +719,31 @@ int wc_Poly1305Final(Poly1305* ctx, byte* mac) h3 = ((h3 >> 18) | (h4 << 8)) & 0xffffffff; /* mac = (h + pad) % (2^128) */ +#ifdef WOLFSSL_W64_WRAPPER + w64SetLow32(&f, h0); + f = w64Add32(f, ctx->pad[0], NULL); + h0 = w64GetLow32(f); + + f = w64ShiftRight(f, 32); + f = w64Add32(f, h1, NULL); + f = w64Add32(f, ctx->pad[1], NULL); + h1 = w64GetLow32(f); + + f = w64ShiftRight(f, 32); + f = w64Add32(f, h2, NULL); + f = w64Add32(f, ctx->pad[2], NULL); + h2 = w64GetLow32(f); + + f = w64ShiftRight(f, 32); + f = w64Add32(f, h3, NULL); + f = w64Add32(f, ctx->pad[3], NULL); + h3 = w64GetLow32(f); +#else f = (word64)h0 + ctx->pad[0] ; h0 = (word32)f; f = (word64)h1 + ctx->pad[1] + (f >> 32); h1 = (word32)f; f = (word64)h2 + ctx->pad[2] + (f >> 32); h2 = (word32)f; f = (word64)h3 + ctx->pad[3] + (f >> 32); h3 = (word32)f; +#endif U32TO8(mac + 0, h0); U32TO8(mac + 4, h1); diff --git a/wolfssl/wolfcrypt/misc.h b/wolfssl/wolfcrypt/misc.h index 9761d686a2..823d0f0886 100644 --- a/wolfssl/wolfcrypt/misc.h +++ b/wolfssl/wolfcrypt/misc.h @@ -145,6 +145,7 @@ WOLFSSL_LOCAL word32 w64GetLow32(w64wrapper n); WOLFSSL_LOCAL word32 w64GetHigh32(w64wrapper n); WOLFSSL_LOCAL void w64SetLow32(w64wrapper *n, word32 low); WOLFSSL_LOCAL w64wrapper w64Add32(w64wrapper a, word32 b, byte *wrap); +WOLFSSL_LOCAL w64wrapper w64Add(w64wrapper a, w64wrapper b, byte *wrap); WOLFSSL_LOCAL w64wrapper w64Sub32(w64wrapper a, word32 b, byte *wrap); WOLFSSL_LOCAL byte w64GT(w64wrapper a, w64wrapper b); WOLFSSL_LOCAL byte w64IsZero(w64wrapper a); @@ -157,6 +158,7 @@ WOLFSSL_LOCAL w64wrapper w64Sub(w64wrapper a, w64wrapper b); WOLFSSL_LOCAL void w64Zero(w64wrapper *a); WOLFSSL_LOCAL w64wrapper w64ShiftRight(w64wrapper a, int shift); WOLFSSL_LOCAL w64wrapper w64ShiftLeft(w64wrapper a, int shift); +WOLFSSL_LOCAL w64wrapper w64Mul(word32 a, word32 b); #else /* !NO_INLINE */ diff --git a/wolfssl/wolfcrypt/poly1305.h b/wolfssl/wolfcrypt/poly1305.h index 00232ae781..94b5a28e18 100644 --- a/wolfssl/wolfcrypt/poly1305.h +++ b/wolfssl/wolfcrypt/poly1305.h @@ -57,7 +57,7 @@ #if defined(USE_INTEL_POLY1305_SPEEDUP) #elif (defined(WC_HAS_SIZEOF_INT128_64BIT) || defined(WC_HAS_MSVC_64BIT) || \ - defined(WC_HAS_GCC_4_4_64BIT)) + defined(WC_HAS_GCC_4_4_64BIT)) && !defined(WOLFSSL_W64_WRAPPER_TEST) #define POLY130564 #else #define POLY130532 From 04ab561a65fa02a5303d9119be54cf3ebfe02abc Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Thu, 18 Jul 2024 07:30:08 -0600 Subject: [PATCH 02/71] add smallstack support for poly1305 w64wrapper --- wolfcrypt/src/poly1305.c | 99 ++++++++++++++++++++++++---------------- 1 file changed, 59 insertions(+), 40 deletions(-) diff --git a/wolfcrypt/src/poly1305.c b/wolfcrypt/src/poly1305.c index 7fd57c42de..ec39484c47 100644 --- a/wolfcrypt/src/poly1305.c +++ b/wolfcrypt/src/poly1305.c @@ -339,12 +339,22 @@ static int poly1305_blocks(Poly1305* ctx, const unsigned char *m, word32 r0,r1,r2,r3,r4; word32 s1,s2,s3,s4; word32 h0,h1,h2,h3,h4; + word32 c; #ifdef WOLFSSL_W64_WRAPPER - w64wrapper d0,d1,d2,d3,d4; + #ifdef WOLFSSL_SMALL_STACK + w64wrapper* d; + + d = (w64wrapper*)XMALLOC(5 * sizeof(w64wrapper), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (d == NULL) { + return MEMORY_E; + } + #else + w64wrapper d[5]; + #endif #else word64 d0,d1,d2,d3,d4; #endif - word32 c; r0 = ctx->r[0]; @@ -377,35 +387,35 @@ static int poly1305_blocks(Poly1305* ctx, const unsigned char *m, { w64wrapper tmp; - d0 = w64Mul(h0, r0); tmp = w64Mul(h1, s4); - d0 = w64Add(d0, tmp, NULL); tmp = w64Mul(h2, s3); - d0 = w64Add(d0, tmp, NULL); tmp = w64Mul(h3, s2); - d0 = w64Add(d0, tmp, NULL); tmp = w64Mul(h4, s1); - d0 = w64Add(d0, tmp, NULL); - - d1 = w64Mul(h0, r1); tmp = w64Mul(h1, r0); - d1 = w64Add(d1, tmp, NULL); tmp = w64Mul(h2, s4); - d1 = w64Add(d1, tmp, NULL); tmp = w64Mul(h3, s3); - d1 = w64Add(d1, tmp, NULL); tmp = w64Mul(h4, s2); - d1 = w64Add(d1, tmp, NULL); - - d2 = w64Mul(h0, r2); tmp = w64Mul(h1, r1); - d2 = w64Add(d2, tmp, NULL); tmp = w64Mul(h2, r0); - d2 = w64Add(d2, tmp, NULL); tmp = w64Mul(h3, s4); - d2 = w64Add(d2, tmp, NULL); tmp = w64Mul(h4, s3); - d2 = w64Add(d2, tmp, NULL); - - d3 = w64Mul(h0, r3); tmp = w64Mul(h1, r2); - d3 = w64Add(d3, tmp, NULL); tmp = w64Mul(h2, r1); - d3 = w64Add(d3, tmp, NULL); tmp = w64Mul(h3, r0); - d3 = w64Add(d3, tmp, NULL); tmp = w64Mul(h4, s4); - d3 = w64Add(d3, tmp, NULL); - - d4 = w64Mul(h0, r4); tmp = w64Mul(h1, r3); - d4 = w64Add(d4, tmp, NULL); tmp = w64Mul(h2, r2); - d4 = w64Add(d4, tmp, NULL); tmp = w64Mul(h3, r1); - d4 = w64Add(d4, tmp, NULL); tmp = w64Mul(h4, r0); - d4 = w64Add(d4, tmp, NULL); + d[0] = w64Mul(h0, r0); tmp = w64Mul(h1, s4); + d[0] = w64Add(d[0], tmp, NULL); tmp = w64Mul(h2, s3); + d[0] = w64Add(d[0], tmp, NULL); tmp = w64Mul(h3, s2); + d[0] = w64Add(d[0], tmp, NULL); tmp = w64Mul(h4, s1); + d[0] = w64Add(d[0], tmp, NULL); + + d[1] = w64Mul(h0, r1); tmp = w64Mul(h1, r0); + d[1] = w64Add(d[1], tmp, NULL); tmp = w64Mul(h2, s4); + d[1] = w64Add(d[1], tmp, NULL); tmp = w64Mul(h3, s3); + d[1] = w64Add(d[1], tmp, NULL); tmp = w64Mul(h4, s2); + d[1] = w64Add(d[1], tmp, NULL); + + d[2] = w64Mul(h0, r2); tmp = w64Mul(h1, r1); + d[2] = w64Add(d[2], tmp, NULL); tmp = w64Mul(h2, r0); + d[2] = w64Add(d[2], tmp, NULL); tmp = w64Mul(h3, s4); + d[2] = w64Add(d[2], tmp, NULL); tmp = w64Mul(h4, s3); + d[2] = w64Add(d[2], tmp, NULL); + + d[3] = w64Mul(h0, r3); tmp = w64Mul(h1, r2); + d[3] = w64Add(d[3], tmp, NULL); tmp = w64Mul(h2, r1); + d[3] = w64Add(d[3], tmp, NULL); tmp = w64Mul(h3, r0); + d[3] = w64Add(d[3], tmp, NULL); tmp = w64Mul(h4, s4); + d[3] = w64Add(d[3], tmp, NULL); + + d[4] = w64Mul(h0, r4); tmp = w64Mul(h1, r3); + d[4] = w64Add(d[4], tmp, NULL); tmp = w64Mul(h2, r2); + d[4] = w64Add(d[4], tmp, NULL); tmp = w64Mul(h3, r1); + d[4] = w64Add(d[4], tmp, NULL); tmp = w64Mul(h4, r0); + d[4] = w64Add(d[4], tmp, NULL); } #else d0 = ((word64)h0 * r0) + ((word64)h1 * s4) + ((word64)h2 * s3) + @@ -422,15 +432,20 @@ static int poly1305_blocks(Poly1305* ctx, const unsigned char *m, /* (partial) h %= p */ #ifdef WOLFSSL_W64_WRAPPER - c = w64GetLow32(w64ShiftRight(d0, 26));h0 = w64GetLow32(d0) & 0x3ffffff; - d1 = w64Add32(d1, c, NULL); - c = w64GetLow32(w64ShiftRight(d1, 26));h1 = w64GetLow32(d1) & 0x3ffffff; - d2 = w64Add32(d2, c, NULL); - c = w64GetLow32(w64ShiftRight(d2, 26));h2 = w64GetLow32(d2) & 0x3ffffff; - d3 = w64Add32(d3, c, NULL); - c = w64GetLow32(w64ShiftRight(d3, 26));h3 = w64GetLow32(d3) & 0x3ffffff; - d4 = w64Add32(d4, c, NULL); - c = w64GetLow32(w64ShiftRight(d4, 26));h4 = w64GetLow32(d4) & 0x3ffffff; + c = w64GetLow32(w64ShiftRight(d[0], 26)); + h0 = w64GetLow32(d[0]) & 0x3ffffff; + d[1] = w64Add32(d[1], c, NULL); + c = w64GetLow32(w64ShiftRight(d[1], 26)); + h1 = w64GetLow32(d[1]) & 0x3ffffff; + d[2] = w64Add32(d[2], c, NULL); + c = w64GetLow32(w64ShiftRight(d[2], 26)); + h2 = w64GetLow32(d[2]) & 0x3ffffff; + d[3] = w64Add32(d[3], c, NULL); + c = w64GetLow32(w64ShiftRight(d[3], 26)); + h3 = w64GetLow32(d[3]) & 0x3ffffff; + d[4] = w64Add32(d[4], c, NULL); + c = w64GetLow32(w64ShiftRight(d[4], 26)); + h4 = w64GetLow32(d[4]) & 0x3ffffff; #else c = (word32)(d0 >> 26); h0 = (word32)d0 & 0x3ffffff; d1 += c; c = (word32)(d1 >> 26); h1 = (word32)d1 & 0x3ffffff; @@ -451,6 +466,10 @@ static int poly1305_blocks(Poly1305* ctx, const unsigned char *m, ctx->h[3] = h3; ctx->h[4] = h4; +#if defined(WOLFSSL_W64_WRAPPER) && defined(WOLFSSL_SMALL_STACK) + XFREE(d, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return 0; #endif /* end of 64 bit cpu blocks or 32 bit cpu */ From 8a9c893c6f82db596a0fb8af668cddfa1da0e69f Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Fri, 19 Jul 2024 11:03:44 -0600 Subject: [PATCH 03/71] fix for initialization of high value and funtction signature --- wolfcrypt/src/misc.c | 8 ++++---- wolfcrypt/src/poly1305.c | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c index c08dd30571..a25de2d218 100644 --- a/wolfcrypt/src/misc.c +++ b/wolfcrypt/src/misc.c @@ -796,7 +796,7 @@ WC_MISC_STATIC WC_INLINE w64wrapper w64ShiftLeft(w64wrapper a, int shift) return a; } -WC_MISC_STATIC WC_INLINE w64wrapper w64Mul(unsigned int a, unsigned int b) +WC_MISC_STATIC WC_INLINE w64wrapper w64Mul(word32 a, word32 b) { w64wrapper ret; ret.n = (word64)a * (word64)b; @@ -838,7 +838,7 @@ WC_MISC_STATIC WC_INLINE void w64SetLow32(w64wrapper *n, word32 low) WC_MISC_STATIC WC_INLINE w64wrapper w64Add32(w64wrapper a, word32 b, byte *wrap) { - a.n[1] = a.n[1] + b; + a.n[1] += b; if (a.n[1] < b) { a.n[0]++; if (wrap != NULL && a.n[0] == 0) @@ -851,14 +851,14 @@ WC_MISC_STATIC WC_INLINE w64wrapper w64Add32(w64wrapper a, word32 b, byte *wrap) WC_MISC_STATIC WC_INLINE w64wrapper w64Add(w64wrapper a, w64wrapper b, byte *wrap) { - a.n[1] = a.n[1] + b.n[1]; + a.n[1] += b.n[1]; if (a.n[1] < b.n[1]) { a.n[0]++; if (wrap != NULL && a.n[0] == 0) *wrap = 1; } - a.n[0] = a.n[0] + b.n[0]; + a.n[0] += b.n[0]; if (a.n[0] < b.n[0]) { *wrap = 1; } diff --git a/wolfcrypt/src/poly1305.c b/wolfcrypt/src/poly1305.c index ec39484c47..c77bbca7d3 100644 --- a/wolfcrypt/src/poly1305.c +++ b/wolfcrypt/src/poly1305.c @@ -739,7 +739,7 @@ int wc_Poly1305Final(Poly1305* ctx, byte* mac) /* mac = (h + pad) % (2^128) */ #ifdef WOLFSSL_W64_WRAPPER - w64SetLow32(&f, h0); + f = w64From32(0, h0); f = w64Add32(f, ctx->pad[0], NULL); h0 = w64GetLow32(f); From f5ed2460df1bc9d9a679f5b28d86d597a090aed3 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Fri, 19 Jul 2024 13:59:05 -0600 Subject: [PATCH 04/71] cast to larger type for multiplication --- wolfcrypt/src/misc.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c index a25de2d218..7f8f3f7d70 100644 --- a/wolfcrypt/src/misc.c +++ b/wolfcrypt/src/misc.c @@ -997,10 +997,10 @@ WC_MISC_STATIC WC_INLINE w64wrapper w64Mul(word32 a, word32 b) ltlC = b & 0xFFFF; ltlD = (b >> 16) & 0xFFFF; - bigA = ltlA * ltlC; - bigC = ltlB * ltlC; - bigD = ltlA * ltlD; - bigB = ltlB * ltlD; + bigA = (word32)ltlA * (word32)ltlC; + bigC = (word32)ltlB * (word32)ltlC; + bigD = (word32)ltlA * (word32)ltlD; + bigB = (word32)ltlB * (word32)ltlD; ret = w64From32(0, bigB); ret = w64ShiftLeft(ret, 16); From a07a658771b121dd3d5fec9432e2a47f0787b806 Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Mon, 22 Jul 2024 09:32:08 -0700 Subject: [PATCH 05/71] Update Arduino publishing script for 5.7.2 release --- IDE/ARDUINO/Arduino_README_prepend.md | 2 ++ IDE/ARDUINO/wolfssl-arduino.sh | 34 ++++++++++++++++++--------- 2 files changed, 25 insertions(+), 11 deletions(-) diff --git a/IDE/ARDUINO/Arduino_README_prepend.md b/IDE/ARDUINO/Arduino_README_prepend.md index 594a067847..c11b35dbb9 100644 --- a/IDE/ARDUINO/Arduino_README_prepend.md +++ b/IDE/ARDUINO/Arduino_README_prepend.md @@ -10,4 +10,6 @@ See the [Arduino-wolfSSL logs](https://downloads.arduino.cc/libraries/logs/githu The first Official wolfSSL Arduino Library is `5.6.6-Arduino.1`: a slightly modified, post [release 5.6.6](https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.6-stable) version update. +The next Official wolfSSL Arduino Library is [5.7.0](https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable) + See other [wolfSSL releases versions](https://github.com/wolfSSL/wolfssl/releases). The `./wolfssl-arduino.sh INSTALL` [script](https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO) can be used to install specific GitHub versions as needed. diff --git a/IDE/ARDUINO/wolfssl-arduino.sh b/IDE/ARDUINO/wolfssl-arduino.sh index d48b416626..59fd238dfd 100755 --- a/IDE/ARDUINO/wolfssl-arduino.sh +++ b/IDE/ARDUINO/wolfssl-arduino.sh @@ -29,7 +29,7 @@ ROOT_DIR="/wolfssl" # The Arduino Version will initially have a suffix appended during fine tuning stage. -WOLFSSL_VERSION_ARUINO_SUFFIX="-Arduino.3" +WOLFSSL_VERSION_ARUINO_SUFFIX="" # For verbose copy, set CP_CMD="-v", otherwise clear it: CP_CMD="cp" # Do not set to empty string, as copy will fail with this: CP_CMD="" @@ -65,6 +65,11 @@ if ! [ "$CP_CMD" = "cp " ]; then fi fi +if [ "$ROOT_DIR" = "" ]; then + echo "ERROR: ROOT_DIR cannot be blank" + exit 1 +fi + # Check environment if [ -n "$WSL_DISTRO_NAME" ]; then # we found a non-blank WSL environment distro name @@ -84,6 +89,11 @@ if [ $# -gt 0 ]; then if [ "$THIS_OPERATION" = "INSTALL" ]; then THIS_INSTALL_DIR=$2 + if [ "$THIS_INSTALL_DIR" = "/" ]; then + echo "ERROR: THIS_INSTALL_DIR cannot be /" + exit 1 + fi + echo "Install is active." if [ "$THIS_INSTALL_DIR" = "" ]; then @@ -300,20 +310,22 @@ echo "" # Note we should have exited above if a problem was encountered, # as we'll never want to install a bad library. if [ "$THIS_OPERATION" = "INSTALL" ]; then + echo "Config:" + echo "cp ../../examples/configs/user_settings_arduino.h ".${ROOT_SRC_DIR}"/user_settings.h" + # Nearly an ordinary copy, but we remove any lines with ">>" (typically edit with caution warning in comments) + grep -v '>>' ../../examples/configs/user_settings_arduino.h > ".${ROOT_SRC_DIR}"/user_settings.h || exit 1 + + # Show the user_settings.h revision string: + grep "WOLFSSL_USER_SETTINGS_ID" ."${ROOT_SRC_DIR}/user_settings.h" + echo "" + if [ "$THIS_INSTALL_IS_GITHUB" = "true" ]; then echo "Installing to GitHub directory: $THIS_INSTALL_DIR" cp -r ."$ROOT_DIR"/* "$THIS_INSTALL_DIR" || exit 1 + echo "Removing workspace library directory: .$ROOT_DIR" + rm -rf ".$ROOT_DIR" else - echo "Config:" - echo "cp ../../examples/configs/user_settings_arduino.h ".${ROOT_SRC_DIR}"/user_settings.h" - # Nearly an ordinary copy, but we remove any lines with ">>" (typically edit with caution warning in comments) - grep -v '>>' ../../examples/configs/user_settings_arduino.h > ".${ROOT_SRC_DIR}"/user_settings.h || exit 1 - - # Show the user_settings.h revision string: - grep "WOLFSSL_USER_SETTINGS_ID" ."${ROOT_SRC_DIR}/user_settings.h" - echo "" - - echo "Install:" + echo "Installing to local directory:" echo "mv .$ROOT_DIR $ARDUINO_ROOT" mv ."$ROOT_DIR" "$ARDUINO_ROOT" || exit 1 From 6a26569ddc088e698aaf9568f4cef153e3b6aed1 Mon Sep 17 00:00:00 2001 From: David Garske Date: Mon, 22 Jul 2024 14:09:15 -0700 Subject: [PATCH 06/71] Support for STM32U5A9xx board. Fixes for building example with fast math (TFM) and CMSIS OS 2. --- IDE/STM32Cube/default_conf.ftl | 4 ++-- IDE/STM32Cube/wolfssl_example.c | 2 +- wolfssl/wolfcrypt/tfm.h | 1 + 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/IDE/STM32Cube/default_conf.ftl b/IDE/STM32Cube/default_conf.ftl index 5e92dc1ddf..d7a68aac42 100644 --- a/IDE/STM32Cube/default_conf.ftl +++ b/IDE/STM32Cube/default_conf.ftl @@ -148,11 +148,11 @@ extern ${variable.value} ${variable.name}; #define HAL_CONSOLE_UART huart2 #define NO_STM32_RNG #define WOLFSSL_GENSEED_FORTEST /* no HW RNG is available use test seed */ -#elif defined(STM32U575xx) || defined(STM32U585xx) +#elif defined(STM32U575xx) || defined(STM32U585xx) || defined(STM32U5A9xx) #define HAL_CONSOLE_UART huart1 #define WOLFSSL_STM32U5 #define STM32_HAL_V2 - #ifdef STM32U585xx + #if defined(STM32U585xx) || defined(STM32U5A9xx) #undef NO_STM32_HASH #undef NO_STM32_CRYPTO #define WOLFSSL_STM32_PKA diff --git a/IDE/STM32Cube/wolfssl_example.c b/IDE/STM32Cube/wolfssl_example.c index ce749fe508..ce67b0806d 100644 --- a/IDE/STM32Cube/wolfssl_example.c +++ b/IDE/STM32Cube/wolfssl_example.c @@ -284,7 +284,7 @@ typedef struct { typedef struct { int ret; - osThreadId threadId; + osThreadId_t threadId; #ifdef CMSIS_OS2_H_ osSemaphoreId_t mutex; #else diff --git a/wolfssl/wolfcrypt/tfm.h b/wolfssl/wolfcrypt/tfm.h index 0483f26818..7d29b1f67e 100644 --- a/wolfssl/wolfcrypt/tfm.h +++ b/wolfssl/wolfcrypt/tfm.h @@ -779,6 +779,7 @@ int fp_sqr_comba64(fp_int *a, fp_int *b); #define MP_VAL FP_VAL /* invalid */ #define MP_MEM FP_MEM /* memory error */ #define MP_NOT_INF FP_NOT_INF /* point not at infinity */ +#define MP_RANGE FP_NOT_INF #define MP_OKAY FP_OKAY /* ok result */ #define MP_NO FP_NO /* yes/no result */ #define MP_YES FP_YES /* yes/no result */ From bb60c588003e8ea9a1a8f85fdad23fdc9d3bce82 Mon Sep 17 00:00:00 2001 From: Marco Oliverio Date: Tue, 23 Jul 2024 15:37:41 +0000 Subject: [PATCH 07/71] ocsp: don't free ocsp request if saved in ssl->ctx->certOcspRequest --- src/internal.c | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/src/internal.c b/src/internal.c index 324ec932cd..ece556c8f4 100644 --- a/src/internal.c +++ b/src/internal.c @@ -23310,8 +23310,10 @@ int SendFinished(WOLFSSL* ssl) * Returns 0 on success */ static int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request, - DecodedCert* cert, byte* certData, word32 length) + DecodedCert* cert, byte* certData, word32 length, + byte *takeOwnership) { + byte ctxOwnsRequest = 0; int ret; if (request != NULL) @@ -23330,14 +23332,18 @@ static int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request, if (!ssl->buffers.weOwnCert) { wolfSSL_Mutex* ocspLock = &SSL_CM(ssl)->ocsp_stapling->ocspLock; if (wc_LockMutex(ocspLock) == 0) { - if (ssl->ctx->certOcspRequest == NULL) + if (ssl->ctx->certOcspRequest == NULL) { ssl->ctx->certOcspRequest = request; + ctxOwnsRequest = 1; + } wc_UnLockMutex(ocspLock); } } } FreeDecodedCert(cert); + if (takeOwnership != NULL) + *takeOwnership = ctxOwnsRequest; return ret; } @@ -23360,6 +23366,7 @@ int CreateOcspResponse(WOLFSSL* ssl, OcspRequest** ocspRequest, int ret = 0; OcspRequest* request = NULL; byte createdRequest = 0; + byte ctxOwnsRequest = 0; if (ssl == NULL || ocspRequest == NULL || response == NULL) return BAD_FUNC_ARG; @@ -23397,7 +23404,7 @@ int CreateOcspResponse(WOLFSSL* ssl, OcspRequest** ocspRequest, createdRequest = 1; if (ret == 0) { ret = CreateOcspRequest(ssl, request, cert, der->buffer, - der->length); + der->length, &ctxOwnsRequest); } if (ret != 0) { @@ -23424,7 +23431,7 @@ int CreateOcspResponse(WOLFSSL* ssl, OcspRequest** ocspRequest, } /* free request up if error case found otherwise return it */ - if (ret != 0 && createdRequest) { + if (ret != 0 && createdRequest && !ctxOwnsRequest) { FreeOcspRequest(request); XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); } @@ -24119,6 +24126,7 @@ int SendCertificateStatus(WOLFSSL* ssl) { OcspRequest* request = ssl->ctx->certOcspRequest; buffer responses[1 + MAX_CHAIN_DEPTH]; + byte ctxOwnsRequest = 0; int i = 0; XMEMSET(responses, 0, sizeof(responses)); @@ -24177,7 +24185,7 @@ int SendCertificateStatus(WOLFSSL* ssl) break; ret = CreateOcspRequest(ssl, request, cert, der.buffer, - der.length); + der.length, &ctxOwnsRequest); if (ret == 0) { request->ssl = ssl; ret = CheckOcspRequest(SSL_CM(ssl)->ocsp_stapling, @@ -24192,12 +24200,13 @@ int SendCertificateStatus(WOLFSSL* ssl) i++; - FreeOcspRequest(request); + if (!ctxOwnsRequest) + FreeOcspRequest(request); } } } - - XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); + if (!ctxOwnsRequest) + XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); #ifdef WOLFSSL_SMALL_STACK XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT); #endif From 3284f53574676ff76ab8c9642fbc9e71a68b333b Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Tue, 16 Jul 2024 22:17:12 +1000 Subject: [PATCH 08/71] Cortex-M/Thumb2 ASM: fix label IAR doesn't like %=. Fix code to be consistent in use of labels and branch instructions. --- wolfcrypt/src/port/arm/thumb2-aes-asm.S | 90 +- wolfcrypt/src/port/arm/thumb2-aes-asm_c.c | 740 ++-- wolfcrypt/src/port/arm/thumb2-curve25519.S | 4 +- wolfcrypt/src/port/arm/thumb2-curve25519_c.c | 490 ++- wolfcrypt/src/port/arm/thumb2-sha256-asm.S | 4 +- wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c | 28 +- wolfcrypt/src/port/arm/thumb2-sha3-asm.S | 2 +- wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c | 14 +- wolfcrypt/src/port/arm/thumb2-sha512-asm.S | 4 +- wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c | 28 +- wolfcrypt/src/sp_cortexm.c | 3302 +++++++++++++----- 11 files changed, 3329 insertions(+), 1377 deletions(-) diff --git a/wolfcrypt/src/port/arm/thumb2-aes-asm.S b/wolfcrypt/src/port/arm/thumb2-aes-asm.S index 68695a7ea8..2ae2e27cf5 100644 --- a/wolfcrypt/src/port/arm/thumb2-aes-asm.S +++ b/wolfcrypt/src/port/arm/thumb2-aes-asm.S @@ -670,7 +670,7 @@ L_AES_invert_key_mix_loop: EOR r8, r8, r9, ROR #24 STR r8, [r0], #4 SUBS r11, r11, #0x1 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_invert_key_mix_loop #else BNE.W L_AES_invert_key_mix_loop @@ -703,13 +703,13 @@ AES_set_encrypt_key: LDR r10, L_AES_Thumb2_te ADR lr, L_AES_Thumb2_rcon CMP r1, #0x80 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BEQ L_AES_set_encrypt_key_start_128 #else BEQ.W L_AES_set_encrypt_key_start_128 #endif CMP r1, #0xc0 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BEQ L_AES_set_encrypt_key_start_192 #else BEQ.W L_AES_set_encrypt_key_start_192 @@ -1026,7 +1026,7 @@ L_AES_encrypt_block_nr: EOR r6, r6, r10 EOR r7, r7, r11 SUBS r1, r1, #0x1 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_encrypt_block_nr #else BNE.W L_AES_encrypt_block_nr @@ -1154,13 +1154,13 @@ AES_ECB_encrypt: LDR r12, [sp, #36] PUSH {r3} CMP r12, #0xa -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BEQ L_AES_ECB_encrypt_start_block_128 #else BEQ.W L_AES_ECB_encrypt_start_block_128 #endif CMP r12, #0xc -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BEQ L_AES_ECB_encrypt_start_block_192 #else BEQ.W L_AES_ECB_encrypt_start_block_192 @@ -1196,7 +1196,7 @@ L_AES_ECB_encrypt_loop_block_256: SUBS r2, r2, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_ECB_encrypt_loop_block_256 #else BNE.W L_AES_ECB_encrypt_loop_block_256 @@ -1238,7 +1238,7 @@ L_AES_ECB_encrypt_loop_block_192: SUBS r2, r2, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_ECB_encrypt_loop_block_192 #else BNE.W L_AES_ECB_encrypt_loop_block_192 @@ -1280,7 +1280,7 @@ L_AES_ECB_encrypt_loop_block_128: SUBS r2, r2, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_ECB_encrypt_loop_block_128 #else BNE.W L_AES_ECB_encrypt_loop_block_128 @@ -1305,13 +1305,13 @@ AES_CBC_encrypt: LDM r9, {r4, r5, r6, r7} PUSH {r3, r9} CMP r8, #0xa -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BEQ L_AES_CBC_encrypt_start_block_128 #else BEQ.W L_AES_CBC_encrypt_start_block_128 #endif CMP r8, #0xc -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BEQ L_AES_CBC_encrypt_start_block_192 #else BEQ.W L_AES_CBC_encrypt_start_block_192 @@ -1351,7 +1351,7 @@ L_AES_CBC_encrypt_loop_block_256: SUBS r2, r2, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_CBC_encrypt_loop_block_256 #else BNE.W L_AES_CBC_encrypt_loop_block_256 @@ -1397,7 +1397,7 @@ L_AES_CBC_encrypt_loop_block_192: SUBS r2, r2, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_CBC_encrypt_loop_block_192 #else BNE.W L_AES_CBC_encrypt_loop_block_192 @@ -1443,7 +1443,7 @@ L_AES_CBC_encrypt_loop_block_128: SUBS r2, r2, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_CBC_encrypt_loop_block_128 #else BNE.W L_AES_CBC_encrypt_loop_block_128 @@ -1474,13 +1474,13 @@ AES_CTR_encrypt: STM r8, {r4, r5, r6, r7} PUSH {r3, r8} CMP r12, #0xa -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BEQ L_AES_CTR_encrypt_start_block_128 #else BEQ.W L_AES_CTR_encrypt_start_block_128 #endif CMP r12, #0xc -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BEQ L_AES_CTR_encrypt_start_block_192 #else BEQ.W L_AES_CTR_encrypt_start_block_192 @@ -1524,12 +1524,12 @@ L_AES_CTR_encrypt_loop_block_256: SUBS r2, r2, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_CTR_encrypt_loop_block_256 #else BNE.W L_AES_CTR_encrypt_loop_block_256 #endif -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) B L_AES_CTR_encrypt_end #else B.W L_AES_CTR_encrypt_end @@ -1574,12 +1574,12 @@ L_AES_CTR_encrypt_loop_block_192: SUBS r2, r2, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_CTR_encrypt_loop_block_192 #else BNE.W L_AES_CTR_encrypt_loop_block_192 #endif -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) B L_AES_CTR_encrypt_end #else B.W L_AES_CTR_encrypt_end @@ -1624,7 +1624,7 @@ L_AES_CTR_encrypt_loop_block_128: SUBS r2, r2, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_CTR_encrypt_loop_block_128 #else BNE.W L_AES_CTR_encrypt_loop_block_128 @@ -1750,7 +1750,7 @@ L_AES_decrypt_block_nr: EOR r6, r6, r10 EOR r7, r7, r11 SUBS r1, r1, #0x1 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_decrypt_block_nr #else BNE.W L_AES_decrypt_block_nr @@ -2138,13 +2138,13 @@ AES_ECB_decrypt: MOV r12, r2 ADR r2, L_AES_Thumb2_td4 CMP r8, #0xa -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BEQ L_AES_ECB_decrypt_start_block_128 #else BEQ.W L_AES_ECB_decrypt_start_block_128 #endif CMP r8, #0xc -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BEQ L_AES_ECB_decrypt_start_block_192 #else BEQ.W L_AES_ECB_decrypt_start_block_192 @@ -2179,7 +2179,7 @@ L_AES_ECB_decrypt_loop_block_256: SUBS r12, r12, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_ECB_decrypt_loop_block_256 #else BNE.W L_AES_ECB_decrypt_loop_block_256 @@ -2220,7 +2220,7 @@ L_AES_ECB_decrypt_loop_block_192: SUBS r12, r12, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_ECB_decrypt_loop_block_192 #else BNE.W L_AES_ECB_decrypt_loop_block_192 @@ -2261,7 +2261,7 @@ L_AES_ECB_decrypt_loop_block_128: SUBS r12, r12, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_ECB_decrypt_loop_block_128 #else BNE.W L_AES_ECB_decrypt_loop_block_128 @@ -2286,13 +2286,13 @@ AES_CBC_decrypt: ADR r2, L_AES_Thumb2_td4 PUSH {r3, r4} CMP r8, #0xa -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BEQ L_AES_CBC_decrypt_loop_block_128 #else BEQ.W L_AES_CBC_decrypt_loop_block_128 #endif CMP r8, #0xc -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BEQ L_AES_CBC_decrypt_loop_block_192 #else BEQ.W L_AES_CBC_decrypt_loop_block_192 @@ -2337,7 +2337,7 @@ L_AES_CBC_decrypt_loop_block_256: SUBS r12, r12, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BEQ L_AES_CBC_decrypt_end_odd #else BEQ.W L_AES_CBC_decrypt_end_odd @@ -2382,12 +2382,12 @@ L_AES_CBC_decrypt_loop_block_256: SUBS r12, r12, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_CBC_decrypt_loop_block_256 #else BNE.W L_AES_CBC_decrypt_loop_block_256 #endif -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) B L_AES_CBC_decrypt_end #else B.W L_AES_CBC_decrypt_end @@ -2432,7 +2432,7 @@ L_AES_CBC_decrypt_loop_block_192: SUBS r12, r12, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BEQ L_AES_CBC_decrypt_end_odd #else BEQ.W L_AES_CBC_decrypt_end_odd @@ -2477,12 +2477,12 @@ L_AES_CBC_decrypt_loop_block_192: SUBS r12, r12, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_CBC_decrypt_loop_block_192 #else BNE.W L_AES_CBC_decrypt_loop_block_192 #endif -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) B L_AES_CBC_decrypt_end #else B.W L_AES_CBC_decrypt_end @@ -2527,7 +2527,7 @@ L_AES_CBC_decrypt_loop_block_128: SUBS r12, r12, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BEQ L_AES_CBC_decrypt_end_odd #else BEQ.W L_AES_CBC_decrypt_end_odd @@ -2572,7 +2572,7 @@ L_AES_CBC_decrypt_loop_block_128: SUBS r12, r12, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_CBC_decrypt_loop_block_128 #else BNE.W L_AES_CBC_decrypt_loop_block_128 @@ -3170,7 +3170,7 @@ L_GCM_gmult_len_start_block: POP {r3} SUBS r3, r3, #0x10 ADD r2, r2, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_GCM_gmult_len_start_block #else BNE.W L_GCM_gmult_len_start_block @@ -3202,13 +3202,13 @@ AES_GCM_encrypt: STM r8, {r4, r5, r6, r7} PUSH {r3, r8} CMP r12, #0xa -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BEQ L_AES_GCM_encrypt_start_block_128 #else BEQ.W L_AES_GCM_encrypt_start_block_128 #endif CMP r12, #0xc -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BEQ L_AES_GCM_encrypt_start_block_192 #else BEQ.W L_AES_GCM_encrypt_start_block_192 @@ -3249,12 +3249,12 @@ L_AES_GCM_encrypt_loop_block_256: SUBS r2, r2, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_GCM_encrypt_loop_block_256 #else BNE.W L_AES_GCM_encrypt_loop_block_256 #endif -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) B L_AES_GCM_encrypt_end #else B.W L_AES_GCM_encrypt_end @@ -3296,12 +3296,12 @@ L_AES_GCM_encrypt_loop_block_192: SUBS r2, r2, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_GCM_encrypt_loop_block_192 #else BNE.W L_AES_GCM_encrypt_loop_block_192 #endif -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) B L_AES_GCM_encrypt_end #else B.W L_AES_GCM_encrypt_end @@ -3343,7 +3343,7 @@ L_AES_GCM_encrypt_loop_block_128: SUBS r2, r2, #0x10 ADD lr, lr, #0x10 ADD r1, r1, #0x10 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_AES_GCM_encrypt_loop_block_128 #else BNE.W L_AES_GCM_encrypt_loop_block_128 diff --git a/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c b/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c index 399157589e..35c7499573 100644 --- a/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c +++ b/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c @@ -211,23 +211,33 @@ void AES_invert_key(unsigned char* ks, word32 rounds) "ADD r10, %[ks], %[rounds], LSL #4\n\t" "MOV r11, %[rounds]\n\t" "\n" - "L_AES_invert_key_loop%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_invert_key_loop:\n\t" +#else + "L_AES_invert_key_loop_%=:\n\t" +#endif "LDM %[ks], {r2, r3, r4, r5}\n\t" "LDM r10, {r6, r7, r8, r9}\n\t" "STM r10, {r2, r3, r4, r5}\n\t" "STM %[ks]!, {r6, r7, r8, r9}\n\t" "SUBS r11, r11, #0x2\n\t" "SUB r10, r10, #0x10\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_AES_invert_key_loop%=\n\t" +#if defined(__GNUC__) + "BNE L_AES_invert_key_loop_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_AES_invert_key_loop\n\t" #else - "BNE.N L_AES_invert_key_loop%=\n\t" + "BNE.N L_AES_invert_key_loop_%=\n\t" #endif "SUB %[ks], %[ks], %[rounds], LSL #3\n\t" "ADD %[ks], %[ks], #0x10\n\t" "SUB r11, %[rounds], #0x1\n\t" "\n" - "L_AES_invert_key_mix_loop%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_invert_key_mix_loop:\n\t" +#else + "L_AES_invert_key_mix_loop_%=:\n\t" +#endif "LDM %[ks], {r2, r3, r4, r5}\n\t" "UBFX r6, r2, #0, #8\n\t" "UBFX r7, r2, #8, #8\n\t" @@ -294,10 +304,12 @@ void AES_invert_key(unsigned char* ks, word32 rounds) "EOR r8, r8, r9, ROR #24\n\t" "STR r8, [%[ks]], #4\n\t" "SUBS r11, r11, #0x1\n\t" -#ifdef __GNUC__ - "BNE L_AES_invert_key_mix_loop%=\n\t" +#if defined(__GNUC__) + "BNE L_AES_invert_key_mix_loop_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_invert_key_mix_loop\n\t" #else - "BNE.W L_AES_invert_key_mix_loop%=\n\t" + "BNE.W L_AES_invert_key_mix_loop_%=\n\t" #endif #ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [ks] "+r" (ks), [rounds] "+r" (rounds), @@ -339,16 +351,20 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks "MOV r10, %[L_AES_Thumb2_te]\n\t" "MOV lr, %[L_AES_Thumb2_rcon]\n\t" "CMP %[len], #0x80\n\t" -#ifdef __GNUC__ - "BEQ L_AES_set_encrypt_key_start_128%=\n\t" +#if defined(__GNUC__) + "BEQ L_AES_set_encrypt_key_start_128_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.W L_AES_set_encrypt_key_start_128\n\t" #else - "BEQ.W L_AES_set_encrypt_key_start_128%=\n\t" + "BEQ.W L_AES_set_encrypt_key_start_128_%=\n\t" #endif "CMP %[len], #0xc0\n\t" -#ifdef __GNUC__ - "BEQ L_AES_set_encrypt_key_start_192%=\n\t" +#if defined(__GNUC__) + "BEQ L_AES_set_encrypt_key_start_192_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.W L_AES_set_encrypt_key_start_192\n\t" #else - "BEQ.W L_AES_set_encrypt_key_start_192%=\n\t" + "BEQ.W L_AES_set_encrypt_key_start_192_%=\n\t" #endif "LDR r4, [%[key]]\n\t" "LDR r5, [%[key], #4]\n\t" @@ -371,7 +387,11 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks "SUB %[ks], %[ks], #0x10\n\t" "MOV r12, #0x6\n\t" "\n" - "L_AES_set_encrypt_key_loop_256%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_set_encrypt_key_loop_256:\n\t" +#else + "L_AES_set_encrypt_key_loop_256_%=:\n\t" +#endif "UBFX r4, r7, #0, #8\n\t" "UBFX r5, r7, #8, #8\n\t" "UBFX r6, r7, #16, #8\n\t" @@ -414,10 +434,12 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks "STM %[ks], {r4, r5, r6, r7}\n\t" "SUB %[ks], %[ks], #0x10\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_AES_set_encrypt_key_loop_256%=\n\t" +#if defined(__GNUC__) + "BNE L_AES_set_encrypt_key_loop_256_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_AES_set_encrypt_key_loop_256\n\t" #else - "BNE.N L_AES_set_encrypt_key_loop_256%=\n\t" + "BNE.N L_AES_set_encrypt_key_loop_256_%=\n\t" #endif "UBFX r4, r7, #0, #8\n\t" "UBFX r5, r7, #8, #8\n\t" @@ -440,13 +462,19 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks "ADD %[ks], %[ks], #0x10\n\t" "STM %[ks], {r4, r5, r6, r7}\n\t" "SUB %[ks], %[ks], #0x10\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_AES_set_encrypt_key_end%=\n\t" +#if defined(__GNUC__) + "B L_AES_set_encrypt_key_end_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_AES_set_encrypt_key_end\n\t" #else - "B.N L_AES_set_encrypt_key_end%=\n\t" + "B.N L_AES_set_encrypt_key_end_%=\n\t" #endif "\n" - "L_AES_set_encrypt_key_start_192%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_set_encrypt_key_start_192:\n\t" +#else + "L_AES_set_encrypt_key_start_192_%=:\n\t" +#endif "LDR r4, [%[key]]\n\t" "LDR r5, [%[key], #4]\n\t" "LDR r6, [%[key], #8]\n\t" @@ -464,7 +492,11 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks "MOV r7, r9\n\t" "MOV r12, #0x7\n\t" "\n" - "L_AES_set_encrypt_key_loop_192%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_set_encrypt_key_loop_192:\n\t" +#else + "L_AES_set_encrypt_key_loop_192_%=:\n\t" +#endif "UBFX r4, r9, #0, #8\n\t" "UBFX r5, r9, #8, #8\n\t" "UBFX r6, r9, #16, #8\n\t" @@ -487,10 +519,12 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks "EOR r9, r9, r8\n\t" "STM %[ks], {r4, r5, r6, r7, r8, r9}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_AES_set_encrypt_key_loop_192%=\n\t" +#if defined(__GNUC__) + "BNE L_AES_set_encrypt_key_loop_192_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_AES_set_encrypt_key_loop_192\n\t" #else - "BNE.N L_AES_set_encrypt_key_loop_192%=\n\t" + "BNE.N L_AES_set_encrypt_key_loop_192_%=\n\t" #endif "UBFX r4, r9, #0, #8\n\t" "UBFX r5, r9, #8, #8\n\t" @@ -511,13 +545,19 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks "EOR r6, r6, r5\n\t" "EOR r7, r7, r6\n\t" "STM %[ks], {r4, r5, r6, r7}\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_AES_set_encrypt_key_end%=\n\t" +#if defined(__GNUC__) + "B L_AES_set_encrypt_key_end_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_AES_set_encrypt_key_end\n\t" #else - "B.N L_AES_set_encrypt_key_end%=\n\t" + "B.N L_AES_set_encrypt_key_end_%=\n\t" #endif "\n" - "L_AES_set_encrypt_key_start_128%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_set_encrypt_key_start_128:\n\t" +#else + "L_AES_set_encrypt_key_start_128_%=:\n\t" +#endif "LDR r4, [%[key]]\n\t" "LDR r5, [%[key], #4]\n\t" "LDR r6, [%[key], #8]\n\t" @@ -529,7 +569,11 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks "STM %[ks], {r4, r5, r6, r7}\n\t" "MOV r12, #0xa\n\t" "\n" - "L_AES_set_encrypt_key_loop_128%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_set_encrypt_key_loop_128:\n\t" +#else + "L_AES_set_encrypt_key_loop_128_%=:\n\t" +#endif "UBFX r4, r7, #0, #8\n\t" "UBFX r5, r7, #8, #8\n\t" "UBFX r6, r7, #16, #8\n\t" @@ -550,13 +594,19 @@ void AES_set_encrypt_key(const unsigned char* key, word32 len, unsigned char* ks "EOR r7, r7, r6\n\t" "STM %[ks], {r4, r5, r6, r7}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_AES_set_encrypt_key_loop_128%=\n\t" +#if defined(__GNUC__) + "BNE L_AES_set_encrypt_key_loop_128_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_AES_set_encrypt_key_loop_128\n\t" #else - "BNE.N L_AES_set_encrypt_key_loop_128%=\n\t" + "BNE.N L_AES_set_encrypt_key_loop_128_%=\n\t" #endif "\n" - "L_AES_set_encrypt_key_end%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_set_encrypt_key_end:\n\t" +#else + "L_AES_set_encrypt_key_end_%=:\n\t" +#endif #ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [key] "+r" (key), [len] "+r" (len), [ks] "+r" (ks), [L_AES_Thumb2_te] "+r" (L_AES_Thumb2_te_c), [L_AES_Thumb2_rcon] "+r" (L_AES_Thumb2_rcon_c) @@ -586,7 +636,11 @@ void AES_encrypt_block(const uint32_t* te, int nr, int len, const uint32_t* ks) __asm__ __volatile__ ( "\n" - "L_AES_encrypt_block_nr%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_encrypt_block_nr:\n\t" +#else + "L_AES_encrypt_block_nr_%=:\n\t" +#endif "UBFX r8, r5, #16, #8\n\t" "LSR r11, r4, #24\n\t" "UBFX lr, r6, #8, #8\n\t" @@ -688,10 +742,12 @@ void AES_encrypt_block(const uint32_t* te, int nr, int len, const uint32_t* ks) "EOR r6, r6, r10\n\t" "EOR r7, r7, r11\n\t" "SUBS %[nr], %[nr], #0x1\n\t" -#ifdef __GNUC__ - "BNE L_AES_encrypt_block_nr%=\n\t" +#if defined(__GNUC__) + "BNE L_AES_encrypt_block_nr_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_encrypt_block_nr\n\t" #else - "BNE.W L_AES_encrypt_block_nr%=\n\t" + "BNE.W L_AES_encrypt_block_nr_%=\n\t" #endif "UBFX r8, r5, #16, #8\n\t" "LSR r11, r4, #24\n\t" @@ -830,19 +886,27 @@ void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, unsigned long #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ "PUSH {%[ks]}\n\t" "CMP r12, #0xa\n\t" -#ifdef __GNUC__ - "BEQ L_AES_ECB_encrypt_start_block_128%=\n\t" +#if defined(__GNUC__) + "BEQ L_AES_ECB_encrypt_start_block_128_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.W L_AES_ECB_encrypt_start_block_128\n\t" #else - "BEQ.W L_AES_ECB_encrypt_start_block_128%=\n\t" + "BEQ.W L_AES_ECB_encrypt_start_block_128_%=\n\t" #endif "CMP r12, #0xc\n\t" -#ifdef __GNUC__ - "BEQ L_AES_ECB_encrypt_start_block_192%=\n\t" +#if defined(__GNUC__) + "BEQ L_AES_ECB_encrypt_start_block_192_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.W L_AES_ECB_encrypt_start_block_192\n\t" #else - "BEQ.W L_AES_ECB_encrypt_start_block_192%=\n\t" + "BEQ.W L_AES_ECB_encrypt_start_block_192_%=\n\t" #endif "\n" - "L_AES_ECB_encrypt_loop_block_256%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_ECB_encrypt_loop_block_256:\n\t" +#else + "L_AES_ECB_encrypt_loop_block_256_%=:\n\t" +#endif "LDR r4, [lr]\n\t" "LDR r5, [lr, #4]\n\t" "LDR r6, [lr, #8]\n\t" @@ -873,20 +937,32 @@ void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS %[len], %[len], #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BNE L_AES_ECB_encrypt_loop_block_256%=\n\t" +#if defined(__GNUC__) + "BNE L_AES_ECB_encrypt_loop_block_256_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_ECB_encrypt_loop_block_256\n\t" #else - "BNE.W L_AES_ECB_encrypt_loop_block_256%=\n\t" + "BNE.W L_AES_ECB_encrypt_loop_block_256_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_AES_ECB_encrypt_end%=\n\t" +#if defined(__GNUC__) + "B L_AES_ECB_encrypt_end_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_AES_ECB_encrypt_end\n\t" #else - "B.N L_AES_ECB_encrypt_end%=\n\t" + "B.N L_AES_ECB_encrypt_end_%=\n\t" #endif "\n" - "L_AES_ECB_encrypt_start_block_192%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_ECB_encrypt_start_block_192:\n\t" +#else + "L_AES_ECB_encrypt_start_block_192_%=:\n\t" +#endif "\n" - "L_AES_ECB_encrypt_loop_block_192%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_ECB_encrypt_loop_block_192:\n\t" +#else + "L_AES_ECB_encrypt_loop_block_192_%=:\n\t" +#endif "LDR r4, [lr]\n\t" "LDR r5, [lr, #4]\n\t" "LDR r6, [lr, #8]\n\t" @@ -917,20 +993,32 @@ void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS %[len], %[len], #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BNE L_AES_ECB_encrypt_loop_block_192%=\n\t" +#if defined(__GNUC__) + "BNE L_AES_ECB_encrypt_loop_block_192_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_ECB_encrypt_loop_block_192\n\t" #else - "BNE.W L_AES_ECB_encrypt_loop_block_192%=\n\t" + "BNE.W L_AES_ECB_encrypt_loop_block_192_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_AES_ECB_encrypt_end%=\n\t" +#if defined(__GNUC__) + "B L_AES_ECB_encrypt_end_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_AES_ECB_encrypt_end\n\t" #else - "B.N L_AES_ECB_encrypt_end%=\n\t" + "B.N L_AES_ECB_encrypt_end_%=\n\t" #endif "\n" - "L_AES_ECB_encrypt_start_block_128%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_ECB_encrypt_start_block_128:\n\t" +#else + "L_AES_ECB_encrypt_start_block_128_%=:\n\t" +#endif "\n" - "L_AES_ECB_encrypt_loop_block_128%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_ECB_encrypt_loop_block_128:\n\t" +#else + "L_AES_ECB_encrypt_loop_block_128_%=:\n\t" +#endif "LDR r4, [lr]\n\t" "LDR r5, [lr, #4]\n\t" "LDR r6, [lr, #8]\n\t" @@ -961,13 +1049,19 @@ void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS %[len], %[len], #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BNE L_AES_ECB_encrypt_loop_block_128%=\n\t" +#if defined(__GNUC__) + "BNE L_AES_ECB_encrypt_loop_block_128_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_ECB_encrypt_loop_block_128\n\t" #else - "BNE.W L_AES_ECB_encrypt_loop_block_128%=\n\t" + "BNE.W L_AES_ECB_encrypt_loop_block_128_%=\n\t" #endif "\n" - "L_AES_ECB_encrypt_end%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_ECB_encrypt_end:\n\t" +#else + "L_AES_ECB_encrypt_end_%=:\n\t" +#endif "POP {%[ks]}\n\t" #ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), @@ -1021,19 +1115,27 @@ void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, unsigned long "LDM r9, {r4, r5, r6, r7}\n\t" "PUSH {%[ks], r9}\n\t" "CMP r8, #0xa\n\t" -#ifdef __GNUC__ - "BEQ L_AES_CBC_encrypt_start_block_128%=\n\t" +#if defined(__GNUC__) + "BEQ L_AES_CBC_encrypt_start_block_128_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.W L_AES_CBC_encrypt_start_block_128\n\t" #else - "BEQ.W L_AES_CBC_encrypt_start_block_128%=\n\t" + "BEQ.W L_AES_CBC_encrypt_start_block_128_%=\n\t" #endif "CMP r8, #0xc\n\t" -#ifdef __GNUC__ - "BEQ L_AES_CBC_encrypt_start_block_192%=\n\t" +#if defined(__GNUC__) + "BEQ L_AES_CBC_encrypt_start_block_192_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.W L_AES_CBC_encrypt_start_block_192\n\t" #else - "BEQ.W L_AES_CBC_encrypt_start_block_192%=\n\t" + "BEQ.W L_AES_CBC_encrypt_start_block_192_%=\n\t" #endif "\n" - "L_AES_CBC_encrypt_loop_block_256%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_CBC_encrypt_loop_block_256:\n\t" +#else + "L_AES_CBC_encrypt_loop_block_256_%=:\n\t" +#endif "LDR r8, [lr]\n\t" "LDR r9, [lr, #4]\n\t" "LDR r10, [lr, #8]\n\t" @@ -1068,20 +1170,32 @@ void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS %[len], %[len], #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BNE L_AES_CBC_encrypt_loop_block_256%=\n\t" +#if defined(__GNUC__) + "BNE L_AES_CBC_encrypt_loop_block_256_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_CBC_encrypt_loop_block_256\n\t" #else - "BNE.W L_AES_CBC_encrypt_loop_block_256%=\n\t" + "BNE.W L_AES_CBC_encrypt_loop_block_256_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_AES_CBC_encrypt_end%=\n\t" +#if defined(__GNUC__) + "B L_AES_CBC_encrypt_end_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_AES_CBC_encrypt_end\n\t" #else - "B.N L_AES_CBC_encrypt_end%=\n\t" + "B.N L_AES_CBC_encrypt_end_%=\n\t" #endif "\n" - "L_AES_CBC_encrypt_start_block_192%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_CBC_encrypt_start_block_192:\n\t" +#else + "L_AES_CBC_encrypt_start_block_192_%=:\n\t" +#endif "\n" - "L_AES_CBC_encrypt_loop_block_192%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_CBC_encrypt_loop_block_192:\n\t" +#else + "L_AES_CBC_encrypt_loop_block_192_%=:\n\t" +#endif "LDR r8, [lr]\n\t" "LDR r9, [lr, #4]\n\t" "LDR r10, [lr, #8]\n\t" @@ -1116,20 +1230,32 @@ void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS %[len], %[len], #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BNE L_AES_CBC_encrypt_loop_block_192%=\n\t" +#if defined(__GNUC__) + "BNE L_AES_CBC_encrypt_loop_block_192_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_CBC_encrypt_loop_block_192\n\t" #else - "BNE.W L_AES_CBC_encrypt_loop_block_192%=\n\t" + "BNE.W L_AES_CBC_encrypt_loop_block_192_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_AES_CBC_encrypt_end%=\n\t" +#if defined(__GNUC__) + "B L_AES_CBC_encrypt_end_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_AES_CBC_encrypt_end\n\t" #else - "B.N L_AES_CBC_encrypt_end%=\n\t" + "B.N L_AES_CBC_encrypt_end_%=\n\t" #endif "\n" - "L_AES_CBC_encrypt_start_block_128%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_CBC_encrypt_start_block_128:\n\t" +#else + "L_AES_CBC_encrypt_start_block_128_%=:\n\t" +#endif "\n" - "L_AES_CBC_encrypt_loop_block_128%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_CBC_encrypt_loop_block_128:\n\t" +#else + "L_AES_CBC_encrypt_loop_block_128_%=:\n\t" +#endif "LDR r8, [lr]\n\t" "LDR r9, [lr, #4]\n\t" "LDR r10, [lr, #8]\n\t" @@ -1164,13 +1290,19 @@ void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS %[len], %[len], #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BNE L_AES_CBC_encrypt_loop_block_128%=\n\t" +#if defined(__GNUC__) + "BNE L_AES_CBC_encrypt_loop_block_128_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_CBC_encrypt_loop_block_128\n\t" #else - "BNE.W L_AES_CBC_encrypt_loop_block_128%=\n\t" + "BNE.W L_AES_CBC_encrypt_loop_block_128_%=\n\t" #endif "\n" - "L_AES_CBC_encrypt_end%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_CBC_encrypt_end:\n\t" +#else + "L_AES_CBC_encrypt_end_%=:\n\t" +#endif "POP {%[ks], r9}\n\t" "STM r9, {r4, r5, r6, r7}\n\t" #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -1233,19 +1365,27 @@ void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, unsigned long "STM r8, {r4, r5, r6, r7}\n\t" "PUSH {%[ks], r8}\n\t" "CMP r12, #0xa\n\t" -#ifdef __GNUC__ - "BEQ L_AES_CTR_encrypt_start_block_128%=\n\t" +#if defined(__GNUC__) + "BEQ L_AES_CTR_encrypt_start_block_128_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.W L_AES_CTR_encrypt_start_block_128\n\t" #else - "BEQ.W L_AES_CTR_encrypt_start_block_128%=\n\t" + "BEQ.W L_AES_CTR_encrypt_start_block_128_%=\n\t" #endif "CMP r12, #0xc\n\t" -#ifdef __GNUC__ - "BEQ L_AES_CTR_encrypt_start_block_192%=\n\t" +#if defined(__GNUC__) + "BEQ L_AES_CTR_encrypt_start_block_192_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.W L_AES_CTR_encrypt_start_block_192\n\t" #else - "BEQ.W L_AES_CTR_encrypt_start_block_192%=\n\t" + "BEQ.W L_AES_CTR_encrypt_start_block_192_%=\n\t" #endif "\n" - "L_AES_CTR_encrypt_loop_block_256%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_CTR_encrypt_loop_block_256:\n\t" +#else + "L_AES_CTR_encrypt_loop_block_256_%=:\n\t" +#endif "PUSH {r1, %[len], lr}\n\t" "LDR lr, [sp, #16]\n\t" "ADDS r11, r7, #0x1\n\t" @@ -1284,20 +1424,32 @@ void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS %[len], %[len], #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BNE L_AES_CTR_encrypt_loop_block_256%=\n\t" +#if defined(__GNUC__) + "BNE L_AES_CTR_encrypt_loop_block_256_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_CTR_encrypt_loop_block_256\n\t" #else - "BNE.W L_AES_CTR_encrypt_loop_block_256%=\n\t" + "BNE.W L_AES_CTR_encrypt_loop_block_256_%=\n\t" #endif -#ifdef __GNUC__ - "B L_AES_CTR_encrypt_end%=\n\t" +#if defined(__GNUC__) + "B L_AES_CTR_encrypt_end_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.W L_AES_CTR_encrypt_end\n\t" #else - "B.W L_AES_CTR_encrypt_end%=\n\t" + "B.W L_AES_CTR_encrypt_end_%=\n\t" #endif "\n" - "L_AES_CTR_encrypt_start_block_192%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_CTR_encrypt_start_block_192:\n\t" +#else + "L_AES_CTR_encrypt_start_block_192_%=:\n\t" +#endif "\n" - "L_AES_CTR_encrypt_loop_block_192%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_CTR_encrypt_loop_block_192:\n\t" +#else + "L_AES_CTR_encrypt_loop_block_192_%=:\n\t" +#endif "PUSH {r1, %[len], lr}\n\t" "LDR lr, [sp, #16]\n\t" "ADDS r11, r7, #0x1\n\t" @@ -1336,20 +1488,32 @@ void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS %[len], %[len], #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BNE L_AES_CTR_encrypt_loop_block_192%=\n\t" +#if defined(__GNUC__) + "BNE L_AES_CTR_encrypt_loop_block_192_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_CTR_encrypt_loop_block_192\n\t" #else - "BNE.W L_AES_CTR_encrypt_loop_block_192%=\n\t" + "BNE.W L_AES_CTR_encrypt_loop_block_192_%=\n\t" #endif -#ifdef __GNUC__ - "B L_AES_CTR_encrypt_end%=\n\t" +#if defined(__GNUC__) + "B L_AES_CTR_encrypt_end_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.W L_AES_CTR_encrypt_end\n\t" #else - "B.W L_AES_CTR_encrypt_end%=\n\t" + "B.W L_AES_CTR_encrypt_end_%=\n\t" #endif "\n" - "L_AES_CTR_encrypt_start_block_128%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_CTR_encrypt_start_block_128:\n\t" +#else + "L_AES_CTR_encrypt_start_block_128_%=:\n\t" +#endif "\n" - "L_AES_CTR_encrypt_loop_block_128%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_CTR_encrypt_loop_block_128:\n\t" +#else + "L_AES_CTR_encrypt_loop_block_128_%=:\n\t" +#endif "PUSH {r1, %[len], lr}\n\t" "LDR lr, [sp, #16]\n\t" "ADDS r11, r7, #0x1\n\t" @@ -1388,13 +1552,19 @@ void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS %[len], %[len], #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BNE L_AES_CTR_encrypt_loop_block_128%=\n\t" +#if defined(__GNUC__) + "BNE L_AES_CTR_encrypt_loop_block_128_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_CTR_encrypt_loop_block_128\n\t" #else - "BNE.W L_AES_CTR_encrypt_loop_block_128%=\n\t" + "BNE.W L_AES_CTR_encrypt_loop_block_128_%=\n\t" #endif "\n" - "L_AES_CTR_encrypt_end%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_CTR_encrypt_end:\n\t" +#else + "L_AES_CTR_encrypt_end_%=:\n\t" +#endif "POP {%[ks], r8}\n\t" "REV r4, r4\n\t" "REV r5, r5\n\t" @@ -1438,7 +1608,11 @@ void AES_decrypt_block(const uint32_t* td, int nr, const uint8_t* td4) __asm__ __volatile__ ( "\n" - "L_AES_decrypt_block_nr%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_decrypt_block_nr:\n\t" +#else + "L_AES_decrypt_block_nr_%=:\n\t" +#endif "UBFX r8, r7, #16, #8\n\t" "LSR r11, r4, #24\n\t" "UBFX r12, r6, #8, #8\n\t" @@ -1540,10 +1714,12 @@ void AES_decrypt_block(const uint32_t* td, int nr, const uint8_t* td4) "EOR r6, r6, r10\n\t" "EOR r7, r7, r11\n\t" "SUBS %[nr], %[nr], #0x1\n\t" -#ifdef __GNUC__ - "BNE L_AES_decrypt_block_nr%=\n\t" +#if defined(__GNUC__) + "BNE L_AES_decrypt_block_nr_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_decrypt_block_nr\n\t" #else - "BNE.W L_AES_decrypt_block_nr%=\n\t" + "BNE.W L_AES_decrypt_block_nr_%=\n\t" #endif "UBFX r8, r7, #16, #8\n\t" "LSR r11, r4, #24\n\t" @@ -1717,19 +1893,27 @@ void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, unsigned long "MOV r12, %[len]\n\t" "MOV r2, %[L_AES_Thumb2_td4]\n\t" "CMP r8, #0xa\n\t" -#ifdef __GNUC__ - "BEQ L_AES_ECB_decrypt_start_block_128%=\n\t" +#if defined(__GNUC__) + "BEQ L_AES_ECB_decrypt_start_block_128_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.W L_AES_ECB_decrypt_start_block_128\n\t" #else - "BEQ.W L_AES_ECB_decrypt_start_block_128%=\n\t" + "BEQ.W L_AES_ECB_decrypt_start_block_128_%=\n\t" #endif "CMP r8, #0xc\n\t" -#ifdef __GNUC__ - "BEQ L_AES_ECB_decrypt_start_block_192%=\n\t" +#if defined(__GNUC__) + "BEQ L_AES_ECB_decrypt_start_block_192_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.W L_AES_ECB_decrypt_start_block_192\n\t" #else - "BEQ.W L_AES_ECB_decrypt_start_block_192%=\n\t" + "BEQ.W L_AES_ECB_decrypt_start_block_192_%=\n\t" #endif "\n" - "L_AES_ECB_decrypt_loop_block_256%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_ECB_decrypt_loop_block_256:\n\t" +#else + "L_AES_ECB_decrypt_loop_block_256_%=:\n\t" +#endif "LDR r4, [lr]\n\t" "LDR r5, [lr, #4]\n\t" "LDR r6, [lr, #8]\n\t" @@ -1759,20 +1943,32 @@ void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS r12, r12, #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BNE L_AES_ECB_decrypt_loop_block_256%=\n\t" +#if defined(__GNUC__) + "BNE L_AES_ECB_decrypt_loop_block_256_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_ECB_decrypt_loop_block_256\n\t" #else - "BNE.W L_AES_ECB_decrypt_loop_block_256%=\n\t" + "BNE.W L_AES_ECB_decrypt_loop_block_256_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_AES_ECB_decrypt_end%=\n\t" +#if defined(__GNUC__) + "B L_AES_ECB_decrypt_end_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_AES_ECB_decrypt_end\n\t" #else - "B.N L_AES_ECB_decrypt_end%=\n\t" + "B.N L_AES_ECB_decrypt_end_%=\n\t" #endif "\n" - "L_AES_ECB_decrypt_start_block_192%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_ECB_decrypt_start_block_192:\n\t" +#else + "L_AES_ECB_decrypt_start_block_192_%=:\n\t" +#endif "\n" - "L_AES_ECB_decrypt_loop_block_192%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_ECB_decrypt_loop_block_192:\n\t" +#else + "L_AES_ECB_decrypt_loop_block_192_%=:\n\t" +#endif "LDR r4, [lr]\n\t" "LDR r5, [lr, #4]\n\t" "LDR r6, [lr, #8]\n\t" @@ -1802,20 +1998,32 @@ void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS r12, r12, #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BNE L_AES_ECB_decrypt_loop_block_192%=\n\t" +#if defined(__GNUC__) + "BNE L_AES_ECB_decrypt_loop_block_192_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_ECB_decrypt_loop_block_192\n\t" #else - "BNE.W L_AES_ECB_decrypt_loop_block_192%=\n\t" + "BNE.W L_AES_ECB_decrypt_loop_block_192_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_AES_ECB_decrypt_end%=\n\t" +#if defined(__GNUC__) + "B L_AES_ECB_decrypt_end_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_AES_ECB_decrypt_end\n\t" #else - "B.N L_AES_ECB_decrypt_end%=\n\t" + "B.N L_AES_ECB_decrypt_end_%=\n\t" #endif "\n" - "L_AES_ECB_decrypt_start_block_128%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_ECB_decrypt_start_block_128:\n\t" +#else + "L_AES_ECB_decrypt_start_block_128_%=:\n\t" +#endif "\n" - "L_AES_ECB_decrypt_loop_block_128%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_ECB_decrypt_loop_block_128:\n\t" +#else + "L_AES_ECB_decrypt_loop_block_128_%=:\n\t" +#endif "LDR r4, [lr]\n\t" "LDR r5, [lr, #4]\n\t" "LDR r6, [lr, #8]\n\t" @@ -1845,13 +2053,19 @@ void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS r12, r12, #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BNE L_AES_ECB_decrypt_loop_block_128%=\n\t" +#if defined(__GNUC__) + "BNE L_AES_ECB_decrypt_loop_block_128_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_ECB_decrypt_loop_block_128\n\t" #else - "BNE.W L_AES_ECB_decrypt_loop_block_128%=\n\t" + "BNE.W L_AES_ECB_decrypt_loop_block_128_%=\n\t" #endif "\n" - "L_AES_ECB_decrypt_end%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_ECB_decrypt_end:\n\t" +#else + "L_AES_ECB_decrypt_end_%=:\n\t" +#endif #ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [L_AES_Thumb2_td_ecb] "+r" (L_AES_Thumb2_td_ecb_c), [L_AES_Thumb2_td4] "+r" (L_AES_Thumb2_td4_c) @@ -1906,19 +2120,27 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long "MOV r2, %[L_AES_Thumb2_td4]\n\t" "PUSH {%[ks], r4}\n\t" "CMP r8, #0xa\n\t" -#ifdef __GNUC__ - "BEQ L_AES_CBC_decrypt_loop_block_128%=\n\t" +#if defined(__GNUC__) + "BEQ L_AES_CBC_decrypt_loop_block_128_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.W L_AES_CBC_decrypt_loop_block_128\n\t" #else - "BEQ.W L_AES_CBC_decrypt_loop_block_128%=\n\t" + "BEQ.W L_AES_CBC_decrypt_loop_block_128_%=\n\t" #endif "CMP r8, #0xc\n\t" -#ifdef __GNUC__ - "BEQ L_AES_CBC_decrypt_loop_block_192%=\n\t" +#if defined(__GNUC__) + "BEQ L_AES_CBC_decrypt_loop_block_192_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.W L_AES_CBC_decrypt_loop_block_192\n\t" #else - "BEQ.W L_AES_CBC_decrypt_loop_block_192%=\n\t" + "BEQ.W L_AES_CBC_decrypt_loop_block_192_%=\n\t" #endif "\n" - "L_AES_CBC_decrypt_loop_block_256%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_CBC_decrypt_loop_block_256:\n\t" +#else + "L_AES_CBC_decrypt_loop_block_256_%=:\n\t" +#endif "PUSH {r1, r12, lr}\n\t" "LDR r4, [lr]\n\t" "LDR r5, [lr, #4]\n\t" @@ -1958,10 +2180,12 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS r12, r12, #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BEQ L_AES_CBC_decrypt_end_odd%=\n\t" +#if defined(__GNUC__) + "BEQ L_AES_CBC_decrypt_end_odd_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.W L_AES_CBC_decrypt_end_odd\n\t" #else - "BEQ.W L_AES_CBC_decrypt_end_odd%=\n\t" + "BEQ.W L_AES_CBC_decrypt_end_odd_%=\n\t" #endif "PUSH {r1, r12, lr}\n\t" "LDR r4, [lr]\n\t" @@ -2003,18 +2227,26 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS r12, r12, #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BNE L_AES_CBC_decrypt_loop_block_256%=\n\t" +#if defined(__GNUC__) + "BNE L_AES_CBC_decrypt_loop_block_256_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_CBC_decrypt_loop_block_256\n\t" #else - "BNE.W L_AES_CBC_decrypt_loop_block_256%=\n\t" + "BNE.W L_AES_CBC_decrypt_loop_block_256_%=\n\t" #endif -#ifdef __GNUC__ - "B L_AES_CBC_decrypt_end%=\n\t" +#if defined(__GNUC__) + "B L_AES_CBC_decrypt_end_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.W L_AES_CBC_decrypt_end\n\t" #else - "B.W L_AES_CBC_decrypt_end%=\n\t" + "B.W L_AES_CBC_decrypt_end_%=\n\t" #endif "\n" - "L_AES_CBC_decrypt_loop_block_192%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_CBC_decrypt_loop_block_192:\n\t" +#else + "L_AES_CBC_decrypt_loop_block_192_%=:\n\t" +#endif "PUSH {r1, r12, lr}\n\t" "LDR r4, [lr]\n\t" "LDR r5, [lr, #4]\n\t" @@ -2054,10 +2286,12 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS r12, r12, #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BEQ L_AES_CBC_decrypt_end_odd%=\n\t" +#if defined(__GNUC__) + "BEQ L_AES_CBC_decrypt_end_odd_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.W L_AES_CBC_decrypt_end_odd\n\t" #else - "BEQ.W L_AES_CBC_decrypt_end_odd%=\n\t" + "BEQ.W L_AES_CBC_decrypt_end_odd_%=\n\t" #endif "PUSH {r1, r12, lr}\n\t" "LDR r4, [lr]\n\t" @@ -2099,18 +2333,26 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS r12, r12, #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BNE L_AES_CBC_decrypt_loop_block_192%=\n\t" +#if defined(__GNUC__) + "BNE L_AES_CBC_decrypt_loop_block_192_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_CBC_decrypt_loop_block_192\n\t" #else - "BNE.W L_AES_CBC_decrypt_loop_block_192%=\n\t" + "BNE.W L_AES_CBC_decrypt_loop_block_192_%=\n\t" #endif -#ifdef __GNUC__ - "B L_AES_CBC_decrypt_end%=\n\t" +#if defined(__GNUC__) + "B L_AES_CBC_decrypt_end_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.W L_AES_CBC_decrypt_end\n\t" #else - "B.W L_AES_CBC_decrypt_end%=\n\t" + "B.W L_AES_CBC_decrypt_end_%=\n\t" #endif "\n" - "L_AES_CBC_decrypt_loop_block_128%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_CBC_decrypt_loop_block_128:\n\t" +#else + "L_AES_CBC_decrypt_loop_block_128_%=:\n\t" +#endif "PUSH {r1, r12, lr}\n\t" "LDR r4, [lr]\n\t" "LDR r5, [lr, #4]\n\t" @@ -2150,10 +2392,12 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS r12, r12, #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BEQ L_AES_CBC_decrypt_end_odd%=\n\t" +#if defined(__GNUC__) + "BEQ L_AES_CBC_decrypt_end_odd_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.W L_AES_CBC_decrypt_end_odd\n\t" #else - "BEQ.W L_AES_CBC_decrypt_end_odd%=\n\t" + "BEQ.W L_AES_CBC_decrypt_end_odd_%=\n\t" #endif "PUSH {r1, r12, lr}\n\t" "LDR r4, [lr]\n\t" @@ -2195,25 +2439,37 @@ void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS r12, r12, #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BNE L_AES_CBC_decrypt_loop_block_128%=\n\t" +#if defined(__GNUC__) + "BNE L_AES_CBC_decrypt_loop_block_128_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_CBC_decrypt_loop_block_128\n\t" #else - "BNE.W L_AES_CBC_decrypt_loop_block_128%=\n\t" + "BNE.W L_AES_CBC_decrypt_loop_block_128_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_AES_CBC_decrypt_end%=\n\t" +#if defined(__GNUC__) + "B L_AES_CBC_decrypt_end_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_AES_CBC_decrypt_end\n\t" #else - "B.N L_AES_CBC_decrypt_end%=\n\t" + "B.N L_AES_CBC_decrypt_end_%=\n\t" #endif "\n" - "L_AES_CBC_decrypt_end_odd%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_CBC_decrypt_end_odd:\n\t" +#else + "L_AES_CBC_decrypt_end_odd_%=:\n\t" +#endif "LDR r4, [sp, #4]\n\t" "LDRD r8, r9, [r4, #16]\n\t" "LDRD r10, r11, [r4, #24]\n\t" "STRD r8, r9, [r4]\n\t" "STRD r10, r11, [r4, #8]\n\t" "\n" - "L_AES_CBC_decrypt_end%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_CBC_decrypt_end:\n\t" +#else + "L_AES_CBC_decrypt_end_%=:\n\t" +#endif "POP {%[ks], r4}\n\t" #ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [iv] "+r" (iv), @@ -2264,7 +2520,11 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha __asm__ __volatile__ ( "MOV lr, %[L_GCM_gmult_len_r]\n\t" "\n" - "L_GCM_gmult_len_start_block%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_GCM_gmult_len_start_block:\n\t" +#else + "L_GCM_gmult_len_start_block_%=:\n\t" +#endif "PUSH {r3}\n\t" "LDR r12, [r0, #12]\n\t" "LDR %[len], [r2, #12]\n\t" @@ -2809,10 +3069,12 @@ void GCM_gmult_len(unsigned char* x, const unsigned char** m, const unsigned cha "POP {r3}\n\t" "SUBS %[len], %[len], #0x10\n\t" "ADD %[data], %[data], #0x10\n\t" -#ifdef __GNUC__ - "BNE L_GCM_gmult_len_start_block%=\n\t" +#if defined(__GNUC__) + "BNE L_GCM_gmult_len_start_block_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_GCM_gmult_len_start_block\n\t" #else - "BNE.W L_GCM_gmult_len_start_block%=\n\t" + "BNE.W L_GCM_gmult_len_start_block_%=\n\t" #endif #ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [x] "+r" (x), [m] "+r" (m), [data] "+r" (data), [len] "+r" (len), @@ -2867,19 +3129,27 @@ void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, unsigned long "STM r8, {r4, r5, r6, r7}\n\t" "PUSH {%[ks], r8}\n\t" "CMP r12, #0xa\n\t" -#ifdef __GNUC__ - "BEQ L_AES_GCM_encrypt_start_block_128%=\n\t" +#if defined(__GNUC__) + "BEQ L_AES_GCM_encrypt_start_block_128_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.W L_AES_GCM_encrypt_start_block_128\n\t" #else - "BEQ.W L_AES_GCM_encrypt_start_block_128%=\n\t" + "BEQ.W L_AES_GCM_encrypt_start_block_128_%=\n\t" #endif "CMP r12, #0xc\n\t" -#ifdef __GNUC__ - "BEQ L_AES_GCM_encrypt_start_block_192%=\n\t" +#if defined(__GNUC__) + "BEQ L_AES_GCM_encrypt_start_block_192_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.W L_AES_GCM_encrypt_start_block_192\n\t" #else - "BEQ.W L_AES_GCM_encrypt_start_block_192%=\n\t" + "BEQ.W L_AES_GCM_encrypt_start_block_192_%=\n\t" #endif "\n" - "L_AES_GCM_encrypt_loop_block_256%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_GCM_encrypt_loop_block_256:\n\t" +#else + "L_AES_GCM_encrypt_loop_block_256_%=:\n\t" +#endif "PUSH {r1, %[len], lr}\n\t" "LDR lr, [sp, #16]\n\t" "ADD r7, r7, #0x1\n\t" @@ -2915,20 +3185,32 @@ void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS %[len], %[len], #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BNE L_AES_GCM_encrypt_loop_block_256%=\n\t" +#if defined(__GNUC__) + "BNE L_AES_GCM_encrypt_loop_block_256_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_GCM_encrypt_loop_block_256\n\t" #else - "BNE.W L_AES_GCM_encrypt_loop_block_256%=\n\t" + "BNE.W L_AES_GCM_encrypt_loop_block_256_%=\n\t" #endif -#ifdef __GNUC__ - "B L_AES_GCM_encrypt_end%=\n\t" +#if defined(__GNUC__) + "B L_AES_GCM_encrypt_end_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.W L_AES_GCM_encrypt_end\n\t" #else - "B.W L_AES_GCM_encrypt_end%=\n\t" + "B.W L_AES_GCM_encrypt_end_%=\n\t" #endif "\n" - "L_AES_GCM_encrypt_start_block_192%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_GCM_encrypt_start_block_192:\n\t" +#else + "L_AES_GCM_encrypt_start_block_192_%=:\n\t" +#endif "\n" - "L_AES_GCM_encrypt_loop_block_192%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_GCM_encrypt_loop_block_192:\n\t" +#else + "L_AES_GCM_encrypt_loop_block_192_%=:\n\t" +#endif "PUSH {r1, %[len], lr}\n\t" "LDR lr, [sp, #16]\n\t" "ADD r7, r7, #0x1\n\t" @@ -2964,20 +3246,32 @@ void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS %[len], %[len], #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BNE L_AES_GCM_encrypt_loop_block_192%=\n\t" +#if defined(__GNUC__) + "BNE L_AES_GCM_encrypt_loop_block_192_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_GCM_encrypt_loop_block_192\n\t" #else - "BNE.W L_AES_GCM_encrypt_loop_block_192%=\n\t" + "BNE.W L_AES_GCM_encrypt_loop_block_192_%=\n\t" #endif -#ifdef __GNUC__ - "B L_AES_GCM_encrypt_end%=\n\t" +#if defined(__GNUC__) + "B L_AES_GCM_encrypt_end_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.W L_AES_GCM_encrypt_end\n\t" #else - "B.W L_AES_GCM_encrypt_end%=\n\t" + "B.W L_AES_GCM_encrypt_end_%=\n\t" #endif "\n" - "L_AES_GCM_encrypt_start_block_128%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_GCM_encrypt_start_block_128:\n\t" +#else + "L_AES_GCM_encrypt_start_block_128_%=:\n\t" +#endif "\n" - "L_AES_GCM_encrypt_loop_block_128%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_GCM_encrypt_loop_block_128:\n\t" +#else + "L_AES_GCM_encrypt_loop_block_128_%=:\n\t" +#endif "PUSH {r1, %[len], lr}\n\t" "LDR lr, [sp, #16]\n\t" "ADD r7, r7, #0x1\n\t" @@ -3013,13 +3307,19 @@ void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, unsigned long "SUBS %[len], %[len], #0x10\n\t" "ADD lr, lr, #0x10\n\t" "ADD %[out], %[out], #0x10\n\t" -#ifdef __GNUC__ - "BNE L_AES_GCM_encrypt_loop_block_128%=\n\t" +#if defined(__GNUC__) + "BNE L_AES_GCM_encrypt_loop_block_128_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_GCM_encrypt_loop_block_128\n\t" #else - "BNE.W L_AES_GCM_encrypt_loop_block_128%=\n\t" + "BNE.W L_AES_GCM_encrypt_loop_block_128_%=\n\t" #endif "\n" - "L_AES_GCM_encrypt_end%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_GCM_encrypt_end:\n\t" +#else + "L_AES_GCM_encrypt_end_%=:\n\t" +#endif "POP {%[ks], r8}\n\t" "REV r4, r4\n\t" "REV r5, r5\n\t" diff --git a/wolfcrypt/src/port/arm/thumb2-curve25519.S b/wolfcrypt/src/port/arm/thumb2-curve25519.S index e6b5dcf5d2..24ef6e1dc6 100644 --- a/wolfcrypt/src/port/arm/thumb2-curve25519.S +++ b/wolfcrypt/src/port/arm/thumb2-curve25519.S @@ -2741,7 +2741,7 @@ L_curve25519_bits: LDR r1, [sp, #180] SUBS r1, r1, #0x1 STR r1, [sp, #180] -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BGE L_curve25519_bits #else BGE.W L_curve25519_bits @@ -2750,7 +2750,7 @@ L_curve25519_bits: STR r1, [sp, #180] SUBS r2, r2, #0x4 STR r2, [sp, #176] -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BGE L_curve25519_words #else BGE.W L_curve25519_words diff --git a/wolfcrypt/src/port/arm/thumb2-curve25519_c.c b/wolfcrypt/src/port/arm/thumb2-curve25519_c.c index 884b9089dc..ecad6fd124 100644 --- a/wolfcrypt/src/port/arm/thumb2-curve25519_c.c +++ b/wolfcrypt/src/port/arm/thumb2-curve25519_c.c @@ -2789,9 +2789,17 @@ int curve25519(byte* r, const byte* n, const byte* a) "MOV %[a], #0x1c\n\t" "STR %[a], [sp, #176]\n\t" "\n" - "L_curve25519_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_curve25519_words:\n\t" +#else + "L_curve25519_words_%=:\n\t" +#endif "\n" - "L_curve25519_bits%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_curve25519_bits:\n\t" +#else + "L_curve25519_bits_%=:\n\t" +#endif "LDR %[n], [sp, #164]\n\t" "LDR %[a], [%[n], r2]\n\t" "LDR %[n], [sp, #180]\n\t" @@ -2971,19 +2979,23 @@ int curve25519(byte* r, const byte* n, const byte* a) "LDR %[n], [sp, #180]\n\t" "SUBS %[n], %[n], #0x1\n\t" "STR %[n], [sp, #180]\n\t" -#ifdef __GNUC__ - "BGE L_curve25519_bits%=\n\t" +#if defined(__GNUC__) + "BGE L_curve25519_bits_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGE.W L_curve25519_bits\n\t" #else - "BGE.W L_curve25519_bits%=\n\t" + "BGE.W L_curve25519_bits_%=\n\t" #endif "MOV %[n], #0x1f\n\t" "STR %[n], [sp, #180]\n\t" "SUBS %[a], %[a], #0x4\n\t" "STR %[a], [sp, #176]\n\t" -#ifdef __GNUC__ - "BGE L_curve25519_words%=\n\t" +#if defined(__GNUC__) + "BGE L_curve25519_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGE.W L_curve25519_words\n\t" #else - "BGE.W L_curve25519_words%=\n\t" + "BGE.W L_curve25519_words_%=\n\t" #endif /* Invert */ "ADD r1, sp, #0x0\n\t" @@ -3015,17 +3027,23 @@ int curve25519(byte* r, const byte* n, const byte* a) "BL fe_sq_op\n\t" "MOV r12, #0x4\n\t" "\n" - "L_curve25519_inv_1%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_curve25519_inv_1:\n\t" +#else + "L_curve25519_inv_1_%=:\n\t" +#endif "ADD r1, sp, #0x60\n\t" "ADD r0, sp, #0x60\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_curve25519_inv_1%=\n\t" +#if defined(__GNUC__) + "BNE L_curve25519_inv_1_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_curve25519_inv_1\n\t" #else - "BNE.N L_curve25519_inv_1%=\n\t" + "BNE.N L_curve25519_inv_1_%=\n\t" #endif "ADD r2, sp, #0x40\n\t" "ADD r1, sp, #0x60\n\t" @@ -3036,17 +3054,23 @@ int curve25519(byte* r, const byte* n, const byte* a) "BL fe_sq_op\n\t" "MOV r12, #0x9\n\t" "\n" - "L_curve25519_inv_2%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_curve25519_inv_2:\n\t" +#else + "L_curve25519_inv_2_%=:\n\t" +#endif "ADD r1, sp, #0x60\n\t" "ADD r0, sp, #0x60\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_curve25519_inv_2%=\n\t" +#if defined(__GNUC__) + "BNE L_curve25519_inv_2_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_curve25519_inv_2\n\t" #else - "BNE.N L_curve25519_inv_2%=\n\t" + "BNE.N L_curve25519_inv_2_%=\n\t" #endif "ADD r2, sp, #0x40\n\t" "ADD r1, sp, #0x60\n\t" @@ -3057,17 +3081,23 @@ int curve25519(byte* r, const byte* n, const byte* a) "BL fe_sq_op\n\t" "MOV r12, #0x13\n\t" "\n" - "L_curve25519_inv_3%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_curve25519_inv_3:\n\t" +#else + "L_curve25519_inv_3_%=:\n\t" +#endif "ADD r1, sp, #0x80\n\t" "ADD r0, sp, #0x80\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_curve25519_inv_3%=\n\t" +#if defined(__GNUC__) + "BNE L_curve25519_inv_3_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_curve25519_inv_3\n\t" #else - "BNE.N L_curve25519_inv_3%=\n\t" + "BNE.N L_curve25519_inv_3_%=\n\t" #endif "ADD r2, sp, #0x60\n\t" "ADD r1, sp, #0x80\n\t" @@ -3075,17 +3105,23 @@ int curve25519(byte* r, const byte* n, const byte* a) "BL fe_mul_op\n\t" "MOV r12, #0xa\n\t" "\n" - "L_curve25519_inv_4%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_curve25519_inv_4:\n\t" +#else + "L_curve25519_inv_4_%=:\n\t" +#endif "ADD r1, sp, #0x60\n\t" "ADD r0, sp, #0x60\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_curve25519_inv_4%=\n\t" +#if defined(__GNUC__) + "BNE L_curve25519_inv_4_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_curve25519_inv_4\n\t" #else - "BNE.N L_curve25519_inv_4%=\n\t" + "BNE.N L_curve25519_inv_4_%=\n\t" #endif "ADD r2, sp, #0x40\n\t" "ADD r1, sp, #0x60\n\t" @@ -3096,17 +3132,23 @@ int curve25519(byte* r, const byte* n, const byte* a) "BL fe_sq_op\n\t" "MOV r12, #0x31\n\t" "\n" - "L_curve25519_inv_5%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_curve25519_inv_5:\n\t" +#else + "L_curve25519_inv_5_%=:\n\t" +#endif "ADD r1, sp, #0x60\n\t" "ADD r0, sp, #0x60\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_curve25519_inv_5%=\n\t" +#if defined(__GNUC__) + "BNE L_curve25519_inv_5_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_curve25519_inv_5\n\t" #else - "BNE.N L_curve25519_inv_5%=\n\t" + "BNE.N L_curve25519_inv_5_%=\n\t" #endif "ADD r2, sp, #0x40\n\t" "ADD r1, sp, #0x60\n\t" @@ -3117,17 +3159,23 @@ int curve25519(byte* r, const byte* n, const byte* a) "BL fe_sq_op\n\t" "MOV r12, #0x63\n\t" "\n" - "L_curve25519_inv_6%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_curve25519_inv_6:\n\t" +#else + "L_curve25519_inv_6_%=:\n\t" +#endif "ADD r1, sp, #0x80\n\t" "ADD r0, sp, #0x80\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_curve25519_inv_6%=\n\t" +#if defined(__GNUC__) + "BNE L_curve25519_inv_6_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_curve25519_inv_6\n\t" #else - "BNE.N L_curve25519_inv_6%=\n\t" + "BNE.N L_curve25519_inv_6_%=\n\t" #endif "ADD r2, sp, #0x60\n\t" "ADD r1, sp, #0x80\n\t" @@ -3135,17 +3183,23 @@ int curve25519(byte* r, const byte* n, const byte* a) "BL fe_mul_op\n\t" "MOV r12, #0x32\n\t" "\n" - "L_curve25519_inv_7%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_curve25519_inv_7:\n\t" +#else + "L_curve25519_inv_7_%=:\n\t" +#endif "ADD r1, sp, #0x60\n\t" "ADD r0, sp, #0x60\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_curve25519_inv_7%=\n\t" +#if defined(__GNUC__) + "BNE L_curve25519_inv_7_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_curve25519_inv_7\n\t" #else - "BNE.N L_curve25519_inv_7%=\n\t" + "BNE.N L_curve25519_inv_7_%=\n\t" #endif "ADD r2, sp, #0x40\n\t" "ADD r1, sp, #0x60\n\t" @@ -3153,17 +3207,23 @@ int curve25519(byte* r, const byte* n, const byte* a) "BL fe_mul_op\n\t" "MOV r12, #0x5\n\t" "\n" - "L_curve25519_inv_8%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_curve25519_inv_8:\n\t" +#else + "L_curve25519_inv_8_%=:\n\t" +#endif "ADD r1, sp, #0x40\n\t" "ADD r0, sp, #0x40\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_curve25519_inv_8%=\n\t" +#if defined(__GNUC__) + "BNE L_curve25519_inv_8_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_curve25519_inv_8\n\t" #else - "BNE.N L_curve25519_inv_8%=\n\t" + "BNE.N L_curve25519_inv_8_%=\n\t" #endif "ADD r2, sp, #0x20\n\t" "ADD r1, sp, #0x40\n\t" @@ -3227,7 +3287,11 @@ int curve25519(byte* r, const byte* n, const byte* a) "STM r3, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t" "MOV %[a], #0xfe\n\t" "\n" - "L_curve25519_bits%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_curve25519_bits:\n\t" +#else + "L_curve25519_bits_%=:\n\t" +#endif "STR %[a], [sp, #168]\n\t" "LDR %[n], [sp, #160]\n\t" "AND r4, %[a], #0x1f\n\t" @@ -3312,10 +3376,12 @@ int curve25519(byte* r, const byte* n, const byte* a) "BL fe_mul_op\n\t" "LDR %[a], [sp, #168]\n\t" "SUBS %[a], %[a], #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGE L_curve25519_bits%=\n\t" +#if defined(__GNUC__) + "BGE L_curve25519_bits_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGE.N L_curve25519_bits\n\t" #else - "BGE.N L_curve25519_bits%=\n\t" + "BGE.N L_curve25519_bits_%=\n\t" #endif /* Cycle Count: 171 */ "LDR %[n], [sp, #184]\n\t" @@ -3352,17 +3418,23 @@ int curve25519(byte* r, const byte* n, const byte* a) "BL fe_sq_op\n\t" "MOV r12, #0x4\n\t" "\n" - "L_curve25519_inv_1%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_curve25519_inv_1:\n\t" +#else + "L_curve25519_inv_1_%=:\n\t" +#endif "ADD r1, sp, #0x60\n\t" "ADD r0, sp, #0x60\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_curve25519_inv_1%=\n\t" +#if defined(__GNUC__) + "BNE L_curve25519_inv_1_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_curve25519_inv_1\n\t" #else - "BNE.N L_curve25519_inv_1%=\n\t" + "BNE.N L_curve25519_inv_1_%=\n\t" #endif "ADD r2, sp, #0x40\n\t" "ADD r1, sp, #0x60\n\t" @@ -3373,17 +3445,23 @@ int curve25519(byte* r, const byte* n, const byte* a) "BL fe_sq_op\n\t" "MOV r12, #0x9\n\t" "\n" - "L_curve25519_inv_2%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_curve25519_inv_2:\n\t" +#else + "L_curve25519_inv_2_%=:\n\t" +#endif "ADD r1, sp, #0x60\n\t" "ADD r0, sp, #0x60\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_curve25519_inv_2%=\n\t" +#if defined(__GNUC__) + "BNE L_curve25519_inv_2_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_curve25519_inv_2\n\t" #else - "BNE.N L_curve25519_inv_2%=\n\t" + "BNE.N L_curve25519_inv_2_%=\n\t" #endif "ADD r2, sp, #0x40\n\t" "ADD r1, sp, #0x60\n\t" @@ -3394,17 +3472,23 @@ int curve25519(byte* r, const byte* n, const byte* a) "BL fe_sq_op\n\t" "MOV r12, #0x13\n\t" "\n" - "L_curve25519_inv_3%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_curve25519_inv_3:\n\t" +#else + "L_curve25519_inv_3_%=:\n\t" +#endif "ADD r1, sp, #0x80\n\t" "ADD r0, sp, #0x80\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_curve25519_inv_3%=\n\t" +#if defined(__GNUC__) + "BNE L_curve25519_inv_3_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_curve25519_inv_3\n\t" #else - "BNE.N L_curve25519_inv_3%=\n\t" + "BNE.N L_curve25519_inv_3_%=\n\t" #endif "ADD r2, sp, #0x60\n\t" "ADD r1, sp, #0x80\n\t" @@ -3412,17 +3496,23 @@ int curve25519(byte* r, const byte* n, const byte* a) "BL fe_mul_op\n\t" "MOV r12, #0xa\n\t" "\n" - "L_curve25519_inv_4%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_curve25519_inv_4:\n\t" +#else + "L_curve25519_inv_4_%=:\n\t" +#endif "ADD r1, sp, #0x60\n\t" "ADD r0, sp, #0x60\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_curve25519_inv_4%=\n\t" +#if defined(__GNUC__) + "BNE L_curve25519_inv_4_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_curve25519_inv_4\n\t" #else - "BNE.N L_curve25519_inv_4%=\n\t" + "BNE.N L_curve25519_inv_4_%=\n\t" #endif "ADD r2, sp, #0x40\n\t" "ADD r1, sp, #0x60\n\t" @@ -3433,17 +3523,23 @@ int curve25519(byte* r, const byte* n, const byte* a) "BL fe_sq_op\n\t" "MOV r12, #0x31\n\t" "\n" - "L_curve25519_inv_5%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_curve25519_inv_5:\n\t" +#else + "L_curve25519_inv_5_%=:\n\t" +#endif "ADD r1, sp, #0x60\n\t" "ADD r0, sp, #0x60\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_curve25519_inv_5%=\n\t" +#if defined(__GNUC__) + "BNE L_curve25519_inv_5_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_curve25519_inv_5\n\t" #else - "BNE.N L_curve25519_inv_5%=\n\t" + "BNE.N L_curve25519_inv_5_%=\n\t" #endif "ADD r2, sp, #0x40\n\t" "ADD r1, sp, #0x60\n\t" @@ -3454,17 +3550,23 @@ int curve25519(byte* r, const byte* n, const byte* a) "BL fe_sq_op\n\t" "MOV r12, #0x63\n\t" "\n" - "L_curve25519_inv_6%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_curve25519_inv_6:\n\t" +#else + "L_curve25519_inv_6_%=:\n\t" +#endif "ADD r1, sp, #0x80\n\t" "ADD r0, sp, #0x80\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_curve25519_inv_6%=\n\t" +#if defined(__GNUC__) + "BNE L_curve25519_inv_6_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_curve25519_inv_6\n\t" #else - "BNE.N L_curve25519_inv_6%=\n\t" + "BNE.N L_curve25519_inv_6_%=\n\t" #endif "ADD r2, sp, #0x60\n\t" "ADD r1, sp, #0x80\n\t" @@ -3472,17 +3574,23 @@ int curve25519(byte* r, const byte* n, const byte* a) "BL fe_mul_op\n\t" "MOV r12, #0x32\n\t" "\n" - "L_curve25519_inv_7%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_curve25519_inv_7:\n\t" +#else + "L_curve25519_inv_7_%=:\n\t" +#endif "ADD r1, sp, #0x60\n\t" "ADD r0, sp, #0x60\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_curve25519_inv_7%=\n\t" +#if defined(__GNUC__) + "BNE L_curve25519_inv_7_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_curve25519_inv_7\n\t" #else - "BNE.N L_curve25519_inv_7%=\n\t" + "BNE.N L_curve25519_inv_7_%=\n\t" #endif "ADD r2, sp, #0x40\n\t" "ADD r1, sp, #0x60\n\t" @@ -3490,17 +3598,23 @@ int curve25519(byte* r, const byte* n, const byte* a) "BL fe_mul_op\n\t" "MOV r12, #0x5\n\t" "\n" - "L_curve25519_inv_8%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_curve25519_inv_8:\n\t" +#else + "L_curve25519_inv_8_%=:\n\t" +#endif "ADD r1, sp, #0x40\n\t" "ADD r0, sp, #0x40\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_curve25519_inv_8%=\n\t" +#if defined(__GNUC__) + "BNE L_curve25519_inv_8_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_curve25519_inv_8\n\t" #else - "BNE.N L_curve25519_inv_8%=\n\t" + "BNE.N L_curve25519_inv_8_%=\n\t" #endif "ADD r2, sp, #0x20\n\t" "ADD r1, sp, #0x40\n\t" @@ -3582,17 +3696,23 @@ void fe_invert(fe r, const fe a) "BL fe_sq_op\n\t" "MOV r12, #0x4\n\t" "\n" - "L_fe_invert1%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_fe_invert1:\n\t" +#else + "L_fe_invert1_%=:\n\t" +#endif "ADD r1, sp, #0x40\n\t" "ADD r0, sp, #0x40\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_fe_invert1%=\n\t" +#if defined(__GNUC__) + "BNE L_fe_invert1_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_fe_invert1\n\t" #else - "BNE.N L_fe_invert1%=\n\t" + "BNE.N L_fe_invert1_%=\n\t" #endif "ADD r2, sp, #0x20\n\t" "ADD r1, sp, #0x40\n\t" @@ -3603,17 +3723,23 @@ void fe_invert(fe r, const fe a) "BL fe_sq_op\n\t" "MOV r12, #0x9\n\t" "\n" - "L_fe_invert2%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_fe_invert2:\n\t" +#else + "L_fe_invert2_%=:\n\t" +#endif "ADD r1, sp, #0x40\n\t" "ADD r0, sp, #0x40\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_fe_invert2%=\n\t" +#if defined(__GNUC__) + "BNE L_fe_invert2_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_fe_invert2\n\t" #else - "BNE.N L_fe_invert2%=\n\t" + "BNE.N L_fe_invert2_%=\n\t" #endif "ADD r2, sp, #0x20\n\t" "ADD r1, sp, #0x40\n\t" @@ -3624,17 +3750,23 @@ void fe_invert(fe r, const fe a) "BL fe_sq_op\n\t" "MOV r12, #0x13\n\t" "\n" - "L_fe_invert3%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_fe_invert3:\n\t" +#else + "L_fe_invert3_%=:\n\t" +#endif "ADD r1, sp, #0x60\n\t" "ADD r0, sp, #0x60\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_fe_invert3%=\n\t" +#if defined(__GNUC__) + "BNE L_fe_invert3_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_fe_invert3\n\t" #else - "BNE.N L_fe_invert3%=\n\t" + "BNE.N L_fe_invert3_%=\n\t" #endif "ADD r2, sp, #0x40\n\t" "ADD r1, sp, #0x60\n\t" @@ -3642,17 +3774,23 @@ void fe_invert(fe r, const fe a) "BL fe_mul_op\n\t" "MOV r12, #0xa\n\t" "\n" - "L_fe_invert4%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_fe_invert4:\n\t" +#else + "L_fe_invert4_%=:\n\t" +#endif "ADD r1, sp, #0x40\n\t" "ADD r0, sp, #0x40\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_fe_invert4%=\n\t" +#if defined(__GNUC__) + "BNE L_fe_invert4_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_fe_invert4\n\t" #else - "BNE.N L_fe_invert4%=\n\t" + "BNE.N L_fe_invert4_%=\n\t" #endif "ADD r2, sp, #0x20\n\t" "ADD r1, sp, #0x40\n\t" @@ -3663,17 +3801,23 @@ void fe_invert(fe r, const fe a) "BL fe_sq_op\n\t" "MOV r12, #0x31\n\t" "\n" - "L_fe_invert5%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_fe_invert5:\n\t" +#else + "L_fe_invert5_%=:\n\t" +#endif "ADD r1, sp, #0x40\n\t" "ADD r0, sp, #0x40\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_fe_invert5%=\n\t" +#if defined(__GNUC__) + "BNE L_fe_invert5_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_fe_invert5\n\t" #else - "BNE.N L_fe_invert5%=\n\t" + "BNE.N L_fe_invert5_%=\n\t" #endif "ADD r2, sp, #0x20\n\t" "ADD r1, sp, #0x40\n\t" @@ -3684,17 +3828,23 @@ void fe_invert(fe r, const fe a) "BL fe_sq_op\n\t" "MOV r12, #0x63\n\t" "\n" - "L_fe_invert6%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_fe_invert6:\n\t" +#else + "L_fe_invert6_%=:\n\t" +#endif "ADD r1, sp, #0x60\n\t" "ADD r0, sp, #0x60\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_fe_invert6%=\n\t" +#if defined(__GNUC__) + "BNE L_fe_invert6_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_fe_invert6\n\t" #else - "BNE.N L_fe_invert6%=\n\t" + "BNE.N L_fe_invert6_%=\n\t" #endif "ADD r2, sp, #0x40\n\t" "ADD r1, sp, #0x60\n\t" @@ -3702,17 +3852,23 @@ void fe_invert(fe r, const fe a) "BL fe_mul_op\n\t" "MOV r12, #0x32\n\t" "\n" - "L_fe_invert7%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_fe_invert7:\n\t" +#else + "L_fe_invert7_%=:\n\t" +#endif "ADD r1, sp, #0x40\n\t" "ADD r0, sp, #0x40\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_fe_invert7%=\n\t" +#if defined(__GNUC__) + "BNE L_fe_invert7_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_fe_invert7\n\t" #else - "BNE.N L_fe_invert7%=\n\t" + "BNE.N L_fe_invert7_%=\n\t" #endif "ADD r2, sp, #0x20\n\t" "ADD r1, sp, #0x40\n\t" @@ -3720,17 +3876,23 @@ void fe_invert(fe r, const fe a) "BL fe_mul_op\n\t" "MOV r12, #0x5\n\t" "\n" - "L_fe_invert8%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_fe_invert8:\n\t" +#else + "L_fe_invert8_%=:\n\t" +#endif "ADD r1, sp, #0x20\n\t" "ADD r0, sp, #0x20\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_fe_invert8%=\n\t" +#if defined(__GNUC__) + "BNE L_fe_invert8_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_fe_invert8\n\t" #else - "BNE.N L_fe_invert8%=\n\t" + "BNE.N L_fe_invert8_%=\n\t" #endif "MOV r2, sp\n\t" "ADD r1, sp, #0x20\n\t" @@ -4268,17 +4430,23 @@ void fe_pow22523(fe r, const fe a) "BL fe_sq_op\n\t" "MOV r12, #0x4\n\t" "\n" - "L_fe_pow22523_1%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_fe_pow22523_1:\n\t" +#else + "L_fe_pow22523_1_%=:\n\t" +#endif "ADD r1, sp, #0x20\n\t" "ADD r0, sp, #0x20\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_fe_pow22523_1%=\n\t" +#if defined(__GNUC__) + "BNE L_fe_pow22523_1_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_fe_pow22523_1\n\t" #else - "BNE.N L_fe_pow22523_1%=\n\t" + "BNE.N L_fe_pow22523_1_%=\n\t" #endif "MOV r2, sp\n\t" "ADD r1, sp, #0x20\n\t" @@ -4289,17 +4457,23 @@ void fe_pow22523(fe r, const fe a) "BL fe_sq_op\n\t" "MOV r12, #0x9\n\t" "\n" - "L_fe_pow22523_2%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_fe_pow22523_2:\n\t" +#else + "L_fe_pow22523_2_%=:\n\t" +#endif "ADD r1, sp, #0x20\n\t" "ADD r0, sp, #0x20\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_fe_pow22523_2%=\n\t" +#if defined(__GNUC__) + "BNE L_fe_pow22523_2_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_fe_pow22523_2\n\t" #else - "BNE.N L_fe_pow22523_2%=\n\t" + "BNE.N L_fe_pow22523_2_%=\n\t" #endif "MOV r2, sp\n\t" "ADD r1, sp, #0x20\n\t" @@ -4310,17 +4484,23 @@ void fe_pow22523(fe r, const fe a) "BL fe_sq_op\n\t" "MOV r12, #0x13\n\t" "\n" - "L_fe_pow22523_3%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_fe_pow22523_3:\n\t" +#else + "L_fe_pow22523_3_%=:\n\t" +#endif "ADD r1, sp, #0x40\n\t" "ADD r0, sp, #0x40\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_fe_pow22523_3%=\n\t" +#if defined(__GNUC__) + "BNE L_fe_pow22523_3_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_fe_pow22523_3\n\t" #else - "BNE.N L_fe_pow22523_3%=\n\t" + "BNE.N L_fe_pow22523_3_%=\n\t" #endif "ADD r2, sp, #0x20\n\t" "ADD r1, sp, #0x40\n\t" @@ -4328,17 +4508,23 @@ void fe_pow22523(fe r, const fe a) "BL fe_mul_op\n\t" "MOV r12, #0xa\n\t" "\n" - "L_fe_pow22523_4%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_fe_pow22523_4:\n\t" +#else + "L_fe_pow22523_4_%=:\n\t" +#endif "ADD r1, sp, #0x20\n\t" "ADD r0, sp, #0x20\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_fe_pow22523_4%=\n\t" +#if defined(__GNUC__) + "BNE L_fe_pow22523_4_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_fe_pow22523_4\n\t" #else - "BNE.N L_fe_pow22523_4%=\n\t" + "BNE.N L_fe_pow22523_4_%=\n\t" #endif "MOV r2, sp\n\t" "ADD r1, sp, #0x20\n\t" @@ -4349,17 +4535,23 @@ void fe_pow22523(fe r, const fe a) "BL fe_sq_op\n\t" "MOV r12, #0x31\n\t" "\n" - "L_fe_pow22523_5%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_fe_pow22523_5:\n\t" +#else + "L_fe_pow22523_5_%=:\n\t" +#endif "ADD r1, sp, #0x20\n\t" "ADD r0, sp, #0x20\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_fe_pow22523_5%=\n\t" +#if defined(__GNUC__) + "BNE L_fe_pow22523_5_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_fe_pow22523_5\n\t" #else - "BNE.N L_fe_pow22523_5%=\n\t" + "BNE.N L_fe_pow22523_5_%=\n\t" #endif "MOV r2, sp\n\t" "ADD r1, sp, #0x20\n\t" @@ -4370,17 +4562,23 @@ void fe_pow22523(fe r, const fe a) "BL fe_sq_op\n\t" "MOV r12, #0x63\n\t" "\n" - "L_fe_pow22523_6%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_fe_pow22523_6:\n\t" +#else + "L_fe_pow22523_6_%=:\n\t" +#endif "ADD r1, sp, #0x40\n\t" "ADD r0, sp, #0x40\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_fe_pow22523_6%=\n\t" +#if defined(__GNUC__) + "BNE L_fe_pow22523_6_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_fe_pow22523_6\n\t" #else - "BNE.N L_fe_pow22523_6%=\n\t" + "BNE.N L_fe_pow22523_6_%=\n\t" #endif "ADD r2, sp, #0x20\n\t" "ADD r1, sp, #0x40\n\t" @@ -4388,17 +4586,23 @@ void fe_pow22523(fe r, const fe a) "BL fe_mul_op\n\t" "MOV r12, #0x32\n\t" "\n" - "L_fe_pow22523_7%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_fe_pow22523_7:\n\t" +#else + "L_fe_pow22523_7_%=:\n\t" +#endif "ADD r1, sp, #0x20\n\t" "ADD r0, sp, #0x20\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_fe_pow22523_7%=\n\t" +#if defined(__GNUC__) + "BNE L_fe_pow22523_7_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_fe_pow22523_7\n\t" #else - "BNE.N L_fe_pow22523_7%=\n\t" + "BNE.N L_fe_pow22523_7_%=\n\t" #endif "MOV r2, sp\n\t" "ADD r1, sp, #0x20\n\t" @@ -4406,17 +4610,23 @@ void fe_pow22523(fe r, const fe a) "BL fe_mul_op\n\t" "MOV r12, #0x2\n\t" "\n" - "L_fe_pow22523_8%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_fe_pow22523_8:\n\t" +#else + "L_fe_pow22523_8_%=:\n\t" +#endif "MOV r1, sp\n\t" "MOV r0, sp\n\t" "PUSH {r12}\n\t" "BL fe_sq_op\n\t" "POP {r12}\n\t" "SUBS r12, r12, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_fe_pow22523_8%=\n\t" +#if defined(__GNUC__) + "BNE L_fe_pow22523_8_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_fe_pow22523_8\n\t" #else - "BNE.N L_fe_pow22523_8%=\n\t" + "BNE.N L_fe_pow22523_8_%=\n\t" #endif "LDR r2, [sp, #100]\n\t" "MOV r1, sp\n\t" diff --git a/wolfcrypt/src/port/arm/thumb2-sha256-asm.S b/wolfcrypt/src/port/arm/thumb2-sha256-asm.S index 30d8dc76b5..5b723c2617 100644 --- a/wolfcrypt/src/port/arm/thumb2-sha256-asm.S +++ b/wolfcrypt/src/port/arm/thumb2-sha256-asm.S @@ -925,7 +925,7 @@ L_SHA256_transform_len_start: STR r9, [sp, #60] ADD r3, r3, #0x40 SUBS r12, r12, #0x1 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_SHA256_transform_len_start #else BNE.W L_SHA256_transform_len_start @@ -1470,7 +1470,7 @@ L_SHA256_transform_len_start: SUBS r2, r2, #0x40 SUB r3, r3, #0xc0 ADD r1, r1, #0x40 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_SHA256_transform_len_begin #else BNE.W L_SHA256_transform_len_begin diff --git a/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c b/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c index ed496b0b5a..90db9b48b3 100644 --- a/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c +++ b/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c @@ -94,7 +94,11 @@ void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len) "STRD r10, r11, [sp, #88]\n\t" /* Start of loop processing a block */ "\n" - "L_SHA256_transform_len_begin%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_SHA256_transform_len_begin:\n\t" +#else + "L_SHA256_transform_len_begin_%=:\n\t" +#endif /* Load, Reverse and Store W - 64 bytes */ "LDR r4, [%[data]]\n\t" "LDR r5, [%[data], #4]\n\t" @@ -142,7 +146,11 @@ void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len) "MOV r12, #0x3\n\t" /* Start of 16 rounds */ "\n" - "L_SHA256_transform_len_start%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_SHA256_transform_len_start:\n\t" +#else + "L_SHA256_transform_len_start_%=:\n\t" +#endif /* Round 0 */ "LDR r5, [%[sha256], #16]\n\t" "LDR r6, [%[sha256], #20]\n\t" @@ -897,10 +905,12 @@ void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len) "STR r9, [sp, #60]\n\t" "ADD r3, r3, #0x40\n\t" "SUBS r12, r12, #0x1\n\t" -#ifdef __GNUC__ - "BNE L_SHA256_transform_len_start%=\n\t" +#if defined(__GNUC__) + "BNE L_SHA256_transform_len_start_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_SHA256_transform_len_start\n\t" #else - "BNE.W L_SHA256_transform_len_start%=\n\t" + "BNE.W L_SHA256_transform_len_start_%=\n\t" #endif /* Round 0 */ "LDR r5, [%[sha256], #16]\n\t" @@ -1442,10 +1452,12 @@ void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len) "SUBS %[len], %[len], #0x40\n\t" "SUB r3, r3, #0xc0\n\t" "ADD %[data], %[data], #0x40\n\t" -#ifdef __GNUC__ - "BNE L_SHA256_transform_len_begin%=\n\t" +#if defined(__GNUC__) + "BNE L_SHA256_transform_len_begin_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_SHA256_transform_len_begin\n\t" #else - "BNE.W L_SHA256_transform_len_begin%=\n\t" + "BNE.W L_SHA256_transform_len_begin_%=\n\t" #endif "ADD sp, sp, #0xc0\n\t" #ifndef WOLFSSL_NO_VAR_ASSIGN_REG diff --git a/wolfcrypt/src/port/arm/thumb2-sha3-asm.S b/wolfcrypt/src/port/arm/thumb2-sha3-asm.S index 1069055949..86da2c9e3c 100644 --- a/wolfcrypt/src/port/arm/thumb2-sha3-asm.S +++ b/wolfcrypt/src/port/arm/thumb2-sha3-asm.S @@ -1157,7 +1157,7 @@ L_sha3_thumb2_begin: STR lr, [r0, #164] LDR r2, [sp, #200] SUBS r2, r2, #0x1 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_sha3_thumb2_begin #else BNE.W L_sha3_thumb2_begin diff --git a/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c b/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c index 53fa09646c..c6875bcd40 100644 --- a/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c +++ b/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c @@ -77,7 +77,11 @@ void BlockSha3(word64* state) "MOV r1, %[L_sha3_thumb2_rt]\n\t" "MOV r2, #0xc\n\t" "\n" - "L_sha3_thumb2_begin%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sha3_thumb2_begin:\n\t" +#else + "L_sha3_thumb2_begin_%=:\n\t" +#endif "STR r2, [sp, #200]\n\t" /* Round even */ /* Calc b[4] */ @@ -1137,10 +1141,12 @@ void BlockSha3(word64* state) "STR lr, [%[state], #164]\n\t" "LDR r2, [sp, #200]\n\t" "SUBS r2, r2, #0x1\n\t" -#ifdef __GNUC__ - "BNE L_sha3_thumb2_begin%=\n\t" +#if defined(__GNUC__) + "BNE L_sha3_thumb2_begin_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_sha3_thumb2_begin\n\t" #else - "BNE.W L_sha3_thumb2_begin%=\n\t" + "BNE.W L_sha3_thumb2_begin_%=\n\t" #endif "ADD sp, sp, #0xcc\n\t" #ifndef WOLFSSL_NO_VAR_ASSIGN_REG diff --git a/wolfcrypt/src/port/arm/thumb2-sha512-asm.S b/wolfcrypt/src/port/arm/thumb2-sha512-asm.S index 4723ad6ac6..f034dea36e 100644 --- a/wolfcrypt/src/port/arm/thumb2-sha512-asm.S +++ b/wolfcrypt/src/port/arm/thumb2-sha512-asm.S @@ -2319,7 +2319,7 @@ L_SHA512_transform_len_start: STRD r4, r5, [sp, #120] ADD r3, r3, #0x80 SUBS r12, r12, #0x1 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_SHA512_transform_len_start #else BNE.W L_SHA512_transform_len_start @@ -3656,7 +3656,7 @@ L_SHA512_transform_len_start: SUBS r2, r2, #0x80 SUB r3, r3, #0x200 ADD r1, r1, #0x80 -#ifdef __GNUC__ +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_SHA512_transform_len_begin #else BNE.W L_SHA512_transform_len_begin diff --git a/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c b/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c index 35363ba3aa..59308abc7f 100644 --- a/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c +++ b/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c @@ -126,7 +126,11 @@ void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len) "STRD r10, r11, [sp, #184]\n\t" /* Start of loop processing a block */ "\n" - "L_SHA512_transform_len_begin%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_SHA512_transform_len_begin:\n\t" +#else + "L_SHA512_transform_len_begin_%=:\n\t" +#endif /* Load, Reverse and Store W */ "LDR r4, [%[data]]\n\t" "LDR r5, [%[data], #4]\n\t" @@ -232,7 +236,11 @@ void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len) "MOV r12, #0x4\n\t" /* Start of 16 rounds */ "\n" - "L_SHA512_transform_len_start%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_SHA512_transform_len_start:\n\t" +#else + "L_SHA512_transform_len_start_%=:\n\t" +#endif /* Round 0 */ "LDRD r4, r5, [%[sha512], #32]\n\t" "LSRS r6, r4, #14\n\t" @@ -2219,10 +2227,12 @@ void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len) "STRD r4, r5, [sp, #120]\n\t" "ADD r3, r3, #0x80\n\t" "SUBS r12, r12, #0x1\n\t" -#ifdef __GNUC__ - "BNE L_SHA512_transform_len_start%=\n\t" +#if defined(__GNUC__) + "BNE L_SHA512_transform_len_start_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_SHA512_transform_len_start\n\t" #else - "BNE.W L_SHA512_transform_len_start%=\n\t" + "BNE.W L_SHA512_transform_len_start_%=\n\t" #endif /* Round 0 */ "LDRD r4, r5, [%[sha512], #32]\n\t" @@ -3556,10 +3566,12 @@ void Transform_Sha512_Len(wc_Sha512* sha512, const byte* data, word32 len) "SUBS %[len], %[len], #0x80\n\t" "SUB r3, r3, #0x200\n\t" "ADD %[data], %[data], #0x80\n\t" -#ifdef __GNUC__ - "BNE L_SHA512_transform_len_begin%=\n\t" +#if defined(__GNUC__) + "BNE L_SHA512_transform_len_begin_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_SHA512_transform_len_begin\n\t" #else - "BNE.W L_SHA512_transform_len_begin%=\n\t" + "BNE.W L_SHA512_transform_len_begin_%=\n\t" #endif "EOR r0, r0, r0\n\t" "ADD sp, sp, #0xc0\n\t" diff --git a/wolfcrypt/src/sp_cortexm.c b/wolfcrypt/src/sp_cortexm.c index 8ef1a13c92..b712fabc18 100644 --- a/wolfcrypt/src/sp_cortexm.c +++ b/wolfcrypt/src/sp_cortexm.c @@ -2211,7 +2211,11 @@ static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV r3, #0x0\n\t" "ADD r12, %[a], #0x100\n\t" "\n" - "L_sp_2048_add_64_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_add_64_word:\n\t" +#else + "L_sp_2048_add_64_word_%=:\n\t" +#endif "ADDS r3, r3, #0xffffffff\n\t" "LDM %[a]!, {r4, r5, r6, r7}\n\t" "LDM %[b]!, {r8, r9, r10, r11}\n\t" @@ -2223,10 +2227,12 @@ static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV r4, #0x0\n\t" "ADC r3, r4, #0x0\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_2048_add_64_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_2048_add_64_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_2048_add_64_word\n\t" #else - "BNE.N L_sp_2048_add_64_word%=\n\t" + "BNE.N L_sp_2048_add_64_word_%=\n\t" #endif "MOV %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -2258,7 +2264,11 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a, const sp_digit* b) "MOV r10, #0x0\n\t" "ADD r11, %[a], #0x100\n\t" "\n" - "L_sp_2048_sub_in_pkace_64_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_sub_in_pkace_64_word:\n\t" +#else + "L_sp_2048_sub_in_pkace_64_word_%=:\n\t" +#endif "RSBS r10, r10, #0x0\n\t" "LDM %[a], {r2, r3, r4, r5}\n\t" "LDM %[b]!, {r6, r7, r8, r9}\n\t" @@ -2269,10 +2279,12 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a, const sp_digit* b) "STM %[a]!, {r2, r3, r4, r5}\n\t" "SBC r10, r10, r10\n\t" "CMP %[a], r11\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_2048_sub_in_pkace_64_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_2048_sub_in_pkace_64_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_2048_sub_in_pkace_64_word\n\t" #else - "BNE.N L_sp_2048_sub_in_pkace_64_word%=\n\t" + "BNE.N L_sp_2048_sub_in_pkace_64_word_%=\n\t" #endif "MOV %[a], r10\n\t" : [a] "+r" (a), [b] "+r" (b) @@ -2312,13 +2324,21 @@ static void sp_2048_mul_64(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" - "L_sp_2048_mul_64_outer%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mul_64_outer:\n\t" +#else + "L_sp_2048_mul_64_outer_%=:\n\t" +#endif "SUBS r3, r5, #0xfc\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" - "L_sp_2048_mul_64_inner%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mul_64_inner:\n\t" +#else + "L_sp_2048_mul_64_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -2334,15 +2354,19 @@ static void sp_2048_mul_64(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_2048_mul_64_inner_done%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_2048_mul_64_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_2048_mul_64_inner_done\n\t" #else - "BGT.N L_sp_2048_mul_64_inner_done%=\n\t" + "BGT.N L_sp_2048_mul_64_inner_done_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_mul_64_inner%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_mul_64_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_2048_mul_64_inner\n\t" #else - "BLT.N L_sp_2048_mul_64_inner%=\n\t" + "BLT.N L_sp_2048_mul_64_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r3]\n\t" @@ -2351,17 +2375,23 @@ static void sp_2048_mul_64(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" - "L_sp_2048_mul_64_inner_done%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mul_64_inner_done:\n\t" +#else + "L_sp_2048_mul_64_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x1f4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_2048_mul_64_outer%=\n\t" +#if defined(__GNUC__) + "BLE L_sp_2048_mul_64_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLE.N L_sp_2048_mul_64_outer\n\t" #else - "BLE.N L_sp_2048_mul_64_outer%=\n\t" + "BLE.N L_sp_2048_mul_64_outer_%=\n\t" #endif "LDR lr, [%[a], #252]\n\t" "LDR r11, [%[b], #252]\n\t" @@ -2370,14 +2400,20 @@ static void sp_2048_mul_64(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" - "L_sp_2048_mul_64_store%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mul_64_store:\n\t" +#else + "L_sp_2048_mul_64_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_2048_mul_64_store%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_2048_mul_64_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_2048_mul_64_store\n\t" #else - "BGT.N L_sp_2048_mul_64_store%=\n\t" + "BGT.N L_sp_2048_mul_64_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : @@ -2410,13 +2446,21 @@ static void sp_2048_sqr_64(sp_digit* r, const sp_digit* a) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" - "L_sp_2048_sqr_64_outer%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_sqr_64_outer:\n\t" +#else + "L_sp_2048_sqr_64_outer_%=:\n\t" +#endif "SUBS r3, r5, #0xfc\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" - "L_sp_2048_sqr_64_inner%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_sqr_64_inner:\n\t" +#else + "L_sp_2048_sqr_64_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[a], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -2429,15 +2473,19 @@ static void sp_2048_sqr_64(sp_digit* r, const sp_digit* a) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_2048_sqr_64_inner_done%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_2048_sqr_64_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_2048_sqr_64_inner_done\n\t" #else - "BGT.N L_sp_2048_sqr_64_inner_done%=\n\t" + "BGT.N L_sp_2048_sqr_64_inner_done_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_sqr_64_inner%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_sqr_64_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_2048_sqr_64_inner\n\t" #else - "BLT.N L_sp_2048_sqr_64_inner%=\n\t" + "BLT.N L_sp_2048_sqr_64_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "UMULL r9, r10, lr, lr\n\t" @@ -2445,17 +2493,23 @@ static void sp_2048_sqr_64(sp_digit* r, const sp_digit* a) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" - "L_sp_2048_sqr_64_inner_done%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_sqr_64_inner_done:\n\t" +#else + "L_sp_2048_sqr_64_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x1f4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_2048_sqr_64_outer%=\n\t" +#if defined(__GNUC__) + "BLE L_sp_2048_sqr_64_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLE.N L_sp_2048_sqr_64_outer\n\t" #else - "BLE.N L_sp_2048_sqr_64_outer%=\n\t" + "BLE.N L_sp_2048_sqr_64_outer_%=\n\t" #endif "LDR lr, [%[a], #252]\n\t" "UMLAL r6, r7, lr, lr\n\t" @@ -2463,14 +2517,20 @@ static void sp_2048_sqr_64(sp_digit* r, const sp_digit* a) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" - "L_sp_2048_sqr_64_store%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_sqr_64_store:\n\t" +#else + "L_sp_2048_sqr_64_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_2048_sqr_64_store%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_2048_sqr_64_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_2048_sqr_64_store\n\t" #else - "BGT.N L_sp_2048_sqr_64_store%=\n\t" + "BGT.N L_sp_2048_sqr_64_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a) : @@ -2520,7 +2580,11 @@ static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV r3, #0x0\n\t" "ADD r12, %[a], #0x80\n\t" "\n" - "L_sp_2048_add_32_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_add_32_word:\n\t" +#else + "L_sp_2048_add_32_word_%=:\n\t" +#endif "ADDS r3, r3, #0xffffffff\n\t" "LDM %[a]!, {r4, r5, r6, r7}\n\t" "LDM %[b]!, {r8, r9, r10, r11}\n\t" @@ -2532,10 +2596,12 @@ static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV r4, #0x0\n\t" "ADC r3, r4, #0x0\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_2048_add_32_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_2048_add_32_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_2048_add_32_word\n\t" #else - "BNE.N L_sp_2048_add_32_word%=\n\t" + "BNE.N L_sp_2048_add_32_word_%=\n\t" #endif "MOV %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -2567,7 +2633,11 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a, const sp_digit* b) "MOV r10, #0x0\n\t" "ADD r11, %[a], #0x80\n\t" "\n" - "L_sp_2048_sub_in_pkace_32_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_sub_in_pkace_32_word:\n\t" +#else + "L_sp_2048_sub_in_pkace_32_word_%=:\n\t" +#endif "RSBS r10, r10, #0x0\n\t" "LDM %[a], {r2, r3, r4, r5}\n\t" "LDM %[b]!, {r6, r7, r8, r9}\n\t" @@ -2578,10 +2648,12 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a, const sp_digit* b) "STM %[a]!, {r2, r3, r4, r5}\n\t" "SBC r10, r10, r10\n\t" "CMP %[a], r11\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_2048_sub_in_pkace_32_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_2048_sub_in_pkace_32_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_2048_sub_in_pkace_32_word\n\t" #else - "BNE.N L_sp_2048_sub_in_pkace_32_word%=\n\t" + "BNE.N L_sp_2048_sub_in_pkace_32_word_%=\n\t" #endif "MOV %[a], r10\n\t" : [a] "+r" (a), [b] "+r" (b) @@ -2621,13 +2693,21 @@ static void sp_2048_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" - "L_sp_2048_mul_32_outer%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mul_32_outer:\n\t" +#else + "L_sp_2048_mul_32_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x7c\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" - "L_sp_2048_mul_32_inner%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mul_32_inner:\n\t" +#else + "L_sp_2048_mul_32_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -2643,15 +2723,19 @@ static void sp_2048_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_2048_mul_32_inner_done%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_2048_mul_32_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_2048_mul_32_inner_done\n\t" #else - "BGT.N L_sp_2048_mul_32_inner_done%=\n\t" + "BGT.N L_sp_2048_mul_32_inner_done_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_mul_32_inner%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_mul_32_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_2048_mul_32_inner\n\t" #else - "BLT.N L_sp_2048_mul_32_inner%=\n\t" + "BLT.N L_sp_2048_mul_32_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r3]\n\t" @@ -2660,17 +2744,23 @@ static void sp_2048_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" - "L_sp_2048_mul_32_inner_done%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mul_32_inner_done:\n\t" +#else + "L_sp_2048_mul_32_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0xf4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_2048_mul_32_outer%=\n\t" +#if defined(__GNUC__) + "BLE L_sp_2048_mul_32_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLE.N L_sp_2048_mul_32_outer\n\t" #else - "BLE.N L_sp_2048_mul_32_outer%=\n\t" + "BLE.N L_sp_2048_mul_32_outer_%=\n\t" #endif "LDR lr, [%[a], #124]\n\t" "LDR r11, [%[b], #124]\n\t" @@ -2679,14 +2769,20 @@ static void sp_2048_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" - "L_sp_2048_mul_32_store%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mul_32_store:\n\t" +#else + "L_sp_2048_mul_32_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_2048_mul_32_store%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_2048_mul_32_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_2048_mul_32_store\n\t" #else - "BGT.N L_sp_2048_mul_32_store%=\n\t" + "BGT.N L_sp_2048_mul_32_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : @@ -2719,13 +2815,21 @@ static void sp_2048_sqr_32(sp_digit* r, const sp_digit* a) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" - "L_sp_2048_sqr_32_outer%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_sqr_32_outer:\n\t" +#else + "L_sp_2048_sqr_32_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x7c\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" - "L_sp_2048_sqr_32_inner%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_sqr_32_inner:\n\t" +#else + "L_sp_2048_sqr_32_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[a], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -2738,15 +2842,19 @@ static void sp_2048_sqr_32(sp_digit* r, const sp_digit* a) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_2048_sqr_32_inner_done%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_2048_sqr_32_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_2048_sqr_32_inner_done\n\t" #else - "BGT.N L_sp_2048_sqr_32_inner_done%=\n\t" + "BGT.N L_sp_2048_sqr_32_inner_done_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_sqr_32_inner%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_sqr_32_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_2048_sqr_32_inner\n\t" #else - "BLT.N L_sp_2048_sqr_32_inner%=\n\t" + "BLT.N L_sp_2048_sqr_32_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "UMULL r9, r10, lr, lr\n\t" @@ -2754,17 +2862,23 @@ static void sp_2048_sqr_32(sp_digit* r, const sp_digit* a) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" - "L_sp_2048_sqr_32_inner_done%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_sqr_32_inner_done:\n\t" +#else + "L_sp_2048_sqr_32_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0xf4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_2048_sqr_32_outer%=\n\t" +#if defined(__GNUC__) + "BLE L_sp_2048_sqr_32_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLE.N L_sp_2048_sqr_32_outer\n\t" #else - "BLE.N L_sp_2048_sqr_32_outer%=\n\t" + "BLE.N L_sp_2048_sqr_32_outer_%=\n\t" #endif "LDR lr, [%[a], #124]\n\t" "UMLAL r6, r7, lr, lr\n\t" @@ -2772,14 +2886,20 @@ static void sp_2048_sqr_32(sp_digit* r, const sp_digit* a) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" - "L_sp_2048_sqr_32_store%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_sqr_32_store:\n\t" +#else + "L_sp_2048_sqr_32_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_2048_sqr_32_store%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_2048_sqr_32_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_2048_sqr_32_store\n\t" #else - "BGT.N L_sp_2048_sqr_32_store%=\n\t" + "BGT.N L_sp_2048_sqr_32_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a) : @@ -2838,7 +2958,11 @@ static void sp_2048_mul_d_64(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "MOV r9, #0x4\n\t" "\n" - "L_sp_2048_mul_d_64_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mul_d_64_word:\n\t" +#else + "L_sp_2048_mul_d_64_word_%=:\n\t" +#endif /* A[i] * B */ "LDR r8, [%[a], r9]\n\t" "UMULL r6, r7, %[b], r8\n\t" @@ -2851,10 +2975,12 @@ static void sp_2048_mul_d_64(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "ADD r9, r9, #0x4\n\t" "CMP r9, #0x100\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_mul_d_64_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_mul_d_64_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_2048_mul_d_64_word\n\t" #else - "BLT.N L_sp_2048_mul_d_64_word%=\n\t" + "BLT.N L_sp_2048_mul_d_64_word_%=\n\t" #endif "STR r3, [%[r], #256]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -3252,7 +3378,11 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig "MOV r4, #0x0\n\t" "MOV r5, #0x0\n\t" "\n" - "L_sp_2048_cond_sub_32_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_cond_sub_32_words:\n\t" +#else + "L_sp_2048_cond_sub_32_words_%=:\n\t" +#endif "SUBS r4, r8, r4\n\t" "LDR r6, [%[a], r5]\n\t" "LDR r7, [%[b], r5]\n\t" @@ -3262,10 +3392,12 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig "STR r6, [%[r], r5]\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x80\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_cond_sub_32_words%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_cond_sub_32_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_2048_cond_sub_32_words\n\t" #else - "BLT.N L_sp_2048_cond_sub_32_words%=\n\t" + "BLT.N L_sp_2048_cond_sub_32_words_%=\n\t" #endif "MOV %[r], r4\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -3448,7 +3580,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s "LDR r4, [%[a]]\n\t" "LDR r5, [%[a], #4]\n\t" "\n" - "L_sp_2048_mont_reduce_32_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mont_reduce_32_word:\n\t" +#else + "L_sp_2048_mont_reduce_32_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL r10, %[mp], r4\n\t" /* a[i+0] += m[0] * mu */ @@ -3710,10 +3846,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s "ADD r11, r11, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r11, #0x80\n\t" -#ifdef __GNUC__ - "BLT L_sp_2048_mont_reduce_32_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_mont_reduce_32_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.W L_sp_2048_mont_reduce_32_word\n\t" #else - "BLT.W L_sp_2048_mont_reduce_32_word%=\n\t" + "BLT.W L_sp_2048_mont_reduce_32_word_%=\n\t" #endif /* Loop Done */ "STR r4, [%[a]]\n\t" @@ -3752,7 +3890,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s /* ca = 0 */ "MOV r3, #0x0\n\t" "\n" - "L_sp_2048_mont_reduce_32_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mont_reduce_32_word:\n\t" +#else + "L_sp_2048_mont_reduce_32_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "LDR r10, [%[a]]\n\t" "MUL r8, %[mp], r10\n\t" @@ -3760,7 +3902,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s "MOV r12, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" - "L_sp_2048_mont_reduce_32_mul%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mont_reduce_32_mul:\n\t" +#else + "L_sp_2048_mont_reduce_32_mul_%=:\n\t" +#endif /* a[i+j+0] += m[j+0] * mu */ "LDR r7, [%[m], r12]\n\t" "LDR r10, [%[a], r12]\n\t" @@ -3802,10 +3948,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s /* j += 1 */ "ADD r12, r12, #0x4\n\t" "CMP r12, #0x80\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_mont_reduce_32_mul%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_mont_reduce_32_mul_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_2048_mont_reduce_32_mul\n\t" #else - "BLT.N L_sp_2048_mont_reduce_32_mul%=\n\t" + "BLT.N L_sp_2048_mont_reduce_32_mul_%=\n\t" #endif "LDR r10, [%[a], #128]\n\t" "ADDS r4, r4, r3\n\t" @@ -3818,10 +3966,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s "ADD r9, r9, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r9, #0x80\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_mont_reduce_32_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_mont_reduce_32_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_2048_mont_reduce_32_word\n\t" #else - "BLT.N L_sp_2048_mont_reduce_32_word%=\n\t" + "BLT.N L_sp_2048_mont_reduce_32_word_%=\n\t" #endif /* Loop Done */ "MOV %[mp], r3\n\t" @@ -3863,7 +4013,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s "LDR r9, [%[a], #12]\n\t" "LDR r10, [%[a], #16]\n\t" "\n" - "L_sp_2048_mont_reduce_32_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mont_reduce_32_word:\n\t" +#else + "L_sp_2048_mont_reduce_32_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL lr, %[mp], r6\n\t" /* a[i+0] += m[0] * mu */ @@ -4030,10 +4184,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s "ADD r4, r4, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r4, #0x80\n\t" -#ifdef __GNUC__ - "BLT L_sp_2048_mont_reduce_32_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_mont_reduce_32_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.W L_sp_2048_mont_reduce_32_word\n\t" #else - "BLT.W L_sp_2048_mont_reduce_32_word%=\n\t" + "BLT.W L_sp_2048_mont_reduce_32_word_%=\n\t" #endif /* Loop Done */ "STR r6, [%[a]]\n\t" @@ -4075,7 +4231,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s /* ca = 0 */ "MOV r3, #0x0\n\t" "\n" - "L_sp_2048_mont_reduce_32_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mont_reduce_32_word:\n\t" +#else + "L_sp_2048_mont_reduce_32_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "LDR r10, [%[a]]\n\t" "MUL r8, %[mp], r10\n\t" @@ -4083,7 +4243,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s "MOV r12, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" - "L_sp_2048_mont_reduce_32_mul%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mont_reduce_32_mul:\n\t" +#else + "L_sp_2048_mont_reduce_32_mul_%=:\n\t" +#endif /* a[i+j+0] += m[j+0] * mu */ "LDR r7, [%[m], r12]\n\t" "LDR r10, [%[a], r12]\n\t" @@ -4113,10 +4277,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s /* j += 1 */ "ADD r12, r12, #0x4\n\t" "CMP r12, #0x80\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_mont_reduce_32_mul%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_mont_reduce_32_mul_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_2048_mont_reduce_32_mul\n\t" #else - "BLT.N L_sp_2048_mont_reduce_32_mul%=\n\t" + "BLT.N L_sp_2048_mont_reduce_32_mul_%=\n\t" #endif "LDR r10, [%[a], #128]\n\t" "ADDS r4, r4, r3\n\t" @@ -4129,10 +4295,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s "ADD r9, r9, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r9, #0x80\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_mont_reduce_32_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_mont_reduce_32_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_2048_mont_reduce_32_word\n\t" #else - "BLT.N L_sp_2048_mont_reduce_32_word%=\n\t" + "BLT.N L_sp_2048_mont_reduce_32_word_%=\n\t" #endif /* Loop Done */ "MOV %[mp], r3\n\t" @@ -4203,7 +4371,11 @@ static void sp_2048_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "MOV r9, #0x4\n\t" "\n" - "L_sp_2048_mul_d_32_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mul_d_32_word:\n\t" +#else + "L_sp_2048_mul_d_32_word_%=:\n\t" +#endif /* A[i] * B */ "LDR r8, [%[a], r9]\n\t" "UMULL r6, r7, %[b], r8\n\t" @@ -4216,10 +4388,12 @@ static void sp_2048_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "ADD r9, r9, #0x4\n\t" "CMP r9, #0x80\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_mul_d_32_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_mul_d_32_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_2048_mul_d_32_word\n\t" #else - "BLT.N L_sp_2048_mul_d_32_word%=\n\t" + "BLT.N L_sp_2048_mul_d_32_word_%=\n\t" #endif "STR r3, [%[r], #128]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -4517,7 +4691,11 @@ SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, sp_digit /* Next 30 bits */ "MOV r4, #0x1d\n\t" "\n" - "L_div_2048_word_32_bit%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_div_2048_word_32_bit:\n\t" +#else + "L_div_2048_word_32_bit_%=:\n\t" +#endif "LSLS r6, r6, #1\n\t" "ADC r7, r7, r7\n\t" "SUBS r8, r5, r7\n\t" @@ -4527,7 +4705,13 @@ SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, sp_digit "AND r8, r8, r5\n\t" "SUBS r7, r7, r8\n\t" "SUBS r4, r4, #0x1\n\t" - "bpl L_div_2048_word_32_bit%=\n\t" +#if defined(__GNUC__) + "BPL L_div_2048_word_32_bit_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BPL.N L_div_2048_word_32_bit\n\t" +#else + "BPL.N L_div_2048_word_32_bit_%=\n\t" +#endif "ADD r3, r3, r3\n\t" "ADD r3, r3, #0x1\n\t" "UMULL r6, r7, r3, %[div]\n\t" @@ -4579,7 +4763,11 @@ static sp_int32 sp_2048_cmp_32(const sp_digit* a, const sp_digit* b) #ifdef WOLFSSL_SP_SMALL "MOV r6, #0x7c\n\t" "\n" - "L_sp_2048_cmp_32_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_cmp_32_words:\n\t" +#else + "L_sp_2048_cmp_32_words_%=:\n\t" +#endif "LDR r4, [%[a], r6]\n\t" "LDR r5, [%[b], r6]\n\t" "AND r4, r4, r3\n\t" @@ -4592,7 +4780,7 @@ static sp_int32 sp_2048_cmp_32(const sp_digit* a, const sp_digit* b) "IT ne\n\t" "movne r3, r7\n\t" "SUBS r6, r6, #0x4\n\t" - "bcs L_sp_2048_cmp_32_words%=\n\t" + "bcs L_sp_2048_cmp_32_words\n\t" "EOR r2, r2, r3\n\t" #else "LDR r4, [%[a], #124]\n\t" @@ -5380,7 +5568,11 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a, const sp_dig "MOV r4, #0x0\n\t" "MOV r5, #0x0\n\t" "\n" - "L_sp_2048_cond_sub_64_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_cond_sub_64_words:\n\t" +#else + "L_sp_2048_cond_sub_64_words_%=:\n\t" +#endif "SUBS r4, r8, r4\n\t" "LDR r6, [%[a], r5]\n\t" "LDR r7, [%[b], r5]\n\t" @@ -5390,10 +5582,12 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a, const sp_dig "STR r6, [%[r], r5]\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x100\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_cond_sub_64_words%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_cond_sub_64_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_2048_cond_sub_64_words\n\t" #else - "BLT.N L_sp_2048_cond_sub_64_words%=\n\t" + "BLT.N L_sp_2048_cond_sub_64_words_%=\n\t" #endif "MOV %[r], r4\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -5688,7 +5882,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s "LDR r4, [%[a]]\n\t" "LDR r5, [%[a], #4]\n\t" "\n" - "L_sp_2048_mont_reduce_64_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mont_reduce_64_word:\n\t" +#else + "L_sp_2048_mont_reduce_64_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL r10, %[mp], r4\n\t" /* a[i+0] += m[0] * mu */ @@ -6206,10 +6404,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s "ADD r11, r11, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r11, #0x100\n\t" -#ifdef __GNUC__ - "BLT L_sp_2048_mont_reduce_64_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_mont_reduce_64_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.W L_sp_2048_mont_reduce_64_word\n\t" #else - "BLT.W L_sp_2048_mont_reduce_64_word%=\n\t" + "BLT.W L_sp_2048_mont_reduce_64_word_%=\n\t" #endif /* Loop Done */ "STR r4, [%[a]]\n\t" @@ -6248,7 +6448,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s /* ca = 0 */ "MOV r3, #0x0\n\t" "\n" - "L_sp_2048_mont_reduce_64_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mont_reduce_64_word:\n\t" +#else + "L_sp_2048_mont_reduce_64_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "LDR r10, [%[a]]\n\t" "MUL r8, %[mp], r10\n\t" @@ -6256,7 +6460,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s "MOV r12, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" - "L_sp_2048_mont_reduce_64_mul%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mont_reduce_64_mul:\n\t" +#else + "L_sp_2048_mont_reduce_64_mul_%=:\n\t" +#endif /* a[i+j+0] += m[j+0] * mu */ "LDR r7, [%[m], r12]\n\t" "LDR r10, [%[a], r12]\n\t" @@ -6298,10 +6506,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s /* j += 1 */ "ADD r12, r12, #0x4\n\t" "CMP r12, #0x100\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_mont_reduce_64_mul%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_mont_reduce_64_mul_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_2048_mont_reduce_64_mul\n\t" #else - "BLT.N L_sp_2048_mont_reduce_64_mul%=\n\t" + "BLT.N L_sp_2048_mont_reduce_64_mul_%=\n\t" #endif "LDR r10, [%[a], #256]\n\t" "ADDS r4, r4, r3\n\t" @@ -6314,10 +6524,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s "ADD r9, r9, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r9, #0x100\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_mont_reduce_64_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_mont_reduce_64_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_2048_mont_reduce_64_word\n\t" #else - "BLT.N L_sp_2048_mont_reduce_64_word%=\n\t" + "BLT.N L_sp_2048_mont_reduce_64_word_%=\n\t" #endif /* Loop Done */ "MOV %[mp], r3\n\t" @@ -6359,7 +6571,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s "LDR r9, [%[a], #12]\n\t" "LDR r10, [%[a], #16]\n\t" "\n" - "L_sp_2048_mont_reduce_64_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mont_reduce_64_word:\n\t" +#else + "L_sp_2048_mont_reduce_64_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL lr, %[mp], r6\n\t" /* a[i+0] += m[0] * mu */ @@ -6686,10 +6902,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s "ADD r4, r4, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r4, #0x100\n\t" -#ifdef __GNUC__ - "BLT L_sp_2048_mont_reduce_64_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_mont_reduce_64_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.W L_sp_2048_mont_reduce_64_word\n\t" #else - "BLT.W L_sp_2048_mont_reduce_64_word%=\n\t" + "BLT.W L_sp_2048_mont_reduce_64_word_%=\n\t" #endif /* Loop Done */ "STR r6, [%[a]]\n\t" @@ -6731,7 +6949,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s /* ca = 0 */ "MOV r3, #0x0\n\t" "\n" - "L_sp_2048_mont_reduce_64_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mont_reduce_64_word:\n\t" +#else + "L_sp_2048_mont_reduce_64_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "LDR r10, [%[a]]\n\t" "MUL r8, %[mp], r10\n\t" @@ -6739,7 +6961,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s "MOV r12, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" - "L_sp_2048_mont_reduce_64_mul%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mont_reduce_64_mul:\n\t" +#else + "L_sp_2048_mont_reduce_64_mul_%=:\n\t" +#endif /* a[i+j+0] += m[j+0] * mu */ "LDR r7, [%[m], r12]\n\t" "LDR r10, [%[a], r12]\n\t" @@ -6769,10 +6995,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s /* j += 1 */ "ADD r12, r12, #0x4\n\t" "CMP r12, #0x100\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_mont_reduce_64_mul%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_mont_reduce_64_mul_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_2048_mont_reduce_64_mul\n\t" #else - "BLT.N L_sp_2048_mont_reduce_64_mul%=\n\t" + "BLT.N L_sp_2048_mont_reduce_64_mul_%=\n\t" #endif "LDR r10, [%[a], #256]\n\t" "ADDS r4, r4, r3\n\t" @@ -6785,10 +7013,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s "ADD r9, r9, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r9, #0x100\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_mont_reduce_64_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_mont_reduce_64_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_2048_mont_reduce_64_word\n\t" #else - "BLT.N L_sp_2048_mont_reduce_64_word%=\n\t" + "BLT.N L_sp_2048_mont_reduce_64_word_%=\n\t" #endif /* Loop Done */ "MOV %[mp], r3\n\t" @@ -6854,7 +7084,11 @@ static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV r11, #0x0\n\t" "ADD r12, %[a], #0x100\n\t" "\n" - "L_sp_2048_sub_64_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_sub_64_word:\n\t" +#else + "L_sp_2048_sub_64_word_%=:\n\t" +#endif "RSBS r11, r11, #0x0\n\t" "LDM %[a]!, {r3, r4, r5, r6}\n\t" "LDM %[b]!, {r7, r8, r9, r10}\n\t" @@ -6865,10 +7099,12 @@ static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a, const sp_digit* b "STM %[r]!, {r3, r4, r5, r6}\n\t" "SBC r11, r3, r3\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_2048_sub_64_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_2048_sub_64_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_2048_sub_64_word\n\t" #else - "BNE.N L_sp_2048_sub_64_word%=\n\t" + "BNE.N L_sp_2048_sub_64_word_%=\n\t" #endif "MOV %[r], r11\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -7121,7 +7357,11 @@ SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0, sp_digit /* Next 30 bits */ "MOV r4, #0x1d\n\t" "\n" - "L_div_2048_word_64_bit%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_div_2048_word_64_bit:\n\t" +#else + "L_div_2048_word_64_bit_%=:\n\t" +#endif "LSLS r6, r6, #1\n\t" "ADC r7, r7, r7\n\t" "SUBS r8, r5, r7\n\t" @@ -7131,7 +7371,13 @@ SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0, sp_digit "AND r8, r8, r5\n\t" "SUBS r7, r7, r8\n\t" "SUBS r4, r4, #0x1\n\t" - "bpl L_div_2048_word_64_bit%=\n\t" +#if defined(__GNUC__) + "BPL L_div_2048_word_64_bit_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BPL.N L_div_2048_word_64_bit\n\t" +#else + "BPL.N L_div_2048_word_64_bit_%=\n\t" +#endif "ADD r3, r3, r3\n\t" "ADD r3, r3, #0x1\n\t" "UMULL r6, r7, r3, %[div]\n\t" @@ -7286,7 +7532,11 @@ static sp_int32 sp_2048_cmp_64(const sp_digit* a, const sp_digit* b) #ifdef WOLFSSL_SP_SMALL "MOV r6, #0xfc\n\t" "\n" - "L_sp_2048_cmp_64_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_cmp_64_words:\n\t" +#else + "L_sp_2048_cmp_64_words_%=:\n\t" +#endif "LDR r4, [%[a], r6]\n\t" "LDR r5, [%[b], r6]\n\t" "AND r4, r4, r3\n\t" @@ -7299,7 +7549,7 @@ static sp_int32 sp_2048_cmp_64(const sp_digit* a, const sp_digit* b) "IT ne\n\t" "movne r3, r7\n\t" "SUBS r6, r6, #0x4\n\t" - "bcs L_sp_2048_cmp_64_words%=\n\t" + "bcs L_sp_2048_cmp_64_words\n\t" "EOR r2, r2, r3\n\t" #else "LDR r4, [%[a], #252]\n\t" @@ -8562,7 +8812,11 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r, const sp_digit* a, const sp_dig "MOV r8, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" - "L_sp_2048_cond_add_32_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_cond_add_32_words:\n\t" +#else + "L_sp_2048_cond_add_32_words_%=:\n\t" +#endif "ADDS r5, r5, #0xffffffff\n\t" "LDR r6, [%[a], r4]\n\t" "LDR r7, [%[b], r4]\n\t" @@ -8572,10 +8826,12 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r, const sp_digit* a, const sp_dig "STR r6, [%[r], r4]\n\t" "ADD r4, r4, #0x4\n\t" "CMP r4, #0x80\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_cond_add_32_words%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_cond_add_32_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_2048_cond_add_32_words\n\t" #else - "BLT.N L_sp_2048_cond_add_32_words%=\n\t" + "BLT.N L_sp_2048_cond_add_32_words_%=\n\t" #endif "MOV %[r], r5\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -12948,7 +13204,11 @@ static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV r3, #0x0\n\t" "ADD r12, %[a], #0x180\n\t" "\n" - "L_sp_3072_add_96_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_add_96_word:\n\t" +#else + "L_sp_3072_add_96_word_%=:\n\t" +#endif "ADDS r3, r3, #0xffffffff\n\t" "LDM %[a]!, {r4, r5, r6, r7}\n\t" "LDM %[b]!, {r8, r9, r10, r11}\n\t" @@ -12960,10 +13220,12 @@ static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV r4, #0x0\n\t" "ADC r3, r4, #0x0\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_3072_add_96_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_3072_add_96_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_3072_add_96_word\n\t" #else - "BNE.N L_sp_3072_add_96_word%=\n\t" + "BNE.N L_sp_3072_add_96_word_%=\n\t" #endif "MOV %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -12995,7 +13257,11 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a, const sp_digit* b) "MOV r10, #0x0\n\t" "ADD r11, %[a], #0x180\n\t" "\n" - "L_sp_3072_sub_in_pkace_96_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_sub_in_pkace_96_word:\n\t" +#else + "L_sp_3072_sub_in_pkace_96_word_%=:\n\t" +#endif "RSBS r10, r10, #0x0\n\t" "LDM %[a], {r2, r3, r4, r5}\n\t" "LDM %[b]!, {r6, r7, r8, r9}\n\t" @@ -13006,10 +13272,12 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a, const sp_digit* b) "STM %[a]!, {r2, r3, r4, r5}\n\t" "SBC r10, r10, r10\n\t" "CMP %[a], r11\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_3072_sub_in_pkace_96_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_3072_sub_in_pkace_96_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_3072_sub_in_pkace_96_word\n\t" #else - "BNE.N L_sp_3072_sub_in_pkace_96_word%=\n\t" + "BNE.N L_sp_3072_sub_in_pkace_96_word_%=\n\t" #endif "MOV %[a], r10\n\t" : [a] "+r" (a), [b] "+r" (b) @@ -13049,13 +13317,21 @@ static void sp_3072_mul_96(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" - "L_sp_3072_mul_96_outer%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mul_96_outer:\n\t" +#else + "L_sp_3072_mul_96_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x17c\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" - "L_sp_3072_mul_96_inner%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mul_96_inner:\n\t" +#else + "L_sp_3072_mul_96_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -13071,15 +13347,19 @@ static void sp_3072_mul_96(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_3072_mul_96_inner_done%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_3072_mul_96_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_3072_mul_96_inner_done\n\t" #else - "BGT.N L_sp_3072_mul_96_inner_done%=\n\t" + "BGT.N L_sp_3072_mul_96_inner_done_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_mul_96_inner%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_mul_96_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_3072_mul_96_inner\n\t" #else - "BLT.N L_sp_3072_mul_96_inner%=\n\t" + "BLT.N L_sp_3072_mul_96_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r3]\n\t" @@ -13088,17 +13368,23 @@ static void sp_3072_mul_96(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" - "L_sp_3072_mul_96_inner_done%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mul_96_inner_done:\n\t" +#else + "L_sp_3072_mul_96_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x2f4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_3072_mul_96_outer%=\n\t" +#if defined(__GNUC__) + "BLE L_sp_3072_mul_96_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLE.N L_sp_3072_mul_96_outer\n\t" #else - "BLE.N L_sp_3072_mul_96_outer%=\n\t" + "BLE.N L_sp_3072_mul_96_outer_%=\n\t" #endif "LDR lr, [%[a], #380]\n\t" "LDR r11, [%[b], #380]\n\t" @@ -13107,14 +13393,20 @@ static void sp_3072_mul_96(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" - "L_sp_3072_mul_96_store%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mul_96_store:\n\t" +#else + "L_sp_3072_mul_96_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_3072_mul_96_store%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_3072_mul_96_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_3072_mul_96_store\n\t" #else - "BGT.N L_sp_3072_mul_96_store%=\n\t" + "BGT.N L_sp_3072_mul_96_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : @@ -13147,13 +13439,21 @@ static void sp_3072_sqr_96(sp_digit* r, const sp_digit* a) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" - "L_sp_3072_sqr_96_outer%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_sqr_96_outer:\n\t" +#else + "L_sp_3072_sqr_96_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x17c\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" - "L_sp_3072_sqr_96_inner%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_sqr_96_inner:\n\t" +#else + "L_sp_3072_sqr_96_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[a], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -13166,15 +13466,19 @@ static void sp_3072_sqr_96(sp_digit* r, const sp_digit* a) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_3072_sqr_96_inner_done%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_3072_sqr_96_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_3072_sqr_96_inner_done\n\t" #else - "BGT.N L_sp_3072_sqr_96_inner_done%=\n\t" + "BGT.N L_sp_3072_sqr_96_inner_done_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_sqr_96_inner%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_sqr_96_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_3072_sqr_96_inner\n\t" #else - "BLT.N L_sp_3072_sqr_96_inner%=\n\t" + "BLT.N L_sp_3072_sqr_96_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "UMULL r9, r10, lr, lr\n\t" @@ -13182,17 +13486,23 @@ static void sp_3072_sqr_96(sp_digit* r, const sp_digit* a) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" - "L_sp_3072_sqr_96_inner_done%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_sqr_96_inner_done:\n\t" +#else + "L_sp_3072_sqr_96_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x2f4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_3072_sqr_96_outer%=\n\t" +#if defined(__GNUC__) + "BLE L_sp_3072_sqr_96_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLE.N L_sp_3072_sqr_96_outer\n\t" #else - "BLE.N L_sp_3072_sqr_96_outer%=\n\t" + "BLE.N L_sp_3072_sqr_96_outer_%=\n\t" #endif "LDR lr, [%[a], #380]\n\t" "UMLAL r6, r7, lr, lr\n\t" @@ -13200,14 +13510,20 @@ static void sp_3072_sqr_96(sp_digit* r, const sp_digit* a) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" - "L_sp_3072_sqr_96_store%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_sqr_96_store:\n\t" +#else + "L_sp_3072_sqr_96_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_3072_sqr_96_store%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_3072_sqr_96_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_3072_sqr_96_store\n\t" #else - "BGT.N L_sp_3072_sqr_96_store%=\n\t" + "BGT.N L_sp_3072_sqr_96_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a) : @@ -13257,7 +13573,11 @@ static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV r3, #0x0\n\t" "ADD r12, %[a], #0xc0\n\t" "\n" - "L_sp_3072_add_48_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_add_48_word:\n\t" +#else + "L_sp_3072_add_48_word_%=:\n\t" +#endif "ADDS r3, r3, #0xffffffff\n\t" "LDM %[a]!, {r4, r5, r6, r7}\n\t" "LDM %[b]!, {r8, r9, r10, r11}\n\t" @@ -13269,10 +13589,12 @@ static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV r4, #0x0\n\t" "ADC r3, r4, #0x0\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_3072_add_48_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_3072_add_48_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_3072_add_48_word\n\t" #else - "BNE.N L_sp_3072_add_48_word%=\n\t" + "BNE.N L_sp_3072_add_48_word_%=\n\t" #endif "MOV %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -13304,7 +13626,11 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a, const sp_digit* b) "MOV r10, #0x0\n\t" "ADD r11, %[a], #0xc0\n\t" "\n" - "L_sp_3072_sub_in_pkace_48_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_sub_in_pkace_48_word:\n\t" +#else + "L_sp_3072_sub_in_pkace_48_word_%=:\n\t" +#endif "RSBS r10, r10, #0x0\n\t" "LDM %[a], {r2, r3, r4, r5}\n\t" "LDM %[b]!, {r6, r7, r8, r9}\n\t" @@ -13315,10 +13641,12 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a, const sp_digit* b) "STM %[a]!, {r2, r3, r4, r5}\n\t" "SBC r10, r10, r10\n\t" "CMP %[a], r11\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_3072_sub_in_pkace_48_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_3072_sub_in_pkace_48_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_3072_sub_in_pkace_48_word\n\t" #else - "BNE.N L_sp_3072_sub_in_pkace_48_word%=\n\t" + "BNE.N L_sp_3072_sub_in_pkace_48_word_%=\n\t" #endif "MOV %[a], r10\n\t" : [a] "+r" (a), [b] "+r" (b) @@ -13358,13 +13686,21 @@ static void sp_3072_mul_48(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" - "L_sp_3072_mul_48_outer%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mul_48_outer:\n\t" +#else + "L_sp_3072_mul_48_outer_%=:\n\t" +#endif "SUBS r3, r5, #0xbc\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" - "L_sp_3072_mul_48_inner%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mul_48_inner:\n\t" +#else + "L_sp_3072_mul_48_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -13380,15 +13716,19 @@ static void sp_3072_mul_48(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_3072_mul_48_inner_done%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_3072_mul_48_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_3072_mul_48_inner_done\n\t" #else - "BGT.N L_sp_3072_mul_48_inner_done%=\n\t" + "BGT.N L_sp_3072_mul_48_inner_done_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_mul_48_inner%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_mul_48_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_3072_mul_48_inner\n\t" #else - "BLT.N L_sp_3072_mul_48_inner%=\n\t" + "BLT.N L_sp_3072_mul_48_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r3]\n\t" @@ -13397,17 +13737,23 @@ static void sp_3072_mul_48(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" - "L_sp_3072_mul_48_inner_done%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mul_48_inner_done:\n\t" +#else + "L_sp_3072_mul_48_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x174\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_3072_mul_48_outer%=\n\t" +#if defined(__GNUC__) + "BLE L_sp_3072_mul_48_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLE.N L_sp_3072_mul_48_outer\n\t" #else - "BLE.N L_sp_3072_mul_48_outer%=\n\t" + "BLE.N L_sp_3072_mul_48_outer_%=\n\t" #endif "LDR lr, [%[a], #188]\n\t" "LDR r11, [%[b], #188]\n\t" @@ -13416,14 +13762,20 @@ static void sp_3072_mul_48(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" - "L_sp_3072_mul_48_store%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mul_48_store:\n\t" +#else + "L_sp_3072_mul_48_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_3072_mul_48_store%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_3072_mul_48_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_3072_mul_48_store\n\t" #else - "BGT.N L_sp_3072_mul_48_store%=\n\t" + "BGT.N L_sp_3072_mul_48_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : @@ -13456,13 +13808,21 @@ static void sp_3072_sqr_48(sp_digit* r, const sp_digit* a) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" - "L_sp_3072_sqr_48_outer%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_sqr_48_outer:\n\t" +#else + "L_sp_3072_sqr_48_outer_%=:\n\t" +#endif "SUBS r3, r5, #0xbc\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" - "L_sp_3072_sqr_48_inner%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_sqr_48_inner:\n\t" +#else + "L_sp_3072_sqr_48_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[a], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -13475,15 +13835,19 @@ static void sp_3072_sqr_48(sp_digit* r, const sp_digit* a) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_3072_sqr_48_inner_done%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_3072_sqr_48_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_3072_sqr_48_inner_done\n\t" #else - "BGT.N L_sp_3072_sqr_48_inner_done%=\n\t" + "BGT.N L_sp_3072_sqr_48_inner_done_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_sqr_48_inner%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_sqr_48_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_3072_sqr_48_inner\n\t" #else - "BLT.N L_sp_3072_sqr_48_inner%=\n\t" + "BLT.N L_sp_3072_sqr_48_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "UMULL r9, r10, lr, lr\n\t" @@ -13491,17 +13855,23 @@ static void sp_3072_sqr_48(sp_digit* r, const sp_digit* a) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" - "L_sp_3072_sqr_48_inner_done%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_sqr_48_inner_done:\n\t" +#else + "L_sp_3072_sqr_48_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x174\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_3072_sqr_48_outer%=\n\t" +#if defined(__GNUC__) + "BLE L_sp_3072_sqr_48_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLE.N L_sp_3072_sqr_48_outer\n\t" #else - "BLE.N L_sp_3072_sqr_48_outer%=\n\t" + "BLE.N L_sp_3072_sqr_48_outer_%=\n\t" #endif "LDR lr, [%[a], #188]\n\t" "UMLAL r6, r7, lr, lr\n\t" @@ -13509,14 +13879,20 @@ static void sp_3072_sqr_48(sp_digit* r, const sp_digit* a) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" - "L_sp_3072_sqr_48_store%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_sqr_48_store:\n\t" +#else + "L_sp_3072_sqr_48_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_3072_sqr_48_store%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_3072_sqr_48_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_3072_sqr_48_store\n\t" #else - "BGT.N L_sp_3072_sqr_48_store%=\n\t" + "BGT.N L_sp_3072_sqr_48_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a) : @@ -13575,7 +13951,11 @@ static void sp_3072_mul_d_96(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "MOV r9, #0x4\n\t" "\n" - "L_sp_3072_mul_d_96_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mul_d_96_word:\n\t" +#else + "L_sp_3072_mul_d_96_word_%=:\n\t" +#endif /* A[i] * B */ "LDR r8, [%[a], r9]\n\t" "UMULL r6, r7, %[b], r8\n\t" @@ -13588,10 +13968,12 @@ static void sp_3072_mul_d_96(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "ADD r9, r9, #0x4\n\t" "CMP r9, #0x180\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_mul_d_96_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_mul_d_96_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_3072_mul_d_96_word\n\t" #else - "BLT.N L_sp_3072_mul_d_96_word%=\n\t" + "BLT.N L_sp_3072_mul_d_96_word_%=\n\t" #endif "STR r3, [%[r], #384]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -14149,7 +14531,11 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a, const sp_dig "MOV r4, #0x0\n\t" "MOV r5, #0x0\n\t" "\n" - "L_sp_3072_cond_sub_48_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_cond_sub_48_words:\n\t" +#else + "L_sp_3072_cond_sub_48_words_%=:\n\t" +#endif "SUBS r4, r8, r4\n\t" "LDR r6, [%[a], r5]\n\t" "LDR r7, [%[b], r5]\n\t" @@ -14159,10 +14545,12 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a, const sp_dig "STR r6, [%[r], r5]\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0xc0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_cond_sub_48_words%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_cond_sub_48_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_3072_cond_sub_48_words\n\t" #else - "BLT.N L_sp_3072_cond_sub_48_words%=\n\t" + "BLT.N L_sp_3072_cond_sub_48_words_%=\n\t" #endif "MOV %[r], r4\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -14401,7 +14789,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s "LDR r4, [%[a]]\n\t" "LDR r5, [%[a], #4]\n\t" "\n" - "L_sp_3072_mont_reduce_48_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mont_reduce_48_word:\n\t" +#else + "L_sp_3072_mont_reduce_48_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL r10, %[mp], r4\n\t" /* a[i+0] += m[0] * mu */ @@ -14791,10 +15183,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s "ADD r11, r11, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r11, #0xc0\n\t" -#ifdef __GNUC__ - "BLT L_sp_3072_mont_reduce_48_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_mont_reduce_48_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.W L_sp_3072_mont_reduce_48_word\n\t" #else - "BLT.W L_sp_3072_mont_reduce_48_word%=\n\t" + "BLT.W L_sp_3072_mont_reduce_48_word_%=\n\t" #endif /* Loop Done */ "STR r4, [%[a]]\n\t" @@ -14833,7 +15227,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s /* ca = 0 */ "MOV r3, #0x0\n\t" "\n" - "L_sp_3072_mont_reduce_48_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mont_reduce_48_word:\n\t" +#else + "L_sp_3072_mont_reduce_48_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "LDR r10, [%[a]]\n\t" "MUL r8, %[mp], r10\n\t" @@ -14841,7 +15239,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s "MOV r12, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" - "L_sp_3072_mont_reduce_48_mul%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mont_reduce_48_mul:\n\t" +#else + "L_sp_3072_mont_reduce_48_mul_%=:\n\t" +#endif /* a[i+j+0] += m[j+0] * mu */ "LDR r7, [%[m], r12]\n\t" "LDR r10, [%[a], r12]\n\t" @@ -14883,10 +15285,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s /* j += 1 */ "ADD r12, r12, #0x4\n\t" "CMP r12, #0xc0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_mont_reduce_48_mul%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_mont_reduce_48_mul_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_3072_mont_reduce_48_mul\n\t" #else - "BLT.N L_sp_3072_mont_reduce_48_mul%=\n\t" + "BLT.N L_sp_3072_mont_reduce_48_mul_%=\n\t" #endif "LDR r10, [%[a], #192]\n\t" "ADDS r4, r4, r3\n\t" @@ -14899,10 +15303,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s "ADD r9, r9, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r9, #0xc0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_mont_reduce_48_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_mont_reduce_48_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_3072_mont_reduce_48_word\n\t" #else - "BLT.N L_sp_3072_mont_reduce_48_word%=\n\t" + "BLT.N L_sp_3072_mont_reduce_48_word_%=\n\t" #endif /* Loop Done */ "MOV %[mp], r3\n\t" @@ -14944,7 +15350,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s "LDR r9, [%[a], #12]\n\t" "LDR r10, [%[a], #16]\n\t" "\n" - "L_sp_3072_mont_reduce_48_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mont_reduce_48_word:\n\t" +#else + "L_sp_3072_mont_reduce_48_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL lr, %[mp], r6\n\t" /* a[i+0] += m[0] * mu */ @@ -15191,10 +15601,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s "ADD r4, r4, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r4, #0xc0\n\t" -#ifdef __GNUC__ - "BLT L_sp_3072_mont_reduce_48_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_mont_reduce_48_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.W L_sp_3072_mont_reduce_48_word\n\t" #else - "BLT.W L_sp_3072_mont_reduce_48_word%=\n\t" + "BLT.W L_sp_3072_mont_reduce_48_word_%=\n\t" #endif /* Loop Done */ "STR r6, [%[a]]\n\t" @@ -15236,7 +15648,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s /* ca = 0 */ "MOV r3, #0x0\n\t" "\n" - "L_sp_3072_mont_reduce_48_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mont_reduce_48_word:\n\t" +#else + "L_sp_3072_mont_reduce_48_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "LDR r10, [%[a]]\n\t" "MUL r8, %[mp], r10\n\t" @@ -15244,7 +15660,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s "MOV r12, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" - "L_sp_3072_mont_reduce_48_mul%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mont_reduce_48_mul:\n\t" +#else + "L_sp_3072_mont_reduce_48_mul_%=:\n\t" +#endif /* a[i+j+0] += m[j+0] * mu */ "LDR r7, [%[m], r12]\n\t" "LDR r10, [%[a], r12]\n\t" @@ -15274,10 +15694,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s /* j += 1 */ "ADD r12, r12, #0x4\n\t" "CMP r12, #0xc0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_mont_reduce_48_mul%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_mont_reduce_48_mul_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_3072_mont_reduce_48_mul\n\t" #else - "BLT.N L_sp_3072_mont_reduce_48_mul%=\n\t" + "BLT.N L_sp_3072_mont_reduce_48_mul_%=\n\t" #endif "LDR r10, [%[a], #192]\n\t" "ADDS r4, r4, r3\n\t" @@ -15290,10 +15712,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s "ADD r9, r9, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r9, #0xc0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_mont_reduce_48_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_mont_reduce_48_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_3072_mont_reduce_48_word\n\t" #else - "BLT.N L_sp_3072_mont_reduce_48_word%=\n\t" + "BLT.N L_sp_3072_mont_reduce_48_word_%=\n\t" #endif /* Loop Done */ "MOV %[mp], r3\n\t" @@ -15364,7 +15788,11 @@ static void sp_3072_mul_d_48(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "MOV r9, #0x4\n\t" "\n" - "L_sp_3072_mul_d_48_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mul_d_48_word:\n\t" +#else + "L_sp_3072_mul_d_48_word_%=:\n\t" +#endif /* A[i] * B */ "LDR r8, [%[a], r9]\n\t" "UMULL r6, r7, %[b], r8\n\t" @@ -15377,10 +15805,12 @@ static void sp_3072_mul_d_48(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "ADD r9, r9, #0x4\n\t" "CMP r9, #0xc0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_mul_d_48_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_mul_d_48_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_3072_mul_d_48_word\n\t" #else - "BLT.N L_sp_3072_mul_d_48_word%=\n\t" + "BLT.N L_sp_3072_mul_d_48_word_%=\n\t" #endif "STR r3, [%[r], #192]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -15758,7 +16188,11 @@ SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, sp_digit /* Next 30 bits */ "MOV r4, #0x1d\n\t" "\n" - "L_div_3072_word_48_bit%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_div_3072_word_48_bit:\n\t" +#else + "L_div_3072_word_48_bit_%=:\n\t" +#endif "LSLS r6, r6, #1\n\t" "ADC r7, r7, r7\n\t" "SUBS r8, r5, r7\n\t" @@ -15768,7 +16202,13 @@ SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, sp_digit "AND r8, r8, r5\n\t" "SUBS r7, r7, r8\n\t" "SUBS r4, r4, #0x1\n\t" - "bpl L_div_3072_word_48_bit%=\n\t" +#if defined(__GNUC__) + "BPL L_div_3072_word_48_bit_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BPL.N L_div_3072_word_48_bit\n\t" +#else + "BPL.N L_div_3072_word_48_bit_%=\n\t" +#endif "ADD r3, r3, r3\n\t" "ADD r3, r3, #0x1\n\t" "UMULL r6, r7, r3, %[div]\n\t" @@ -15820,7 +16260,11 @@ static sp_int32 sp_3072_cmp_48(const sp_digit* a, const sp_digit* b) #ifdef WOLFSSL_SP_SMALL "MOV r6, #0xbc\n\t" "\n" - "L_sp_3072_cmp_48_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_cmp_48_words:\n\t" +#else + "L_sp_3072_cmp_48_words_%=:\n\t" +#endif "LDR r4, [%[a], r6]\n\t" "LDR r5, [%[b], r6]\n\t" "AND r4, r4, r3\n\t" @@ -15833,7 +16277,7 @@ static sp_int32 sp_3072_cmp_48(const sp_digit* a, const sp_digit* b) "IT ne\n\t" "movne r3, r7\n\t" "SUBS r6, r6, #0x4\n\t" - "bcs L_sp_3072_cmp_48_words%=\n\t" + "bcs L_sp_3072_cmp_48_words\n\t" "EOR r2, r2, r3\n\t" #else "LDR r4, [%[a], #188]\n\t" @@ -16797,7 +17241,11 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a, const sp_dig "MOV r4, #0x0\n\t" "MOV r5, #0x0\n\t" "\n" - "L_sp_3072_cond_sub_96_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_cond_sub_96_words:\n\t" +#else + "L_sp_3072_cond_sub_96_words_%=:\n\t" +#endif "SUBS r4, r8, r4\n\t" "LDR r6, [%[a], r5]\n\t" "LDR r7, [%[b], r5]\n\t" @@ -16807,10 +17255,12 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a, const sp_dig "STR r6, [%[r], r5]\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x180\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_cond_sub_96_words%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_cond_sub_96_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_3072_cond_sub_96_words\n\t" #else - "BLT.N L_sp_3072_cond_sub_96_words%=\n\t" + "BLT.N L_sp_3072_cond_sub_96_words_%=\n\t" #endif "MOV %[r], r4\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -17217,7 +17667,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s "LDR r4, [%[a]]\n\t" "LDR r5, [%[a], #4]\n\t" "\n" - "L_sp_3072_mont_reduce_96_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mont_reduce_96_word:\n\t" +#else + "L_sp_3072_mont_reduce_96_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL r10, %[mp], r4\n\t" /* a[i+0] += m[0] * mu */ @@ -17991,10 +18445,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s "ADD r11, r11, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r11, #0x180\n\t" -#ifdef __GNUC__ - "BLT L_sp_3072_mont_reduce_96_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_mont_reduce_96_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.W L_sp_3072_mont_reduce_96_word\n\t" #else - "BLT.W L_sp_3072_mont_reduce_96_word%=\n\t" + "BLT.W L_sp_3072_mont_reduce_96_word_%=\n\t" #endif /* Loop Done */ "STR r4, [%[a]]\n\t" @@ -18033,7 +18489,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s /* ca = 0 */ "MOV r3, #0x0\n\t" "\n" - "L_sp_3072_mont_reduce_96_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mont_reduce_96_word:\n\t" +#else + "L_sp_3072_mont_reduce_96_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "LDR r10, [%[a]]\n\t" "MUL r8, %[mp], r10\n\t" @@ -18041,7 +18501,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s "MOV r12, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" - "L_sp_3072_mont_reduce_96_mul%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mont_reduce_96_mul:\n\t" +#else + "L_sp_3072_mont_reduce_96_mul_%=:\n\t" +#endif /* a[i+j+0] += m[j+0] * mu */ "LDR r7, [%[m], r12]\n\t" "LDR r10, [%[a], r12]\n\t" @@ -18083,10 +18547,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s /* j += 1 */ "ADD r12, r12, #0x4\n\t" "CMP r12, #0x180\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_mont_reduce_96_mul%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_mont_reduce_96_mul_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_3072_mont_reduce_96_mul\n\t" #else - "BLT.N L_sp_3072_mont_reduce_96_mul%=\n\t" + "BLT.N L_sp_3072_mont_reduce_96_mul_%=\n\t" #endif "LDR r10, [%[a], #384]\n\t" "ADDS r4, r4, r3\n\t" @@ -18099,10 +18565,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s "ADD r9, r9, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r9, #0x180\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_mont_reduce_96_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_mont_reduce_96_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_3072_mont_reduce_96_word\n\t" #else - "BLT.N L_sp_3072_mont_reduce_96_word%=\n\t" + "BLT.N L_sp_3072_mont_reduce_96_word_%=\n\t" #endif /* Loop Done */ "MOV %[mp], r3\n\t" @@ -18144,7 +18612,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s "LDR r9, [%[a], #12]\n\t" "LDR r10, [%[a], #16]\n\t" "\n" - "L_sp_3072_mont_reduce_96_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mont_reduce_96_word:\n\t" +#else + "L_sp_3072_mont_reduce_96_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL lr, %[mp], r6\n\t" /* a[i+0] += m[0] * mu */ @@ -18631,10 +19103,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s "ADD r4, r4, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r4, #0x180\n\t" -#ifdef __GNUC__ - "BLT L_sp_3072_mont_reduce_96_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_mont_reduce_96_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.W L_sp_3072_mont_reduce_96_word\n\t" #else - "BLT.W L_sp_3072_mont_reduce_96_word%=\n\t" + "BLT.W L_sp_3072_mont_reduce_96_word_%=\n\t" #endif /* Loop Done */ "STR r6, [%[a]]\n\t" @@ -18676,7 +19150,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s /* ca = 0 */ "MOV r3, #0x0\n\t" "\n" - "L_sp_3072_mont_reduce_96_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mont_reduce_96_word:\n\t" +#else + "L_sp_3072_mont_reduce_96_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "LDR r10, [%[a]]\n\t" "MUL r8, %[mp], r10\n\t" @@ -18684,7 +19162,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s "MOV r12, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" - "L_sp_3072_mont_reduce_96_mul%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mont_reduce_96_mul:\n\t" +#else + "L_sp_3072_mont_reduce_96_mul_%=:\n\t" +#endif /* a[i+j+0] += m[j+0] * mu */ "LDR r7, [%[m], r12]\n\t" "LDR r10, [%[a], r12]\n\t" @@ -18714,10 +19196,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s /* j += 1 */ "ADD r12, r12, #0x4\n\t" "CMP r12, #0x180\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_mont_reduce_96_mul%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_mont_reduce_96_mul_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_3072_mont_reduce_96_mul\n\t" #else - "BLT.N L_sp_3072_mont_reduce_96_mul%=\n\t" + "BLT.N L_sp_3072_mont_reduce_96_mul_%=\n\t" #endif "LDR r10, [%[a], #384]\n\t" "ADDS r4, r4, r3\n\t" @@ -18730,10 +19214,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s "ADD r9, r9, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r9, #0x180\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_mont_reduce_96_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_mont_reduce_96_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_3072_mont_reduce_96_word\n\t" #else - "BLT.N L_sp_3072_mont_reduce_96_word%=\n\t" + "BLT.N L_sp_3072_mont_reduce_96_word_%=\n\t" #endif /* Loop Done */ "MOV %[mp], r3\n\t" @@ -18799,7 +19285,11 @@ static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV r11, #0x0\n\t" "ADD r12, %[a], #0x180\n\t" "\n" - "L_sp_3072_sub_96_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_sub_96_word:\n\t" +#else + "L_sp_3072_sub_96_word_%=:\n\t" +#endif "RSBS r11, r11, #0x0\n\t" "LDM %[a]!, {r3, r4, r5, r6}\n\t" "LDM %[b]!, {r7, r8, r9, r10}\n\t" @@ -18810,10 +19300,12 @@ static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a, const sp_digit* b "STM %[r]!, {r3, r4, r5, r6}\n\t" "SBC r11, r3, r3\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_3072_sub_96_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_3072_sub_96_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_3072_sub_96_word\n\t" #else - "BNE.N L_sp_3072_sub_96_word%=\n\t" + "BNE.N L_sp_3072_sub_96_word_%=\n\t" #endif "MOV %[r], r11\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -19122,7 +19614,11 @@ SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0, sp_digit /* Next 30 bits */ "MOV r4, #0x1d\n\t" "\n" - "L_div_3072_word_96_bit%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_div_3072_word_96_bit:\n\t" +#else + "L_div_3072_word_96_bit_%=:\n\t" +#endif "LSLS r6, r6, #1\n\t" "ADC r7, r7, r7\n\t" "SUBS r8, r5, r7\n\t" @@ -19132,7 +19628,13 @@ SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0, sp_digit "AND r8, r8, r5\n\t" "SUBS r7, r7, r8\n\t" "SUBS r4, r4, #0x1\n\t" - "bpl L_div_3072_word_96_bit%=\n\t" +#if defined(__GNUC__) + "BPL L_div_3072_word_96_bit_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BPL.N L_div_3072_word_96_bit\n\t" +#else + "BPL.N L_div_3072_word_96_bit_%=\n\t" +#endif "ADD r3, r3, r3\n\t" "ADD r3, r3, #0x1\n\t" "UMULL r6, r7, r3, %[div]\n\t" @@ -19287,7 +19789,11 @@ static sp_int32 sp_3072_cmp_96(const sp_digit* a, const sp_digit* b) #ifdef WOLFSSL_SP_SMALL "MOV r6, #0x17c\n\t" "\n" - "L_sp_3072_cmp_96_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_cmp_96_words:\n\t" +#else + "L_sp_3072_cmp_96_words_%=:\n\t" +#endif "LDR r4, [%[a], r6]\n\t" "LDR r5, [%[b], r6]\n\t" "AND r4, r4, r3\n\t" @@ -19300,7 +19806,7 @@ static sp_int32 sp_3072_cmp_96(const sp_digit* a, const sp_digit* b) "IT ne\n\t" "movne r3, r7\n\t" "SUBS r6, r6, #0x4\n\t" - "bcs L_sp_3072_cmp_96_words%=\n\t" + "bcs L_sp_3072_cmp_96_words\n\t" "EOR r2, r2, r3\n\t" #else "LDR r4, [%[a], #380]\n\t" @@ -20915,7 +21421,11 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r, const sp_digit* a, const sp_dig "MOV r8, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" - "L_sp_3072_cond_add_48_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_cond_add_48_words:\n\t" +#else + "L_sp_3072_cond_add_48_words_%=:\n\t" +#endif "ADDS r5, r5, #0xffffffff\n\t" "LDR r6, [%[a], r4]\n\t" "LDR r7, [%[b], r4]\n\t" @@ -20925,10 +21435,12 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r, const sp_digit* a, const sp_dig "STR r6, [%[r], r4]\n\t" "ADD r4, r4, #0x4\n\t" "CMP r4, #0xc0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_cond_add_48_words%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_cond_add_48_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_3072_cond_add_48_words\n\t" #else - "BLT.N L_sp_3072_cond_add_48_words%=\n\t" + "BLT.N L_sp_3072_cond_add_48_words_%=\n\t" #endif "MOV %[r], r5\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -23059,7 +23571,11 @@ static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a, const sp_digit* "MOV r3, #0x0\n\t" "ADD r12, %[a], #0x200\n\t" "\n" - "L_sp_4096_add_128_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_add_128_word:\n\t" +#else + "L_sp_4096_add_128_word_%=:\n\t" +#endif "ADDS r3, r3, #0xffffffff\n\t" "LDM %[a]!, {r4, r5, r6, r7}\n\t" "LDM %[b]!, {r8, r9, r10, r11}\n\t" @@ -23071,10 +23587,12 @@ static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a, const sp_digit* "MOV r4, #0x0\n\t" "ADC r3, r4, #0x0\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_4096_add_128_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_4096_add_128_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_4096_add_128_word\n\t" #else - "BNE.N L_sp_4096_add_128_word%=\n\t" + "BNE.N L_sp_4096_add_128_word_%=\n\t" #endif "MOV %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -23106,7 +23624,11 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a, const sp_digit* b) "MOV r10, #0x0\n\t" "ADD r11, %[a], #0x200\n\t" "\n" - "L_sp_4096_sub_in_pkace_128_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_sub_in_pkace_128_word:\n\t" +#else + "L_sp_4096_sub_in_pkace_128_word_%=:\n\t" +#endif "RSBS r10, r10, #0x0\n\t" "LDM %[a], {r2, r3, r4, r5}\n\t" "LDM %[b]!, {r6, r7, r8, r9}\n\t" @@ -23117,10 +23639,12 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a, const sp_digit* b) "STM %[a]!, {r2, r3, r4, r5}\n\t" "SBC r10, r10, r10\n\t" "CMP %[a], r11\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_4096_sub_in_pkace_128_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_4096_sub_in_pkace_128_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_4096_sub_in_pkace_128_word\n\t" #else - "BNE.N L_sp_4096_sub_in_pkace_128_word%=\n\t" + "BNE.N L_sp_4096_sub_in_pkace_128_word_%=\n\t" #endif "MOV %[a], r10\n\t" : [a] "+r" (a), [b] "+r" (b) @@ -23160,13 +23684,21 @@ static void sp_4096_mul_128(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" - "L_sp_4096_mul_128_outer%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_mul_128_outer:\n\t" +#else + "L_sp_4096_mul_128_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x1fc\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" - "L_sp_4096_mul_128_inner%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_mul_128_inner:\n\t" +#else + "L_sp_4096_mul_128_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -23182,15 +23714,19 @@ static void sp_4096_mul_128(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_4096_mul_128_inner_done%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_4096_mul_128_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_4096_mul_128_inner_done\n\t" #else - "BGT.N L_sp_4096_mul_128_inner_done%=\n\t" + "BGT.N L_sp_4096_mul_128_inner_done_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_4096_mul_128_inner%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_4096_mul_128_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_4096_mul_128_inner\n\t" #else - "BLT.N L_sp_4096_mul_128_inner%=\n\t" + "BLT.N L_sp_4096_mul_128_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r3]\n\t" @@ -23199,17 +23735,23 @@ static void sp_4096_mul_128(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" - "L_sp_4096_mul_128_inner_done%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_mul_128_inner_done:\n\t" +#else + "L_sp_4096_mul_128_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x3f4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_4096_mul_128_outer%=\n\t" +#if defined(__GNUC__) + "BLE L_sp_4096_mul_128_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLE.N L_sp_4096_mul_128_outer\n\t" #else - "BLE.N L_sp_4096_mul_128_outer%=\n\t" + "BLE.N L_sp_4096_mul_128_outer_%=\n\t" #endif "LDR lr, [%[a], #508]\n\t" "LDR r11, [%[b], #508]\n\t" @@ -23218,14 +23760,20 @@ static void sp_4096_mul_128(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" - "L_sp_4096_mul_128_store%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_mul_128_store:\n\t" +#else + "L_sp_4096_mul_128_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_4096_mul_128_store%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_4096_mul_128_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_4096_mul_128_store\n\t" #else - "BGT.N L_sp_4096_mul_128_store%=\n\t" + "BGT.N L_sp_4096_mul_128_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : @@ -23258,13 +23806,21 @@ static void sp_4096_sqr_128(sp_digit* r, const sp_digit* a) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" - "L_sp_4096_sqr_128_outer%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_sqr_128_outer:\n\t" +#else + "L_sp_4096_sqr_128_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x1fc\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" - "L_sp_4096_sqr_128_inner%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_sqr_128_inner:\n\t" +#else + "L_sp_4096_sqr_128_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[a], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -23277,15 +23833,19 @@ static void sp_4096_sqr_128(sp_digit* r, const sp_digit* a) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_4096_sqr_128_inner_done%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_4096_sqr_128_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_4096_sqr_128_inner_done\n\t" #else - "BGT.N L_sp_4096_sqr_128_inner_done%=\n\t" + "BGT.N L_sp_4096_sqr_128_inner_done_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_4096_sqr_128_inner%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_4096_sqr_128_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_4096_sqr_128_inner\n\t" #else - "BLT.N L_sp_4096_sqr_128_inner%=\n\t" + "BLT.N L_sp_4096_sqr_128_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "UMULL r9, r10, lr, lr\n\t" @@ -23293,17 +23853,23 @@ static void sp_4096_sqr_128(sp_digit* r, const sp_digit* a) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" - "L_sp_4096_sqr_128_inner_done%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_sqr_128_inner_done:\n\t" +#else + "L_sp_4096_sqr_128_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x3f4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_4096_sqr_128_outer%=\n\t" +#if defined(__GNUC__) + "BLE L_sp_4096_sqr_128_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLE.N L_sp_4096_sqr_128_outer\n\t" #else - "BLE.N L_sp_4096_sqr_128_outer%=\n\t" + "BLE.N L_sp_4096_sqr_128_outer_%=\n\t" #endif "LDR lr, [%[a], #508]\n\t" "UMLAL r6, r7, lr, lr\n\t" @@ -23311,14 +23877,20 @@ static void sp_4096_sqr_128(sp_digit* r, const sp_digit* a) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" - "L_sp_4096_sqr_128_store%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_sqr_128_store:\n\t" +#else + "L_sp_4096_sqr_128_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_4096_sqr_128_store%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_4096_sqr_128_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_4096_sqr_128_store\n\t" #else - "BGT.N L_sp_4096_sqr_128_store%=\n\t" + "BGT.N L_sp_4096_sqr_128_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a) : @@ -23375,7 +23947,11 @@ static void sp_4096_mul_d_128(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "MOV r9, #0x4\n\t" "\n" - "L_sp_4096_mul_d_128_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_mul_d_128_word:\n\t" +#else + "L_sp_4096_mul_d_128_word_%=:\n\t" +#endif /* A[i] * B */ "LDR r8, [%[a], r9]\n\t" "UMULL r6, r7, %[b], r8\n\t" @@ -23388,10 +23964,12 @@ static void sp_4096_mul_d_128(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "ADD r9, r9, #0x4\n\t" "CMP r9, #0x200\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_4096_mul_d_128_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_4096_mul_d_128_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_4096_mul_d_128_word\n\t" #else - "BLT.N L_sp_4096_mul_d_128_word%=\n\t" + "BLT.N L_sp_4096_mul_d_128_word_%=\n\t" #endif "STR r3, [%[r], #512]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -24110,7 +24688,11 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a, const sp_di "MOV r4, #0x0\n\t" "MOV r5, #0x0\n\t" "\n" - "L_sp_4096_cond_sub_128_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_cond_sub_128_words:\n\t" +#else + "L_sp_4096_cond_sub_128_words_%=:\n\t" +#endif "SUBS r4, r8, r4\n\t" "LDR r6, [%[a], r5]\n\t" "LDR r7, [%[b], r5]\n\t" @@ -24120,10 +24702,12 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a, const sp_di "STR r6, [%[r], r5]\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x200\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_4096_cond_sub_128_words%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_4096_cond_sub_128_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_4096_cond_sub_128_words\n\t" #else - "BLT.N L_sp_4096_cond_sub_128_words%=\n\t" + "BLT.N L_sp_4096_cond_sub_128_words_%=\n\t" #endif "MOV %[r], r4\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -24642,7 +25226,11 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, "LDR r4, [%[a]]\n\t" "LDR r5, [%[a], #4]\n\t" "\n" - "L_sp_4096_mont_reduce_128_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_mont_reduce_128_word:\n\t" +#else + "L_sp_4096_mont_reduce_128_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL r10, %[mp], r4\n\t" /* a[i+0] += m[0] * mu */ @@ -25672,10 +26260,12 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, "ADD r11, r11, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r11, #0x200\n\t" -#ifdef __GNUC__ - "BLT L_sp_4096_mont_reduce_128_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_4096_mont_reduce_128_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.W L_sp_4096_mont_reduce_128_word\n\t" #else - "BLT.W L_sp_4096_mont_reduce_128_word%=\n\t" + "BLT.W L_sp_4096_mont_reduce_128_word_%=\n\t" #endif /* Loop Done */ "STR r4, [%[a]]\n\t" @@ -25714,7 +26304,11 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, /* ca = 0 */ "MOV r3, #0x0\n\t" "\n" - "L_sp_4096_mont_reduce_128_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_mont_reduce_128_word:\n\t" +#else + "L_sp_4096_mont_reduce_128_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "LDR r10, [%[a]]\n\t" "MUL r8, %[mp], r10\n\t" @@ -25722,7 +26316,11 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, "MOV r12, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" - "L_sp_4096_mont_reduce_128_mul%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_mont_reduce_128_mul:\n\t" +#else + "L_sp_4096_mont_reduce_128_mul_%=:\n\t" +#endif /* a[i+j+0] += m[j+0] * mu */ "LDR r7, [%[m], r12]\n\t" "LDR r10, [%[a], r12]\n\t" @@ -25764,10 +26362,12 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, /* j += 1 */ "ADD r12, r12, #0x4\n\t" "CMP r12, #0x200\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_4096_mont_reduce_128_mul%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_4096_mont_reduce_128_mul_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_4096_mont_reduce_128_mul\n\t" #else - "BLT.N L_sp_4096_mont_reduce_128_mul%=\n\t" + "BLT.N L_sp_4096_mont_reduce_128_mul_%=\n\t" #endif "LDR r10, [%[a], #512]\n\t" "ADDS r4, r4, r3\n\t" @@ -25780,10 +26380,12 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, "ADD r9, r9, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r9, #0x200\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_4096_mont_reduce_128_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_4096_mont_reduce_128_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_4096_mont_reduce_128_word\n\t" #else - "BLT.N L_sp_4096_mont_reduce_128_word%=\n\t" + "BLT.N L_sp_4096_mont_reduce_128_word_%=\n\t" #endif /* Loop Done */ "MOV %[mp], r3\n\t" @@ -25825,7 +26427,11 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, "LDR r9, [%[a], #12]\n\t" "LDR r10, [%[a], #16]\n\t" "\n" - "L_sp_4096_mont_reduce_128_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_mont_reduce_128_word:\n\t" +#else + "L_sp_4096_mont_reduce_128_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL lr, %[mp], r6\n\t" /* a[i+0] += m[0] * mu */ @@ -26472,10 +27078,12 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, "ADD r4, r4, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r4, #0x200\n\t" -#ifdef __GNUC__ - "BLT L_sp_4096_mont_reduce_128_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_4096_mont_reduce_128_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.W L_sp_4096_mont_reduce_128_word\n\t" #else - "BLT.W L_sp_4096_mont_reduce_128_word%=\n\t" + "BLT.W L_sp_4096_mont_reduce_128_word_%=\n\t" #endif /* Loop Done */ "STR r6, [%[a]]\n\t" @@ -26517,7 +27125,11 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, /* ca = 0 */ "MOV r3, #0x0\n\t" "\n" - "L_sp_4096_mont_reduce_128_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_mont_reduce_128_word:\n\t" +#else + "L_sp_4096_mont_reduce_128_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "LDR r10, [%[a]]\n\t" "MUL r8, %[mp], r10\n\t" @@ -26525,7 +27137,11 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, "MOV r12, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" - "L_sp_4096_mont_reduce_128_mul%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_mont_reduce_128_mul:\n\t" +#else + "L_sp_4096_mont_reduce_128_mul_%=:\n\t" +#endif /* a[i+j+0] += m[j+0] * mu */ "LDR r7, [%[m], r12]\n\t" "LDR r10, [%[a], r12]\n\t" @@ -26555,10 +27171,12 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, /* j += 1 */ "ADD r12, r12, #0x4\n\t" "CMP r12, #0x200\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_4096_mont_reduce_128_mul%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_4096_mont_reduce_128_mul_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_4096_mont_reduce_128_mul\n\t" #else - "BLT.N L_sp_4096_mont_reduce_128_mul%=\n\t" + "BLT.N L_sp_4096_mont_reduce_128_mul_%=\n\t" #endif "LDR r10, [%[a], #512]\n\t" "ADDS r4, r4, r3\n\t" @@ -26571,10 +27189,12 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, "ADD r9, r9, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r9, #0x200\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_4096_mont_reduce_128_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_4096_mont_reduce_128_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_4096_mont_reduce_128_word\n\t" #else - "BLT.N L_sp_4096_mont_reduce_128_word%=\n\t" + "BLT.N L_sp_4096_mont_reduce_128_word_%=\n\t" #endif /* Loop Done */ "MOV %[mp], r3\n\t" @@ -26640,7 +27260,11 @@ static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a, const sp_digit* "MOV r11, #0x0\n\t" "ADD r12, %[a], #0x200\n\t" "\n" - "L_sp_4096_sub_128_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_sub_128_word:\n\t" +#else + "L_sp_4096_sub_128_word_%=:\n\t" +#endif "RSBS r11, r11, #0x0\n\t" "LDM %[a]!, {r3, r4, r5, r6}\n\t" "LDM %[b]!, {r7, r8, r9, r10}\n\t" @@ -26651,10 +27275,12 @@ static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a, const sp_digit* "STM %[r]!, {r3, r4, r5, r6}\n\t" "SBC r11, r3, r3\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_4096_sub_128_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_4096_sub_128_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_4096_sub_128_word\n\t" #else - "BNE.N L_sp_4096_sub_128_word%=\n\t" + "BNE.N L_sp_4096_sub_128_word_%=\n\t" #endif "MOV %[r], r11\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -27019,7 +27645,11 @@ SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1, sp_digit d0, sp_digit /* Next 30 bits */ "MOV r4, #0x1d\n\t" "\n" - "L_div_4096_word_128_bit%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_div_4096_word_128_bit:\n\t" +#else + "L_div_4096_word_128_bit_%=:\n\t" +#endif "LSLS r6, r6, #1\n\t" "ADC r7, r7, r7\n\t" "SUBS r8, r5, r7\n\t" @@ -27029,7 +27659,13 @@ SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1, sp_digit d0, sp_digit "AND r8, r8, r5\n\t" "SUBS r7, r7, r8\n\t" "SUBS r4, r4, #0x1\n\t" - "bpl L_div_4096_word_128_bit%=\n\t" +#if defined(__GNUC__) + "BPL L_div_4096_word_128_bit_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BPL.N L_div_4096_word_128_bit\n\t" +#else + "BPL.N L_div_4096_word_128_bit_%=\n\t" +#endif "ADD r3, r3, r3\n\t" "ADD r3, r3, #0x1\n\t" "UMULL r6, r7, r3, %[div]\n\t" @@ -27184,7 +27820,11 @@ static sp_int32 sp_4096_cmp_128(const sp_digit* a, const sp_digit* b) #ifdef WOLFSSL_SP_SMALL "MOV r6, #0x1fc\n\t" "\n" - "L_sp_4096_cmp_128_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_cmp_128_words:\n\t" +#else + "L_sp_4096_cmp_128_words_%=:\n\t" +#endif "LDR r4, [%[a], r6]\n\t" "LDR r5, [%[b], r6]\n\t" "AND r4, r4, r3\n\t" @@ -27197,7 +27837,7 @@ static sp_int32 sp_4096_cmp_128(const sp_digit* a, const sp_digit* b) "IT ne\n\t" "movne r3, r7\n\t" "SUBS r6, r6, #0x4\n\t" - "bcs L_sp_4096_cmp_128_words%=\n\t" + "bcs L_sp_4096_cmp_128_words\n\t" "EOR r2, r2, r3\n\t" #else "LDR r4, [%[a], #508]\n\t" @@ -29164,7 +29804,11 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r, const sp_digit* a, const sp_dig "MOV r8, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" - "L_sp_4096_cond_add_64_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_cond_add_64_words:\n\t" +#else + "L_sp_4096_cond_add_64_words_%=:\n\t" +#endif "ADDS r5, r5, #0xffffffff\n\t" "LDR r6, [%[a], r4]\n\t" "LDR r7, [%[b], r4]\n\t" @@ -29174,10 +29818,12 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r, const sp_digit* a, const sp_dig "STR r6, [%[r], r4]\n\t" "ADD r4, r4, #0x4\n\t" "CMP r4, #0x100\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_4096_cond_add_64_words%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_4096_cond_add_64_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_4096_cond_add_64_words\n\t" #else - "BLT.N L_sp_4096_cond_add_64_words%=\n\t" + "BLT.N L_sp_4096_cond_add_64_words_%=\n\t" #endif "MOV %[r], r5\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -30857,13 +31503,21 @@ static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" - "L_sp_256_mul_8_outer%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_mul_8_outer:\n\t" +#else + "L_sp_256_mul_8_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x1c\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" - "L_sp_256_mul_8_inner%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_mul_8_inner:\n\t" +#else + "L_sp_256_mul_8_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -30879,15 +31533,19 @@ static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_256_mul_8_inner_done%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_256_mul_8_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_256_mul_8_inner_done\n\t" #else - "BGT.N L_sp_256_mul_8_inner_done%=\n\t" + "BGT.N L_sp_256_mul_8_inner_done_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_256_mul_8_inner%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_256_mul_8_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_256_mul_8_inner\n\t" #else - "BLT.N L_sp_256_mul_8_inner%=\n\t" + "BLT.N L_sp_256_mul_8_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r3]\n\t" @@ -30896,17 +31554,23 @@ static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" - "L_sp_256_mul_8_inner_done%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_mul_8_inner_done:\n\t" +#else + "L_sp_256_mul_8_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x34\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_256_mul_8_outer%=\n\t" +#if defined(__GNUC__) + "BLE L_sp_256_mul_8_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLE.N L_sp_256_mul_8_outer\n\t" #else - "BLE.N L_sp_256_mul_8_outer%=\n\t" + "BLE.N L_sp_256_mul_8_outer_%=\n\t" #endif "LDR lr, [%[a], #28]\n\t" "LDR r11, [%[b], #28]\n\t" @@ -30915,14 +31579,20 @@ static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" - "L_sp_256_mul_8_store%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_mul_8_store:\n\t" +#else + "L_sp_256_mul_8_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_256_mul_8_store%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_256_mul_8_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_256_mul_8_store\n\t" #else - "BGT.N L_sp_256_mul_8_store%=\n\t" + "BGT.N L_sp_256_mul_8_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : @@ -31455,13 +32125,21 @@ static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" - "L_sp_256_sqr_8_outer%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_sqr_8_outer:\n\t" +#else + "L_sp_256_sqr_8_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x1c\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" - "L_sp_256_sqr_8_inner%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_sqr_8_inner:\n\t" +#else + "L_sp_256_sqr_8_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[a], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -31474,15 +32152,19 @@ static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_256_sqr_8_inner_done%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_256_sqr_8_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_256_sqr_8_inner_done\n\t" #else - "BGT.N L_sp_256_sqr_8_inner_done%=\n\t" + "BGT.N L_sp_256_sqr_8_inner_done_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_256_sqr_8_inner%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_256_sqr_8_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_256_sqr_8_inner\n\t" #else - "BLT.N L_sp_256_sqr_8_inner%=\n\t" + "BLT.N L_sp_256_sqr_8_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "UMULL r9, r10, lr, lr\n\t" @@ -31490,17 +32172,23 @@ static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" - "L_sp_256_sqr_8_inner_done%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_sqr_8_inner_done:\n\t" +#else + "L_sp_256_sqr_8_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x34\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_256_sqr_8_outer%=\n\t" +#if defined(__GNUC__) + "BLE L_sp_256_sqr_8_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLE.N L_sp_256_sqr_8_outer\n\t" #else - "BLE.N L_sp_256_sqr_8_outer%=\n\t" + "BLE.N L_sp_256_sqr_8_outer_%=\n\t" #endif "LDR lr, [%[a], #28]\n\t" "UMLAL r6, r7, lr, lr\n\t" @@ -31508,14 +32196,20 @@ static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" - "L_sp_256_sqr_8_store%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_sqr_8_store:\n\t" +#else + "L_sp_256_sqr_8_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_256_sqr_8_store%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_256_sqr_8_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_256_sqr_8_store\n\t" #else - "BGT.N L_sp_256_sqr_8_store%=\n\t" + "BGT.N L_sp_256_sqr_8_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a) : @@ -31915,7 +32609,11 @@ static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r3, #0x0\n\t" "ADD r12, %[a], #0x20\n\t" "\n" - "L_sp_256_add_8_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_add_8_word:\n\t" +#else + "L_sp_256_add_8_word_%=:\n\t" +#endif "ADDS r3, r3, #0xffffffff\n\t" "LDM %[a]!, {r4, r5, r6, r7}\n\t" "LDM %[b]!, {r8, r9, r10, r11}\n\t" @@ -31927,10 +32625,12 @@ static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r4, #0x0\n\t" "ADC r3, r4, #0x0\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_256_add_8_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_256_add_8_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_256_add_8_word\n\t" #else - "BNE.N L_sp_256_add_8_word%=\n\t" + "BNE.N L_sp_256_add_8_word_%=\n\t" #endif "MOV %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -33938,7 +34638,11 @@ static sp_int32 sp_256_cmp_8(const sp_digit* a, const sp_digit* b) #ifdef WOLFSSL_SP_SMALL "MOV r6, #0x1c\n\t" "\n" - "L_sp_256_cmp_8_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_cmp_8_words:\n\t" +#else + "L_sp_256_cmp_8_words_%=:\n\t" +#endif "LDR r4, [%[a], r6]\n\t" "LDR r5, [%[b], r6]\n\t" "AND r4, r4, r3\n\t" @@ -33951,7 +34655,7 @@ static sp_int32 sp_256_cmp_8(const sp_digit* a, const sp_digit* b) "IT ne\n\t" "movne r3, r7\n\t" "SUBS r6, r6, #0x4\n\t" - "bcs L_sp_256_cmp_8_words%=\n\t" + "bcs L_sp_256_cmp_8_words\n\t" "EOR r2, r2, r3\n\t" #else "LDR r4, [%[a], #28]\n\t" @@ -34085,7 +34789,11 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a, const sp_digit "MOV r4, #0x0\n\t" "MOV r5, #0x0\n\t" "\n" - "L_sp_256_cond_sub_8_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_cond_sub_8_words:\n\t" +#else + "L_sp_256_cond_sub_8_words_%=:\n\t" +#endif "SUBS r4, r8, r4\n\t" "LDR r6, [%[a], r5]\n\t" "LDR r7, [%[b], r5]\n\t" @@ -34095,10 +34803,12 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a, const sp_digit "STR r6, [%[r], r5]\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_256_cond_sub_8_words%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_256_cond_sub_8_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_256_cond_sub_8_words\n\t" #else - "BLT.N L_sp_256_cond_sub_8_words%=\n\t" + "BLT.N L_sp_256_cond_sub_8_words_%=\n\t" #endif "MOV %[r], r4\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -34199,7 +34909,11 @@ SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, sp_ "LDR r4, [%[a]]\n\t" "LDR r5, [%[a], #4]\n\t" "\n" - "L_sp_256_mont_reduce_8_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_mont_reduce_8_word:\n\t" +#else + "L_sp_256_mont_reduce_8_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL r10, %[mp], r4\n\t" /* a[i+0] += m[0] * mu */ @@ -34269,10 +34983,12 @@ SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, sp_ "ADD r11, r11, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r11, #0x20\n\t" -#ifdef __GNUC__ - "BLT L_sp_256_mont_reduce_8_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_256_mont_reduce_8_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.W L_sp_256_mont_reduce_8_word\n\t" #else - "BLT.W L_sp_256_mont_reduce_8_word%=\n\t" + "BLT.W L_sp_256_mont_reduce_8_word_%=\n\t" #endif /* Loop Done */ "STR r4, [%[a]]\n\t" @@ -34314,7 +35030,11 @@ SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, sp_ "LDR r9, [%[a], #12]\n\t" "LDR r10, [%[a], #16]\n\t" "\n" - "L_sp_256_mont_reduce_8_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_mont_reduce_8_word:\n\t" +#else + "L_sp_256_mont_reduce_8_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL lr, %[mp], r6\n\t" /* a[i+0] += m[0] * mu */ @@ -34361,10 +35081,12 @@ SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, sp_ "ADD r4, r4, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r4, #0x20\n\t" -#ifdef __GNUC__ - "BLT L_sp_256_mont_reduce_8_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_256_mont_reduce_8_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.W L_sp_256_mont_reduce_8_word\n\t" #else - "BLT.W L_sp_256_mont_reduce_8_word%=\n\t" + "BLT.W L_sp_256_mont_reduce_8_word_%=\n\t" #endif /* Loop Done */ "STR r6, [%[a]]\n\t" @@ -34573,7 +35295,11 @@ SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a, const sp_digit* "LDR r4, [%[a]]\n\t" "LDR r5, [%[a], #4]\n\t" "\n" - "L_sp_256_mont_reduce_order_8_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_mont_reduce_order_8_word:\n\t" +#else + "L_sp_256_mont_reduce_order_8_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL r10, %[mp], r4\n\t" /* a[i+0] += m[0] * mu */ @@ -34643,10 +35369,12 @@ SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a, const sp_digit* "ADD r11, r11, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r11, #0x20\n\t" -#ifdef __GNUC__ - "BLT L_sp_256_mont_reduce_order_8_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_256_mont_reduce_order_8_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.W L_sp_256_mont_reduce_order_8_word\n\t" #else - "BLT.W L_sp_256_mont_reduce_order_8_word%=\n\t" + "BLT.W L_sp_256_mont_reduce_order_8_word_%=\n\t" #endif /* Loop Done */ "STR r4, [%[a]]\n\t" @@ -34688,7 +35416,11 @@ SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a, const sp_digit* "LDR r9, [%[a], #12]\n\t" "LDR r10, [%[a], #16]\n\t" "\n" - "L_sp_256_mont_reduce_order_8_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_mont_reduce_order_8_word:\n\t" +#else + "L_sp_256_mont_reduce_order_8_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL lr, %[mp], r6\n\t" /* a[i+0] += m[0] * mu */ @@ -34735,10 +35467,12 @@ SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a, const sp_digit* "ADD r4, r4, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r4, #0x20\n\t" -#ifdef __GNUC__ - "BLT L_sp_256_mont_reduce_order_8_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_256_mont_reduce_order_8_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.W L_sp_256_mont_reduce_order_8_word\n\t" #else - "BLT.W L_sp_256_mont_reduce_order_8_word%=\n\t" + "BLT.W L_sp_256_mont_reduce_order_8_word_%=\n\t" #endif /* Loop Done */ "STR r6, [%[a]]\n\t" @@ -39075,7 +39809,11 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a, const sp_digit* b) "MOV r10, #0x0\n\t" "ADD r11, %[a], #0x20\n\t" "\n" - "L_sp_256_sub_in_pkace_8_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_sub_in_pkace_8_word:\n\t" +#else + "L_sp_256_sub_in_pkace_8_word_%=:\n\t" +#endif "RSBS r10, r10, #0x0\n\t" "LDM %[a], {r2, r3, r4, r5}\n\t" "LDM %[b]!, {r6, r7, r8, r9}\n\t" @@ -39086,10 +39824,12 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a, const sp_digit* b) "STM %[a]!, {r2, r3, r4, r5}\n\t" "SBC r10, r10, r10\n\t" "CMP %[a], r11\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_256_sub_in_pkace_8_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_256_sub_in_pkace_8_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_256_sub_in_pkace_8_word\n\t" #else - "BNE.N L_sp_256_sub_in_pkace_8_word%=\n\t" + "BNE.N L_sp_256_sub_in_pkace_8_word_%=\n\t" #endif "MOV %[a], r10\n\t" : [a] "+r" (a), [b] "+r" (b) @@ -39168,7 +39908,11 @@ static void sp_256_mul_d_8(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "MOV r9, #0x4\n\t" "\n" - "L_sp_256_mul_d_8_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_mul_d_8_word:\n\t" +#else + "L_sp_256_mul_d_8_word_%=:\n\t" +#endif /* A[i] * B */ "LDR r8, [%[a], r9]\n\t" "UMULL r6, r7, %[b], r8\n\t" @@ -39181,10 +39925,12 @@ static void sp_256_mul_d_8(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "ADD r9, r9, #0x4\n\t" "CMP r9, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_256_mul_d_8_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_256_mul_d_8_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_256_mul_d_8_word\n\t" #else - "BLT.N L_sp_256_mul_d_8_word%=\n\t" + "BLT.N L_sp_256_mul_d_8_word_%=\n\t" #endif "STR r3, [%[r], #32]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -39362,7 +40108,11 @@ SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1, sp_digit d0, sp_digit di /* Next 30 bits */ "MOV r4, #0x1d\n\t" "\n" - "L_div_256_word_8_bit%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_div_256_word_8_bit:\n\t" +#else + "L_div_256_word_8_bit_%=:\n\t" +#endif "LSLS r6, r6, #1\n\t" "ADC r7, r7, r7\n\t" "SUBS r8, r5, r7\n\t" @@ -39372,7 +40122,13 @@ SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1, sp_digit d0, sp_digit di "AND r8, r8, r5\n\t" "SUBS r7, r7, r8\n\t" "SUBS r4, r4, #0x1\n\t" - "bpl L_div_256_word_8_bit%=\n\t" +#if defined(__GNUC__) + "BPL L_div_256_word_8_bit_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BPL.N L_div_256_word_8_bit\n\t" +#else + "BPL.N L_div_256_word_8_bit_%=\n\t" +#endif "ADD r3, r3, r3\n\t" "ADD r3, r3, #0x1\n\t" "UMULL r6, r7, r3, %[div]\n\t" @@ -40066,7 +40822,11 @@ static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r11, #0x0\n\t" "ADD r12, %[a], #0x20\n\t" "\n" - "L_sp_256_sub_8_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_sub_8_word:\n\t" +#else + "L_sp_256_sub_8_word_%=:\n\t" +#endif "RSBS r11, r11, #0x0\n\t" "LDM %[a]!, {r3, r4, r5, r6}\n\t" "LDM %[b]!, {r7, r8, r9, r10}\n\t" @@ -40077,10 +40837,12 @@ static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b) "STM %[r]!, {r3, r4, r5, r6}\n\t" "SBC r11, r3, r3\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_256_sub_8_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_256_sub_8_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_256_sub_8_word\n\t" #else - "BNE.N L_sp_256_sub_8_word%=\n\t" + "BNE.N L_sp_256_sub_8_word_%=\n\t" #endif "MOV %[r], r11\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -40199,10 +40961,12 @@ static void sp_256_div2_mod_8(sp_digit* r, const sp_digit* a, const sp_digit* m) "MOV r12, #0x0\n\t" "LDM %[a]!, {r4}\n\t" "ANDS r3, r4, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_256_div2_mod_8_even%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_256_div2_mod_8_even_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_256_div2_mod_8_even\n\t" #else - "BEQ.N L_sp_256_div2_mod_8_even%=\n\t" + "BEQ.N L_sp_256_div2_mod_8_even_%=\n\t" #endif "LDM %[a]!, {r5, r6, r7}\n\t" "LDM %[m]!, {r8, r9, r10, r11}\n\t" @@ -40218,17 +40982,27 @@ static void sp_256_div2_mod_8(sp_digit* r, const sp_digit* a, const sp_digit* m) "ADCS r6, r6, r10\n\t" "ADCS r7, r7, r11\n\t" "ADC r3, r12, r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_256_div2_mod_8_div2%=\n\t" +#if defined(__GNUC__) + "B L_sp_256_div2_mod_8_div2_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_256_div2_mod_8_div2\n\t" #else - "B.N L_sp_256_div2_mod_8_div2%=\n\t" + "B.N L_sp_256_div2_mod_8_div2_%=\n\t" #endif "\n" - "L_sp_256_div2_mod_8_even%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_div2_mod_8_even:\n\t" +#else + "L_sp_256_div2_mod_8_even_%=:\n\t" +#endif "LDRD r4, r5, [%[a], #12]\n\t" "LDRD r6, r7, [%[a], #20]\n\t" "\n" - "L_sp_256_div2_mod_8_div2%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_div2_mod_8_div2:\n\t" +#else + "L_sp_256_div2_mod_8_div2_%=:\n\t" +#endif "LSR r8, r4, #1\n\t" "AND r4, r4, #0x1\n\t" "LSR r9, r5, #1\n\t" @@ -40270,129 +41044,189 @@ static int sp_256_num_bits_8(const sp_digit* a) __asm__ __volatile__ ( "LDR r1, [%[a], #28]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_256_num_bits_8_7%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_256_num_bits_8_7_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_256_num_bits_8_7\n\t" #else - "BEQ.N L_sp_256_num_bits_8_7%=\n\t" + "BEQ.N L_sp_256_num_bits_8_7_%=\n\t" #endif "MOV r2, #0x100\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_256_num_bits_8_9%=\n\t" +#if defined(__GNUC__) + "B L_sp_256_num_bits_8_9_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_256_num_bits_8_9\n\t" #else - "B.N L_sp_256_num_bits_8_9%=\n\t" + "B.N L_sp_256_num_bits_8_9_%=\n\t" #endif "\n" - "L_sp_256_num_bits_8_7%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_num_bits_8_7:\n\t" +#else + "L_sp_256_num_bits_8_7_%=:\n\t" +#endif "LDR r1, [%[a], #24]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_256_num_bits_8_6%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_256_num_bits_8_6_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_256_num_bits_8_6\n\t" #else - "BEQ.N L_sp_256_num_bits_8_6%=\n\t" + "BEQ.N L_sp_256_num_bits_8_6_%=\n\t" #endif "MOV r2, #0xe0\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_256_num_bits_8_9%=\n\t" +#if defined(__GNUC__) + "B L_sp_256_num_bits_8_9_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_256_num_bits_8_9\n\t" #else - "B.N L_sp_256_num_bits_8_9%=\n\t" + "B.N L_sp_256_num_bits_8_9_%=\n\t" #endif "\n" - "L_sp_256_num_bits_8_6%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_num_bits_8_6:\n\t" +#else + "L_sp_256_num_bits_8_6_%=:\n\t" +#endif "LDR r1, [%[a], #20]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_256_num_bits_8_5%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_256_num_bits_8_5_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_256_num_bits_8_5\n\t" #else - "BEQ.N L_sp_256_num_bits_8_5%=\n\t" + "BEQ.N L_sp_256_num_bits_8_5_%=\n\t" #endif "MOV r2, #0xc0\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_256_num_bits_8_9%=\n\t" +#if defined(__GNUC__) + "B L_sp_256_num_bits_8_9_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_256_num_bits_8_9\n\t" #else - "B.N L_sp_256_num_bits_8_9%=\n\t" + "B.N L_sp_256_num_bits_8_9_%=\n\t" #endif "\n" - "L_sp_256_num_bits_8_5%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_num_bits_8_5:\n\t" +#else + "L_sp_256_num_bits_8_5_%=:\n\t" +#endif "LDR r1, [%[a], #16]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_256_num_bits_8_4%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_256_num_bits_8_4_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_256_num_bits_8_4\n\t" #else - "BEQ.N L_sp_256_num_bits_8_4%=\n\t" + "BEQ.N L_sp_256_num_bits_8_4_%=\n\t" #endif "MOV r2, #0xa0\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_256_num_bits_8_9%=\n\t" +#if defined(__GNUC__) + "B L_sp_256_num_bits_8_9_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_256_num_bits_8_9\n\t" #else - "B.N L_sp_256_num_bits_8_9%=\n\t" + "B.N L_sp_256_num_bits_8_9_%=\n\t" #endif "\n" - "L_sp_256_num_bits_8_4%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_num_bits_8_4:\n\t" +#else + "L_sp_256_num_bits_8_4_%=:\n\t" +#endif "LDR r1, [%[a], #12]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_256_num_bits_8_3%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_256_num_bits_8_3_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_256_num_bits_8_3\n\t" #else - "BEQ.N L_sp_256_num_bits_8_3%=\n\t" + "BEQ.N L_sp_256_num_bits_8_3_%=\n\t" #endif "MOV r2, #0x80\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_256_num_bits_8_9%=\n\t" +#if defined(__GNUC__) + "B L_sp_256_num_bits_8_9_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_256_num_bits_8_9\n\t" #else - "B.N L_sp_256_num_bits_8_9%=\n\t" + "B.N L_sp_256_num_bits_8_9_%=\n\t" #endif "\n" - "L_sp_256_num_bits_8_3%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_num_bits_8_3:\n\t" +#else + "L_sp_256_num_bits_8_3_%=:\n\t" +#endif "LDR r1, [%[a], #8]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_256_num_bits_8_2%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_256_num_bits_8_2_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_256_num_bits_8_2\n\t" #else - "BEQ.N L_sp_256_num_bits_8_2%=\n\t" + "BEQ.N L_sp_256_num_bits_8_2_%=\n\t" #endif "MOV r2, #0x60\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_256_num_bits_8_9%=\n\t" +#if defined(__GNUC__) + "B L_sp_256_num_bits_8_9_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_256_num_bits_8_9\n\t" #else - "B.N L_sp_256_num_bits_8_9%=\n\t" + "B.N L_sp_256_num_bits_8_9_%=\n\t" #endif "\n" - "L_sp_256_num_bits_8_2%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_num_bits_8_2:\n\t" +#else + "L_sp_256_num_bits_8_2_%=:\n\t" +#endif "LDR r1, [%[a], #4]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_256_num_bits_8_1%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_256_num_bits_8_1_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_256_num_bits_8_1\n\t" #else - "BEQ.N L_sp_256_num_bits_8_1%=\n\t" + "BEQ.N L_sp_256_num_bits_8_1_%=\n\t" #endif "MOV r2, #0x40\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_256_num_bits_8_9%=\n\t" +#if defined(__GNUC__) + "B L_sp_256_num_bits_8_9_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_256_num_bits_8_9\n\t" #else - "B.N L_sp_256_num_bits_8_9%=\n\t" + "B.N L_sp_256_num_bits_8_9_%=\n\t" #endif "\n" - "L_sp_256_num_bits_8_1%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_num_bits_8_1:\n\t" +#else + "L_sp_256_num_bits_8_1_%=:\n\t" +#endif "LDR r1, [%[a]]\n\t" "MOV r2, #0x20\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" "\n" - "L_sp_256_num_bits_8_9%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_num_bits_8_9:\n\t" +#else + "L_sp_256_num_bits_8_9_%=:\n\t" +#endif "MOV %[a], r4\n\t" : [a] "+r" (a) : @@ -41515,13 +42349,21 @@ static void sp_384_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" - "L_sp_384_mul_12_outer%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_mul_12_outer:\n\t" +#else + "L_sp_384_mul_12_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x2c\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" - "L_sp_384_mul_12_inner%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_mul_12_inner:\n\t" +#else + "L_sp_384_mul_12_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -41537,15 +42379,19 @@ static void sp_384_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_384_mul_12_inner_done%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_384_mul_12_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_384_mul_12_inner_done\n\t" #else - "BGT.N L_sp_384_mul_12_inner_done%=\n\t" + "BGT.N L_sp_384_mul_12_inner_done_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_384_mul_12_inner%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_384_mul_12_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_384_mul_12_inner\n\t" #else - "BLT.N L_sp_384_mul_12_inner%=\n\t" + "BLT.N L_sp_384_mul_12_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r3]\n\t" @@ -41554,17 +42400,23 @@ static void sp_384_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" - "L_sp_384_mul_12_inner_done%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_mul_12_inner_done:\n\t" +#else + "L_sp_384_mul_12_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x54\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_384_mul_12_outer%=\n\t" +#if defined(__GNUC__) + "BLE L_sp_384_mul_12_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLE.N L_sp_384_mul_12_outer\n\t" #else - "BLE.N L_sp_384_mul_12_outer%=\n\t" + "BLE.N L_sp_384_mul_12_outer_%=\n\t" #endif "LDR lr, [%[a], #44]\n\t" "LDR r11, [%[b], #44]\n\t" @@ -41573,14 +42425,20 @@ static void sp_384_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" - "L_sp_384_mul_12_store%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_mul_12_store:\n\t" +#else + "L_sp_384_mul_12_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_384_mul_12_store%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_384_mul_12_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_384_mul_12_store\n\t" #else - "BGT.N L_sp_384_mul_12_store%=\n\t" + "BGT.N L_sp_384_mul_12_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : @@ -42643,13 +43501,21 @@ static void sp_384_sqr_12(sp_digit* r, const sp_digit* a) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" - "L_sp_384_sqr_12_outer%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_sqr_12_outer:\n\t" +#else + "L_sp_384_sqr_12_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x2c\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" - "L_sp_384_sqr_12_inner%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_sqr_12_inner:\n\t" +#else + "L_sp_384_sqr_12_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[a], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -42662,15 +43528,19 @@ static void sp_384_sqr_12(sp_digit* r, const sp_digit* a) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_384_sqr_12_inner_done%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_384_sqr_12_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_384_sqr_12_inner_done\n\t" #else - "BGT.N L_sp_384_sqr_12_inner_done%=\n\t" + "BGT.N L_sp_384_sqr_12_inner_done_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_384_sqr_12_inner%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_384_sqr_12_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_384_sqr_12_inner\n\t" #else - "BLT.N L_sp_384_sqr_12_inner%=\n\t" + "BLT.N L_sp_384_sqr_12_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "UMULL r9, r10, lr, lr\n\t" @@ -42678,17 +43548,23 @@ static void sp_384_sqr_12(sp_digit* r, const sp_digit* a) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" - "L_sp_384_sqr_12_inner_done%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_sqr_12_inner_done:\n\t" +#else + "L_sp_384_sqr_12_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x54\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_384_sqr_12_outer%=\n\t" +#if defined(__GNUC__) + "BLE L_sp_384_sqr_12_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLE.N L_sp_384_sqr_12_outer\n\t" #else - "BLE.N L_sp_384_sqr_12_outer%=\n\t" + "BLE.N L_sp_384_sqr_12_outer_%=\n\t" #endif "LDR lr, [%[a], #44]\n\t" "UMLAL r6, r7, lr, lr\n\t" @@ -42696,14 +43572,20 @@ static void sp_384_sqr_12(sp_digit* r, const sp_digit* a) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" - "L_sp_384_sqr_12_store%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_sqr_12_store:\n\t" +#else + "L_sp_384_sqr_12_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_384_sqr_12_store%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_384_sqr_12_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_384_sqr_12_store\n\t" #else - "BGT.N L_sp_384_sqr_12_store%=\n\t" + "BGT.N L_sp_384_sqr_12_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a) : @@ -43436,7 +44318,11 @@ static sp_digit sp_384_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r3, #0x0\n\t" "ADD r12, %[a], #0x30\n\t" "\n" - "L_sp_384_add_12_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_add_12_word:\n\t" +#else + "L_sp_384_add_12_word_%=:\n\t" +#endif "ADDS r3, r3, #0xffffffff\n\t" "LDM %[a]!, {r4, r5, r6, r7}\n\t" "LDM %[b]!, {r8, r9, r10, r11}\n\t" @@ -43448,10 +44334,12 @@ static sp_digit sp_384_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r4, #0x0\n\t" "ADC r3, r4, #0x0\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_384_add_12_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_384_add_12_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_384_add_12_word\n\t" #else - "BNE.N L_sp_384_add_12_word%=\n\t" + "BNE.N L_sp_384_add_12_word_%=\n\t" #endif "MOV %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -43836,7 +44724,11 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a, const sp_digi "MOV r4, #0x0\n\t" "MOV r5, #0x0\n\t" "\n" - "L_sp_384_cond_sub_12_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_cond_sub_12_words:\n\t" +#else + "L_sp_384_cond_sub_12_words_%=:\n\t" +#endif "SUBS r4, r8, r4\n\t" "LDR r6, [%[a], r5]\n\t" "LDR r7, [%[b], r5]\n\t" @@ -43846,10 +44738,12 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a, const sp_digi "STR r6, [%[r], r5]\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x30\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_384_cond_sub_12_words%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_384_cond_sub_12_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_384_cond_sub_12_words\n\t" #else - "BLT.N L_sp_384_cond_sub_12_words%=\n\t" + "BLT.N L_sp_384_cond_sub_12_words_%=\n\t" #endif "MOV %[r], r4\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -43963,7 +44857,11 @@ SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, sp "LDR r4, [%[a]]\n\t" "LDR r5, [%[a], #4]\n\t" "\n" - "L_sp_384_mont_reduce_12_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_mont_reduce_12_word:\n\t" +#else + "L_sp_384_mont_reduce_12_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL r10, %[mp], r4\n\t" /* a[i+0] += m[0] * mu */ @@ -44065,10 +44963,12 @@ SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, sp "ADD r11, r11, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r11, #0x30\n\t" -#ifdef __GNUC__ - "BLT L_sp_384_mont_reduce_12_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_384_mont_reduce_12_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.W L_sp_384_mont_reduce_12_word\n\t" #else - "BLT.W L_sp_384_mont_reduce_12_word%=\n\t" + "BLT.W L_sp_384_mont_reduce_12_word_%=\n\t" #endif /* Loop Done */ "STR r4, [%[a]]\n\t" @@ -44110,7 +45010,11 @@ SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, sp "LDR r9, [%[a], #12]\n\t" "LDR r10, [%[a], #16]\n\t" "\n" - "L_sp_384_mont_reduce_12_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_mont_reduce_12_word:\n\t" +#else + "L_sp_384_mont_reduce_12_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL lr, %[mp], r6\n\t" /* a[i+0] += m[0] * mu */ @@ -44177,10 +45081,12 @@ SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, sp "ADD r4, r4, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r4, #0x30\n\t" -#ifdef __GNUC__ - "BLT L_sp_384_mont_reduce_12_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_384_mont_reduce_12_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.W L_sp_384_mont_reduce_12_word\n\t" #else - "BLT.W L_sp_384_mont_reduce_12_word%=\n\t" + "BLT.W L_sp_384_mont_reduce_12_word_%=\n\t" #endif /* Loop Done */ "STR r6, [%[a]]\n\t" @@ -44365,7 +45271,11 @@ static sp_int32 sp_384_cmp_12(const sp_digit* a, const sp_digit* b) #ifdef WOLFSSL_SP_SMALL "MOV r6, #0x2c\n\t" "\n" - "L_sp_384_cmp_12_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_cmp_12_words:\n\t" +#else + "L_sp_384_cmp_12_words_%=:\n\t" +#endif "LDR r4, [%[a], r6]\n\t" "LDR r5, [%[b], r6]\n\t" "AND r4, r4, r3\n\t" @@ -44378,7 +45288,7 @@ static sp_int32 sp_384_cmp_12(const sp_digit* a, const sp_digit* b) "IT ne\n\t" "movne r3, r7\n\t" "SUBS r6, r6, #0x4\n\t" - "bcs L_sp_384_cmp_12_words%=\n\t" + "bcs L_sp_384_cmp_12_words\n\t" "EOR r2, r2, r3\n\t" #else "LDR r4, [%[a], #44]\n\t" @@ -44668,7 +45578,11 @@ static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r11, #0x0\n\t" "ADD r12, %[a], #0x30\n\t" "\n" - "L_sp_384_sub_12_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_sub_12_word:\n\t" +#else + "L_sp_384_sub_12_word_%=:\n\t" +#endif "RSBS r11, r11, #0x0\n\t" "LDM %[a]!, {r3, r4, r5, r6}\n\t" "LDM %[b]!, {r7, r8, r9, r10}\n\t" @@ -44679,10 +45593,12 @@ static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b) "STM %[r]!, {r3, r4, r5, r6}\n\t" "SBC r11, r3, r3\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_384_sub_12_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_384_sub_12_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_384_sub_12_word\n\t" #else - "BNE.N L_sp_384_sub_12_word%=\n\t" + "BNE.N L_sp_384_sub_12_word_%=\n\t" #endif "MOV %[r], r11\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -44769,7 +45685,11 @@ static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, const sp_digi "MOV r8, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" - "L_sp_384_cond_add_12_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_cond_add_12_words:\n\t" +#else + "L_sp_384_cond_add_12_words_%=:\n\t" +#endif "ADDS r5, r5, #0xffffffff\n\t" "LDR r6, [%[a], r4]\n\t" "LDR r7, [%[b], r4]\n\t" @@ -44779,10 +45699,12 @@ static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, const sp_digi "STR r6, [%[r], r4]\n\t" "ADD r4, r4, #0x4\n\t" "CMP r4, #0x30\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_384_cond_add_12_words%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_384_cond_add_12_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_384_cond_add_12_words\n\t" #else - "BLT.N L_sp_384_cond_add_12_words%=\n\t" + "BLT.N L_sp_384_cond_add_12_words_%=\n\t" #endif "MOV %[r], r5\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -48974,7 +49896,11 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a, const sp_digit* b) "MOV r10, #0x0\n\t" "ADD r11, %[a], #0x30\n\t" "\n" - "L_sp_384_sub_in_pkace_12_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_sub_in_pkace_12_word:\n\t" +#else + "L_sp_384_sub_in_pkace_12_word_%=:\n\t" +#endif "RSBS r10, r10, #0x0\n\t" "LDM %[a], {r2, r3, r4, r5}\n\t" "LDM %[b]!, {r6, r7, r8, r9}\n\t" @@ -48985,10 +49911,12 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a, const sp_digit* b) "STM %[a]!, {r2, r3, r4, r5}\n\t" "SBC r10, r10, r10\n\t" "CMP %[a], r11\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_384_sub_in_pkace_12_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_384_sub_in_pkace_12_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_384_sub_in_pkace_12_word\n\t" #else - "BNE.N L_sp_384_sub_in_pkace_12_word%=\n\t" + "BNE.N L_sp_384_sub_in_pkace_12_word_%=\n\t" #endif "MOV %[a], r10\n\t" : [a] "+r" (a), [b] "+r" (b) @@ -49074,7 +50002,11 @@ static void sp_384_mul_d_12(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "MOV r9, #0x4\n\t" "\n" - "L_sp_384_mul_d_12_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_mul_d_12_word:\n\t" +#else + "L_sp_384_mul_d_12_word_%=:\n\t" +#endif /* A[i] * B */ "LDR r8, [%[a], r9]\n\t" "UMULL r6, r7, %[b], r8\n\t" @@ -49087,10 +50019,12 @@ static void sp_384_mul_d_12(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "ADD r9, r9, #0x4\n\t" "CMP r9, #0x30\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_384_mul_d_12_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_384_mul_d_12_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_384_mul_d_12_word\n\t" #else - "BLT.N L_sp_384_mul_d_12_word%=\n\t" + "BLT.N L_sp_384_mul_d_12_word_%=\n\t" #endif "STR r3, [%[r], #48]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -49288,7 +50222,11 @@ SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1, sp_digit d0, sp_digit d /* Next 30 bits */ "MOV r4, #0x1d\n\t" "\n" - "L_div_384_word_12_bit%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_div_384_word_12_bit:\n\t" +#else + "L_div_384_word_12_bit_%=:\n\t" +#endif "LSLS r6, r6, #1\n\t" "ADC r7, r7, r7\n\t" "SUBS r8, r5, r7\n\t" @@ -49298,7 +50236,13 @@ SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1, sp_digit d0, sp_digit d "AND r8, r8, r5\n\t" "SUBS r7, r7, r8\n\t" "SUBS r4, r4, #0x1\n\t" - "bpl L_div_384_word_12_bit%=\n\t" +#if defined(__GNUC__) + "BPL L_div_384_word_12_bit_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BPL.N L_div_384_word_12_bit\n\t" +#else + "BPL.N L_div_384_word_12_bit_%=\n\t" +#endif "ADD r3, r3, r3\n\t" "ADD r3, r3, #0x1\n\t" "UMULL r6, r7, r3, %[div]\n\t" @@ -49961,10 +50905,12 @@ static void sp_384_div2_mod_12(sp_digit* r, const sp_digit* a, const sp_digit* m __asm__ __volatile__ ( "LDM %[a]!, {r4}\n\t" "ANDS r3, r4, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_384_div2_mod_12_even%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_384_div2_mod_12_even_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_384_div2_mod_12_even\n\t" #else - "BEQ.N L_sp_384_div2_mod_12_even%=\n\t" + "BEQ.N L_sp_384_div2_mod_12_even_%=\n\t" #endif "MOV r12, #0x0\n\t" "LDM %[a]!, {r5, r6, r7}\n\t" @@ -49989,13 +50935,19 @@ static void sp_384_div2_mod_12(sp_digit* r, const sp_digit* a, const sp_digit* m "ADCS r7, r7, r11\n\t" "STM %[r]!, {r4, r5, r6, r7}\n\t" "ADC r3, r12, r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_384_div2_mod_12_div2%=\n\t" +#if defined(__GNUC__) + "B L_sp_384_div2_mod_12_div2_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_384_div2_mod_12_div2\n\t" #else - "B.N L_sp_384_div2_mod_12_div2%=\n\t" + "B.N L_sp_384_div2_mod_12_div2_%=\n\t" #endif "\n" - "L_sp_384_div2_mod_12_even%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_div2_mod_12_even:\n\t" +#else + "L_sp_384_div2_mod_12_even_%=:\n\t" +#endif "LDM %[a]!, {r5, r6, r7}\n\t" "STM %[r]!, {r4, r5, r6, r7}\n\t" "LDM %[a]!, {r4, r5, r6, r7}\n\t" @@ -50003,7 +50955,11 @@ static void sp_384_div2_mod_12(sp_digit* r, const sp_digit* a, const sp_digit* m "LDM %[a]!, {r4, r5, r6, r7}\n\t" "STM %[r]!, {r4, r5, r6, r7}\n\t" "\n" - "L_sp_384_div2_mod_12_div2%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_div2_mod_12_div2:\n\t" +#else + "L_sp_384_div2_mod_12_div2_%=:\n\t" +#endif "SUB %[r], %[r], #0x30\n\t" "LDRD r8, r9, [%[r]]\n\t" "LSR r8, r8, #1\n\t" @@ -50071,197 +51027,289 @@ static int sp_384_num_bits_12(const sp_digit* a) __asm__ __volatile__ ( "LDR r1, [%[a], #44]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_384_num_bits_12_11%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_384_num_bits_12_11_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_384_num_bits_12_11\n\t" #else - "BEQ.N L_sp_384_num_bits_12_11%=\n\t" + "BEQ.N L_sp_384_num_bits_12_11_%=\n\t" #endif "MOV r2, #0x180\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_384_num_bits_12_13%=\n\t" +#if defined(__GNUC__) + "B L_sp_384_num_bits_12_13_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_384_num_bits_12_13\n\t" #else - "B.N L_sp_384_num_bits_12_13%=\n\t" + "B.N L_sp_384_num_bits_12_13_%=\n\t" #endif "\n" - "L_sp_384_num_bits_12_11%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_num_bits_12_11:\n\t" +#else + "L_sp_384_num_bits_12_11_%=:\n\t" +#endif "LDR r1, [%[a], #40]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_384_num_bits_12_10%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_384_num_bits_12_10_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_384_num_bits_12_10\n\t" #else - "BEQ.N L_sp_384_num_bits_12_10%=\n\t" + "BEQ.N L_sp_384_num_bits_12_10_%=\n\t" #endif "MOV r2, #0x160\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_384_num_bits_12_13%=\n\t" +#if defined(__GNUC__) + "B L_sp_384_num_bits_12_13_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_384_num_bits_12_13\n\t" #else - "B.N L_sp_384_num_bits_12_13%=\n\t" + "B.N L_sp_384_num_bits_12_13_%=\n\t" #endif "\n" - "L_sp_384_num_bits_12_10%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_num_bits_12_10:\n\t" +#else + "L_sp_384_num_bits_12_10_%=:\n\t" +#endif "LDR r1, [%[a], #36]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_384_num_bits_12_9%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_384_num_bits_12_9_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_384_num_bits_12_9\n\t" #else - "BEQ.N L_sp_384_num_bits_12_9%=\n\t" + "BEQ.N L_sp_384_num_bits_12_9_%=\n\t" #endif "MOV r2, #0x140\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_384_num_bits_12_13%=\n\t" +#if defined(__GNUC__) + "B L_sp_384_num_bits_12_13_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_384_num_bits_12_13\n\t" #else - "B.N L_sp_384_num_bits_12_13%=\n\t" + "B.N L_sp_384_num_bits_12_13_%=\n\t" #endif "\n" - "L_sp_384_num_bits_12_9%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_num_bits_12_9:\n\t" +#else + "L_sp_384_num_bits_12_9_%=:\n\t" +#endif "LDR r1, [%[a], #32]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_384_num_bits_12_8%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_384_num_bits_12_8_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_384_num_bits_12_8\n\t" #else - "BEQ.N L_sp_384_num_bits_12_8%=\n\t" + "BEQ.N L_sp_384_num_bits_12_8_%=\n\t" #endif "MOV r2, #0x120\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_384_num_bits_12_13%=\n\t" +#if defined(__GNUC__) + "B L_sp_384_num_bits_12_13_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_384_num_bits_12_13\n\t" #else - "B.N L_sp_384_num_bits_12_13%=\n\t" + "B.N L_sp_384_num_bits_12_13_%=\n\t" #endif "\n" - "L_sp_384_num_bits_12_8%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_num_bits_12_8:\n\t" +#else + "L_sp_384_num_bits_12_8_%=:\n\t" +#endif "LDR r1, [%[a], #28]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_384_num_bits_12_7%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_384_num_bits_12_7_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_384_num_bits_12_7\n\t" #else - "BEQ.N L_sp_384_num_bits_12_7%=\n\t" + "BEQ.N L_sp_384_num_bits_12_7_%=\n\t" #endif "MOV r2, #0x100\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_384_num_bits_12_13%=\n\t" +#if defined(__GNUC__) + "B L_sp_384_num_bits_12_13_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_384_num_bits_12_13\n\t" #else - "B.N L_sp_384_num_bits_12_13%=\n\t" + "B.N L_sp_384_num_bits_12_13_%=\n\t" #endif "\n" - "L_sp_384_num_bits_12_7%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_num_bits_12_7:\n\t" +#else + "L_sp_384_num_bits_12_7_%=:\n\t" +#endif "LDR r1, [%[a], #24]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_384_num_bits_12_6%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_384_num_bits_12_6_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_384_num_bits_12_6\n\t" #else - "BEQ.N L_sp_384_num_bits_12_6%=\n\t" + "BEQ.N L_sp_384_num_bits_12_6_%=\n\t" #endif "MOV r2, #0xe0\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_384_num_bits_12_13%=\n\t" +#if defined(__GNUC__) + "B L_sp_384_num_bits_12_13_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_384_num_bits_12_13\n\t" #else - "B.N L_sp_384_num_bits_12_13%=\n\t" + "B.N L_sp_384_num_bits_12_13_%=\n\t" #endif "\n" - "L_sp_384_num_bits_12_6%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_num_bits_12_6:\n\t" +#else + "L_sp_384_num_bits_12_6_%=:\n\t" +#endif "LDR r1, [%[a], #20]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_384_num_bits_12_5%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_384_num_bits_12_5_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_384_num_bits_12_5\n\t" #else - "BEQ.N L_sp_384_num_bits_12_5%=\n\t" + "BEQ.N L_sp_384_num_bits_12_5_%=\n\t" #endif "MOV r2, #0xc0\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_384_num_bits_12_13%=\n\t" +#if defined(__GNUC__) + "B L_sp_384_num_bits_12_13_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_384_num_bits_12_13\n\t" #else - "B.N L_sp_384_num_bits_12_13%=\n\t" + "B.N L_sp_384_num_bits_12_13_%=\n\t" #endif "\n" - "L_sp_384_num_bits_12_5%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_num_bits_12_5:\n\t" +#else + "L_sp_384_num_bits_12_5_%=:\n\t" +#endif "LDR r1, [%[a], #16]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_384_num_bits_12_4%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_384_num_bits_12_4_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_384_num_bits_12_4\n\t" #else - "BEQ.N L_sp_384_num_bits_12_4%=\n\t" + "BEQ.N L_sp_384_num_bits_12_4_%=\n\t" #endif "MOV r2, #0xa0\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_384_num_bits_12_13%=\n\t" +#if defined(__GNUC__) + "B L_sp_384_num_bits_12_13_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_384_num_bits_12_13\n\t" #else - "B.N L_sp_384_num_bits_12_13%=\n\t" + "B.N L_sp_384_num_bits_12_13_%=\n\t" #endif "\n" - "L_sp_384_num_bits_12_4%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_num_bits_12_4:\n\t" +#else + "L_sp_384_num_bits_12_4_%=:\n\t" +#endif "LDR r1, [%[a], #12]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_384_num_bits_12_3%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_384_num_bits_12_3_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_384_num_bits_12_3\n\t" #else - "BEQ.N L_sp_384_num_bits_12_3%=\n\t" + "BEQ.N L_sp_384_num_bits_12_3_%=\n\t" #endif "MOV r2, #0x80\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_384_num_bits_12_13%=\n\t" +#if defined(__GNUC__) + "B L_sp_384_num_bits_12_13_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_384_num_bits_12_13\n\t" #else - "B.N L_sp_384_num_bits_12_13%=\n\t" + "B.N L_sp_384_num_bits_12_13_%=\n\t" #endif "\n" - "L_sp_384_num_bits_12_3%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_num_bits_12_3:\n\t" +#else + "L_sp_384_num_bits_12_3_%=:\n\t" +#endif "LDR r1, [%[a], #8]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_384_num_bits_12_2%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_384_num_bits_12_2_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_384_num_bits_12_2\n\t" #else - "BEQ.N L_sp_384_num_bits_12_2%=\n\t" + "BEQ.N L_sp_384_num_bits_12_2_%=\n\t" #endif "MOV r2, #0x60\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_384_num_bits_12_13%=\n\t" +#if defined(__GNUC__) + "B L_sp_384_num_bits_12_13_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_384_num_bits_12_13\n\t" #else - "B.N L_sp_384_num_bits_12_13%=\n\t" + "B.N L_sp_384_num_bits_12_13_%=\n\t" #endif "\n" - "L_sp_384_num_bits_12_2%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_num_bits_12_2:\n\t" +#else + "L_sp_384_num_bits_12_2_%=:\n\t" +#endif "LDR r1, [%[a], #4]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_384_num_bits_12_1%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_384_num_bits_12_1_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_384_num_bits_12_1\n\t" #else - "BEQ.N L_sp_384_num_bits_12_1%=\n\t" + "BEQ.N L_sp_384_num_bits_12_1_%=\n\t" #endif "MOV r2, #0x40\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_384_num_bits_12_13%=\n\t" +#if defined(__GNUC__) + "B L_sp_384_num_bits_12_13_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_384_num_bits_12_13\n\t" #else - "B.N L_sp_384_num_bits_12_13%=\n\t" + "B.N L_sp_384_num_bits_12_13_%=\n\t" #endif "\n" - "L_sp_384_num_bits_12_1%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_num_bits_12_1:\n\t" +#else + "L_sp_384_num_bits_12_1_%=:\n\t" +#endif "LDR r1, [%[a]]\n\t" "MOV r2, #0x20\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" "\n" - "L_sp_384_num_bits_12_13%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_num_bits_12_13:\n\t" +#else + "L_sp_384_num_bits_12_13_%=:\n\t" +#endif "MOV %[a], r4\n\t" : [a] "+r" (a) : @@ -51430,13 +52478,21 @@ static void sp_521_mul_17(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" - "L_sp_521_mul_17_outer%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_mul_17_outer:\n\t" +#else + "L_sp_521_mul_17_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x40\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" - "L_sp_521_mul_17_inner%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_mul_17_inner:\n\t" +#else + "L_sp_521_mul_17_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -51452,15 +52508,19 @@ static void sp_521_mul_17(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_521_mul_17_inner_done%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_521_mul_17_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_521_mul_17_inner_done\n\t" #else - "BGT.N L_sp_521_mul_17_inner_done%=\n\t" + "BGT.N L_sp_521_mul_17_inner_done_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_521_mul_17_inner%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_521_mul_17_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_521_mul_17_inner\n\t" #else - "BLT.N L_sp_521_mul_17_inner%=\n\t" + "BLT.N L_sp_521_mul_17_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r3]\n\t" @@ -51469,17 +52529,23 @@ static void sp_521_mul_17(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" - "L_sp_521_mul_17_inner_done%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_mul_17_inner_done:\n\t" +#else + "L_sp_521_mul_17_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x7c\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_521_mul_17_outer%=\n\t" +#if defined(__GNUC__) + "BLE L_sp_521_mul_17_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLE.N L_sp_521_mul_17_outer\n\t" #else - "BLE.N L_sp_521_mul_17_outer%=\n\t" + "BLE.N L_sp_521_mul_17_outer_%=\n\t" #endif "LDR lr, [%[a], #64]\n\t" "LDR r11, [%[b], #64]\n\t" @@ -51491,14 +52557,20 @@ static void sp_521_mul_17(sp_digit* r, const sp_digit* a, const sp_digit* b) "STM %[r]!, {r6, r7}\n\t" "SUB r5, r5, #0x8\n\t" "\n" - "L_sp_521_mul_17_store%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_mul_17_store:\n\t" +#else + "L_sp_521_mul_17_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_521_mul_17_store%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_521_mul_17_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_521_mul_17_store\n\t" #else - "BGT.N L_sp_521_mul_17_store%=\n\t" + "BGT.N L_sp_521_mul_17_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : @@ -53575,13 +54647,21 @@ static void sp_521_sqr_17(sp_digit* r, const sp_digit* a) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" - "L_sp_521_sqr_17_outer%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_sqr_17_outer:\n\t" +#else + "L_sp_521_sqr_17_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x40\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" - "L_sp_521_sqr_17_inner%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_sqr_17_inner:\n\t" +#else + "L_sp_521_sqr_17_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[a], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -53594,15 +54674,19 @@ static void sp_521_sqr_17(sp_digit* r, const sp_digit* a) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_521_sqr_17_inner_done%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_521_sqr_17_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_521_sqr_17_inner_done\n\t" #else - "BGT.N L_sp_521_sqr_17_inner_done%=\n\t" + "BGT.N L_sp_521_sqr_17_inner_done_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_521_sqr_17_inner%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_521_sqr_17_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_521_sqr_17_inner\n\t" #else - "BLT.N L_sp_521_sqr_17_inner%=\n\t" + "BLT.N L_sp_521_sqr_17_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "UMULL r9, r10, lr, lr\n\t" @@ -53610,17 +54694,23 @@ static void sp_521_sqr_17(sp_digit* r, const sp_digit* a) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" - "L_sp_521_sqr_17_inner_done%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_sqr_17_inner_done:\n\t" +#else + "L_sp_521_sqr_17_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x7c\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_521_sqr_17_outer%=\n\t" +#if defined(__GNUC__) + "BLE L_sp_521_sqr_17_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLE.N L_sp_521_sqr_17_outer\n\t" #else - "BLE.N L_sp_521_sqr_17_outer%=\n\t" + "BLE.N L_sp_521_sqr_17_outer_%=\n\t" #endif "LDR lr, [%[a], #64]\n\t" "UMLAL r6, r7, lr, lr\n\t" @@ -53631,14 +54721,20 @@ static void sp_521_sqr_17(sp_digit* r, const sp_digit* a) "STM %[r]!, {r6, r7}\n\t" "SUB r5, r5, #0x8\n\t" "\n" - "L_sp_521_sqr_17_store%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_sqr_17_store:\n\t" +#else + "L_sp_521_sqr_17_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_521_sqr_17_store%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_521_sqr_17_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_521_sqr_17_store\n\t" #else - "BGT.N L_sp_521_sqr_17_store%=\n\t" + "BGT.N L_sp_521_sqr_17_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a) : @@ -54955,7 +56051,11 @@ static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r3, #0x0\n\t" "ADD r12, %[a], #0x40\n\t" "\n" - "L_sp_521_add_17_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_add_17_word:\n\t" +#else + "L_sp_521_add_17_word_%=:\n\t" +#endif "ADDS r3, r3, #0xffffffff\n\t" "LDM %[a]!, {r4, r5, r6, r7}\n\t" "LDM %[b]!, {r8, r9, r10, r11}\n\t" @@ -54967,10 +56067,12 @@ static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r4, #0x0\n\t" "ADC r3, r4, #0x0\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_521_add_17_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_521_add_17_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_521_add_17_word\n\t" #else - "BNE.N L_sp_521_add_17_word%=\n\t" + "BNE.N L_sp_521_add_17_word_%=\n\t" #endif "ADDS r3, r3, #0xffffffff\n\t" "LDM %[a], {r4}\n\t" @@ -55288,7 +56390,11 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a, const sp_digi "MOV r4, #0x0\n\t" "MOV r5, #0x0\n\t" "\n" - "L_sp_521_cond_sub_17_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_cond_sub_17_words:\n\t" +#else + "L_sp_521_cond_sub_17_words_%=:\n\t" +#endif "SUBS r4, r8, r4\n\t" "LDR r6, [%[a], r5]\n\t" "LDR r7, [%[b], r5]\n\t" @@ -55298,10 +56404,12 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a, const sp_digi "STR r6, [%[r], r5]\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x44\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_521_cond_sub_17_words%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_521_cond_sub_17_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_521_cond_sub_17_words\n\t" #else - "BLT.N L_sp_521_cond_sub_17_words%=\n\t" + "BLT.N L_sp_521_cond_sub_17_words_%=\n\t" #endif "MOV %[r], r4\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -55568,19 +56676,29 @@ SP_NOINLINE static void sp_521_mont_reduce_order_17(sp_digit* a, const sp_digit* "LDR r4, [%[a]]\n\t" "LDR r5, [%[a], #4]\n\t" "\n" - "L_sp_521_mont_reduce_order_17_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_mont_reduce_order_17_word:\n\t" +#else + "L_sp_521_mont_reduce_order_17_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL r10, %[mp], r4\n\t" "CMP r11, #0x40\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_521_mont_reduce_order_17_nomask%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_521_mont_reduce_order_17_nomask_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_521_mont_reduce_order_17_nomask\n\t" #else - "BNE.N L_sp_521_mont_reduce_order_17_nomask%=\n\t" + "BNE.N L_sp_521_mont_reduce_order_17_nomask_%=\n\t" #endif "MOV r9, #0x1ff\n\t" "AND r10, r10, r9\n\t" "\n" - "L_sp_521_mont_reduce_order_17_nomask%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_mont_reduce_order_17_nomask:\n\t" +#else + "L_sp_521_mont_reduce_order_17_nomask_%=:\n\t" +#endif /* a[i+0] += m[0] * mu */ "MOV r7, #0x0\n\t" "UMLAL r4, r7, r10, lr\n\t" @@ -55721,10 +56839,12 @@ SP_NOINLINE static void sp_521_mont_reduce_order_17(sp_digit* a, const sp_digit* "ADD r11, r11, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r11, #0x44\n\t" -#ifdef __GNUC__ - "BLT L_sp_521_mont_reduce_order_17_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_521_mont_reduce_order_17_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.W L_sp_521_mont_reduce_order_17_word\n\t" #else - "BLT.W L_sp_521_mont_reduce_order_17_word%=\n\t" + "BLT.W L_sp_521_mont_reduce_order_17_word_%=\n\t" #endif /* Loop Done */ "STR r4, [%[a]]\n\t" @@ -55836,19 +56956,29 @@ SP_NOINLINE static void sp_521_mont_reduce_order_17(sp_digit* a, const sp_digit* "LDR r9, [%[a], #12]\n\t" "LDR r10, [%[a], #16]\n\t" "\n" - "L_sp_521_mont_reduce_order_17_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_mont_reduce_order_17_word:\n\t" +#else + "L_sp_521_mont_reduce_order_17_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL lr, %[mp], r6\n\t" "CMP r4, #0x40\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_521_mont_reduce_order_17_nomask%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_521_mont_reduce_order_17_nomask_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_521_mont_reduce_order_17_nomask\n\t" #else - "BNE.N L_sp_521_mont_reduce_order_17_nomask%=\n\t" + "BNE.N L_sp_521_mont_reduce_order_17_nomask_%=\n\t" #endif "MOV r12, #0x1ff\n\t" "AND lr, lr, r12\n\t" "\n" - "L_sp_521_mont_reduce_order_17_nomask%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_mont_reduce_order_17_nomask:\n\t" +#else + "L_sp_521_mont_reduce_order_17_nomask_%=:\n\t" +#endif /* a[i+0] += m[0] * mu */ "LDR r12, [%[m]]\n\t" "MOV r3, #0x0\n\t" @@ -55939,10 +57069,12 @@ SP_NOINLINE static void sp_521_mont_reduce_order_17(sp_digit* a, const sp_digit* "ADD r4, r4, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r4, #0x44\n\t" -#ifdef __GNUC__ - "BLT L_sp_521_mont_reduce_order_17_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_521_mont_reduce_order_17_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.W L_sp_521_mont_reduce_order_17_word\n\t" #else - "BLT.W L_sp_521_mont_reduce_order_17_word%=\n\t" + "BLT.W L_sp_521_mont_reduce_order_17_word_%=\n\t" #endif /* Loop Done */ "STR r6, [%[a]]\n\t" @@ -56194,7 +57326,11 @@ static sp_int32 sp_521_cmp_17(const sp_digit* a, const sp_digit* b) #ifdef WOLFSSL_SP_SMALL "MOV r6, #0x40\n\t" "\n" - "L_sp_521_cmp_17_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_cmp_17_words:\n\t" +#else + "L_sp_521_cmp_17_words_%=:\n\t" +#endif "LDR r4, [%[a], r6]\n\t" "LDR r5, [%[b], r6]\n\t" "AND r4, r4, r3\n\t" @@ -56207,7 +57343,7 @@ static sp_int32 sp_521_cmp_17(const sp_digit* a, const sp_digit* b) "IT ne\n\t" "movne r3, r7\n\t" "SUBS r6, r6, #0x4\n\t" - "bcs L_sp_521_cmp_17_words%=\n\t" + "bcs L_sp_521_cmp_17_words\n\t" "EOR r2, r2, r3\n\t" #else "LDR r4, [%[a], #64]\n\t" @@ -61995,7 +63131,11 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a, const sp_digit* b) "MOV r10, #0x0\n\t" "ADD r11, %[a], #0x40\n\t" "\n" - "L_sp_521_sub_in_pkace_17_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_sub_in_pkace_17_word:\n\t" +#else + "L_sp_521_sub_in_pkace_17_word_%=:\n\t" +#endif "RSBS r10, r10, #0x0\n\t" "LDM %[a], {r2, r3, r4, r5}\n\t" "LDM %[b]!, {r6, r7, r8, r9}\n\t" @@ -62006,10 +63146,12 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a, const sp_digit* b) "STM %[a]!, {r2, r3, r4, r5}\n\t" "SBC r10, r10, r10\n\t" "CMP %[a], r11\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_521_sub_in_pkace_17_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_521_sub_in_pkace_17_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_521_sub_in_pkace_17_word\n\t" #else - "BNE.N L_sp_521_sub_in_pkace_17_word%=\n\t" + "BNE.N L_sp_521_sub_in_pkace_17_word_%=\n\t" #endif "RSBS r10, r10, #0x0\n\t" "LDM %[a], {r2}\n\t" @@ -62111,7 +63253,11 @@ static void sp_521_mul_d_17(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "MOV r9, #0x4\n\t" "\n" - "L_sp_521_mul_d_17_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_mul_d_17_word:\n\t" +#else + "L_sp_521_mul_d_17_word_%=:\n\t" +#endif /* A[i] * B */ "LDR r8, [%[a], r9]\n\t" "UMULL r6, r7, %[b], r8\n\t" @@ -62124,10 +63270,12 @@ static void sp_521_mul_d_17(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "ADD r9, r9, #0x4\n\t" "CMP r9, #0x44\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_521_mul_d_17_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_521_mul_d_17_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_521_mul_d_17_word\n\t" #else - "BLT.N L_sp_521_mul_d_17_word%=\n\t" + "BLT.N L_sp_521_mul_d_17_word_%=\n\t" #endif "STR r3, [%[r], #68]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -62350,7 +63498,11 @@ SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1, sp_digit d0, sp_digit d /* Next 30 bits */ "MOV r4, #0x1d\n\t" "\n" - "L_div_521_word_17_bit%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_div_521_word_17_bit:\n\t" +#else + "L_div_521_word_17_bit_%=:\n\t" +#endif "LSLS r6, r6, #1\n\t" "ADC r7, r7, r7\n\t" "SUBS r8, r5, r7\n\t" @@ -62360,7 +63512,13 @@ SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1, sp_digit d0, sp_digit d "AND r8, r8, r5\n\t" "SUBS r7, r7, r8\n\t" "SUBS r4, r4, #0x1\n\t" - "bpl L_div_521_word_17_bit%=\n\t" +#if defined(__GNUC__) + "BPL L_div_521_word_17_bit_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BPL.N L_div_521_word_17_bit\n\t" +#else + "BPL.N L_div_521_word_17_bit_%=\n\t" +#endif "ADD r3, r3, r3\n\t" "ADD r3, r3, #0x1\n\t" "UMULL r6, r7, r3, %[div]\n\t" @@ -63055,7 +64213,11 @@ static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r11, #0x0\n\t" "ADD r12, %[a], #0x40\n\t" "\n" - "L_sp_521_sub_17_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_sub_17_word:\n\t" +#else + "L_sp_521_sub_17_word_%=:\n\t" +#endif "RSBS r11, r11, #0x0\n\t" "LDM %[a]!, {r3, r4, r5, r6}\n\t" "LDM %[b]!, {r7, r8, r9, r10}\n\t" @@ -63066,10 +64228,12 @@ static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b) "STM %[r]!, {r3, r4, r5, r6}\n\t" "SBC r11, r3, r3\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_521_sub_17_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_521_sub_17_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_521_sub_17_word\n\t" #else - "BNE.N L_sp_521_sub_17_word%=\n\t" + "BNE.N L_sp_521_sub_17_word_%=\n\t" #endif "RSBS r11, r11, #0x0\n\t" "LDM %[a]!, {r3}\n\t" @@ -63166,10 +64330,12 @@ static void sp_521_div2_mod_17(sp_digit* r, const sp_digit* a, const sp_digit* m __asm__ __volatile__ ( "LDM %[a]!, {r4}\n\t" "ANDS r3, r4, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_div2_mod_17_even%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_521_div2_mod_17_even_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_521_div2_mod_17_even\n\t" #else - "BEQ.N L_sp_521_div2_mod_17_even%=\n\t" + "BEQ.N L_sp_521_div2_mod_17_even_%=\n\t" #endif "MOV r12, #0x0\n\t" "LDM %[a]!, {r5, r6, r7}\n\t" @@ -63205,13 +64371,19 @@ static void sp_521_div2_mod_17(sp_digit* r, const sp_digit* a, const sp_digit* m "ADCS r4, r4, r8\n\t" "STM %[r]!, {r4}\n\t" "ADC r3, r12, r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_div2_mod_17_div2%=\n\t" +#if defined(__GNUC__) + "B L_sp_521_div2_mod_17_div2_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_521_div2_mod_17_div2\n\t" #else - "B.N L_sp_521_div2_mod_17_div2%=\n\t" + "B.N L_sp_521_div2_mod_17_div2_%=\n\t" #endif "\n" - "L_sp_521_div2_mod_17_even%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_div2_mod_17_even:\n\t" +#else + "L_sp_521_div2_mod_17_even_%=:\n\t" +#endif "LDM %[a]!, {r5, r6, r7}\n\t" "STM %[r]!, {r4, r5, r6, r7}\n\t" "LDM %[a]!, {r4, r5, r6, r7}\n\t" @@ -63223,7 +64395,11 @@ static void sp_521_div2_mod_17(sp_digit* r, const sp_digit* a, const sp_digit* m "LDM %[a]!, {r4}\n\t" "STM %[r]!, {r4}\n\t" "\n" - "L_sp_521_div2_mod_17_div2%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_div2_mod_17_div2:\n\t" +#else + "L_sp_521_div2_mod_17_div2_%=:\n\t" +#endif "SUB %[r], %[r], #0x44\n\t" "LDRD r8, r9, [%[r]]\n\t" "LSR r8, r8, #1\n\t" @@ -63311,282 +64487,414 @@ static int sp_521_num_bits_17(const sp_digit* a) __asm__ __volatile__ ( "LDR r1, [%[a], #64]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_16%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_16_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_521_num_bits_17_16\n\t" #else - "BEQ.N L_sp_521_num_bits_17_16%=\n\t" + "BEQ.N L_sp_521_num_bits_17_16_%=\n\t" #endif "MOV r2, #0x220\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18%=\n\t" +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_521_num_bits_17_18\n\t" #else - "B.N L_sp_521_num_bits_17_18%=\n\t" + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" - "L_sp_521_num_bits_17_16%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_num_bits_17_16:\n\t" +#else + "L_sp_521_num_bits_17_16_%=:\n\t" +#endif "LDR r1, [%[a], #60]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_15%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_15_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_521_num_bits_17_15\n\t" #else - "BEQ.N L_sp_521_num_bits_17_15%=\n\t" + "BEQ.N L_sp_521_num_bits_17_15_%=\n\t" #endif "MOV r2, #0x200\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18%=\n\t" +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_521_num_bits_17_18\n\t" #else - "B.N L_sp_521_num_bits_17_18%=\n\t" + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" - "L_sp_521_num_bits_17_15%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_num_bits_17_15:\n\t" +#else + "L_sp_521_num_bits_17_15_%=:\n\t" +#endif "LDR r1, [%[a], #56]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_14%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_14_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_521_num_bits_17_14\n\t" #else - "BEQ.N L_sp_521_num_bits_17_14%=\n\t" + "BEQ.N L_sp_521_num_bits_17_14_%=\n\t" #endif "MOV r2, #0x1e0\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18%=\n\t" +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_521_num_bits_17_18\n\t" #else - "B.N L_sp_521_num_bits_17_18%=\n\t" + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" - "L_sp_521_num_bits_17_14%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_num_bits_17_14:\n\t" +#else + "L_sp_521_num_bits_17_14_%=:\n\t" +#endif "LDR r1, [%[a], #52]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_13%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_13_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_521_num_bits_17_13\n\t" #else - "BEQ.N L_sp_521_num_bits_17_13%=\n\t" + "BEQ.N L_sp_521_num_bits_17_13_%=\n\t" #endif "MOV r2, #0x1c0\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18%=\n\t" +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_521_num_bits_17_18\n\t" #else - "B.N L_sp_521_num_bits_17_18%=\n\t" + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" - "L_sp_521_num_bits_17_13%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_num_bits_17_13:\n\t" +#else + "L_sp_521_num_bits_17_13_%=:\n\t" +#endif "LDR r1, [%[a], #48]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_12%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_12_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_521_num_bits_17_12\n\t" #else - "BEQ.N L_sp_521_num_bits_17_12%=\n\t" + "BEQ.N L_sp_521_num_bits_17_12_%=\n\t" #endif "MOV r2, #0x1a0\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18%=\n\t" +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_521_num_bits_17_18\n\t" #else - "B.N L_sp_521_num_bits_17_18%=\n\t" + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" - "L_sp_521_num_bits_17_12%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_num_bits_17_12:\n\t" +#else + "L_sp_521_num_bits_17_12_%=:\n\t" +#endif "LDR r1, [%[a], #44]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_11%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_11_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_521_num_bits_17_11\n\t" #else - "BEQ.N L_sp_521_num_bits_17_11%=\n\t" + "BEQ.N L_sp_521_num_bits_17_11_%=\n\t" #endif "MOV r2, #0x180\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18%=\n\t" +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_521_num_bits_17_18\n\t" #else - "B.N L_sp_521_num_bits_17_18%=\n\t" + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" - "L_sp_521_num_bits_17_11%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_num_bits_17_11:\n\t" +#else + "L_sp_521_num_bits_17_11_%=:\n\t" +#endif "LDR r1, [%[a], #40]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_10%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_10_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_521_num_bits_17_10\n\t" #else - "BEQ.N L_sp_521_num_bits_17_10%=\n\t" + "BEQ.N L_sp_521_num_bits_17_10_%=\n\t" #endif "MOV r2, #0x160\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18%=\n\t" +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_521_num_bits_17_18\n\t" #else - "B.N L_sp_521_num_bits_17_18%=\n\t" + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" - "L_sp_521_num_bits_17_10%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_num_bits_17_10:\n\t" +#else + "L_sp_521_num_bits_17_10_%=:\n\t" +#endif "LDR r1, [%[a], #36]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_9%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_9_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_521_num_bits_17_9\n\t" #else - "BEQ.N L_sp_521_num_bits_17_9%=\n\t" + "BEQ.N L_sp_521_num_bits_17_9_%=\n\t" #endif "MOV r2, #0x140\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18%=\n\t" +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_521_num_bits_17_18\n\t" #else - "B.N L_sp_521_num_bits_17_18%=\n\t" + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" - "L_sp_521_num_bits_17_9%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_num_bits_17_9:\n\t" +#else + "L_sp_521_num_bits_17_9_%=:\n\t" +#endif "LDR r1, [%[a], #32]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_8%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_8_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_521_num_bits_17_8\n\t" #else - "BEQ.N L_sp_521_num_bits_17_8%=\n\t" + "BEQ.N L_sp_521_num_bits_17_8_%=\n\t" #endif "MOV r2, #0x120\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18%=\n\t" +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_521_num_bits_17_18\n\t" #else - "B.N L_sp_521_num_bits_17_18%=\n\t" + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" - "L_sp_521_num_bits_17_8%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_num_bits_17_8:\n\t" +#else + "L_sp_521_num_bits_17_8_%=:\n\t" +#endif "LDR r1, [%[a], #28]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_7%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_7_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_521_num_bits_17_7\n\t" #else - "BEQ.N L_sp_521_num_bits_17_7%=\n\t" + "BEQ.N L_sp_521_num_bits_17_7_%=\n\t" #endif "MOV r2, #0x100\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18%=\n\t" +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_521_num_bits_17_18\n\t" #else - "B.N L_sp_521_num_bits_17_18%=\n\t" + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" - "L_sp_521_num_bits_17_7%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_num_bits_17_7:\n\t" +#else + "L_sp_521_num_bits_17_7_%=:\n\t" +#endif "LDR r1, [%[a], #24]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_6%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_6_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_521_num_bits_17_6\n\t" #else - "BEQ.N L_sp_521_num_bits_17_6%=\n\t" + "BEQ.N L_sp_521_num_bits_17_6_%=\n\t" #endif "MOV r2, #0xe0\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18%=\n\t" +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_521_num_bits_17_18\n\t" #else - "B.N L_sp_521_num_bits_17_18%=\n\t" + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" - "L_sp_521_num_bits_17_6%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_num_bits_17_6:\n\t" +#else + "L_sp_521_num_bits_17_6_%=:\n\t" +#endif "LDR r1, [%[a], #20]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_5%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_5_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_521_num_bits_17_5\n\t" #else - "BEQ.N L_sp_521_num_bits_17_5%=\n\t" + "BEQ.N L_sp_521_num_bits_17_5_%=\n\t" #endif "MOV r2, #0xc0\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18%=\n\t" +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_521_num_bits_17_18\n\t" #else - "B.N L_sp_521_num_bits_17_18%=\n\t" + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" - "L_sp_521_num_bits_17_5%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_num_bits_17_5:\n\t" +#else + "L_sp_521_num_bits_17_5_%=:\n\t" +#endif "LDR r1, [%[a], #16]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_4%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_4_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_521_num_bits_17_4\n\t" #else - "BEQ.N L_sp_521_num_bits_17_4%=\n\t" + "BEQ.N L_sp_521_num_bits_17_4_%=\n\t" #endif "MOV r2, #0xa0\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18%=\n\t" +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_521_num_bits_17_18\n\t" #else - "B.N L_sp_521_num_bits_17_18%=\n\t" + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" - "L_sp_521_num_bits_17_4%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_num_bits_17_4:\n\t" +#else + "L_sp_521_num_bits_17_4_%=:\n\t" +#endif "LDR r1, [%[a], #12]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_3%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_3_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_521_num_bits_17_3\n\t" #else - "BEQ.N L_sp_521_num_bits_17_3%=\n\t" + "BEQ.N L_sp_521_num_bits_17_3_%=\n\t" #endif "MOV r2, #0x80\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18%=\n\t" +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_521_num_bits_17_18\n\t" #else - "B.N L_sp_521_num_bits_17_18%=\n\t" + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" - "L_sp_521_num_bits_17_3%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_num_bits_17_3:\n\t" +#else + "L_sp_521_num_bits_17_3_%=:\n\t" +#endif "LDR r1, [%[a], #8]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_2%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_2_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_521_num_bits_17_2\n\t" #else - "BEQ.N L_sp_521_num_bits_17_2%=\n\t" + "BEQ.N L_sp_521_num_bits_17_2_%=\n\t" #endif "MOV r2, #0x60\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18%=\n\t" +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_521_num_bits_17_18\n\t" #else - "B.N L_sp_521_num_bits_17_18%=\n\t" + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" - "L_sp_521_num_bits_17_2%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_num_bits_17_2:\n\t" +#else + "L_sp_521_num_bits_17_2_%=:\n\t" +#endif "LDR r1, [%[a], #4]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_1%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_1_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_521_num_bits_17_1\n\t" #else - "BEQ.N L_sp_521_num_bits_17_1%=\n\t" + "BEQ.N L_sp_521_num_bits_17_1_%=\n\t" #endif "MOV r2, #0x40\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18%=\n\t" +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_521_num_bits_17_18\n\t" #else - "B.N L_sp_521_num_bits_17_18%=\n\t" + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" - "L_sp_521_num_bits_17_1%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_num_bits_17_1:\n\t" +#else + "L_sp_521_num_bits_17_1_%=:\n\t" +#endif "LDR r1, [%[a]]\n\t" "MOV r2, #0x20\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" "\n" - "L_sp_521_num_bits_17_18%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_num_bits_17_18:\n\t" +#else + "L_sp_521_num_bits_17_18_%=:\n\t" +#endif "MOV %[a], r4\n\t" : [a] "+r" (a) : @@ -67981,13 +69289,21 @@ static void sp_1024_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" - "L_sp_1024_mul_32_outer%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_1024_mul_32_outer:\n\t" +#else + "L_sp_1024_mul_32_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x7c\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" - "L_sp_1024_mul_32_inner%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_1024_mul_32_inner:\n\t" +#else + "L_sp_1024_mul_32_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -68003,15 +69319,19 @@ static void sp_1024_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_1024_mul_32_inner_done%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_1024_mul_32_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_1024_mul_32_inner_done\n\t" #else - "BGT.N L_sp_1024_mul_32_inner_done%=\n\t" + "BGT.N L_sp_1024_mul_32_inner_done_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_1024_mul_32_inner%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_1024_mul_32_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_1024_mul_32_inner\n\t" #else - "BLT.N L_sp_1024_mul_32_inner%=\n\t" + "BLT.N L_sp_1024_mul_32_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r3]\n\t" @@ -68020,17 +69340,23 @@ static void sp_1024_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" - "L_sp_1024_mul_32_inner_done%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_1024_mul_32_inner_done:\n\t" +#else + "L_sp_1024_mul_32_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0xf4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_1024_mul_32_outer%=\n\t" +#if defined(__GNUC__) + "BLE L_sp_1024_mul_32_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLE.N L_sp_1024_mul_32_outer\n\t" #else - "BLE.N L_sp_1024_mul_32_outer%=\n\t" + "BLE.N L_sp_1024_mul_32_outer_%=\n\t" #endif "LDR lr, [%[a], #124]\n\t" "LDR r11, [%[b], #124]\n\t" @@ -68039,14 +69365,20 @@ static void sp_1024_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" - "L_sp_1024_mul_32_store%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_1024_mul_32_store:\n\t" +#else + "L_sp_1024_mul_32_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_1024_mul_32_store%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_1024_mul_32_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_1024_mul_32_store\n\t" #else - "BGT.N L_sp_1024_mul_32_store%=\n\t" + "BGT.N L_sp_1024_mul_32_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : @@ -68079,13 +69411,21 @@ static void sp_1024_sqr_32(sp_digit* r, const sp_digit* a) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" - "L_sp_1024_sqr_32_outer%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_1024_sqr_32_outer:\n\t" +#else + "L_sp_1024_sqr_32_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x7c\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" - "L_sp_1024_sqr_32_inner%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_1024_sqr_32_inner:\n\t" +#else + "L_sp_1024_sqr_32_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[a], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -68098,15 +69438,19 @@ static void sp_1024_sqr_32(sp_digit* r, const sp_digit* a) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_1024_sqr_32_inner_done%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_1024_sqr_32_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_1024_sqr_32_inner_done\n\t" #else - "BGT.N L_sp_1024_sqr_32_inner_done%=\n\t" + "BGT.N L_sp_1024_sqr_32_inner_done_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_1024_sqr_32_inner%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_1024_sqr_32_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_1024_sqr_32_inner\n\t" #else - "BLT.N L_sp_1024_sqr_32_inner%=\n\t" + "BLT.N L_sp_1024_sqr_32_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "UMULL r9, r10, lr, lr\n\t" @@ -68114,17 +69458,23 @@ static void sp_1024_sqr_32(sp_digit* r, const sp_digit* a) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" - "L_sp_1024_sqr_32_inner_done%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_1024_sqr_32_inner_done:\n\t" +#else + "L_sp_1024_sqr_32_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0xf4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_1024_sqr_32_outer%=\n\t" +#if defined(__GNUC__) + "BLE L_sp_1024_sqr_32_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLE.N L_sp_1024_sqr_32_outer\n\t" #else - "BLE.N L_sp_1024_sqr_32_outer%=\n\t" + "BLE.N L_sp_1024_sqr_32_outer_%=\n\t" #endif "LDR lr, [%[a], #124]\n\t" "UMLAL r6, r7, lr, lr\n\t" @@ -68132,14 +69482,20 @@ static void sp_1024_sqr_32(sp_digit* r, const sp_digit* a) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" - "L_sp_1024_sqr_32_store%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_1024_sqr_32_store:\n\t" +#else + "L_sp_1024_sqr_32_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_1024_sqr_32_store%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_1024_sqr_32_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_1024_sqr_32_store\n\t" #else - "BGT.N L_sp_1024_sqr_32_store%=\n\t" + "BGT.N L_sp_1024_sqr_32_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a) : @@ -68254,7 +69610,11 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a, const sp_digit* b) "MOV r10, #0x0\n\t" "ADD r11, %[a], #0x80\n\t" "\n" - "L_sp_1024_sub_in_pkace_32_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_1024_sub_in_pkace_32_word:\n\t" +#else + "L_sp_1024_sub_in_pkace_32_word_%=:\n\t" +#endif "RSBS r10, r10, #0x0\n\t" "LDM %[a], {r2, r3, r4, r5}\n\t" "LDM %[b]!, {r6, r7, r8, r9}\n\t" @@ -68265,10 +69625,12 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a, const sp_digit* b) "STM %[a]!, {r2, r3, r4, r5}\n\t" "SBC r10, r10, r10\n\t" "CMP %[a], r11\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_1024_sub_in_pkace_32_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_1024_sub_in_pkace_32_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_1024_sub_in_pkace_32_word\n\t" #else - "BNE.N L_sp_1024_sub_in_pkace_32_word%=\n\t" + "BNE.N L_sp_1024_sub_in_pkace_32_word_%=\n\t" #endif "MOV %[a], r10\n\t" : [a] "+r" (a), [b] "+r" (b) @@ -68306,7 +69668,11 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig "MOV r4, #0x0\n\t" "MOV r5, #0x0\n\t" "\n" - "L_sp_1024_cond_sub_32_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_1024_cond_sub_32_words:\n\t" +#else + "L_sp_1024_cond_sub_32_words_%=:\n\t" +#endif "SUBS r4, r8, r4\n\t" "LDR r6, [%[a], r5]\n\t" "LDR r7, [%[b], r5]\n\t" @@ -68316,10 +69682,12 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig "STR r6, [%[r], r5]\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x80\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_1024_cond_sub_32_words%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_1024_cond_sub_32_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_1024_cond_sub_32_words\n\t" #else - "BLT.N L_sp_1024_cond_sub_32_words%=\n\t" + "BLT.N L_sp_1024_cond_sub_32_words_%=\n\t" #endif "MOV %[r], r4\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -68497,7 +69865,11 @@ static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV r3, #0x0\n\t" "ADD r12, %[a], #0x80\n\t" "\n" - "L_sp_1024_add_32_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_1024_add_32_word:\n\t" +#else + "L_sp_1024_add_32_word_%=:\n\t" +#endif "ADDS r3, r3, #0xffffffff\n\t" "LDM %[a]!, {r4, r5, r6, r7}\n\t" "LDM %[b]!, {r8, r9, r10, r11}\n\t" @@ -68509,10 +69881,12 @@ static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV r4, #0x0\n\t" "ADC r3, r4, #0x0\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_1024_add_32_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_1024_add_32_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_1024_add_32_word\n\t" #else - "BNE.N L_sp_1024_add_32_word%=\n\t" + "BNE.N L_sp_1024_add_32_word_%=\n\t" #endif "MOV %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -68551,7 +69925,11 @@ static void sp_1024_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "MOV r9, #0x4\n\t" "\n" - "L_sp_1024_mul_d_32_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_1024_mul_d_32_word:\n\t" +#else + "L_sp_1024_mul_d_32_word_%=:\n\t" +#endif /* A[i] * B */ "LDR r8, [%[a], r9]\n\t" "UMULL r6, r7, %[b], r8\n\t" @@ -68564,10 +69942,12 @@ static void sp_1024_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "ADD r9, r9, #0x4\n\t" "CMP r9, #0x80\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_1024_mul_d_32_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_1024_mul_d_32_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_1024_mul_d_32_word\n\t" #else - "BLT.N L_sp_1024_mul_d_32_word%=\n\t" + "BLT.N L_sp_1024_mul_d_32_word_%=\n\t" #endif "STR r3, [%[r], #128]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -68865,7 +70245,11 @@ SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0, sp_digit /* Next 30 bits */ "MOV r4, #0x1d\n\t" "\n" - "L_div_1024_word_32_bit%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_div_1024_word_32_bit:\n\t" +#else + "L_div_1024_word_32_bit_%=:\n\t" +#endif "LSLS r6, r6, #1\n\t" "ADC r7, r7, r7\n\t" "SUBS r8, r5, r7\n\t" @@ -68875,7 +70259,13 @@ SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0, sp_digit "AND r8, r8, r5\n\t" "SUBS r7, r7, r8\n\t" "SUBS r4, r4, #0x1\n\t" - "bpl L_div_1024_word_32_bit%=\n\t" +#if defined(__GNUC__) + "BPL L_div_1024_word_32_bit_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BPL.N L_div_1024_word_32_bit\n\t" +#else + "BPL.N L_div_1024_word_32_bit_%=\n\t" +#endif "ADD r3, r3, r3\n\t" "ADD r3, r3, #0x1\n\t" "UMULL r6, r7, r3, %[div]\n\t" @@ -68957,7 +70347,11 @@ static sp_int32 sp_1024_cmp_32(const sp_digit* a, const sp_digit* b) #ifdef WOLFSSL_SP_SMALL "MOV r6, #0x7c\n\t" "\n" - "L_sp_1024_cmp_32_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_1024_cmp_32_words:\n\t" +#else + "L_sp_1024_cmp_32_words_%=:\n\t" +#endif "LDR r4, [%[a], r6]\n\t" "LDR r5, [%[b], r6]\n\t" "AND r4, r4, r3\n\t" @@ -68970,7 +70364,7 @@ static sp_int32 sp_1024_cmp_32(const sp_digit* a, const sp_digit* b) "IT ne\n\t" "movne r3, r7\n\t" "SUBS r6, r6, #0x4\n\t" - "bcs L_sp_1024_cmp_32_words%=\n\t" + "bcs L_sp_1024_cmp_32_words\n\t" "EOR r2, r2, r3\n\t" #else "LDR r4, [%[a], #124]\n\t" @@ -69690,7 +71084,11 @@ SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, s "LDR r4, [%[a]]\n\t" "LDR r5, [%[a], #4]\n\t" "\n" - "L_sp_1024_mont_reduce_32_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_1024_mont_reduce_32_word:\n\t" +#else + "L_sp_1024_mont_reduce_32_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL r10, %[mp], r4\n\t" /* a[i+0] += m[0] * mu */ @@ -69952,10 +71350,12 @@ SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, s "ADD r11, r11, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r11, #0x80\n\t" -#ifdef __GNUC__ - "BLT L_sp_1024_mont_reduce_32_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_1024_mont_reduce_32_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.W L_sp_1024_mont_reduce_32_word\n\t" #else - "BLT.W L_sp_1024_mont_reduce_32_word%=\n\t" + "BLT.W L_sp_1024_mont_reduce_32_word_%=\n\t" #endif /* Loop Done */ "STR r4, [%[a]]\n\t" @@ -70002,7 +71402,11 @@ SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, s "LDR r9, [%[a], #12]\n\t" "LDR r10, [%[a], #16]\n\t" "\n" - "L_sp_1024_mont_reduce_32_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_1024_mont_reduce_32_word:\n\t" +#else + "L_sp_1024_mont_reduce_32_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL lr, %[mp], r6\n\t" /* a[i+0] += m[0] * mu */ @@ -70169,10 +71573,12 @@ SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, s "ADD r4, r4, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r4, #0x80\n\t" -#ifdef __GNUC__ - "BLT L_sp_1024_mont_reduce_32_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_1024_mont_reduce_32_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.W L_sp_1024_mont_reduce_32_word\n\t" #else - "BLT.W L_sp_1024_mont_reduce_32_word%=\n\t" + "BLT.W L_sp_1024_mont_reduce_32_word_%=\n\t" #endif /* Loop Done */ "STR r6, [%[a]]\n\t" @@ -71187,7 +72593,11 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r, const sp_digit* a, const sp_dig "MOV r8, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" - "L_sp_1024_cond_add_32_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_1024_cond_add_32_words:\n\t" +#else + "L_sp_1024_cond_add_32_words_%=:\n\t" +#endif "ADDS r5, r5, #0xffffffff\n\t" "LDR r6, [%[a], r4]\n\t" "LDR r7, [%[b], r4]\n\t" @@ -71197,10 +72607,12 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r, const sp_digit* a, const sp_dig "STR r6, [%[r], r4]\n\t" "ADD r4, r4, #0x4\n\t" "CMP r4, #0x80\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_1024_cond_add_32_words%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_1024_cond_add_32_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_1024_cond_add_32_words\n\t" #else - "BLT.N L_sp_1024_cond_add_32_words%=\n\t" + "BLT.N L_sp_1024_cond_add_32_words_%=\n\t" #endif "MOV %[r], r5\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) From a1fbfa94d20a3610021a4d7907233b4c04914ed0 Mon Sep 17 00:00:00 2001 From: Marco Oliverio Date: Wed, 24 Jul 2024 10:56:22 +0000 Subject: [PATCH 09/71] tests: add OCSP callback fails test --- tests/api.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/tests/api.c b/tests/api.c index 8a140e1819..61083e4b29 100644 --- a/tests/api.c +++ b/tests/api.c @@ -82888,6 +82888,60 @@ static int test_wolfSSL_SendUserCanceled(void) #endif return EXPECT_RESULT(); } +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(HAVE_OCSP) && \ + defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \ + !defined(WOLFSSL_NO_TLS12) +static int test_ocsp_callback_fails_cb(void* ctx, const char* url, int urlSz, + byte* ocspReqBuf, int ocspReqSz, byte** ocspRespBuf) +{ + (void)ctx; + (void)url; + (void)urlSz; + (void)ocspReqBuf; + (void)ocspReqSz; + (void)ocspRespBuf; + return -1; +} +static int test_ocsp_callback_fails(void) +{ + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_c = NULL; + WOLFSSL *ssl_s = NULL; + struct test_memio_ctx test_ctx; + EXPECT_DECLS; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0); + ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx_c), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx_s), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_UseOCSPStapling(ssl_c, WOLFSSL_CSR_OCSP,0), WOLFSSL_SUCCESS); + /* override URL to avoid exing from SendCertificateStatus because of no AuthInfo on the certificate */ + ExpectIntEQ(wolfSSL_CTX_SetOCSP_OverrideURL(ctx_s, "http://dummy.test"), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_EnableOCSP(ctx_s, WOLFSSL_OCSP_NO_NONCE | WOLFSSL_OCSP_URL_OVERRIDE), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx_s, caCertFile, 0), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_SetOCSP_Cb(ssl_s, test_ocsp_callback_fails_cb, NULL, NULL), WOLFSSL_SUCCESS); + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), OCSP_INVALID_STATUS); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + + return EXPECT_RESULT(); +} +#else +static int test_ocsp_callback_fails(void) +{ + return TEST_SKIPPED; +} +#endif /* defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(HAVE_OCSP) && \ + defined(HAVE_CERTIFICATE_STATUS_REQUEST) */ + /*----------------------------------------------------------------------------* | Main @@ -84120,6 +84174,7 @@ TEST_CASE testCases[] = { TEST_DECL(test_wolfSSL_UseOCSPStapling), TEST_DECL(test_wolfSSL_UseOCSPStaplingV2), TEST_DECL(test_self_signed_stapling), + TEST_DECL(test_ocsp_callback_fails), /* Multicast */ TEST_DECL(test_wolfSSL_mcast), From 007f9ea39dc6876ac6f08eb9826b51f176947d43 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 24 Jul 2024 08:28:25 -0700 Subject: [PATCH 10/71] Fix to restore `--enable-asn=original`. Fixes for building with ASN original (old). Add the new limit checks for alt names and subtree to the old ASN code. --- configure.ac | 6 +++--- wolfcrypt/src/asn.c | 19 +++++++++++++++++-- 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/configure.ac b/configure.ac index 43aaa84b7f..222fcd6208 100644 --- a/configure.ac +++ b/configure.ac @@ -4762,10 +4762,10 @@ else fi if test "$ENABLED_ASN" = "yes"; then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_TEMPLATE" + elif test "$ENABLED_ASN" == "original"; then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_ORIGINAL" else - if test "$ENABLED_ASN" != "original"; then - AC_MSG_ERROR([Invalid asn option. Valid are: template or original. Seen: $ENABLED_ASN.]) - fi + AC_MSG_ERROR([Invalid asn option. Valid are: template or original. Seen: $ENABLED_ASN.]) fi # turn off ASN if leanpsk on diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 16d773c5e7..80f98ab707 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -6920,7 +6920,7 @@ int ToTraditionalInline_ex2(const byte* input, word32* inOutIdx, word32 sz, if (tag == ASN_OBJECT_ID) { if ((*algId == ECDSAk) && (eccOid != NULL)) { - if (GetObjectId(input, &idx, eccOid, oidCurveType, maxIdx) < 0) + if (GetObjectId(input, &idx, eccOid, oidCurveType, sz) < 0) return ASN_PARSE_E; } else { @@ -18590,6 +18590,7 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert) #ifndef WOLFSSL_ASN_TEMPLATE word32 idx = 0; int length = 0; + word32 numNames = 0; WOLFSSL_ENTER("DecodeAltNames"); @@ -18622,8 +18623,13 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert) return BUFFER_E; } - current_byte = input[idx++]; + numNames++; + if (numNames > WOLFSSL_MAX_ALT_NAMES) { + WOLFSSL_MSG("\tToo many subject alternative names"); + return ASN_ALT_NAME_E; + } + current_byte = input[idx++]; length--; /* Save DNS Type names in the altNames list. */ @@ -20153,6 +20159,7 @@ static int DecodeSubtree(const byte* input, word32 sz, Base_entry** head, #ifndef WOLFSSL_ASN_TEMPLATE word32 idx = 0; int ret = 0; + word32 cnt = 0; (void)heap; @@ -20161,6 +20168,14 @@ static int DecodeSubtree(const byte* input, word32 sz, Base_entry** head, word32 nameIdx; byte b, bType; + if (limit > 0) { + cnt++; + if (cnt > limit) { + WOLFSSL_MSG("too many name constraints"); + return ASN_NAME_INVALID_E; + } + } + if (GetSequence(input, &idx, &seqLength, sz) < 0) { WOLFSSL_MSG("\tfail: should be a SEQUENCE"); return ASN_PARSE_E; From 3e2123f0b3abe6ce7b27712d94f24ca2a1ee9fee Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 24 Jul 2024 08:45:19 -0700 Subject: [PATCH 11/71] Disable the ECC custom curve tests for original (old) ASN. --- tests/suites.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/suites.c b/tests/suites.c index 1604e18ea9..5c367fe9c9 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -1060,7 +1060,9 @@ int SuiteTest(int argc, char** argv) #if defined(HAVE_ECC) && !defined(NO_SHA256) && defined(WOLFSSL_CUSTOM_CURVES) && \ defined(HAVE_ECC_KOBLITZ) && defined(HAVE_ECC_BRAINPOOL) && \ /* Intel QuickAssist and Cavium Nitrox do not support custom curves */ \ - !defined(HAVE_INTEL_QA) && !defined(HAVE_CAVIUM_V) + !defined(HAVE_INTEL_QA) && !defined(HAVE_CAVIUM_V) && \ + /* only supported with newer ASN template code */ \ + defined(WOLFSSL_ASN_TEMPLATE) /* TLS non-NIST curves (Koblitz / Brainpool) */ XSTRLCPY(argv0[1], "tests/test-ecc-cust-curves.conf", sizeof(argv0[1])); From 4b9d89d387cb5f695aaf91116dd65f81a2ec3603 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 24 Jul 2024 09:10:25 -0700 Subject: [PATCH 12/71] Fix autoconf issue with `==` --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 222fcd6208..4578438607 100644 --- a/configure.ac +++ b/configure.ac @@ -4762,7 +4762,7 @@ else fi if test "$ENABLED_ASN" = "yes"; then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_TEMPLATE" - elif test "$ENABLED_ASN" == "original"; then + elif test "$ENABLED_ASN" = "original"; then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_ORIGINAL" else AC_MSG_ERROR([Invalid asn option. Valid are: template or original. Seen: $ENABLED_ASN.]) From 7f7d94abd5a101a23f96d885a69973d600522156 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 24 Jul 2024 12:35:37 -0700 Subject: [PATCH 13/71] Fixes for ASN original (old) to support checking int leading 0 and invalid OID. Disable invalid UTF8 test for old ASN (only supported with newer ASN template). --- wolfcrypt/src/asn.c | 34 ++++++++++++++++++++++++++-------- wolfcrypt/test/test.c | 4 ++-- 2 files changed, 28 insertions(+), 10 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 80f98ab707..a79d41973b 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -2430,6 +2430,19 @@ static int GetASNHeader_ex(const byte* input, byte tag, word32* inOutIdx, if ((ret == 0) && (GetLength_ex(input, &idx, &length, maxIdx, check) < 0)) { ret = ASN_PARSE_E; } + if (ret == 0 && tag == ASN_OBJECT_ID) { + if (length < 3) { + /* OID data must be at least 3 bytes. */ + WOLFSSL_MSG("OID length less than 3"); + ret = ASN_PARSE_E; + } + else if ((input[(int)idx + length - 1] & 0x80) != 0x00) { + /* Last octet of a sub-identifier has bit 8 clear. Last octet must be + * last of a subidentifier. Ensure last octet hasn't got top bit set. */ + WOLFSSL_MSG("OID last octet has top bit set"); + ret = ASN_PARSE_E; + } + } if (ret == 0) { /* Return the length of data and index after header. */ *len = length; @@ -2691,14 +2704,15 @@ int GetASNInt(const byte* input, word32* inOutIdx, int* len, return ret; if (*len > 0) { - #ifndef WOLFSSL_ASN_INT_LEAD_0_ANY /* check for invalid padding on negative integer. * c.f. X.690 (ISO/IEC 8825-2:2003 (E)) 10.4.6; RFC 5280 4.1 */ if (*len > 1) { - if ((input[*inOutIdx] == 0xff) && (input[*inOutIdx + 1] & 0x80)) - return ASN_PARSE_E; + if ((input[*inOutIdx] == 0xff) && (input[*inOutIdx + 1] & 0x80)) { + WOLFSSL_MSG("Bad INTEGER encoding of negative"); + return ASN_EXPECT_0_E; + } } #endif @@ -2708,8 +2722,10 @@ int GetASNInt(const byte* input, word32* inOutIdx, int* len, (*len)--; #ifndef WOLFSSL_ASN_INT_LEAD_0_ANY - if (*len > 0 && (input[*inOutIdx] & 0x80) == 0) - return ASN_PARSE_E; + if (*len > 0 && (input[*inOutIdx] & 0x80) == 0) { + WOLFSSL_MSG("INTEGER is negative"); + return ASN_EXPECT_0_E; + } #endif } } @@ -11572,9 +11588,11 @@ static int GetCertHeader(DecodedCert* cert) cert->sigIndex) < 0) return ASN_PARSE_E; - if (wc_GetSerialNumber(cert->source, &cert->srcIdx, cert->serial, - &cert->serialSz, cert->sigIndex) < 0) - return ASN_PARSE_E; + ret = wc_GetSerialNumber(cert->source, &cert->srcIdx, cert->serial, + &cert->serialSz, cert->sigIndex); + if (ret < 0) { + return ret; + } return ret; } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 6f47de0fb6..c9e10ae5d2 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -18078,7 +18078,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void) #endif static const char* certBadOid = CERT_ROOT "test" CERT_PATH_SEP "cert-bad-oid.der"; -#ifndef WOLFSSL_NO_ASN_STRICT +#if defined(WOLFSSL_ASN_TEMPLATE) && !defined(WOLFSSL_NO_ASN_STRICT) static const char* certBadUtf8 = CERT_ROOT "test" CERT_PATH_SEP "cert-bad-utf8.der"; #endif @@ -18383,7 +18383,7 @@ static wc_test_ret_t cert_bad_asn1_test(void) /* Subject name OID: 55 04 f4. Last byte with top bit set invalid. */ ret = cert_load_bad(certBadOid, tmp, ASN_PARSE_E); } -#ifndef WOLFSSL_NO_ASN_STRICT +#if defined(WOLFSSL_ASN_TEMPLATE) && !defined(WOLFSSL_NO_ASN_STRICT) if (ret == 0) { /* Issuer name UTF8STRING: df 52 4e 44. Top bit of second byte not set. */ From 42403a526e91348b70c4aa5ffb61509ea23e7b51 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 24 Jul 2024 16:06:04 -0700 Subject: [PATCH 14/71] Fix to resolve STM32 hash FIFO. Simplify logic for ensuring FIFO gets filled before doing a save/restore. ZD 18294 --- wolfcrypt/src/port/st/stm32.c | 41 +++++++++++-------------------- wolfcrypt/src/sha256.c | 2 +- wolfssl/wolfcrypt/port/st/stm32.h | 26 ++------------------ 3 files changed, 17 insertions(+), 52 deletions(-) diff --git a/wolfcrypt/src/port/st/stm32.c b/wolfcrypt/src/port/st/stm32.c index db13fd4f22..343e3a7f35 100644 --- a/wolfcrypt/src/port/st/stm32.c +++ b/wolfcrypt/src/port/st/stm32.c @@ -303,12 +303,11 @@ int wc_Stm32_Hash_Update(STM32_HASH_Context* stmCtx, word32 algo, int ret = 0; byte* local = (byte*)stmCtx->buffer; int wroteToFifo = 0; - const word32 fifoSz = (STM32_HASH_FIFO_SIZE * STM32_HASH_REG_SIZE); word32 chunkSz; #ifdef DEBUG_STM32_HASH - printf("STM Hash Update: algo %x, len %d, blockSz %d\n", - algo, len, blockSize); + printf("STM Hash Update: algo %x, len %d, buffLen %d, fifoBytes %d\n", + algo, len, stmCtx->buffLen, stmCtx->fifoBytes); #endif (void)blockSize; @@ -323,40 +322,27 @@ int wc_Stm32_Hash_Update(STM32_HASH_Context* stmCtx, word32 algo, /* restore hash context or init as new hash */ wc_Stm32_Hash_RestoreContext(stmCtx, algo); - chunkSz = fifoSz; -#ifdef STM32_HASH_FIFO_WORKAROUND - /* if FIFO already has bytes written then fill remainder first */ - if (stmCtx->fifoBytes > 0) { - chunkSz -= stmCtx->fifoBytes; - stmCtx->fifoBytes = 0; - } -#endif - /* write blocks to FIFO */ while (len) { - word32 add = min(len, chunkSz - stmCtx->buffLen); + word32 add; + + /* fill the FIFO plus one additional to flush the block */ + chunkSz = ((STM32_HASH_FIFO_SIZE + 1) * STM32_HASH_REG_SIZE); + /* account for extra bytes in the FIFO (use mask 0x3F to get remain) */ + chunkSz -= (stmCtx->fifoBytes & + ((STM32_HASH_FIFO_SIZE * STM32_HASH_REG_SIZE)-1)); + + add = min(len, chunkSz - stmCtx->buffLen); XMEMCPY(&local[stmCtx->buffLen], data, add); stmCtx->buffLen += add; data += add; len -= add; - #ifdef STM32_HASH_FIFO_WORKAROUND - /* We cannot leave the FIFO full and do save/restore - * the last must be large enough to flush block from FIFO */ - if (stmCtx->buffLen + len <= fifoSz * 2) { - chunkSz = fifoSz + STM32_HASH_REG_SIZE; - } - #endif - if (stmCtx->buffLen == chunkSz) { wc_Stm32_Hash_Data(stmCtx, stmCtx->buffLen); wroteToFifo = 1; - #ifdef STM32_HASH_FIFO_WORKAROUND - if (chunkSz > fifoSz) - stmCtx->fifoBytes = chunkSz - fifoSz; - chunkSz = fifoSz; - #endif + stmCtx->fifoBytes += chunkSz; } } @@ -380,7 +366,8 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo, int ret = 0; #ifdef DEBUG_STM32_HASH - printf("STM Hash Final: algo %x, digestSz %d\n", algo, digestSize); + printf("STM Hash Final: algo %x, digestSz %d, buffLen %d, fifoBytes %d\n", + algo, digestSize, stmCtx->buffLen, stmCtx->fifoBytes); #endif /* turn on hash clock */ diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index ee534ff66c..cb01abe1cc 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -2496,7 +2496,7 @@ int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash) ret = wc_Sha256Copy(sha256, tmpSha256); if (ret == 0) { ret = wc_Sha256Final(tmpSha256, hash); - wc_Sha256Free(tmpSha256); /* TODO move outside brackets? */ + wc_Sha256Free(tmpSha256); } diff --git a/wolfssl/wolfcrypt/port/st/stm32.h b/wolfssl/wolfcrypt/port/st/stm32.h index ffadc8cfd3..7e9faff672 100644 --- a/wolfssl/wolfcrypt/port/st/stm32.h +++ b/wolfssl/wolfcrypt/port/st/stm32.h @@ -71,26 +71,6 @@ #define STM32_HASH_REG_SIZE 4 #define STM32_HASH_FIFO_SIZE 16 /* FIFO is 16 deep 32-bits wide */ -#if (defined(WOLFSSL_STM32U5) || defined(WOLFSSL_STM32H5) || \ - defined(WOLFSSL_STM32H7)) && !defined(NO_STM32_HASH_FIFO_WORKAROUND) - /* workaround for hash FIFO to write one extra to finalize */ - /* RM: Message Data Feeding: Data are entered into the HASH - * one 32-bit word at a time, by writing them into the HASH_DIN register. - * The current contents of the HASH_DIN register are transferred to the - * 16 words input FIFO each time the register is written with new data. - * Hence HASH_DIN and the FIFO form a seventeen 32-bit words length FIFO. */ - #undef STM32_HASH_BUFFER_SIZE - #define STM32_HASH_BUFFER_SIZE 17 - - #undef STM32_HASH_FIFO_WORKAROUND - #define STM32_HASH_FIFO_WORKAROUND -#endif - -#ifndef STM32_HASH_BUFFER_SIZE -#define STM32_HASH_BUFFER_SIZE STM32_HASH_FIFO_SIZE -#endif - - /* STM32 Hash Context */ typedef struct { /* Context switching registers */ @@ -100,13 +80,11 @@ typedef struct { uint32_t HASH_CSR[HASH_CR_SIZE]; /* Hash state / buffers */ - word32 buffer[STM32_HASH_BUFFER_SIZE]; /* partial word buffer */ + word32 buffer[STM32_HASH_FIFO_SIZE+1]; /* partial word buffer */ word32 buffLen; /* partial word remain */ word32 loLen; /* total update bytes (only lsb 6-bits is used for nbr valid bytes in last word) */ -#ifdef STM32_HASH_FIFO_WORKAROUND - int fifoBytes; /* number of currently filled FIFO bytes */ -#endif + word32 fifoBytes; /* number of currently filled FIFO bytes */ } STM32_HASH_Context; From c4f73f5955a8932e6a0f1d6ca0211ee07beb9aee Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 24 Jul 2024 16:57:51 -0700 Subject: [PATCH 15/71] Peer review cleanups. --- wolfcrypt/src/asn.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index a79d41973b..59046cd33e 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -1210,7 +1210,7 @@ static int GetASN_ObjectId(const byte* input, word32 idx, int length) /* Last octet of a sub-identifier has bit 8 clear. Last octet must be last * of a subidentifier. Ensure last octet hasn't got top bit set. */ - else if ((input[(int)idx + length - 1] & 0x80) != 0x00) { + else if ((input[(int)idx + length - 1] & 0x80) == 0x80) { WOLFSSL_MSG("OID last octet has top bit set"); ret = ASN_PARSE_E; } @@ -2436,7 +2436,7 @@ static int GetASNHeader_ex(const byte* input, byte tag, word32* inOutIdx, WOLFSSL_MSG("OID length less than 3"); ret = ASN_PARSE_E; } - else if ((input[(int)idx + length - 1] & 0x80) != 0x00) { + else if ((input[(int)idx + length - 1] & 0x80) == 0x80) { /* Last octet of a sub-identifier has bit 8 clear. Last octet must be * last of a subidentifier. Ensure last octet hasn't got top bit set. */ WOLFSSL_MSG("OID last octet has top bit set"); @@ -3490,7 +3490,7 @@ int CheckBitString(const byte* input, word32* inOutIdx, int* len, } b = input[idx]; - if (zeroBits && b != 0x00) + if (zeroBits && (b != 0x00)) return ASN_EXPECT_0_E; if (b >= 0x08) return ASN_PARSE_E; From 181c408d17618d9b3115b1899090728cef271e3c Mon Sep 17 00:00:00 2001 From: Anthony Hu Date: Wed, 24 Jul 2024 20:36:51 -0400 Subject: [PATCH 16/71] Allow kyber to be built with FIPS --- src/include.am | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/include.am b/src/include.am index 1679e3b567..936cd33aeb 100644 --- a/src/include.am +++ b/src/include.am @@ -995,7 +995,6 @@ if BUILD_SAKKE src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sakke.c endif -if !BUILD_FIPS_CURRENT if BUILD_WC_KYBER src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_kyber.c src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_kyber_poly.c @@ -1005,7 +1004,6 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_kyber_asm.S endif endif endif -endif if BUILD_DILITHIUM src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/dilithium.c From dace3acd4dfd75602b58d64ea073478e1045a2e2 Mon Sep 17 00:00:00 2001 From: aidan garske Date: Wed, 24 Jul 2024 16:53:15 -0700 Subject: [PATCH 17/71] api.c and asn.c changes to allow 0 to be passed in and expanded coverage on test cases (cherry picked from commit 8572f67e60d419ddd74d4a2b7051dcaa7d0ca6b4) --- tests/api.c | 26 +++++++++++++++++--------- wolfcrypt/src/asn.c | 15 +++++++++++---- 2 files changed, 28 insertions(+), 13 deletions(-) diff --git a/tests/api.c b/tests/api.c index 61d95ee635..ae8d268cd4 100644 --- a/tests/api.c +++ b/tests/api.c @@ -23340,7 +23340,11 @@ static int test_wc_Ed25519PublicKeyToDer(void) ExpectIntEQ(wc_ed25519_init(&key), 0); ExpectIntEQ(wc_InitRng(&rng), 0); ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0); - ExpectIntGT(wc_Ed25519PublicKeyToDer(&key, derBuf, 1024, 1), 0); + /* length only */ + ExpectIntGT(wc_Ed25519PublicKeyToDer(&key, NULL, 0, 0), 0); + ExpectIntGT(wc_Ed25519PublicKeyToDer(&key, NULL, 0, 1), 0); + ExpectIntGT(wc_Ed25519PublicKeyToDer(&key, derBuf, + (word32)sizeof(derBuf), 1), 0); DoExpectIntEQ(wc_FreeRng(&rng), 0); wc_ed25519_free(&key); @@ -24233,8 +24237,11 @@ static int test_wc_Ed448PublicKeyToDer(void) ExpectIntEQ(wc_ed448_init(&key), 0); ExpectIntEQ(wc_InitRng(&rng), 0); ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key), 0); - - ExpectIntGT(wc_Ed448PublicKeyToDer(&key, derBuf, 1024, 1), 0); + /* length only */ + ExpectIntGT(wc_Ed448PublicKeyToDer(&key, NULL, 0, 0), 0); + ExpectIntGT(wc_Ed448PublicKeyToDer(&key, NULL, 0, 1), 0); + ExpectIntGT(wc_Ed448PublicKeyToDer(&key, derBuf, + (word32)sizeof(derBuf), 1), 0); DoExpectIntEQ(wc_FreeRng(&rng), 0); wc_ed448_free(&key); @@ -26863,6 +26870,7 @@ static int test_wc_Ed25519KeyToDer(void) ExpectIntEQ(wc_Ed25519KeyToDer(&ed25519Key, output, 0), BAD_FUNC_ARG); /* Good Cases */ /* length only */ + ExpectIntGT(wc_Ed25519KeyToDer(&ed25519Key, NULL, 0), 0); ExpectIntGT(wc_Ed25519KeyToDer(&ed25519Key, NULL, inLen), 0); ExpectIntGT(wc_Ed25519KeyToDer(&ed25519Key, output, inLen), 0); @@ -26901,7 +26909,7 @@ static int test_wc_Ed25519PrivateKeyToDer(void) BAD_FUNC_ARG); /* Good Cases */ /* length only */ - ExpectIntGT(wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, NULL, inLen), 0); + ExpectIntGT(wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, NULL, 0), 0); ExpectIntGT(wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, output, inLen), 0); DoExpectIntEQ(wc_FreeRng(&rng), 0); @@ -26937,7 +26945,7 @@ static int test_wc_Ed448KeyToDer(void) ExpectIntEQ(wc_Ed448KeyToDer(&ed448Key, output, 0), BAD_FUNC_ARG); /* Good Cases */ /* length only */ - ExpectIntGT(wc_Ed448KeyToDer(&ed448Key, NULL, inLen), 0); + ExpectIntGT(wc_Ed448KeyToDer(&ed448Key, NULL, 0), 0); ExpectIntGT(wc_Ed448KeyToDer(&ed448Key, output, inLen), 0); DoExpectIntEQ(wc_FreeRng(&rng), 0); @@ -26975,7 +26983,7 @@ static int test_wc_Ed448PrivateKeyToDer(void) BAD_FUNC_ARG); /* Good cases */ /* length only */ - ExpectIntGT(wc_Ed448PrivateKeyToDer(&ed448PrivKey, NULL, inLen), 0); + ExpectIntGT(wc_Ed448PrivateKeyToDer(&ed448PrivKey, NULL, 0), 0); ExpectIntGT(wc_Ed448PrivateKeyToDer(&ed448PrivKey, output, inLen), 0); DoExpectIntEQ(wc_FreeRng(&rng), 0); @@ -27013,7 +27021,7 @@ static int test_wc_Curve448PrivateKeyToDer(void) BAD_FUNC_ARG); /* Good cases */ /* length only */ - ExpectIntGT(wc_Curve448PrivateKeyToDer(&curve448PrivKey, NULL, inLen), 0); + ExpectIntGT(wc_Curve448PrivateKeyToDer(&curve448PrivKey, NULL, 0), 0); ExpectIntGT(wc_Curve448PrivateKeyToDer(&curve448PrivKey, output, inLen), 0); /* Bad Cases */ @@ -27025,8 +27033,8 @@ static int test_wc_Curve448PrivateKeyToDer(void) BUFFER_E); /* Good cases */ /* length only */ - ExpectIntGT(wc_Curve448PublicKeyToDer(&curve448PrivKey, NULL, inLen, 0), 0); - ExpectIntGT(wc_Curve448PublicKeyToDer(&curve448PrivKey, NULL, inLen, 1), 0); + ExpectIntGT(wc_Curve448PublicKeyToDer(&curve448PrivKey, NULL, 0, 0), 0); + ExpectIntGT(wc_Curve448PublicKeyToDer(&curve448PrivKey, NULL, 0, 1), 0); ExpectIntGT(wc_Curve448PublicKeyToDer(&curve448PrivKey, output, inLen, 0), 0); ExpectIntGT(wc_Curve448PublicKeyToDer(&curve448PrivKey, output, inLen, 1), 0); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 16d773c5e7..5a5465aaea 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -11994,9 +11994,13 @@ int SetAsymKeyDerPublic(const byte* pubKey, word32 pubKeyLen, DECL_ASNSETDATA(dataASN, edPubKeyASN_Length); #endif - if (pubKey == NULL) { + /* validate parameters */ + if (pubKey == NULL){ return BAD_FUNC_ARG; } + if (output != NULL && outLen == 0) { + return BUFFER_E; + } #ifndef WOLFSSL_ASN_TEMPLATE /* calculate size */ @@ -35337,8 +35341,11 @@ int SetAsymKeyDer(const byte* privKey, word32 privKeyLen, int sz; #endif - /* Validate parameters. */ - if (privKey == NULL || outLen == 0) { + /* validate parameters */ + if (privKey == NULL) { + return BUFFER_E; + } + if (output != NULL && outLen == 0) { return BAD_FUNC_ARG; } @@ -35498,7 +35505,7 @@ int wc_Curve25519PublicKeyToDer(curve25519_key* key, byte* output, word32 inLen, byte pubKey[CURVE25519_PUB_KEY_SIZE]; word32 pubKeyLen = (word32)sizeof(pubKey); - if (key == NULL || output == NULL) { + if (key == NULL) { return BAD_FUNC_ARG; } From b28e22aef0ea770b9adafda9ca11ae2920aced03 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Thu, 25 Jul 2024 09:16:05 -0600 Subject: [PATCH 18/71] fix for casting with add --- wolfcrypt/src/random.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 9338d1a552..061ea6b9b2 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -594,7 +594,7 @@ static WC_INLINE void array_add(byte* d, word32 dLen, const byte* s, word32 sLen dIdx = (int)dLen - 1; for (sIdx = (int)sLen - 1; sIdx >= 0; sIdx--) { - carry += (word16)(d[dIdx] + s[sIdx]); + carry += (word16)d[dIdx] + (word16)s[sIdx]; d[dIdx] = (byte)carry; carry >>= 8; dIdx--; From 55540d03e7b1ca9e69ff7a1b0b4dff5dda4a387f Mon Sep 17 00:00:00 2001 From: aidan garske Date: Thu, 25 Jul 2024 09:03:19 -0700 Subject: [PATCH 19/71] fix for PR#7786 BUFFER_E bad case --- tests/api.c | 10 +++++----- wolfcrypt/src/asn.c | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/api.c b/tests/api.c index ae8d268cd4..ef7b785771 100644 --- a/tests/api.c +++ b/tests/api.c @@ -26867,7 +26867,7 @@ static int test_wc_Ed25519KeyToDer(void) /* Bad Cases */ ExpectIntEQ(wc_Ed25519KeyToDer(NULL, NULL, 0), BAD_FUNC_ARG); ExpectIntEQ(wc_Ed25519KeyToDer(NULL, output, inLen), BAD_FUNC_ARG); - ExpectIntEQ(wc_Ed25519KeyToDer(&ed25519Key, output, 0), BAD_FUNC_ARG); + ExpectIntEQ(wc_Ed25519KeyToDer(&ed25519Key, output, 0), BUFFER_E); /* Good Cases */ /* length only */ ExpectIntGT(wc_Ed25519KeyToDer(&ed25519Key, NULL, 0), 0); @@ -26906,7 +26906,7 @@ static int test_wc_Ed25519PrivateKeyToDer(void) ExpectIntEQ(wc_Ed25519PrivateKeyToDer(NULL, NULL, 0), BAD_FUNC_ARG); ExpectIntEQ(wc_Ed25519PrivateKeyToDer(NULL, output, inLen), BAD_FUNC_ARG); ExpectIntEQ(wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, output, 0), - BAD_FUNC_ARG); + BUFFER_E); /* Good Cases */ /* length only */ ExpectIntGT(wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, NULL, 0), 0); @@ -26942,7 +26942,7 @@ static int test_wc_Ed448KeyToDer(void) /* Bad Cases */ ExpectIntEQ(wc_Ed448KeyToDer(NULL, NULL, 0), BAD_FUNC_ARG); ExpectIntEQ(wc_Ed448KeyToDer(NULL, output, inLen), BAD_FUNC_ARG); - ExpectIntEQ(wc_Ed448KeyToDer(&ed448Key, output, 0), BAD_FUNC_ARG); + ExpectIntEQ(wc_Ed448KeyToDer(&ed448Key, output, 0), BUFFER_E); /* Good Cases */ /* length only */ ExpectIntGT(wc_Ed448KeyToDer(&ed448Key, NULL, 0), 0); @@ -26980,7 +26980,7 @@ static int test_wc_Ed448PrivateKeyToDer(void) ExpectIntEQ(wc_Ed448PrivateKeyToDer(NULL, NULL, 0), BAD_FUNC_ARG); ExpectIntEQ(wc_Ed448PrivateKeyToDer(NULL, output, inLen), BAD_FUNC_ARG); ExpectIntEQ(wc_Ed448PrivateKeyToDer(&ed448PrivKey, output, 0), - BAD_FUNC_ARG); + BUFFER_E); /* Good cases */ /* length only */ ExpectIntGT(wc_Ed448PrivateKeyToDer(&ed448PrivKey, NULL, 0), 0); @@ -27018,7 +27018,7 @@ static int test_wc_Curve448PrivateKeyToDer(void) ExpectIntEQ(wc_Curve448PrivateKeyToDer(NULL, NULL, 0), BAD_FUNC_ARG); ExpectIntEQ(wc_Curve448PrivateKeyToDer(NULL, output, inLen), BAD_FUNC_ARG); ExpectIntEQ(wc_Curve448PrivateKeyToDer(&curve448PrivKey, output, 0), - BAD_FUNC_ARG); + BUFFER_E); /* Good cases */ /* length only */ ExpectIntGT(wc_Curve448PrivateKeyToDer(&curve448PrivKey, NULL, 0), 0); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 5a5465aaea..b3ad9fd675 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -35343,10 +35343,10 @@ int SetAsymKeyDer(const byte* privKey, word32 privKeyLen, /* validate parameters */ if (privKey == NULL) { - return BUFFER_E; + return BAD_FUNC_ARG; } if (output != NULL && outLen == 0) { - return BAD_FUNC_ARG; + return BUFFER_E; } #ifndef WOLFSSL_ASN_TEMPLATE From c2e8121462f70621d163266e684765fd25eb6f09 Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Thu, 25 Jul 2024 11:59:39 -0700 Subject: [PATCH 20/71] Update PlatformIO examples to wolfssl 5.7.2 --- IDE/PlatformIO/examples/wolfssl_benchmark/platformio.ini | 2 +- IDE/PlatformIO/examples/wolfssl_test/platformio.ini | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/IDE/PlatformIO/examples/wolfssl_benchmark/platformio.ini b/IDE/PlatformIO/examples/wolfssl_benchmark/platformio.ini index c9e32235c5..a83ae32410 100644 --- a/IDE/PlatformIO/examples/wolfssl_benchmark/platformio.ini +++ b/IDE/PlatformIO/examples/wolfssl_benchmark/platformio.ini @@ -17,4 +17,4 @@ monitor_port = COM19 monitor_speed = 115200 build_flags = -DWOLFSSL_USER_SETTINGS, -DWOLFSSL_ESP32 monitor_filters = direct -lib_deps = wolfssl/wolfSSL@^5.7.0-rev.3b +lib_deps = wolfssl/wolfSSL@^5.7.2 diff --git a/IDE/PlatformIO/examples/wolfssl_test/platformio.ini b/IDE/PlatformIO/examples/wolfssl_test/platformio.ini index 79356a165c..5382576311 100644 --- a/IDE/PlatformIO/examples/wolfssl_test/platformio.ini +++ b/IDE/PlatformIO/examples/wolfssl_test/platformio.ini @@ -39,4 +39,4 @@ monitor_port = COM19 monitor_speed = 115200 build_flags = -DWOLFSSL_USER_SETTINGS, -DWOLFSSL_ESP32 monitor_filters = direct -lib_deps = wolfssl/wolfssl@^5.7.0-rev.3d +lib_deps = wolfssl/wolfssl@^5.7.2 From 73dc9baaf91de75de9b3906ee56f4c6af5852b5a Mon Sep 17 00:00:00 2001 From: Anthony Hu Date: Thu, 25 Jul 2024 16:09:19 -0400 Subject: [PATCH 21/71] Stop testing custom extensions in dual alg cert tests. --- tests/api.c | 31 ------------------------------- 1 file changed, 31 deletions(-) diff --git a/tests/api.c b/tests/api.c index 61d95ee635..47c9ac1151 100644 --- a/tests/api.c +++ b/tests/api.c @@ -1179,8 +1179,6 @@ static int do_dual_alg_server_certgen(byte **out, char *caKeyFile, newCert.sigType = CTC_SHA256wRSA; newCert.isCA = 0; ExpectIntEQ(wc_SetIssuerBuffer(&newCert, caCertBuf, caCertSz), 0); - ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "1.2.3.4.5", - (const byte *)"This is NOT a critical extension", 32), 0); ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "2.5.29.72", sapkiBuf, sapkiSz), 0); ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "2.5.29.73", altSigAlgBuf, @@ -1246,21 +1244,6 @@ static int do_dual_alg_tls13_connection(byte *caCert, word32 caCertSz, return EXPECT_RESULT(); } -static int extCount = 0; -static int myUnknownExtCallback(const word16* oid, word32 oidSz, int crit, - const unsigned char* der, word32 derSz) -{ - (void) oid; - (void) oidSz; - (void) crit; - (void) der; - (void) derSz; - extCount ++; - /* Accept all extensions. This is only a test. Normally we would be much more - * careful about critical extensions. */ - return 0; -} - static int test_dual_alg_support(void) { EXPECT_DECLS; @@ -1276,7 +1259,6 @@ static int test_dual_alg_support(void) int rootSz = 0; byte *server = NULL; int serverSz = 0; - WOLFSSL_CERT_MANAGER* cm = NULL; ExpectIntEQ(load_file(keyFile, &serverKey, &serverKeySz), 0); @@ -1329,19 +1311,6 @@ static int test_dual_alg_support(void) TEST_SUCCESS); #endif - /* Lets see if CertManager can find the new extensions */ - extCount = 0; - ExpectNotNull(cm = wolfSSL_CertManagerNew()); - wolfSSL_CertManagerSetUnknownExtCallback(cm, myUnknownExtCallback); - ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, root, rootSz, - SSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, server, serverSz, - SSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); - /* There is only 1 unknown extension (1.2.3.4.5). The other ones are known - * because they are for the dual alg extensions. */ - ExpectIntEQ(extCount, 1); - wolfSSL_CertManagerFree(cm); - XFREE(root, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(server, NULL, DYNAMIC_TYPE_TMP_BUFFER); From b40913e80c993dbd518134c333198ae338d6335d Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Thu, 25 Jul 2024 15:25:32 -0500 Subject: [PATCH 22/71] wolfcrypt/src/random.c: restore outer cast in array_add() to avoid -Wconversion added in b28e22aef0, itself a fix for a defect added in ed11669f3c (root cause of warning is implicit type promotion). --- wolfcrypt/src/random.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 061ea6b9b2..822f069f7f 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -594,7 +594,7 @@ static WC_INLINE void array_add(byte* d, word32 dLen, const byte* s, word32 sLen dIdx = (int)dLen - 1; for (sIdx = (int)sLen - 1; sIdx >= 0; sIdx--) { - carry += (word16)d[dIdx] + (word16)s[sIdx]; + carry += (word16)((word16)d[dIdx] + (word16)s[sIdx]); d[dIdx] = (byte)carry; carry >>= 8; dIdx--; From caab2c2dcaa02d4fb14354b81894aa09c961a44f Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Thu, 25 Jul 2024 18:37:31 +1000 Subject: [PATCH 23/71] SSL loading of keys/certs: testing and fixes Added tests to cover ssl_load.c functions. Fixes from testing. pk.c: renamed wolfssl_dh_load_key to wolfssl_dh_load_params as it doesn't handle keys - just parameters. --- src/pk.c | 8 +- src/ssl_load.c | 88 +++--- tests/api.c | 731 ++++++++++++++++++++++++++++++++++++++++++++++--- 3 files changed, 739 insertions(+), 88 deletions(-) diff --git a/src/pk.c b/src/pk.c index c9935c6699..2c06eca20e 100644 --- a/src/pk.c +++ b/src/pk.c @@ -7283,7 +7283,7 @@ WOLFSSL_BIGNUM* wolfSSL_DH_8192_prime(WOLFSSL_BIGNUM* bn) #ifndef NO_CERTS -/* Load the DER encoded DH parameters/key into DH key. +/* Load the DER encoded DH parameters into DH key. * * @param [in, out] dh DH key to load parameters into. * @param [in] der Buffer holding DER encoded parameters data. @@ -7294,7 +7294,7 @@ WOLFSSL_BIGNUM* wolfSSL_DH_8192_prime(WOLFSSL_BIGNUM* bn) * @return 0 on success. * @return 1 when decoding DER or setting the external key fails. */ -static int wolfssl_dh_load_key(WOLFSSL_DH* dh, const unsigned char* der, +static int wolfssl_dh_load_params(WOLFSSL_DH* dh, const unsigned char* der, word32* idx, word32 derSz) { int err = 0; @@ -7407,7 +7407,7 @@ WOLFSSL_DH *wolfSSL_d2i_DHparams(WOLFSSL_DH** dh, const unsigned char** pp, WOLFSSL_ERROR_MSG("wolfSSL_DH_new() failed"); err = 1; } - if ((!err) && (wolfssl_dh_load_key(newDh, *pp, &idx, + if ((!err) && (wolfssl_dh_load_params(newDh, *pp, &idx, (word32)length) != 0)) { WOLFSSL_ERROR_MSG("Loading DH parameters failed"); err = 1; @@ -7567,7 +7567,7 @@ int wolfSSL_DH_LoadDer(WOLFSSL_DH* dh, const unsigned char* derBuf, int derSz) ret = -1; } - if ((ret == 1) && (wolfssl_dh_load_key(dh, derBuf, &idx, + if ((ret == 1) && (wolfssl_dh_load_params(dh, derBuf, &idx, (word32)derSz) != 0)) { WOLFSSL_ERROR_MSG("DH key decode failed"); ret = -1; diff --git a/src/ssl_load.c b/src/ssl_load.c index ae2c93501b..ea4ac4e78e 100644 --- a/src/ssl_load.c +++ b/src/ssl_load.c @@ -142,21 +142,10 @@ static int DataToDerBuffer(const unsigned char* buff, word32 len, int format, } /* Data in buffer is ASN.1 format - get first SEQ or OCT into der. */ else { - int length; - word32 inOutIdx = 0; - /* Get length of SEQ including header. */ if ((info->consumed = wolfssl_der_length(buff, (int)len)) > 0) { ret = 0; } - /* Private keys may be wrapped in OCT when PKCS#8 wrapper removed. - * TODO: is this really needed? */ - else if ((type == PRIVATEKEY_TYPE) && - (GetOctetString(buff, &inOutIdx, &length, len) >= 0)) { - /* Include octet string DER header. */ - info->consumed = length + inOutIdx; - ret = 0; - } else { ret = ASN_PARSE_E; } @@ -302,22 +291,11 @@ static int ProcessUserChain(WOLFSSL_CTX* ctx, WOLFSSL* ssl, WOLFSSL_ENTER("ProcessUserChain"); - /* Validate parameters. */ - if ((type == CA_TYPE) && (ctx == NULL)) { - WOLFSSL_MSG("Need context for CA load"); - ret = BAD_FUNC_ARG; - } - - /* Ignore non-certificate types. */ - if ((ret == 0) && (type != CERT_TYPE) && (type != CHAIN_CERT_TYPE) && - (type != CA_TYPE)) { - WOLFSSL_MSG("File type not a certificate"); - } /* Check we haven't consumed all the data. */ - else if ((ret == 0) && (info->consumed >= sz)) { + if (info->consumed >= sz) { WOLFSSL_MSG("Already consumed data"); } - else if (ret == 0) { + else { #ifndef WOLFSSL_SMALL_STACK byte stackBuffer[FILE_BUFFER_SIZE]; #endif @@ -884,17 +862,17 @@ static int ProcessBufferTryDecodeFalcon(WOLFSSL_CTX* ctx, WOLFSSL* ssl, ret = wc_falcon_init(key); if (ret == 0) { /* Set up key to parse the format specified. */ - if (*keyFormat == FALCON_LEVEL1k) { + if ((*keyFormat == FALCON_LEVEL1k) || ((*keyFormat == 0) && + ((der->length == FALCON_LEVEL1_KEY_SIZE) || + (der->length == FALCON_LEVEL1_PRV_KEY_SIZE)))) { ret = wc_falcon_set_level(key, 1); } - else if (*keyFormat == FALCON_LEVEL5k) { + else if ((*keyFormat == FALCON_LEVEL5k) || ((*keyFormat == 0) && + ((der->length == FALCON_LEVEL5_KEY_SIZE) || + (der->length == FALCON_LEVEL5_PRV_KEY_SIZE)))) { ret = wc_falcon_set_level(key, 5); } else { - /* What if *keyformat is 0? We might want to do something more - * graceful here. */ - /* TODO: get the size of the private key for different formats and - * compare with DER length. */ wc_falcon_free(key); ret = ALGO_ID_E; } @@ -935,6 +913,11 @@ static int ProcessBufferTryDecodeFalcon(WOLFSSL_CTX* ctx, WOLFSSL* ssl, /* Free dynamically allocated data in key. */ wc_falcon_free(key); } + else if ((ret == ALGO_ID_E) && (*keyFormat == 0)) { + WOLFSSL_MSG("Not a Falcon key"); + /* Format unknown so keep trying. */ + ret = 0; + } /* Dispose of allocated key. */ XFREE(key, heap, DYNAMIC_TYPE_FALCON); @@ -977,20 +960,22 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl, ret = wc_dilithium_init(key); if (ret == 0) { /* Set up key to parse the format specified. */ - if (*keyFormat == DILITHIUM_LEVEL2k) { + if ((*keyFormat == DILITHIUM_LEVEL2k) || ((*keyFormat == 0) && + ((der->length == DILITHIUM_LEVEL2_KEY_SIZE) || + (der->length == DILITHIUM_LEVEL2_PRV_KEY_SIZE)))) { ret = wc_dilithium_set_level(key, 2); } - else if (*keyFormat == DILITHIUM_LEVEL3k) { + else if ((*keyFormat == DILITHIUM_LEVEL3k) || ((*keyFormat == 0) && + ((der->length == DILITHIUM_LEVEL3_KEY_SIZE) || + (der->length == DILITHIUM_LEVEL3_PRV_KEY_SIZE)))) { ret = wc_dilithium_set_level(key, 3); } - else if (*keyFormat == DILITHIUM_LEVEL5k) { + else if ((*keyFormat == DILITHIUM_LEVEL5k) || ((*keyFormat == 0) && + ((der->length == DILITHIUM_LEVEL5_KEY_SIZE) || + (der->length == DILITHIUM_LEVEL5_PRV_KEY_SIZE)))) { ret = wc_dilithium_set_level(key, 5); } else { - /* What if *keyformat is 0? We might want to do something more - * graceful here. */ - /* TODO: get the size of the private key for different formats and - * compare with DER length. */ wc_dilithium_free(key); ret = ALGO_ID_E; } @@ -1036,6 +1021,11 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl, /* Free dynamically allocated data in key. */ wc_dilithium_free(key); } + else if ((ret == ALGO_ID_E) && (*keyFormat == 0)) { + WOLFSSL_MSG("Not a Dilithium key"); + /* Format unknown so keep trying. */ + ret = 0; + } /* Dispose of allocated key. */ XFREE(key, heap, DYNAMIC_TYPE_DILITHIUM); @@ -4846,8 +4836,7 @@ int wolfSSL_add0_chain_cert(WOLFSSL* ssl, WOLFSSL_X509* x509) WOLFSSL_ENTER("wolfSSL_add0_chain_cert"); /* Validate parameters. */ - if ((ssl == NULL) || (ssl->ctx == NULL) || (x509 == NULL) || - (x509->derCert == NULL)) { + if ((ssl == NULL) || (x509 == NULL) || (x509->derCert == NULL)) { ret = 0; } @@ -4910,8 +4899,7 @@ int wolfSSL_add1_chain_cert(WOLFSSL* ssl, WOLFSSL_X509* x509) WOLFSSL_ENTER("wolfSSL_add1_chain_cert"); /* Validate parameters. */ - if ((ssl == NULL) || (ssl->ctx == NULL) || (x509 == NULL) || - (x509->derCert == NULL)) { + if ((ssl == NULL) || (x509 == NULL) || (x509->derCert == NULL)) { ret = 0; } @@ -5437,10 +5425,6 @@ int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz, pAlloc = (byte*)XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); gAlloc = (byte*)XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); if ((pAlloc == NULL) || (gAlloc == NULL)) { - XFREE(pAlloc, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); - pAlloc = NULL; - XFREE(gAlloc, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); - gAlloc = NULL; ret = MEMORY_E; } } @@ -5453,12 +5437,10 @@ int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz, ret = wolfssl_ctx_set_tmp_dh(ctx, pAlloc, pSz, gAlloc, gSz); } - if (ret != 1) { + if ((ret != 1) && (ctx != NULL)) { /* Free the allocated buffers if not assigned into SSL context. */ - if (pAlloc) - XFREE(pAlloc, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); - if (gAlloc) - XFREE(gAlloc, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(pAlloc, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(gAlloc, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); } return ret; } @@ -5491,7 +5473,7 @@ long wolfSSL_set_tmp_dh(WOLFSSL *ssl, WOLFSSL_DH *dh) } if (ret == 1) { - /* Get needed size for p and g. */ + /* Get sizes of p and g. */ pSz = wolfSSL_BN_bn2bin(dh->p, NULL); gSz = wolfSSL_BN_bn2bin(dh->g, NULL); /* Validate p and g size. */ @@ -5522,7 +5504,7 @@ long wolfSSL_set_tmp_dh(WOLFSSL *ssl, WOLFSSL_DH *dh) ret = wolfssl_set_tmp_dh(ssl, p, pSz, g, gSz); } - if (ret != 1 && ssl != NULL) { + if ((ret != 1) && (ssl != NULL)) { /* Free the allocated buffers if not assigned into SSL. */ XFREE(p, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); XFREE(g, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); @@ -5557,7 +5539,7 @@ long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh) } if (ret == 1) { - /* Get needed size for p and g. */ + /* Get sizes of p and g. */ pSz = wolfSSL_BN_bn2bin(dh->p, NULL); gSz = wolfSSL_BN_bn2bin(dh->g, NULL); /* Validate p and g size. */ diff --git a/tests/api.c b/tests/api.c index 47c9ac1151..7686e82161 100644 --- a/tests/api.c +++ b/tests/api.c @@ -1700,6 +1700,39 @@ static int test_wolfSSL_CTX_set_cipher_list_bytes(void) } +static int test_wolfSSL_CTX_use_certificate(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || \ + defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || \ + defined(WOLFSSL_NGINX) || defined(HAVE_POCO_LIB) || \ + defined(WOLFSSL_HAPROXY) +#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) + WOLFSSL_CTX* ctx = NULL; + X509* x509 = NULL; + +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); +#else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); +#endif + + ExpectNotNull(x509 = wolfSSL_X509_new()); + + /* Negative tests. */ + ExpectIntEQ(SSL_CTX_use_certificate(NULL, NULL), 0); + ExpectIntEQ(SSL_CTX_use_certificate(ctx, NULL), 0); + ExpectIntEQ(SSL_CTX_use_certificate(NULL, x509), 0); + /* Empty certificate */ + ExpectIntEQ(SSL_CTX_use_certificate(ctx, x509), 0); + + wolfSSL_X509_free(x509); + wolfSSL_CTX_free(ctx); +#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ +#endif + return EXPECT_RESULT(); +} + static int test_wolfSSL_CTX_use_certificate_file(void) { EXPECT_DECLS; @@ -1742,6 +1775,16 @@ static int test_wolfSSL_CTX_use_certificate_ASN1(void) ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + /* Failure cases. */ + ExpectIntEQ(SSL_CTX_use_certificate_ASN1(NULL, 0, NULL ), + WOLFSSL_FAILURE); + ExpectIntEQ(SSL_CTX_use_certificate_ASN1(ctx , 0, NULL ), + WOLFSSL_FAILURE); + ExpectIntEQ(SSL_CTX_use_certificate_ASN1(NULL, 0, server_cert_der_2048), + WOLFSSL_FAILURE); + ExpectIntEQ(SSL_CTX_use_certificate_ASN1(ctx , 0, server_cert_der_2048), + WOLFSSL_FAILURE); + ExpectIntEQ(SSL_CTX_use_certificate_ASN1(ctx, sizeof_server_cert_der_2048, server_cert_der_2048), WOLFSSL_SUCCESS); @@ -1762,11 +1805,20 @@ static int test_wolfSSL_CTX_use_certificate_buffer(void) #if !defined(NO_CERTS) && defined(USE_CERT_BUFFERS_2048) && \ !defined(NO_RSA) && !defined(NO_WOLFSSL_SERVER) WOLFSSL_CTX* ctx = NULL; - int ret; ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); - ExpectIntEQ(ret = wolfSSL_CTX_use_certificate_buffer(ctx, + /* Invalid parameters. */ + ExpectIntEQ(wolfSSL_CTX_use_certificate_buffer(NULL, NULL, 0, + WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_CTX_use_certificate_buffer(ctx, NULL, 0, + WOLFSSL_FILETYPE_ASN1), ASN_PARSE_E); + ExpectIntEQ(wolfSSL_CTX_use_certificate_buffer(NULL, server_cert_der_2048, + 0, WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048, 0, + WOLFSSL_FILETYPE_ASN1), ASN_PARSE_E); + + ExpectIntEQ(wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048, sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); @@ -1776,6 +1828,37 @@ static int test_wolfSSL_CTX_use_certificate_buffer(void) } /* END test_wolfSSL_CTX_use_certificate_buffer */ +static int test_wolfSSL_use_certificate_buffer(void) +{ + EXPECT_DECLS; +#if !defined(NO_CERTS) && defined(USE_CERT_BUFFERS_2048) && \ + !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT) + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectNotNull(ssl = wolfSSL_new(ctx)); + + /* Invalid parameters. */ + ExpectIntEQ(wolfSSL_use_certificate_buffer(NULL, NULL, 0, + WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_use_certificate_buffer(ssl, NULL, 0, + WOLFSSL_FILETYPE_ASN1), ASN_PARSE_E); + ExpectIntEQ(wolfSSL_use_certificate_buffer(NULL, client_cert_der_2048, 0, + WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_use_certificate_buffer(ssl, client_cert_der_2048, 0, + WOLFSSL_FILETYPE_ASN1), ASN_PARSE_E); + + ExpectIntEQ(wolfSSL_use_certificate_buffer(ssl, + client_cert_der_2048, sizeof_client_cert_der_2048, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + static int test_wolfSSL_CTX_use_PrivateKey_file(void) { EXPECT_DECLS; @@ -1806,10 +1889,162 @@ static int test_wolfSSL_CTX_use_PrivateKey_file(void) wolfSSL_CTX_free(ctx); #endif + return EXPECT_RESULT(); +} +static int test_wolfSSL_CTX_use_RSAPrivateKey_file(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ + !defined(NO_WOLFSSL_SERVER) && defined(OPENSSL_EXTRA) + WOLFSSL_CTX *ctx = NULL; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + + /* invalid context */ + ExpectIntEQ(wolfSSL_CTX_use_RSAPrivateKey_file(NULL, svrKeyFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_FAILURE); + /* invalid key file */ + ExpectIntEQ(wolfSSL_CTX_use_RSAPrivateKey_file(ctx, bogusFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_FAILURE); + /* invalid key type */ + ExpectIntEQ(wolfSSL_CTX_use_RSAPrivateKey_file(ctx, svrKeyFile, 9999), + WOLFSSL_FAILURE); + + /* success */ +#ifdef NO_RSA + /* rsa needed */ + ExpectIntEQ(wolfSSL_CTX_use_RSAPrivateKey_file(ctx, svrKeyFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_FAILURE); +#else + /* success */ + ExpectIntEQ(wolfSSL_CTX_use_RSAPrivateKey_file(ctx, svrKeyFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); +#endif + + wolfSSL_CTX_free(ctx); +#endif return EXPECT_RESULT(); } +static int test_wolfSSL_use_RSAPrivateKey_file(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ + !defined(NO_WOLFSSL_CLIENT) && defined(OPENSSL_EXTRA) + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectNotNull(ssl = SSL_new(ctx)); + + /* invalid context */ + ExpectIntEQ(wolfSSL_use_RSAPrivateKey_file(NULL, svrKeyFile, + WOLFSSL_FILETYPE_PEM), BAD_FUNC_ARG); + /* invalid key file */ + ExpectIntEQ(wolfSSL_use_RSAPrivateKey_file(ssl, bogusFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_FAILURE); + /* invalid key type */ + ExpectIntEQ(wolfSSL_use_RSAPrivateKey_file(ssl, svrKeyFile, 9999), + WOLFSSL_FAILURE); + + /* success */ +#ifdef NO_RSA + /* rsa needed */ + ExpectIntEQ(wolfSSL_use_RSAPrivateKey_file(ssl, svrKeyFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_FAILURE); +#else + /* success */ + ExpectIntEQ(wolfSSL_use_RSAPrivateKey_file(ssl, svrKeyFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); +#endif + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CTX_use_PrivateKey(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ + !defined(NO_WOLFSSL_SERVER) && defined(OPENSSL_EXTRA) + WOLFSSL_CTX *ctx = NULL; + WOLFSSL_EVP_PKEY* pkey = NULL; + const unsigned char* p; + + (void)p; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(NULL, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(NULL, pkey), WOLFSSL_FAILURE); + /* No data. */ + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_FAILURE); + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; + +#if defined(USE_CERT_BUFFERS_2048) +#if !defined(NO_RSA) + p = client_key_der_2048; + ExpectNotNull(pkey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &p, + sizeof_client_key_der_2048)); +#if defined(WOLFSSL_KEY_GEN) + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_SUCCESS); +#else + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_FAILURE); +#endif + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; +#endif +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH) +#ifndef NO_DSA + p = dsa_key_der_2048; + ExpectNotNull(pkey = d2i_PrivateKey(EVP_PKEY_DSA, NULL, &p, + sizeof_dsa_key_der_2048)); +#if !defined(HAVE_SELFTEST) && (defined(WOLFSSL_KEY_GEN) || \ + defined(WOLFSSL_CERT_GEN)) + /* Not supported in ProcessBuffer. */ + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_BAD_FILE); +#else + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_FAILURE); +#endif + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; +#endif +#endif /* WOLFSSL_QT || OPENSSL_ALL || WOLFSSL_OPENSSH */ +#if !defined(NO_DH) && defined(OPENSSL_ALL) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) + p = dh_ffdhe_statickey_der_2048; + ExpectNotNull(pkey = d2i_PrivateKey(EVP_PKEY_DH, NULL, &p, + sizeof_dh_ffdhe_statickey_der_2048)); + /* Not supported. */ + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_FAILURE); + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; +#endif +#endif /* USE_CERT_BUFFERS_2048 */ +#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) + p = ecc_clikey_der_256; + ExpectNotNull(pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &p, + sizeof_ecc_clikey_der_256)); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_SUCCESS); + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; +#endif + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, + (unsigned char*)"01234567012345670123456701234567", 32)); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_FAILURE); + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; + + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} /* test both file and buffer versions along with unloading trusted peer certs */ static int test_wolfSSL_CTX_trust_peer_cert(void) @@ -4367,8 +4602,7 @@ static int test_wolfSSL_CTX_load_verify_locations_ex(void) static int test_wolfSSL_CTX_load_verify_buffer_ex(void) { EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ - defined(USE_CERT_BUFFERS_2048) +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) WOLFSSL_CTX* ctx; const char* ca_expired_cert_file = "./certs/test/expired/expired-ca.der"; @@ -4383,11 +4617,13 @@ static int test_wolfSSL_CTX_load_verify_buffer_ex(void) #endif ExpectNotNull(ctx); +#if defined(USE_CERT_BUFFERS_2048) /* test good CA */ ExpectTrue(WOLFSSL_SUCCESS == wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_cert_der_2048, sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1, 0, WOLFSSL_LOAD_FLAG_NONE)); +#endif /* load expired CA */ XMEMSET(ca_expired_cert, 0, sizeof(ca_expired_cert)); @@ -4414,6 +4650,16 @@ static int test_wolfSSL_CTX_load_verify_buffer_ex(void) sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0, WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), WOLFSSL_SUCCESS); + /* Fail when ctx is NULL. */ + ExpectIntEQ(wolfSSL_CTX_load_verify_buffer_ex(NULL, ca_expired_cert, + sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0, + WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), BAD_FUNC_ARG); + /* Load as modified cert - bad initial length. */ + ca_expired_cert[2] = 0x7f; + ExpectIntEQ(wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert, + sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 1, + WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), ASN_PARSE_E); + wolfSSL_CTX_free(ctx); #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif @@ -4425,7 +4671,7 @@ static int test_wolfSSL_CTX_load_verify_chain_buffer_format(void) { EXPECT_DECLS; #if !defined(NO_CERTS) && !defined(NO_RSA) && defined(OPENSSL_EXTRA) && \ - defined(WOLFSSL_CERT_GEN) && defined(USE_CERT_BUFFERS_2048) && \ + defined(USE_CERT_BUFFERS_2048) && (WOLFSSL_MIN_RSA_BITS <= 1024) && \ (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) WOLFSSL_CTX* ctx = NULL; @@ -4435,9 +4681,10 @@ static int test_wolfSSL_CTX_load_verify_chain_buffer_format(void) ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #endif - ExpectTrue(WOLFSSL_SUCCESS == wolfSSL_CTX_load_verify_chain_buffer_format( - ctx, ca_cert_chain_der, sizeof_ca_cert_chain_der, - WOLFSSL_FILETYPE_ASN1)); + /* Public key 140 bytes??? */ + ExpectIntEQ(wolfSSL_CTX_load_verify_chain_buffer_format(ctx, + ca_cert_chain_der, sizeof_ca_cert_chain_der, WOLFSSL_FILETYPE_ASN1), + WOLFSSL_SUCCESS); wolfSSL_CTX_free(ctx); #endif @@ -4466,9 +4713,29 @@ static int test_wolfSSL_CTX_add1_chain_cert(void) ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); ExpectNotNull(ssl = wolfSSL_new(ctx)); + ExpectNotNull(x509 = wolfSSL_X509_new()); + ExpectIntEQ(SSL_CTX_add1_chain_cert(ctx, x509), 0); + ExpectIntEQ(SSL_CTX_add0_chain_cert(ctx, x509), 0); + ExpectIntEQ(SSL_add1_chain_cert(ssl, x509), 0); + ExpectIntEQ(SSL_add0_chain_cert(ssl, x509), 0); + wolfSSL_X509_free(x509); + x509 = NULL; + for (cert = certChain; EXPECT_SUCCESS() && *cert != NULL; cert++) { ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(*cert, WOLFSSL_FILETYPE_PEM)); + + /* Do negative tests once */ + if (cert == certChain) { + /* Negative tests. */ + ExpectIntEQ(SSL_CTX_add1_chain_cert(NULL, NULL), 0); + ExpectIntEQ(SSL_CTX_add1_chain_cert(ctx, NULL), 0); + ExpectIntEQ(SSL_CTX_add1_chain_cert(NULL, x509), 0); + ExpectIntEQ(SSL_CTX_add0_chain_cert(NULL, NULL), 0); + ExpectIntEQ(SSL_CTX_add0_chain_cert(ctx, NULL), 0); + ExpectIntEQ(SSL_CTX_add0_chain_cert(NULL, x509), 0); + } + ExpectIntEQ(SSL_CTX_add1_chain_cert(ctx, x509), 1); X509_free(x509); x509 = NULL; @@ -4476,6 +4743,18 @@ static int test_wolfSSL_CTX_add1_chain_cert(void) for (cert = certChain; EXPECT_SUCCESS() && *cert != NULL; cert++) { ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(*cert, WOLFSSL_FILETYPE_PEM)); + + /* Do negative tests once */ + if (cert == certChain) { + /* Negative tests. */ + ExpectIntEQ(SSL_add1_chain_cert(NULL, NULL), 0); + ExpectIntEQ(SSL_add1_chain_cert(ssl, NULL), 0); + ExpectIntEQ(SSL_add1_chain_cert(NULL, x509), 0); + ExpectIntEQ(SSL_add0_chain_cert(NULL, NULL), 0); + ExpectIntEQ(SSL_add0_chain_cert(ssl, NULL), 0); + ExpectIntEQ(SSL_add0_chain_cert(NULL, x509), 0); + } + ExpectIntEQ(SSL_add1_chain_cert(ssl, x509), 1); X509_free(x509); x509 = NULL; @@ -4492,6 +4771,69 @@ static int test_wolfSSL_CTX_add1_chain_cert(void) return EXPECT_RESULT(); } +static int test_wolfSSL_CTX_use_certificate_chain_buffer_format(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ + !defined(NO_WOLFSSL_CLIENT) && defined(USE_CERT_BUFFERS_2048) + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + const char* cert = "./certs/server-cert.pem"; + unsigned char* buf = NULL; + size_t len; + + ExpectIntEQ(load_file(cert, &buf, &len), 0); + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectNotNull(ssl = wolfSSL_new(ctx)); + + /* Invalid parameters. */ + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer_format(NULL, + NULL, 0, WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, + NULL, 0, WOLFSSL_FILETYPE_ASN1), ASN_PARSE_E); + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer_format(NULL, + server_cert_der_2048, sizeof_server_cert_der_2048, + WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(NULL, NULL, 0), + BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(ctx, NULL, 0), + ASN_NO_PEM_HEADER); + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(NULL, buf, (long)len), + BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(NULL, NULL, 0), + BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(ssl, NULL, 0), + ASN_NO_PEM_HEADER); + ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(NULL, buf, (long)len), + BAD_FUNC_ARG); + + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, + server_cert_der_2048, sizeof_server_cert_der_2048, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, buf, + (long)len, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(ctx, buf, (long)len), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(ctx, + server_cert_der_2048, sizeof_server_cert_der_2048), ASN_NO_PEM_HEADER); + + ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(ssl, buf, (long)len), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(ssl, server_cert_der_2048, + sizeof_server_cert_der_2048), ASN_NO_PEM_HEADER); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); + if (buf != NULL) { + free(buf); + } +#endif + return EXPECT_RESULT(); +} + static int test_wolfSSL_CTX_use_certificate_chain_file_format(void) { EXPECT_DECLS; @@ -4499,18 +4841,17 @@ static int test_wolfSSL_CTX_use_certificate_chain_file_format(void) (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) const char* server_chain_der = "./certs/server-cert-chain.der"; const char* client_single_pem = "./certs/client-cert.pem"; - WOLFSSL_CTX* ctx; + WOLFSSL_CTX* ctx = NULL; (void)server_chain_der; (void)client_single_pem; (void)ctx; #ifndef NO_WOLFSSL_CLIENT - ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #else - ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #endif - ExpectNotNull(ctx); ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_file_format(ctx, server_chain_der, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); @@ -4522,12 +4863,58 @@ static int test_wolfSSL_CTX_use_certificate_chain_file_format(void) return EXPECT_RESULT(); } +static int test_wolfSSL_use_certificate_chain_file(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ + !defined(NO_WOLFSSL_CLIENT) + const char* server_chain_der = "./certs/server-cert-chain.der"; + const char* client_single_pem = "./certs/client-cert.pem"; + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + + (void)server_chain_der; + (void)client_single_pem; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectNotNull(ssl = wolfSSL_new(ctx)); + + /* Invalid parameters. */ + ExpectIntEQ(wolfSSL_use_certificate_chain_file_format(NULL, NULL, + WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_use_certificate_chain_file_format(ssl, NULL, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_use_certificate_chain_file_format(NULL, + server_chain_der, WOLFSSL_FILETYPE_ASN1), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_use_certificate_chain_file(NULL, NULL), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_use_certificate_chain_file(ssl, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_use_certificate_chain_file(NULL, client_single_pem), + BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_use_certificate_chain_file(ssl, server_chain_der), + WOLFSSL_FAILURE); + + ExpectIntEQ(wolfSSL_use_certificate_chain_file_format(ssl, + server_chain_der, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_use_certificate_chain_file_format(ssl, + client_single_pem, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_use_certificate_chain_file(ssl, client_single_pem), + WOLFSSL_SUCCESS); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + static int test_wolfSSL_CTX_SetTmpDH_file(void) { EXPECT_DECLS; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_DH) && \ (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) WOLFSSL_CTX *ctx = NULL; +#if defined(WOLFSSL_WPAS) && !defined(NO_DSA) + const char* dsaParamFile = "./certs/dsaparams.pem"; +#endif (void)ctx; @@ -4551,6 +4938,10 @@ static int test_wolfSSL_CTX_SetTmpDH_file(void) /* success */ ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dhParamFile, WOLFSSL_FILETYPE_PEM)); +#if defined(WOLFSSL_WPAS) && !defined(NO_DSA) + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dsaParamFile, + WOLFSSL_FILETYPE_PEM)); +#endif wolfSSL_CTX_free(ctx); #endif @@ -4578,11 +4969,17 @@ static int test_wolfSSL_CTX_SetTmpDH_buffer(void) /* invalid dhParamFile file */ ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(NULL, NULL, 0, WOLFSSL_FILETYPE_ASN1)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, NULL, + 0, WOLFSSL_FILETYPE_ASN1)); ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dsa_key_der_2048, sizeof_dsa_key_der_2048, WOLFSSL_FILETYPE_ASN1)); + /* invalid file format */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, + dh_key_der_2048, sizeof_dh_key_der_2048, -1)); + /* success */ ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048, sizeof_dh_key_der_2048, @@ -4943,6 +5340,10 @@ static int test_wolfSSL_SetTmpDH_file(void) !defined(NO_WOLFSSL_SERVER) WOLFSSL_CTX *ctx = NULL; WOLFSSL *ssl = NULL; + const char* dhX942ParamFile = "./certs/x942dh2048.pem"; +#if defined(WOLFSSL_WPAS) && !defined(NO_DSA) + const char* dsaParamFile = "./certs/dsaparams.pem"; +#endif ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #ifndef NO_RSA @@ -4981,6 +5382,12 @@ static int test_wolfSSL_SetTmpDH_file(void) /* success */ ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl, dhX942ParamFile, + WOLFSSL_FILETYPE_PEM)); +#if defined(WOLFSSL_WPAS) && !defined(NO_DSA) + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dsaParamFile, + WOLFSSL_FILETYPE_PEM)); +#endif wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); @@ -5010,6 +5417,8 @@ static int test_wolfSSL_SetTmpDH_buffer(void) /* invalid dhParamFile file */ ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(NULL, NULL, 0, WOLFSSL_FILETYPE_ASN1)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, NULL, 0, + WOLFSSL_FILETYPE_ASN1)); ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dsa_key_der_2048, sizeof_dsa_key_der_2048, WOLFSSL_FILETYPE_ASN1)); @@ -41821,7 +42230,7 @@ static int test_wolfSSL_ASN1_STRING_to_UTF8(void) ExpectNotNull(file = fopen("./certs/server-cert.pem", "rb")); ExpectNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL)); - if (file != NULL) + if (file != XBADFILE) fclose(file); /* wolfSSL_ASN1_STRING_to_UTF8(): NID_commonName */ @@ -44163,8 +44572,8 @@ static int test_wolfSSL_certs(void) #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ !defined(NO_RSA) X509* x509ext = NULL; -#ifdef OPENSSL_ALL X509* x509 = NULL; +#ifdef OPENSSL_ALL WOLFSSL_X509_EXTENSION* ext = NULL; ASN1_OBJECT* obj = NULL; #endif @@ -44193,6 +44602,14 @@ static int test_wolfSSL_certs(void) #endif ExpectNotNull(ssl = SSL_new(ctx)); + /* Invalid parameters. */ + ExpectIntEQ(SSL_use_certificate_file(NULL, NULL, WOLFSSL_FILETYPE_PEM), + BAD_FUNC_ARG); + ExpectIntEQ(SSL_use_certificate_file(ssl, NULL, WOLFSSL_FILETYPE_PEM), + WOLFSSL_FAILURE); + ExpectIntEQ(SSL_use_certificate_file(NULL, "./certs/server-cert.pem", + WOLFSSL_FILETYPE_PEM), BAD_FUNC_ARG); + #if !defined(NO_CHECK_PRIVATE_KEY) ExpectIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); #endif @@ -44201,6 +44618,16 @@ static int test_wolfSSL_certs(void) ExpectIntEQ((int)SSL_set_tlsext_debug_arg(ssl, NULL), WOLFSSL_SUCCESS); #endif /* HAVE_PK_CALLBACKS */ + /* Invalid parameters. */ + ExpectNotNull(x509 = wolfSSL_X509_new()); + ExpectIntEQ(SSL_use_certificate(NULL, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(SSL_use_certificate(ssl, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(SSL_use_certificate(NULL, x509), WOLFSSL_FAILURE); + /* No data in certificate. */ + ExpectIntEQ(SSL_use_certificate(ssl, x509), WOLFSSL_FAILURE); + wolfSSL_X509_free(x509); + x509 = NULL; + /* create and use x509 */ #ifdef OPENSSL_ALL ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, @@ -44217,6 +44644,15 @@ static int test_wolfSSL_certs(void) #if defined(USE_CERT_BUFFERS_2048) + /* Invalid parameters. */ + ExpectIntEQ(SSL_use_certificate_ASN1(NULL, NULL, 0), WOLFSSL_FAILURE); + ExpectIntEQ(SSL_use_certificate_ASN1(ssl, NULL, 0), WOLFSSL_FAILURE); + ExpectIntEQ(SSL_use_certificate_ASN1(NULL, + (unsigned char*)server_cert_der_2048, 0), WOLFSSL_FAILURE); + /* No data. */ + ExpectIntEQ(SSL_use_certificate_ASN1(ssl, + (unsigned char*)server_cert_der_2048, 0), WOLFSSL_FAILURE); + ExpectIntEQ(SSL_use_certificate_ASN1(ssl, (unsigned char*)server_cert_der_2048, sizeof_server_cert_der_2048), WOLFSSL_SUCCESS); @@ -44468,13 +44904,15 @@ static int test_wolfSSL_private_keys(void) #else ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); #endif - ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); + ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, + WOLFSSL_FILETYPE_PEM)); /* Have to load a cert before you can check the private key against that * certificates public key! */ #if !defined(NO_CHECK_PRIVATE_KEY) ExpectIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_FAILURE); #endif - ExpectTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); + ExpectTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, + WOLFSSL_FILETYPE_PEM)); #if !defined(NO_CHECK_PRIVATE_KEY) ExpectIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS); #endif @@ -44484,12 +44922,34 @@ static int test_wolfSSL_private_keys(void) ExpectIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); #endif + /* Invalid parameters. */ + ExpectIntEQ(SSL_use_PrivateKey_file(NULL, NULL, WOLFSSL_FILETYPE_PEM), + BAD_FUNC_ARG); + ExpectIntEQ(SSL_use_PrivateKey_file(NULL, svrKeyFile, WOLFSSL_FILETYPE_PEM), + BAD_FUNC_ARG); + ExpectIntEQ(SSL_use_PrivateKey_file(ssl, NULL, WOLFSSL_FILETYPE_PEM), + WOLFSSL_FAILURE); + #ifdef USE_CERT_BUFFERS_2048 { const unsigned char* server_key = (const unsigned char*)server_key_der_2048; unsigned char buf[FOURK_BUF]; word32 bufSz; + /* Invalid parameters. */ + ExpectIntEQ(SSL_use_RSAPrivateKey_ASN1(NULL, NULL, 0), WOLFSSL_FAILURE); + ExpectIntEQ(SSL_use_RSAPrivateKey_ASN1(ssl, NULL, 0), WOLFSSL_FAILURE); + ExpectIntEQ(SSL_use_RSAPrivateKey_ASN1(NULL, + (unsigned char*)client_key_der_2048, 0), WOLFSSL_FAILURE); + ExpectIntEQ(SSL_use_PrivateKey_ASN1(0, NULL, NULL, 0), WOLFSSL_FAILURE); + ExpectIntEQ(SSL_use_PrivateKey_ASN1(0, ssl, NULL, 0), WOLFSSL_FAILURE); + ExpectIntEQ(SSL_use_PrivateKey_ASN1(0, NULL, (unsigned char*)server_key, 0), + WOLFSSL_FAILURE); + ExpectIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, NULL, NULL, 0), WOLFSSL_FAILURE); + ExpectIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx, NULL, 0), WOLFSSL_FAILURE); + ExpectIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, NULL, (unsigned char*)server_key, + 0), WOLFSSL_FAILURE); + ExpectIntEQ(SSL_use_RSAPrivateKey_ASN1(ssl, (unsigned char*)client_key_der_2048, sizeof_client_key_der_2048), WOLFSSL_SUCCESS); @@ -44524,8 +44984,15 @@ static int test_wolfSSL_private_keys(void) ExpectIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS); #endif - /* pkey not set yet, expecting to fail */ - ExpectIntEQ(SSL_use_PrivateKey(ssl, pkey), WOLFSSL_FAILURE); + /* Invalid parameters. */ + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + ExpectIntEQ(SSL_use_PrivateKey(NULL, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(SSL_use_PrivateKey(ssl, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(SSL_use_PrivateKey(NULL, pkey), WOLFSSL_FAILURE); + /* pkey is empty - no key data to use. */ + ExpectIntEQ(SSL_use_PrivateKey(ssl, pkey), ASN_PARSE_E); + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; /* set PKEY and test again */ ExpectNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, @@ -45896,33 +46363,127 @@ static int test_wolfSSL_tmp_dh(void) { EXPECT_DECLS; #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ - !defined(NO_DSA) && !defined(NO_RSA) && !defined(NO_DH) && !defined(NO_BIO) + !defined(NO_RSA) && !defined(NO_DH) && !defined(NO_BIO) #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) byte buff[6000]; + static const unsigned char p[] = { + 0xb0, 0xa1, 0x08, 0x06, 0x9c, 0x08, 0x13, 0xba, + 0x59, 0x06, 0x3c, 0xbc, 0x30, 0xd5, 0xf5, 0x00, + 0xc1, 0x4f, 0x44, 0xa7, 0xd6, 0xef, 0x4a, 0xc6, + 0x25, 0x27, 0x1c, 0xe8, 0xd2, 0x96, 0x53, 0x0a, + 0x5c, 0x91, 0xdd, 0xa2, 0xc2, 0x94, 0x84, 0xbf, + 0x7d, 0xb2, 0x44, 0x9f, 0x9b, 0xd2, 0xc1, 0x8a, + 0xc5, 0xbe, 0x72, 0x5c, 0xa7, 0xe7, 0x91, 0xe6, + 0xd4, 0x9f, 0x73, 0x07, 0x85, 0x5b, 0x66, 0x48, + 0xc7, 0x70, 0xfa, 0xb4, 0xee, 0x02, 0xc9, 0x3d, + 0x9a, 0x4a, 0xda, 0x3d, 0xc1, 0x46, 0x3e, 0x19, + 0x69, 0xd1, 0x17, 0x46, 0x07, 0xa3, 0x4d, 0x9f, + 0x2b, 0x96, 0x17, 0x39, 0x6d, 0x30, 0x8d, 0x2a, + 0xf3, 0x94, 0xd3, 0x75, 0xcf, 0xa0, 0x75, 0xe6, + 0xf2, 0x92, 0x1f, 0x1a, 0x70, 0x05, 0xaa, 0x04, + 0x83, 0x57, 0x30, 0xfb, 0xda, 0x76, 0x93, 0x38, + 0x50, 0xe8, 0x27, 0xfd, 0x63, 0xee, 0x3c, 0xe5, + 0xb7, 0xc8, 0x09, 0xae, 0x6f, 0x50, 0x35, 0x8e, + 0x84, 0xce, 0x4a, 0x00, 0xe9, 0x12, 0x7e, 0x5a, + 0x31, 0xd7, 0x33, 0xfc, 0x21, 0x13, 0x76, 0xcc, + 0x16, 0x30, 0xdb, 0x0c, 0xfc, 0xc5, 0x62, 0xa7, + 0x35, 0xb8, 0xef, 0xb7, 0xb0, 0xac, 0xc0, 0x36, + 0xf6, 0xd9, 0xc9, 0x46, 0x48, 0xf9, 0x40, 0x90, + 0x00, 0x2b, 0x1b, 0xaa, 0x6c, 0xe3, 0x1a, 0xc3, + 0x0b, 0x03, 0x9e, 0x1b, 0xc2, 0x46, 0xe4, 0x48, + 0x4e, 0x22, 0x73, 0x6f, 0xc3, 0x5f, 0xd4, 0x9a, + 0xd6, 0x30, 0x07, 0x48, 0xd6, 0x8c, 0x90, 0xab, + 0xd4, 0xf6, 0xf1, 0xe3, 0x48, 0xd3, 0x58, 0x4b, + 0xa6, 0xb9, 0xcd, 0x29, 0xbf, 0x68, 0x1f, 0x08, + 0x4b, 0x63, 0x86, 0x2f, 0x5c, 0x6b, 0xd6, 0xb6, + 0x06, 0x65, 0xf7, 0xa6, 0xdc, 0x00, 0x67, 0x6b, + 0xbb, 0xc3, 0xa9, 0x41, 0x83, 0xfb, 0xc7, 0xfa, + 0xc8, 0xe2, 0x1e, 0x7e, 0xaf, 0x00, 0x3f, 0x93 + }; + int pSz = (int)sizeof(p); +#if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) + static const unsigned char bad_p[] = { + 0xb0, 0xa1, 0x08, 0x06, 0x9c, 0x08, 0x13, 0xba, + 0x59, 0x06, 0x3c, 0xbc, 0x30, 0xd5, 0xf5, 0x00, + 0xc1, 0x4f, 0x44, 0xa7, 0xd6, 0xef, 0x4a, 0xc6, + 0x25, 0x27, 0x1c, 0xe8, 0xd2, 0x96, 0x53, 0x0a, + 0x5c, 0x91, 0xdd, 0xa2, 0xc2, 0x94, 0x84, 0xbf, + 0x7d, 0xb2, 0x44, 0x9f, 0x9b, 0xd2, 0xc1, 0x8a, + 0xc5, 0xbe, 0x72, 0x5c, 0xa7, 0xe7, 0x91, 0xe6, + 0xd4, 0x9f, 0x73, 0x07, 0x85, 0x5b, 0x66, 0x48, + 0xc7, 0x70, 0xfa, 0xb4, 0xee, 0x02, 0xc9, 0x3d, + 0x9a, 0x4a, 0xda, 0x3d, 0xc1, 0x46, 0x3e, 0x19, + 0x69, 0xd1, 0x17, 0x46, 0x07, 0xa3, 0x4d, 0x9f, + 0x2b, 0x96, 0x17, 0x39, 0x6d, 0x30, 0x8d, 0x2a, + 0xf3, 0x94, 0xd3, 0x75, 0xcf, 0xa0, 0x75, 0xe6, + 0xf2, 0x92, 0x1f, 0x1a, 0x70, 0x05, 0xaa, 0x04, + 0x83, 0x57, 0x30, 0xfb, 0xda, 0x76, 0x93, 0x38, + 0x50, 0xe8, 0x27, 0xfd, 0x63, 0xee, 0x3c, 0xe5, + 0xb7, 0xc8, 0x09, 0xae, 0x6f, 0x50, 0x35, 0x8e, + 0x84, 0xce, 0x4a, 0x00, 0xe9, 0x12, 0x7e, 0x5a, + 0x31, 0xd7, 0x33, 0xfc, 0x21, 0x13, 0x76, 0xcc, + 0x16, 0x30, 0xdb, 0x0c, 0xfc, 0xc5, 0x62, 0xa7, + 0x35, 0xb8, 0xef, 0xb7, 0xb0, 0xac, 0xc0, 0x36, + 0xf6, 0xd9, 0xc9, 0x46, 0x48, 0xf9, 0x40, 0x90, + 0x00, 0x2b, 0x1b, 0xaa, 0x6c, 0xe3, 0x1a, 0xc3, + 0x0b, 0x03, 0x9e, 0x1b, 0xc2, 0x46, 0xe4, 0x48, + 0x4e, 0x22, 0x73, 0x6f, 0xc3, 0x5f, 0xd4, 0x9a, + 0xd6, 0x30, 0x07, 0x48, 0xd6, 0x8c, 0x90, 0xab, + 0xd4, 0xf6, 0xf1, 0xe3, 0x48, 0xd3, 0x58, 0x4b, + 0xa6, 0xb9, 0xcd, 0x29, 0xbf, 0x68, 0x1f, 0x08, + 0x4b, 0x63, 0x86, 0x2f, 0x5c, 0x6b, 0xd6, 0xb6, + 0x06, 0x65, 0xf7, 0xa6, 0xdc, 0x00, 0x67, 0x6b, + 0xbb, 0xc3, 0xa9, 0x41, 0x83, 0xfb, 0xc7, 0xfa, + 0xc8, 0xe2, 0x1e, 0x7e, 0xaf, 0x00, 0x3f, 0x91 + }; +#endif + static const unsigned char g[] = { 0x02 }; + int gSz = (int)sizeof(g); +#if !defined(NO_DSA) char file[] = "./certs/dsaparams.pem"; + DSA* dsa = NULL; +#else + char file[] = "./certs/dh2048.pem"; +#endif XFILE f = XBADFILE; int bytes = 0; - DSA* dsa = NULL; DH* dh = NULL; -#if defined(WOLFSSL_DH_EXTRA) && \ - (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH)) DH* dh2 = NULL; -#endif BIO* bio = NULL; SSL* ssl = NULL; SSL_CTX* ctx = NULL; +#ifndef NO_WOLFSSL_CLIENT + SSL* ssl_c = NULL; + SSL_CTX* ctx_c = NULL; +#endif #ifndef NO_WOLFSSL_SERVER ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); -#else - ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); +#endif +#ifndef NO_WOLFSSL_CLIENT + ExpectNotNull(ctx_c = SSL_CTX_new(wolfSSLv23_client_method())); +#ifdef NO_WOLFSSL_SERVER + ctx = ctx_c; +#endif #endif ExpectTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); ExpectNotNull(ssl = SSL_new(ctx)); +#ifndef NO_WOLFSSL_CLIENT + ExpectTrue(SSL_CTX_use_certificate_file(ctx_c, svrCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx_c, svrKeyFile, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(ssl_c = SSL_new(ctx_c)); +#ifdef NO_WOLFSSL_SERVER + ssl = ssl_c; +#endif +#endif + XMEMSET(buff, 0, sizeof(buff)); ExpectTrue((f = XFOPEN(file, "rb")) != XBADFILE); ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0); if (f != XBADFILE) @@ -45930,16 +46491,91 @@ static int test_wolfSSL_tmp_dh(void) ExpectNotNull(bio = BIO_new_mem_buf((void*)buff, bytes)); +#if !defined(NO_DSA) dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL); ExpectNotNull(dsa); dh = wolfSSL_DSA_dup_DH(dsa); +#else + dh = wolfSSL_PEM_read_bio_DHparams(bio, NULL, NULL, NULL); +#endif ExpectNotNull(dh); #if defined(WOLFSSL_DH_EXTRA) && \ (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH)) ExpectNotNull(dh2 = wolfSSL_DH_dup(dh)); + DH_free(dh2); + dh2 = NULL; #endif + /* Failure cases */ + ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(NULL, NULL, 0, NULL, 0), + BAD_FUNC_ARG); + ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx , NULL, 0, NULL, 0), + BAD_FUNC_ARG); + ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(NULL, p , 0, NULL, 0), + BAD_FUNC_ARG); + ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(NULL, NULL, 0, g , 0), + BAD_FUNC_ARG); + ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx , p , 0, NULL, 0), + BAD_FUNC_ARG); + ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx , NULL, 0, g , 0), + BAD_FUNC_ARG); + ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(NULL, p , 0, g , 0), + BAD_FUNC_ARG); + ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx , p , 1, g , 1), + DH_KEY_SIZE_E); + ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx , buff, 6000, g , 1), + DH_KEY_SIZE_E); +#if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) + ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx, bad_p, pSz, g, gSz), + DH_CHECK_PUB_E); +#endif + ExpectIntEQ((int)wolfSSL_SetTmpDH(NULL, NULL, 0, NULL, 0), + WOLFSSL_FAILURE); + ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl , NULL, 0, NULL, 0), + WOLFSSL_FAILURE); + ExpectIntEQ((int)wolfSSL_SetTmpDH(NULL, p , 0, NULL, 0), + WOLFSSL_FAILURE); + ExpectIntEQ((int)wolfSSL_SetTmpDH(NULL, NULL, 0, g , 0), + WOLFSSL_FAILURE); + ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl , p , 0, NULL, 0), + WOLFSSL_FAILURE); + ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl , NULL, 0, g , 0), + WOLFSSL_FAILURE); + ExpectIntEQ((int)wolfSSL_SetTmpDH(NULL, p , 0, g , 0), + WOLFSSL_FAILURE); + ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl , p , 1, g , 1), + DH_KEY_SIZE_E); + ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl , buff, 6000, g , 1), + DH_KEY_SIZE_E); +#if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) +#ifndef NO_WOLFSSL_SERVER + /* Parameters will be tested later so it passes now. */ + ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl, bad_p, pSz, g, gSz), + WOLFSSL_SUCCESS); +#endif +#endif +#ifndef NO_WOLFSSL_CLIENT + ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl_c, p, pSz, g, gSz), + SIDE_ERROR); +#endif + ExpectIntEQ((int)SSL_CTX_set_tmp_dh(NULL, NULL), BAD_FUNC_ARG); + ExpectIntEQ((int)SSL_CTX_set_tmp_dh(ctx , NULL), BAD_FUNC_ARG); + ExpectIntEQ((int)SSL_CTX_set_tmp_dh(NULL, dh ), BAD_FUNC_ARG); + ExpectIntEQ((int)SSL_set_tmp_dh(NULL, NULL), BAD_FUNC_ARG); + ExpectIntEQ((int)SSL_set_tmp_dh(ssl , NULL), BAD_FUNC_ARG); + ExpectIntEQ((int)SSL_set_tmp_dh(NULL, dh ), BAD_FUNC_ARG); + /* No p/g to use. */ + dh2 = wolfSSL_DH_new(); + ExpectIntEQ((int)SSL_CTX_set_tmp_dh(ctx , dh2 ), WOLFSSL_FATAL_ERROR); + ExpectIntEQ((int)SSL_set_tmp_dh(ssl , dh2 ), WOLFSSL_FATAL_ERROR); + DH_free(dh2); + dh2 = NULL; + + ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx, p, pSz, g, gSz), + WOLFSSL_SUCCESS); ExpectIntEQ((int)SSL_CTX_set_tmp_dh(ctx, dh), WOLFSSL_SUCCESS); #ifndef NO_WOLFSSL_SERVER ExpectIntEQ((int)SSL_set_tmp_dh(ssl, dh), WOLFSSL_SUCCESS); @@ -45948,15 +46584,22 @@ static int test_wolfSSL_tmp_dh(void) #endif BIO_free(bio); +#if !defined(NO_DSA) DSA_free(dsa); +#endif DH_free(dh); dh = NULL; -#if defined(WOLFSSL_DH_EXTRA) && \ - (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH)) - DH_free(dh2); - dh2 = NULL; +#ifndef NO_WOLFSSL_CLIENT + if (ssl != ssl_c) { + SSL_free(ssl_c); + } #endif SSL_free(ssl); +#ifndef NO_WOLFSSL_CLIENT + if (ctx != ctx_c) { + SSL_CTX_free(ctx_c); + } +#endif SSL_CTX_free(ctx); #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif @@ -46744,8 +47387,20 @@ static int test_wolfSSL_CTX_add_extra_chain_cert(void) ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(caFile, WOLFSSL_FILETYPE_PEM)); + + /* Negative tests. */ + ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(NULL, NULL), WOLFSSL_FAILURE); + ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, NULL), WOLFSSL_FAILURE); + ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(NULL, x509), WOLFSSL_FAILURE); + ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), WOLFSSL_SUCCESS); + ExpectNotNull(x509 = wolfSSL_X509_new()); + /* Empty certificate. */ + ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), WOLFSSL_FAILURE); + wolfSSL_X509_free(x509); + x509 = NULL; + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(clientFile, WOLFSSL_FILETYPE_PEM)); @@ -46834,7 +47489,6 @@ static int test_wolfSSL_CTX_add_extra_chain_cert(void) return EXPECT_RESULT(); } - #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) static int test_wolfSSL_ERR_peek_last_error_line(void) { @@ -58553,7 +59207,10 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void) ExpectNull(d2i_RSAPrivateKey_bio(NULL, NULL)); /* RSA not set yet, expecting to fail*/ - ExpectIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), BAD_FUNC_ARG); + rsa = wolfSSL_RSA_new(); + ExpectIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), WOLFSSL_FAILURE); + wolfSSL_RSA_free(rsa); + rsa = NULL; #if defined(USE_CERT_BUFFERS_2048) && defined(WOLFSSL_KEY_GEN) /* set RSA using bio*/ @@ -58562,6 +59219,11 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void) ExpectNotNull(d2i_RSAPrivateKey_bio(bio, &rsa)); ExpectNotNull(rsa); + /* Tests bad parameters */ + ExpectIntEQ(SSL_CTX_use_RSAPrivateKey(NULL, NULL), BAD_FUNC_ARG); + ExpectIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, NULL), BAD_FUNC_ARG); + ExpectIntEQ(SSL_CTX_use_RSAPrivateKey(NULL, rsa), BAD_FUNC_ARG); + ExpectIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), WOLFSSL_SUCCESS); /* i2d RSAprivate key tests */ @@ -83974,9 +84636,14 @@ TEST_CASE testCases[] = { TEST_DECL(test_SSL_CIPHER_get_xxx), TEST_DECL(test_wolfSSL_ERR_strings), TEST_DECL(test_wolfSSL_CTX_set_cipher_list_bytes), + TEST_DECL(test_wolfSSL_CTX_use_certificate), TEST_DECL(test_wolfSSL_CTX_use_certificate_file), TEST_DECL(test_wolfSSL_CTX_use_certificate_buffer), + TEST_DECL(test_wolfSSL_use_certificate_buffer), TEST_DECL(test_wolfSSL_CTX_use_PrivateKey_file), + TEST_DECL(test_wolfSSL_CTX_use_RSAPrivateKey_file), + TEST_DECL(test_wolfSSL_use_RSAPrivateKey_file), + TEST_DECL(test_wolfSSL_CTX_use_PrivateKey), TEST_DECL(test_wolfSSL_CTX_load_verify_locations), /* Large number of memory allocations. */ TEST_DECL(test_wolfSSL_CTX_load_system_CA_certs), @@ -83986,7 +84653,9 @@ TEST_CASE testCases[] = { TEST_DECL(test_wolfSSL_CTX_load_verify_buffer_ex), TEST_DECL(test_wolfSSL_CTX_load_verify_chain_buffer_format), TEST_DECL(test_wolfSSL_CTX_add1_chain_cert), + TEST_DECL(test_wolfSSL_CTX_use_certificate_chain_buffer_format), TEST_DECL(test_wolfSSL_CTX_use_certificate_chain_file_format), + TEST_DECL(test_wolfSSL_use_certificate_chain_file), TEST_DECL(test_wolfSSL_CTX_trust_peer_cert), TEST_DECL(test_wolfSSL_CTX_LoadCRL), TEST_DECL(test_multiple_crls_same_issuer), From f7094ff3c4b34010d850abfeaf0365d97f7ac96c Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Sat, 27 Jul 2024 04:46:55 +1000 Subject: [PATCH 24/71] Dilithium: add option to precalc with small sign (#7744) WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC added. It allocates memory for and pre-calculates s1, s2 and t0. This saves decoding the vectors repeatedly in each signature trial. --- tests/api.c | 793 ++++++++++++++++++++++ wolfcrypt/src/dilithium.c | 1191 ++++++++++++++++++++++++++------- wolfssl/wolfcrypt/dilithium.h | 5 + 3 files changed, 1741 insertions(+), 248 deletions(-) diff --git a/tests/api.c b/tests/api.c index 47c9ac1151..6d28ac64d2 100644 --- a/tests/api.c +++ b/tests/api.c @@ -32105,6 +32105,789 @@ static int test_wc_dilithium_check_key(void) return EXPECT_RESULT(); } +#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ + defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) +static const unsigned char dilithium_public_der[] = { +#ifndef WOLFSSL_NO_ML_DSA_44 + 0x30, 0x82, 0x05, 0x34, 0x30, 0x0d, 0x06, 0x0b, + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b, + 0x0c, 0x04, 0x04, 0x03, 0x82, 0x05, 0x21, 0x00, + 0x0a, 0xf7, 0xc8, 0xa4, 0x96, 0x01, 0xa7, 0xb2, + 0x2e, 0x4d, 0xc9, 0xd9, 0x1c, 0xa1, 0x86, 0x09, + 0xce, 0x14, 0x6f, 0xe8, 0x33, 0x3c, 0x7b, 0xdb, + 0x19, 0x9c, 0x56, 0x39, 0x6a, 0x6c, 0x5d, 0x1f, + 0xe4, 0x26, 0xcb, 0x16, 0x91, 0x4d, 0xeb, 0x5a, + 0x36, 0x22, 0xee, 0xda, 0xdf, 0x46, 0x3e, 0xa1, + 0x4f, 0x9a, 0x30, 0xb5, 0x3f, 0x60, 0xf7, 0x75, + 0x47, 0xdc, 0x55, 0xf1, 0xbe, 0xbc, 0x87, 0x6c, + 0x50, 0x7c, 0x21, 0x55, 0x35, 0xad, 0xa7, 0xf9, + 0x1c, 0xf8, 0xa1, 0x92, 0x79, 0x10, 0x52, 0x7a, + 0xc3, 0xba, 0xd3, 0x9d, 0xc6, 0x9b, 0xf4, 0xcb, + 0x1b, 0xa2, 0xde, 0x83, 0x86, 0xa6, 0x35, 0xea, + 0xf2, 0x8c, 0xdc, 0xba, 0x3e, 0xef, 0x9c, 0xf5, + 0x8e, 0xc3, 0xb0, 0xc0, 0x5b, 0xcc, 0x35, 0x6a, + 0x81, 0xe5, 0x17, 0xb3, 0x9a, 0x57, 0xa6, 0x4a, + 0x87, 0xb1, 0xa7, 0xf5, 0xa2, 0x96, 0x40, 0x8b, + 0xc1, 0x62, 0xb2, 0xd9, 0x76, 0xe8, 0x51, 0x33, + 0x44, 0x3d, 0xeb, 0x14, 0x86, 0x88, 0x2c, 0xc1, + 0x47, 0xba, 0x2b, 0x85, 0x3b, 0x72, 0xcb, 0x9f, + 0x40, 0xba, 0x19, 0x58, 0xa4, 0x34, 0x0a, 0xd2, + 0x8c, 0x97, 0xbd, 0x3d, 0x09, 0xb0, 0x4a, 0xeb, + 0xaa, 0xee, 0x58, 0x1e, 0xc1, 0x19, 0x26, 0x70, + 0x15, 0xa5, 0x17, 0x7e, 0xd0, 0xa1, 0x08, 0xf9, + 0x6d, 0xcf, 0x20, 0x62, 0x95, 0x8e, 0x61, 0xf4, + 0x29, 0x96, 0x6f, 0x38, 0x1c, 0x67, 0xd5, 0xa6, + 0x4c, 0xf5, 0x1f, 0xda, 0x12, 0x22, 0x24, 0x6b, + 0x0d, 0xb7, 0x6a, 0xe5, 0xaf, 0x6c, 0x89, 0x52, + 0xc2, 0x85, 0x85, 0x5f, 0x16, 0x33, 0x0c, 0xc6, + 0x7a, 0xe0, 0xa8, 0xed, 0x13, 0x58, 0xf3, 0xa0, + 0x80, 0x42, 0x3c, 0xe3, 0x57, 0xd1, 0xe2, 0x66, + 0xc4, 0xe0, 0x3d, 0x49, 0x32, 0x21, 0xd9, 0xa1, + 0x3c, 0x93, 0x0a, 0xf7, 0x5f, 0x34, 0x65, 0xa4, + 0x30, 0xf9, 0xe7, 0x8a, 0x96, 0x04, 0xdb, 0xc5, + 0x16, 0x15, 0x10, 0x74, 0x4f, 0xc9, 0x6b, 0x4b, + 0x66, 0x29, 0xb0, 0xd1, 0x3b, 0xdd, 0x41, 0x0a, + 0xfe, 0xdf, 0x5f, 0x72, 0x91, 0xbc, 0x99, 0x2f, + 0x8d, 0x72, 0x3a, 0x4a, 0xde, 0x11, 0x3a, 0x20, + 0xb2, 0x56, 0xb5, 0x73, 0x89, 0xb4, 0x63, 0x37, + 0x86, 0xbd, 0x99, 0x8b, 0x03, 0x56, 0x50, 0x21, + 0x11, 0x78, 0x8c, 0xd5, 0xc1, 0x92, 0x33, 0x72, + 0x6e, 0x8d, 0x88, 0x2d, 0x10, 0x8f, 0x31, 0xd3, + 0x23, 0xe5, 0xaa, 0x1f, 0xe1, 0x37, 0xec, 0x34, + 0x42, 0x30, 0x75, 0xff, 0xb2, 0x1a, 0x8e, 0x29, + 0x03, 0x4c, 0xfd, 0xdf, 0x53, 0xf2, 0x0b, 0x2d, + 0xf9, 0x1c, 0x9e, 0xb6, 0x5a, 0x6c, 0x5e, 0x88, + 0x48, 0x29, 0x89, 0x42, 0xfc, 0x97, 0xfb, 0x27, + 0x1c, 0x99, 0x2a, 0xbf, 0x7f, 0x04, 0xb2, 0xcd, + 0xc9, 0x3a, 0x39, 0xfe, 0x4f, 0x47, 0x92, 0x0b, + 0x85, 0xfc, 0x92, 0x57, 0xc5, 0x0b, 0x23, 0x1f, + 0x0b, 0x72, 0xb4, 0xde, 0xfe, 0xbe, 0xb7, 0x39, + 0xb3, 0xd7, 0x48, 0x03, 0xed, 0x76, 0xac, 0x63, + 0xf7, 0x2a, 0x58, 0xef, 0xdb, 0x63, 0x5a, 0x56, + 0x68, 0xcc, 0xb2, 0x8b, 0x22, 0xac, 0xdf, 0xc4, + 0xad, 0x6f, 0xad, 0x24, 0xfd, 0x30, 0xfb, 0xed, + 0x6e, 0xde, 0x65, 0x2b, 0xb4, 0x57, 0x35, 0x49, + 0xc1, 0xc9, 0x82, 0xf4, 0x72, 0x69, 0xef, 0x34, + 0xc0, 0x37, 0x8b, 0x8b, 0xd3, 0xd3, 0x25, 0xcc, + 0xe5, 0xf5, 0xf6, 0x9c, 0xa3, 0xe7, 0x88, 0xd7, + 0x55, 0x73, 0x31, 0x4c, 0xb1, 0x7b, 0x64, 0xb3, + 0x38, 0xde, 0x47, 0x9a, 0xfc, 0xf1, 0xfa, 0xf8, + 0x6e, 0xc5, 0x95, 0xb9, 0xaf, 0x6a, 0x7a, 0x94, + 0x80, 0x0d, 0x29, 0x62, 0x99, 0x0a, 0x34, 0xa2, + 0x8f, 0xa1, 0x5e, 0x98, 0x7c, 0x4e, 0x18, 0xcd, + 0x63, 0x68, 0x0e, 0xfa, 0x6f, 0x49, 0x01, 0x02, + 0xcd, 0xf1, 0xc1, 0x09, 0x57, 0xa3, 0x03, 0xec, + 0x94, 0x36, 0xab, 0xc6, 0x1c, 0xc0, 0x98, 0x22, + 0x15, 0x5b, 0x5b, 0x61, 0x3c, 0xc2, 0x5b, 0x6f, + 0x1c, 0x82, 0x41, 0x39, 0x87, 0xde, 0x92, 0xa9, + 0xe4, 0x12, 0x74, 0x3b, 0x31, 0x36, 0xac, 0x92, + 0xb0, 0x23, 0x26, 0xfa, 0xd8, 0xa3, 0xe8, 0x84, + 0xfc, 0x52, 0xc5, 0x7b, 0xd1, 0x4b, 0xe2, 0x1a, + 0x33, 0xdd, 0x3c, 0xdf, 0x27, 0x50, 0x6f, 0x12, + 0xd3, 0x17, 0x66, 0xd7, 0x54, 0x33, 0x30, 0x2b, + 0xe8, 0xd1, 0x1f, 0x2d, 0xf3, 0x37, 0x81, 0xa0, + 0x3c, 0x21, 0x8c, 0xea, 0x95, 0xa5, 0x5b, 0x3a, + 0x24, 0xed, 0xf7, 0x67, 0x7b, 0x72, 0x3a, 0xda, + 0x31, 0xbd, 0xa7, 0x63, 0xa6, 0x6f, 0xf9, 0xdf, + 0x06, 0x36, 0xb4, 0xe2, 0x35, 0x4b, 0xa5, 0x8e, + 0x29, 0x8e, 0x6c, 0x02, 0xc5, 0x06, 0x9b, 0x98, + 0x6e, 0x5e, 0x00, 0x6a, 0x42, 0x09, 0x4b, 0xc3, + 0x09, 0x37, 0x67, 0x19, 0x58, 0x6d, 0x40, 0x50, + 0xb0, 0x62, 0x5b, 0xd6, 0x63, 0x7f, 0xed, 0xb0, + 0x97, 0x80, 0x9e, 0x91, 0x3f, 0x82, 0xfd, 0x83, + 0x36, 0xce, 0x06, 0xc4, 0xdc, 0xa4, 0x1e, 0x70, + 0xd4, 0x94, 0xfc, 0x6e, 0x46, 0xa3, 0xc8, 0xed, + 0x34, 0x0a, 0xb1, 0x9a, 0x66, 0x5d, 0xc0, 0xce, + 0x73, 0xd3, 0x65, 0xcb, 0xfb, 0x79, 0xdd, 0xf6, + 0x19, 0xf6, 0xd8, 0xa9, 0xe6, 0x34, 0x15, 0x86, + 0x7a, 0x30, 0x79, 0xde, 0x2b, 0x06, 0xa4, 0xc0, + 0xc8, 0xa2, 0xc1, 0x41, 0xb3, 0x4c, 0xf6, 0xdb, + 0x16, 0xcd, 0xd2, 0x8b, 0xf1, 0x18, 0x5a, 0xc8, + 0x3e, 0xd9, 0x54, 0x40, 0xd4, 0xce, 0x88, 0xbb, + 0x66, 0xf1, 0x74, 0x20, 0xa2, 0x3c, 0x31, 0x09, + 0xba, 0xac, 0x61, 0x15, 0x9f, 0x73, 0x5f, 0xa7, + 0xe5, 0x0d, 0xb3, 0xab, 0xa2, 0x72, 0x25, 0xc9, + 0x87, 0x9b, 0x18, 0xdb, 0xff, 0xfb, 0x39, 0x84, + 0x8d, 0xf8, 0x97, 0x47, 0xab, 0xc4, 0xfb, 0xc2, + 0xd8, 0xe8, 0xce, 0x6e, 0x65, 0x76, 0x88, 0x4a, + 0x22, 0x2f, 0xdd, 0x43, 0xa7, 0xc4, 0x8d, 0x32, + 0x12, 0x75, 0x0b, 0x72, 0xd6, 0xb7, 0x43, 0x84, + 0xc8, 0x59, 0xa8, 0xb7, 0x8b, 0x84, 0x33, 0x92, + 0x8f, 0x94, 0xe8, 0xd0, 0xaf, 0x11, 0x35, 0xde, + 0xb7, 0x63, 0xb8, 0x91, 0x4c, 0x96, 0x4e, 0x9c, + 0x62, 0x28, 0xa2, 0xbc, 0x0b, 0x90, 0xae, 0x94, + 0x90, 0xe9, 0x32, 0xeb, 0xe3, 0x77, 0x60, 0x5f, + 0x87, 0x48, 0x4b, 0xb0, 0x78, 0x0e, 0xe2, 0x85, + 0x47, 0x06, 0xa4, 0xc9, 0x26, 0xac, 0x8f, 0xe7, + 0xc2, 0xc7, 0xce, 0xf5, 0xd1, 0x20, 0xa8, 0x56, + 0xe1, 0x4f, 0x50, 0x90, 0xb3, 0xc1, 0x03, 0x57, + 0xd3, 0x62, 0x0e, 0x2a, 0xe8, 0x86, 0xf4, 0x94, + 0x0e, 0xa5, 0x8b, 0x4e, 0x73, 0xa2, 0x76, 0xac, + 0x00, 0x29, 0xe5, 0x80, 0x26, 0x02, 0x13, 0xd1, + 0xb2, 0x68, 0x72, 0x23, 0x38, 0x55, 0xfc, 0x4d, + 0x05, 0x60, 0x49, 0x7b, 0xfb, 0xaa, 0x17, 0x8f, + 0x26, 0x0a, 0x08, 0x33, 0x8d, 0x7f, 0x4e, 0xe5, + 0x6e, 0xf8, 0x84, 0x9b, 0x9f, 0xcb, 0xa2, 0x2b, + 0xfb, 0xaf, 0xad, 0x21, 0xe2, 0x4f, 0x6f, 0x55, + 0xc1, 0x78, 0x46, 0xe3, 0xb5, 0x63, 0x06, 0x9b, + 0x93, 0x7d, 0xac, 0xd4, 0xe0, 0x64, 0x01, 0x8d, + 0xac, 0x30, 0x8b, 0x8b, 0x55, 0xb7, 0x8a, 0x16, + 0x3f, 0xc9, 0x82, 0x7f, 0xb5, 0x3b, 0x0d, 0xc0, + 0x46, 0x89, 0x5c, 0x6c, 0x45, 0x21, 0x78, 0xda, + 0x84, 0x1f, 0xc8, 0xcf, 0xf1, 0x1e, 0x79, 0x71, + 0x3b, 0xc8, 0xe2, 0x8b, 0x41, 0xfe, 0xaf, 0x2f, + 0x3b, 0x23, 0x13, 0xc5, 0x46, 0x87, 0xc6, 0x24, + 0x37, 0x21, 0x68, 0x8a, 0x3e, 0x45, 0x61, 0xf4, + 0xad, 0xf5, 0x1c, 0x23, 0x45, 0xa3, 0x42, 0xf2, + 0xa9, 0xac, 0x94, 0x50, 0xc9, 0x3d, 0x5e, 0x70, + 0x33, 0x2b, 0x78, 0xd1, 0x5c, 0x13, 0x35, 0xe6, + 0x13, 0x80, 0x5e, 0x55, 0xa7, 0xcc, 0x67, 0xb0, + 0x6c, 0xfe, 0xa2, 0x24, 0x02, 0x6d, 0xb3, 0xcb, + 0x9e, 0x94, 0xb3, 0xc6, 0x01, 0xf3, 0x01, 0x3a, + 0xe4, 0xa7, 0xa3, 0xdf, 0x56, 0x4c, 0x30, 0xce, + 0xb1, 0xd5, 0x1b, 0x68, 0x9b, 0x75, 0xae, 0xf4, + 0xb9, 0x2a, 0xe5, 0x8b, 0x7b, 0xe5, 0x99, 0x46, + 0x5f, 0x29, 0xf6, 0x82, 0xd0, 0x42, 0xb1, 0x45, + 0x09, 0x16, 0x5b, 0x32, 0x11, 0xca, 0x48, 0xea, + 0x51, 0x12, 0x0a, 0x9f, 0x6e, 0x3f, 0x74, 0xe6, + 0xe0, 0xfe, 0xf8, 0xa5, 0xc0, 0xfd, 0x15, 0x6e, + 0x2b, 0x4a, 0xd5, 0x76, 0xa8, 0x3d, 0xe3, 0x0d, + 0xfe, 0x44, 0x11, 0x5e, 0x7a, 0xde, 0x12, 0x29, + 0x5a, 0x5a, 0x25, 0xc0, 0x8e, 0x98, 0xd1, 0x11, + 0xc8, 0x00, 0x65, 0xb2, 0xf4, 0xd7, 0x56, 0x32, + 0x46, 0x2b, 0x4f, 0x7e, 0xc3, 0x4e, 0xf1, 0x17, + 0xff, 0x03, 0x32, 0xae, 0xe3, 0xbe, 0x0b, 0xab, + 0xfb, 0x43, 0x0f, 0x6d, 0xa5, 0xc6, 0x44, 0xba, + 0xc9, 0xe3, 0x3d, 0x40, 0xe7, 0x6c, 0xe8, 0x21, + 0xb2, 0x46, 0x7b, 0x3b, 0x3d, 0xde, 0x80, 0xc8, + 0xea, 0xf4, 0x6b, 0xf3, 0x53, 0xca, 0x51, 0x84, + 0xcf, 0xad, 0x7e, 0xce, 0xce, 0xc2, 0x65, 0xfc, + 0x03, 0x8c, 0xcb, 0xfa, 0xcb, 0x37, 0x89, 0x82, + 0x59, 0x5e, 0x36, 0x52, 0xe4, 0xbc, 0x8d, 0x47, + 0x7c, 0xb8, 0x3f, 0x63, 0x59, 0xdc, 0xd3, 0x74, + 0x11, 0x33, 0xb4, 0x69, 0x74, 0x40, 0x0d, 0x42, + 0x63, 0x1d, 0xe6, 0x5c, 0x1b, 0xca, 0x41, 0xff, + 0x23, 0x4e, 0xe8, 0x3d, 0x14, 0xa8, 0x17, 0x18, + 0xd0, 0x78, 0x08, 0x87, 0x7d, 0x5e, 0xdc, 0x3a, + 0x07, 0xba, 0x12, 0x8e, 0x8e, 0x56, 0x0a, 0xcb, + 0x37, 0xf6, 0x54, 0xeb, 0x55, 0x16, 0x8f, 0x06, + 0x15, 0x28, 0x6b, 0xfb, 0xed, 0x38, 0x9e, 0x9b, + 0x98, 0x5b, 0xdc, 0x67, 0x33, 0x0e, 0x02, 0x36, + 0x1b, 0x7a, 0x9a, 0x43, 0xcd, 0xf2, 0x65, 0xef, + 0x37, 0x19, 0x24, 0x6f, 0x4b, 0xb9, 0x4d, 0x3e, + 0x0b, 0x47, 0xd1, 0x67, 0x50, 0x6a, 0x7f, 0x07 +#elif !defined(WOLFSSL_NO_ML_DSA_65) + 0x30, 0x82, 0x07, 0xb4, 0x30, 0x0d, 0x06, 0x0b, + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b, + 0x0c, 0x06, 0x05, 0x03, 0x82, 0x07, 0xa1, 0x00, + 0xff, 0x89, 0xee, 0xad, 0x20, 0x8f, 0x61, 0xa4, + 0x07, 0x1c, 0x54, 0x98, 0x8c, 0xf4, 0x2e, 0xd9, + 0xe6, 0x0f, 0xcb, 0x0e, 0xab, 0xa1, 0x37, 0x4d, + 0xc0, 0x48, 0x24, 0x78, 0xd6, 0x2d, 0x9b, 0x6f, + 0x0f, 0x17, 0x08, 0x71, 0xc3, 0xd1, 0xc8, 0x7a, + 0xe7, 0x32, 0xcb, 0xcd, 0xd6, 0xb5, 0x90, 0x08, + 0xe1, 0xda, 0xaa, 0x89, 0x3e, 0x4a, 0x62, 0x98, + 0x3d, 0xc6, 0x71, 0x30, 0xb4, 0x63, 0xa5, 0x3b, + 0xb3, 0x69, 0x75, 0x10, 0xaf, 0x5e, 0x72, 0x78, + 0xa2, 0xef, 0x63, 0x63, 0x21, 0xe7, 0xf4, 0xa7, + 0x9c, 0x50, 0x74, 0x14, 0x3e, 0xdd, 0x73, 0x9e, + 0x97, 0x65, 0xdd, 0xdf, 0x3c, 0x40, 0x4d, 0x03, + 0x49, 0xe4, 0xbf, 0x65, 0xe7, 0x44, 0x8f, 0x59, + 0x00, 0xe2, 0x98, 0xb5, 0x66, 0xa3, 0x3b, 0x11, + 0x9f, 0xc7, 0xc2, 0x16, 0x61, 0xf0, 0x1e, 0x89, + 0xc8, 0x96, 0x8d, 0x18, 0xac, 0x86, 0xa0, 0xe2, + 0xd9, 0x8c, 0xef, 0x53, 0x6d, 0x4e, 0x74, 0xc9, + 0x66, 0x28, 0x16, 0xf3, 0x62, 0xc4, 0x6f, 0x2b, + 0x6e, 0x36, 0x03, 0xad, 0xc5, 0xe4, 0x8f, 0x0b, + 0x90, 0x8c, 0x8f, 0xff, 0x5d, 0xdf, 0x7a, 0xe6, + 0xaf, 0x9a, 0x43, 0xbc, 0xd4, 0x73, 0x22, 0xdc, + 0x5f, 0x08, 0xa1, 0x17, 0x97, 0x89, 0x79, 0xf5, + 0xdc, 0xed, 0x4f, 0x85, 0x8e, 0x0c, 0x23, 0x35, + 0x3c, 0x34, 0x19, 0x65, 0xf5, 0xd6, 0xc9, 0x2d, + 0x7a, 0x2e, 0x67, 0xd5, 0xf1, 0x82, 0x97, 0xaa, + 0x05, 0x26, 0x84, 0x25, 0x47, 0x58, 0x2c, 0xe6, + 0x59, 0xc7, 0x98, 0x7a, 0xdb, 0x40, 0x45, 0x1c, + 0x71, 0x55, 0x2e, 0xea, 0x3f, 0x6e, 0x7c, 0x82, + 0x52, 0x6a, 0x19, 0x3a, 0xd3, 0xa1, 0x3c, 0xce, + 0x00, 0x06, 0xec, 0xed, 0x97, 0xce, 0xd8, 0xdf, + 0xde, 0xa3, 0xed, 0xe7, 0x81, 0x62, 0x02, 0x9c, + 0x1b, 0x51, 0xa1, 0xf4, 0x9d, 0x1b, 0x28, 0x76, + 0x93, 0x96, 0x20, 0x55, 0x60, 0x1f, 0xaf, 0x52, + 0xc3, 0xce, 0xb9, 0x12, 0x66, 0xf5, 0x64, 0x22, + 0x87, 0x86, 0x29, 0x80, 0x8f, 0x18, 0x33, 0xba, + 0x48, 0x71, 0x1d, 0x00, 0xfe, 0xa5, 0xfc, 0xc6, + 0x87, 0xbe, 0x44, 0x3c, 0xc9, 0x49, 0xfb, 0x68, + 0x3c, 0xdf, 0xca, 0xef, 0xa7, 0xdc, 0x67, 0xb8, + 0x28, 0xd6, 0xad, 0x18, 0xaf, 0xad, 0x1f, 0x4c, + 0x85, 0xa3, 0x64, 0xac, 0x3f, 0xa9, 0x39, 0x28, + 0xef, 0x8a, 0x45, 0x7e, 0xb0, 0xf4, 0x89, 0x72, + 0xf7, 0xb1, 0xef, 0x9d, 0x1c, 0x3c, 0x93, 0xcb, + 0xa0, 0xfb, 0x2a, 0x90, 0xe2, 0x1d, 0x49, 0x8e, + 0x36, 0xb8, 0x07, 0xf4, 0xb3, 0x09, 0xf0, 0x6f, + 0x3c, 0xd9, 0x37, 0x19, 0x57, 0xd4, 0x1e, 0x2a, + 0xa2, 0xa7, 0x2e, 0xc1, 0xcd, 0x8d, 0x48, 0x47, + 0xb5, 0x8a, 0x12, 0x93, 0x34, 0xb8, 0xec, 0x32, + 0x07, 0x49, 0xb6, 0x8d, 0x73, 0xd4, 0x2c, 0x6a, + 0xa0, 0x33, 0x29, 0x21, 0x5d, 0x37, 0xa9, 0x39, + 0x40, 0xbe, 0x71, 0x29, 0xbe, 0xd1, 0x4b, 0xbc, + 0x9a, 0x17, 0x93, 0x52, 0xb8, 0x81, 0xee, 0xc5, + 0xff, 0x25, 0x78, 0x2f, 0x52, 0x0a, 0x8f, 0xb2, + 0xef, 0xf3, 0x1d, 0x68, 0x56, 0x31, 0x29, 0x84, + 0x55, 0x47, 0x32, 0x34, 0x0f, 0x60, 0x07, 0xd6, + 0x2b, 0xb9, 0x29, 0xaf, 0x0f, 0xcd, 0x1c, 0xc0, + 0x77, 0x4c, 0xc6, 0x31, 0xdb, 0xf4, 0x17, 0xbe, + 0x3d, 0xf8, 0x8c, 0xf1, 0x02, 0x7c, 0x6b, 0xd4, + 0xaf, 0x03, 0xb2, 0xf4, 0x78, 0x8d, 0xd3, 0x4e, + 0x5c, 0x04, 0xb9, 0x01, 0xe3, 0x73, 0xb4, 0x67, + 0xe9, 0xa8, 0x77, 0x6f, 0x87, 0x2b, 0xe2, 0x00, + 0x98, 0x5f, 0x02, 0x43, 0x85, 0x03, 0x4c, 0x71, + 0xd2, 0xe7, 0x61, 0x03, 0x22, 0x9e, 0xe5, 0xc2, + 0xa7, 0x66, 0x42, 0x7c, 0x9f, 0xf4, 0xb8, 0x6b, + 0x2d, 0xe4, 0xaa, 0x51, 0xda, 0x08, 0x73, 0x75, + 0x26, 0x45, 0xdc, 0xa6, 0x20, 0xd7, 0xcb, 0x00, + 0xfc, 0xe4, 0xdb, 0x28, 0x92, 0xf8, 0xb0, 0xc7, + 0xf0, 0x4b, 0x6d, 0xe8, 0xc1, 0x84, 0x38, 0xed, + 0x1a, 0xd4, 0x66, 0x69, 0xc4, 0x96, 0x40, 0xc4, + 0x7d, 0xfa, 0x58, 0x70, 0x7e, 0x70, 0x40, 0xba, + 0xfc, 0x95, 0xb6, 0x4c, 0x7c, 0x58, 0xbc, 0xb3, + 0x59, 0x08, 0x14, 0x03, 0x35, 0xf3, 0xf1, 0xaa, + 0xd5, 0xa2, 0x57, 0x70, 0xb6, 0x20, 0x75, 0x0a, + 0x58, 0x66, 0x74, 0xf7, 0x1c, 0xfd, 0x99, 0x7c, + 0x20, 0xda, 0xe7, 0x76, 0xcb, 0xf4, 0xa3, 0x9b, + 0xbc, 0x8f, 0x74, 0xef, 0xe2, 0x46, 0x5a, 0x72, + 0x33, 0x06, 0x32, 0x1e, 0xbd, 0x4e, 0x4c, 0xf6, + 0x16, 0x43, 0xa5, 0xa5, 0xa5, 0x6c, 0x76, 0x33, + 0x35, 0x63, 0xdc, 0xe4, 0xec, 0x7f, 0x8a, 0xfa, + 0xc3, 0x53, 0x69, 0x28, 0xf7, 0xd6, 0x97, 0xb9, + 0x3a, 0xf4, 0x15, 0x90, 0x50, 0xd3, 0xdf, 0xf5, + 0xd3, 0xcf, 0x15, 0x76, 0xe3, 0x3d, 0x24, 0x14, + 0xfd, 0xd3, 0x01, 0x25, 0x82, 0xb4, 0xe3, 0xd8, + 0x68, 0x89, 0x86, 0xa8, 0x26, 0x02, 0x5f, 0xc6, + 0xf4, 0x99, 0x3b, 0x97, 0xa8, 0x65, 0xed, 0x18, + 0xbb, 0x3c, 0x43, 0x4a, 0x6e, 0xaa, 0xbc, 0x83, + 0x85, 0x19, 0x9f, 0x9b, 0xb8, 0xa4, 0xa3, 0xb2, + 0xb7, 0x56, 0x07, 0x6c, 0xbf, 0x7d, 0xff, 0x5d, + 0xb5, 0x1e, 0x83, 0xc8, 0x74, 0x70, 0x98, 0x17, + 0x40, 0xe0, 0x2d, 0xad, 0x31, 0x00, 0x8e, 0x42, + 0xd5, 0xb2, 0x25, 0xaa, 0x82, 0xaf, 0x33, 0xd8, + 0x5b, 0xe2, 0x07, 0xed, 0xda, 0x84, 0xe9, 0xa2, + 0xff, 0xbb, 0xa5, 0x47, 0x95, 0x6e, 0xa1, 0x8d, + 0x59, 0x52, 0xeb, 0xf3, 0x3c, 0x18, 0x29, 0x92, + 0x72, 0x27, 0x18, 0xfc, 0x95, 0xb9, 0xde, 0x46, + 0xda, 0xcc, 0x4c, 0x31, 0x1d, 0x78, 0x86, 0xd2, + 0x8c, 0x38, 0x9c, 0x32, 0xab, 0xf7, 0xca, 0x73, + 0x85, 0xa5, 0xf1, 0xe0, 0x25, 0x06, 0xf9, 0x18, + 0x14, 0xab, 0x3b, 0x73, 0x26, 0xee, 0xa0, 0xfd, + 0x15, 0xac, 0xd6, 0x4e, 0x6b, 0xdb, 0x01, 0xa1, + 0xdc, 0xd1, 0x2f, 0xd2, 0xb7, 0x5e, 0x12, 0x4f, + 0x4b, 0x59, 0xd8, 0x03, 0x12, 0x60, 0xc9, 0x81, + 0xb7, 0x06, 0x23, 0x09, 0xc4, 0xd9, 0xa8, 0x93, + 0x6e, 0x96, 0xf4, 0x93, 0x53, 0xf0, 0x3d, 0xde, + 0x10, 0x88, 0xb1, 0xd0, 0xcc, 0xad, 0x2c, 0xbf, + 0x88, 0x98, 0x8f, 0x25, 0x76, 0xd7, 0x65, 0x77, + 0xcc, 0x36, 0x1d, 0x1b, 0x6b, 0x60, 0x58, 0xc4, + 0xfe, 0xe6, 0xca, 0xa8, 0x29, 0x33, 0x69, 0x36, + 0xb8, 0x12, 0x95, 0x38, 0xd9, 0xd4, 0x16, 0xe9, + 0x3e, 0x40, 0x8c, 0xc7, 0xae, 0x04, 0x11, 0xdf, + 0x51, 0xd3, 0xdd, 0xbf, 0xa9, 0x41, 0x43, 0x4c, + 0xff, 0x87, 0x2f, 0xea, 0x0f, 0x13, 0x66, 0x2a, + 0x2b, 0x18, 0xe8, 0xc4, 0xff, 0xa0, 0x1c, 0x78, + 0x79, 0x21, 0xf8, 0xaa, 0x8a, 0xf8, 0x92, 0xdf, + 0x7b, 0x5f, 0x6a, 0x71, 0x60, 0x67, 0x5d, 0x94, + 0xf6, 0xbb, 0x1d, 0x90, 0x7c, 0x51, 0x70, 0x1d, + 0x87, 0xde, 0xf8, 0x91, 0xcb, 0x42, 0x9f, 0xc7, + 0x4b, 0xa0, 0x16, 0xee, 0xb4, 0x73, 0xe8, 0xe0, + 0x0b, 0xa5, 0xd3, 0x26, 0x9e, 0x52, 0xda, 0x4a, + 0x1f, 0xae, 0x76, 0xbf, 0xbb, 0x4d, 0x74, 0x98, + 0xa6, 0xae, 0xc0, 0x60, 0x96, 0xc5, 0xad, 0x9b, + 0x91, 0x31, 0xb9, 0x50, 0x3d, 0x9a, 0x0f, 0xe1, + 0x93, 0xef, 0x08, 0x72, 0xb2, 0x66, 0xe5, 0x5d, + 0xe4, 0x15, 0x53, 0x8e, 0xb0, 0xb3, 0xf8, 0x78, + 0xfc, 0x5d, 0x44, 0xc5, 0xbf, 0xf5, 0x01, 0x54, + 0xc5, 0x45, 0xa9, 0x30, 0xa4, 0xf1, 0x49, 0x79, + 0x4e, 0xab, 0xfc, 0xb2, 0x93, 0xe7, 0x3a, 0xe1, + 0x7f, 0x1f, 0x2f, 0x45, 0x3a, 0x53, 0x2b, 0x68, + 0xb3, 0xa4, 0xac, 0x23, 0x54, 0xb7, 0x5d, 0x25, + 0xa3, 0xe3, 0x90, 0x8a, 0xb0, 0x02, 0xfb, 0x7f, + 0x2d, 0xeb, 0x80, 0xc2, 0x5c, 0x62, 0xe1, 0x36, + 0x5a, 0x82, 0x8f, 0x4e, 0x74, 0xeb, 0x7d, 0x70, + 0xaf, 0x23, 0x92, 0x65, 0x3a, 0x11, 0xc0, 0x29, + 0xdb, 0xf7, 0x9a, 0xdc, 0x81, 0x45, 0x25, 0x0c, + 0x2e, 0x4f, 0x88, 0x41, 0x34, 0x53, 0xc6, 0x08, + 0x21, 0x77, 0xc1, 0xbb, 0x61, 0x48, 0x20, 0x69, + 0x1a, 0xbb, 0x71, 0x1b, 0x56, 0x18, 0x79, 0x75, + 0x16, 0x9a, 0xb3, 0x79, 0x31, 0x11, 0xa2, 0x89, + 0x8d, 0xea, 0x10, 0xb0, 0x04, 0x7f, 0xf8, 0x6e, + 0xdc, 0x08, 0x9b, 0x51, 0xa7, 0x64, 0xbd, 0x8d, + 0xd4, 0xd0, 0x1e, 0x38, 0x50, 0x1a, 0xa8, 0x7e, + 0x20, 0xae, 0xee, 0x8c, 0xa7, 0x72, 0x94, 0xc9, + 0xba, 0xf0, 0x67, 0xbd, 0x25, 0x1a, 0x3a, 0xdf, + 0x75, 0x39, 0xb7, 0xd3, 0x83, 0x3b, 0x89, 0xdf, + 0xb5, 0x2d, 0xd3, 0x12, 0x24, 0x21, 0x7c, 0x9e, + 0x92, 0x1c, 0x19, 0xae, 0x28, 0xcb, 0x2e, 0x2e, + 0x3c, 0xa9, 0x9b, 0xbd, 0xf9, 0x33, 0x30, 0xb2, + 0xbd, 0x8b, 0xbf, 0xc1, 0x8b, 0x32, 0xf1, 0x20, + 0xa1, 0x00, 0xfd, 0x11, 0x7d, 0x9a, 0xa8, 0x14, + 0x2c, 0xce, 0x16, 0x16, 0x4b, 0xdd, 0x56, 0x91, + 0x15, 0x36, 0x83, 0xcb, 0x01, 0x58, 0x35, 0xe1, + 0xdc, 0x22, 0x3d, 0xf8, 0xc2, 0x06, 0x54, 0x68, + 0x77, 0xd1, 0x47, 0x28, 0xdc, 0x09, 0x2a, 0x86, + 0x13, 0x80, 0xa6, 0xe9, 0xd0, 0xb4, 0xa3, 0x41, + 0x47, 0xf4, 0x71, 0x24, 0x10, 0x4c, 0x9f, 0xb7, + 0x57, 0x34, 0x48, 0x1b, 0xb4, 0xed, 0x0e, 0x89, + 0x4c, 0xf1, 0x73, 0x44, 0xff, 0x35, 0xb6, 0xe0, + 0x8f, 0x02, 0xa3, 0xa3, 0x81, 0x55, 0x38, 0xb5, + 0xc1, 0x99, 0xb3, 0x88, 0x84, 0x0d, 0xd9, 0x73, + 0x77, 0x65, 0x0b, 0xd7, 0xf8, 0x03, 0x88, 0xcb, + 0xdf, 0x25, 0xaf, 0xc6, 0xf1, 0xfa, 0x5c, 0x4d, + 0xfa, 0xc3, 0x7b, 0x8f, 0xb8, 0x38, 0x5d, 0x29, + 0xbb, 0x3d, 0x3e, 0x62, 0x1c, 0xdd, 0xe6, 0x97, + 0xe6, 0xe9, 0xbe, 0x6e, 0xd2, 0xb7, 0x7a, 0x9a, + 0x8e, 0xaf, 0xb3, 0xc8, 0x9e, 0x19, 0xee, 0x3d, + 0x5b, 0x1f, 0xec, 0x34, 0x3a, 0x1c, 0x27, 0x90, + 0xbd, 0x1e, 0x49, 0x72, 0x25, 0x2e, 0x38, 0x48, + 0x7d, 0xe1, 0x85, 0x46, 0xa7, 0x1b, 0x4a, 0xd5, + 0x23, 0x75, 0x6d, 0x8b, 0xc3, 0xf1, 0x87, 0xec, + 0x8b, 0x45, 0xf0, 0x9b, 0xb2, 0x14, 0x7a, 0x7c, + 0x8d, 0x78, 0x9c, 0x82, 0x64, 0x14, 0xfe, 0x01, + 0xfa, 0x04, 0x33, 0x96, 0xdd, 0x5f, 0x56, 0xbc, + 0xb2, 0x03, 0xe3, 0x0c, 0xa1, 0x09, 0x66, 0xa0, + 0x5e, 0x44, 0xde, 0x21, 0xae, 0x7d, 0x7a, 0x0e, + 0x81, 0x27, 0xd2, 0xfb, 0x85, 0xed, 0x27, 0x27, + 0xac, 0x11, 0x1c, 0xa1, 0x6d, 0xe9, 0xc1, 0xca, + 0xf6, 0x40, 0x7c, 0x95, 0x01, 0xb7, 0xa8, 0x29, + 0x9a, 0xd2, 0xcc, 0x62, 0x70, 0x1c, 0x7d, 0x0e, + 0xe5, 0x60, 0xcb, 0x79, 0xa3, 0xd7, 0x5d, 0x48, + 0x4b, 0x3c, 0xf8, 0x12, 0xe8, 0x7a, 0x7e, 0x83, + 0xab, 0x24, 0x33, 0x0f, 0x7b, 0x0a, 0x38, 0xae, + 0xb1, 0xfc, 0xc3, 0x50, 0x5c, 0x83, 0x53, 0xfd, + 0x15, 0xd6, 0x49, 0x54, 0xb6, 0x40, 0xe5, 0xe8, + 0x55, 0xba, 0x08, 0x2f, 0x21, 0xd7, 0x0e, 0x71, + 0x8a, 0xb2, 0xe1, 0x6b, 0xc6, 0x7e, 0x0f, 0x1c, + 0x4d, 0x41, 0x9f, 0x38, 0xc2, 0xce, 0x41, 0x41, + 0x48, 0xcd, 0xec, 0x16, 0x1d, 0x23, 0x8e, 0x41, + 0xcd, 0x5e, 0xf9, 0x5f, 0x01, 0x5e, 0x73, 0xa2, + 0xa1, 0xef, 0xe9, 0x57, 0xe0, 0xba, 0xe6, 0xbb, + 0x2b, 0xff, 0x3e, 0xb8, 0xad, 0xd5, 0x12, 0xc1, + 0x54, 0x49, 0xca, 0x93, 0xb0, 0x7d, 0x7b, 0xcf, + 0xf0, 0xc5, 0x94, 0x43, 0x30, 0x94, 0x11, 0x8d, + 0x15, 0x79, 0x2e, 0x57, 0xb8, 0x24, 0xcd, 0x2e, + 0xc2, 0x49, 0x3d, 0x92, 0x44, 0x23, 0x0c, 0x3e, + 0xa0, 0xf9, 0xa5, 0xad, 0x2a, 0x56, 0xec, 0xf4, + 0x6d, 0x0f, 0x5b, 0xb5, 0xd4, 0x2a, 0x3f, 0x2b, + 0x17, 0x9f, 0x5d, 0x33, 0x97, 0x42, 0xd4, 0x1e, + 0x14, 0x49, 0x01, 0xfb, 0xb6, 0x72, 0xbc, 0x14, + 0x5b, 0x79, 0xf4, 0x0a, 0xc5, 0x49, 0xe1, 0x76, + 0x44, 0x78, 0x87, 0xd1, 0x8e, 0x5b, 0xd5, 0x95, + 0xad, 0x19, 0x7c, 0x0d, 0x39, 0x7f, 0x41, 0x2e, + 0xd7, 0x9e, 0xbc, 0xfd, 0x2c, 0xde, 0xfa, 0x01, + 0x7d, 0x2b, 0x04, 0xef, 0x4d, 0xf9, 0xf4, 0x5b, + 0xed, 0x05, 0x9a, 0x50, 0x35, 0xe7, 0xb0, 0xba, + 0x24, 0xea, 0x16, 0x51, 0xe1, 0x6f, 0x32, 0x08, + 0x94, 0xd6, 0x19, 0x9d, 0x0e, 0x4c, 0xc1, 0xbb, + 0x01, 0x87, 0xa5, 0x90, 0x5f, 0x6f, 0xc4, 0xed, + 0xa1, 0x4c, 0x06, 0x4d, 0x2c, 0x47, 0x24, 0xda, + 0xae, 0xd2, 0x41, 0x92, 0x1f, 0x46, 0xce, 0xec, + 0xb1, 0xcc, 0x80, 0x1e, 0xb2, 0xcb, 0x66, 0x48, + 0x22, 0xec, 0x0e, 0x47, 0xfc, 0xad, 0x17, 0xfe, + 0x7b, 0xc5, 0x4d, 0x34, 0x95, 0x40, 0xd0, 0x02, + 0x7e, 0x90, 0xaa, 0x92, 0xaf, 0x48, 0x64, 0xc5, + 0xc1, 0x56, 0xd8, 0x9b, 0x6c, 0x5f, 0x2e, 0xfa, + 0xd7, 0x84, 0xdc, 0x71, 0x65, 0x1b, 0xfb, 0xbc, + 0x21, 0xc7, 0x57, 0xf4, 0x71, 0x2e, 0x6f, 0x34, + 0x85, 0x99, 0xa8, 0x5c, 0x6f, 0x34, 0x22, 0x44, + 0x89, 0x01, 0xf9, 0x48, 0xd2, 0xe2, 0xe4, 0x71, + 0x9d, 0x48, 0x07, 0x97, 0xd4, 0x66, 0xe4, 0x4d, + 0x48, 0xa3, 0x08, 0x7f, 0x6e, 0xaa, 0x7b, 0xe9, + 0x93, 0x81, 0x03, 0x0c, 0xd2, 0x48, 0xcf, 0x3f, + 0x5f, 0xbe, 0x03, 0xfb, 0x0f, 0xad, 0xc3, 0x81, + 0xd9, 0xce, 0x88, 0x0b, 0xfa, 0xed, 0x29, 0x7e, + 0x0b, 0xa1, 0x6f, 0x4c, 0x7d, 0xe4, 0x36, 0xff, + 0xdf, 0x94, 0x1a, 0x24, 0xb3, 0x7b, 0xca, 0x24, + 0x7e, 0x3a, 0x19, 0x53, 0x13, 0x4a, 0x17, 0x58, + 0xe7, 0x16, 0x9b, 0x50, 0xd8, 0xda, 0xcc, 0x6e, + 0x05, 0x25, 0xfe, 0x16, 0xcb, 0x5b, 0xd5, 0x35, + 0x76, 0x40, 0x44, 0x96, 0x23, 0x97, 0xe2, 0x4a, + 0x72, 0x0c, 0x54, 0x43, 0xc0, 0x09, 0x85, 0x8e, + 0x15, 0x85, 0xaf, 0x3c, 0x5e, 0x5f, 0x3c, 0x2d, + 0x21, 0x42, 0x75, 0xb7, 0xe4, 0x50, 0xf9, 0x00, + 0xa3, 0x4f, 0xb1, 0x7c, 0xfe, 0x62, 0xd0, 0xe9, + 0x6d, 0x51, 0xcc, 0x83, 0xc1, 0xdc, 0x37, 0x10, + 0x90, 0x0a, 0x15, 0xd8, 0xd5, 0x02, 0xf7, 0x74, + 0xb8, 0x46, 0x84, 0xc3, 0x61, 0x17, 0x26, 0x0f, + 0xe4, 0xde, 0x1a, 0xcf, 0x42, 0x53, 0x63, 0x2f, + 0x8d, 0xf7, 0x06, 0x07, 0xc3, 0x33, 0x39, 0x59, + 0xe9, 0x17, 0xc8, 0x05, 0xd2, 0xa2, 0xae, 0x53, + 0x2c, 0x7e, 0xd0, 0x9d, 0x5c, 0xb5, 0x42, 0x9f, + 0x84, 0xd7, 0xfe, 0x93, 0x74, 0xfb, 0xbb, 0xd2, + 0x1e, 0x57, 0x4e, 0x7f, 0x79, 0xaf, 0xd2, 0xf9, + 0x5e, 0x41, 0x9e, 0x63, 0x54, 0x61, 0x47, 0x0c, + 0x92, 0x4c, 0xc9, 0xfe, 0x4f, 0xcb, 0xe5, 0x8e, + 0x65, 0xb3, 0x97, 0x1b, 0xd8, 0xd1, 0x62, 0xfd +#else + 0x30, 0x82, 0x0a, 0x34, 0x30, 0x0d, 0x06, 0x0b, + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b, + 0x0c, 0x08, 0x07, 0x03, 0x82, 0x0a, 0x21, 0x00, + 0x7f, 0x5f, 0x63, 0x81, 0x6f, 0x04, 0x4c, 0xec, + 0xa8, 0xaf, 0x7b, 0x99, 0x41, 0xc6, 0xff, 0xdf, + 0x77, 0x66, 0x28, 0xc0, 0xe2, 0x58, 0xea, 0x9c, + 0x60, 0xbb, 0x03, 0x3e, 0xca, 0xa8, 0x38, 0x64, + 0xfb, 0xf7, 0x1b, 0x3f, 0xec, 0xfd, 0x0f, 0xf1, + 0x9c, 0xe4, 0xfd, 0xad, 0x83, 0xf7, 0x03, 0x66, + 0x6e, 0x7f, 0x4d, 0x42, 0xab, 0x6b, 0x73, 0x26, + 0xde, 0x6f, 0x8c, 0xc4, 0xca, 0x21, 0x66, 0x31, + 0x79, 0x57, 0x88, 0xcb, 0x1e, 0xab, 0xda, 0x1d, + 0x56, 0x70, 0xd9, 0x83, 0xa1, 0xb4, 0x83, 0xce, + 0xcc, 0x0f, 0xeb, 0xd6, 0x63, 0xbd, 0xf6, 0x02, + 0x5d, 0x5b, 0x0c, 0x17, 0x3c, 0x3e, 0x15, 0x02, + 0x22, 0xa1, 0x5d, 0xb5, 0xc5, 0x81, 0x28, 0x95, + 0x0b, 0x34, 0x2b, 0x96, 0x0a, 0xae, 0x6a, 0xa8, + 0xb5, 0x1d, 0x56, 0xbb, 0x7d, 0x83, 0x9a, 0x15, + 0xad, 0x63, 0x9e, 0x86, 0x8c, 0x6e, 0x6a, 0xa8, + 0xde, 0x55, 0xd0, 0xce, 0xc0, 0x2e, 0x05, 0xfe, + 0x1f, 0x4d, 0xd7, 0x12, 0xa4, 0x5a, 0xe9, 0x04, + 0x0d, 0x20, 0x84, 0x90, 0xb9, 0xca, 0x64, 0xe4, + 0xad, 0x2e, 0x74, 0x4b, 0x1d, 0x2f, 0xcc, 0xac, + 0xd8, 0x1a, 0x5e, 0xb2, 0x78, 0xbe, 0x61, 0xf7, + 0x36, 0xa3, 0xd1, 0x93, 0x86, 0xb5, 0x15, 0xf1, + 0x74, 0xf8, 0x9f, 0x6d, 0x6a, 0x8f, 0x6d, 0x86, + 0x8b, 0x36, 0x61, 0x10, 0xc9, 0x1a, 0x31, 0x39, + 0x09, 0xe6, 0x15, 0xa0, 0xb1, 0xfa, 0x69, 0xd4, + 0xc2, 0xb2, 0x56, 0x4c, 0x06, 0x33, 0x13, 0xc4, + 0x78, 0x53, 0x16, 0xfc, 0x52, 0x99, 0xe6, 0x27, + 0xc9, 0x3b, 0x24, 0x5c, 0x3e, 0x85, 0x73, 0x76, + 0x61, 0xa3, 0x61, 0xf0, 0x95, 0xd5, 0xb2, 0xf5, + 0x21, 0xe7, 0x09, 0xc3, 0x0c, 0x5c, 0xb0, 0x36, + 0xce, 0x45, 0x68, 0x41, 0x45, 0xcb, 0x1c, 0x36, + 0x2f, 0x3a, 0x00, 0x07, 0x56, 0xbe, 0x61, 0xd2, + 0x77, 0x37, 0x63, 0xa4, 0xdb, 0xfa, 0xa9, 0x6b, + 0x37, 0x90, 0x35, 0xd1, 0x1e, 0x27, 0x5b, 0x3e, + 0xc0, 0x0a, 0x02, 0x64, 0xe4, 0x58, 0x49, 0xab, + 0x2d, 0xc1, 0x38, 0x29, 0x3d, 0x44, 0xf9, 0xac, + 0xb7, 0x65, 0xd1, 0x5f, 0xf8, 0xce, 0x52, 0x76, + 0x22, 0x15, 0x61, 0x02, 0x1f, 0xa7, 0xcd, 0xff, + 0xeb, 0xa6, 0x7f, 0x6b, 0xba, 0x75, 0xe3, 0x09, + 0x01, 0x06, 0x41, 0x20, 0x88, 0x75, 0x64, 0x6b, + 0x97, 0x38, 0x13, 0xab, 0x4c, 0x0a, 0xd4, 0x7e, + 0xd2, 0xfa, 0x78, 0xe8, 0x9f, 0x5d, 0xf9, 0x53, + 0x30, 0x17, 0xf1, 0x10, 0x9e, 0x4a, 0x32, 0x17, + 0x3a, 0x9b, 0xb9, 0x25, 0x8e, 0xeb, 0xd9, 0x41, + 0x01, 0xa2, 0xc6, 0x58, 0x4a, 0x9f, 0xc3, 0x73, + 0xfd, 0xe2, 0xe4, 0x2c, 0x92, 0xb4, 0xa2, 0x3d, + 0x0f, 0x1f, 0x37, 0x64, 0xf1, 0x17, 0x2a, 0x8c, + 0xc6, 0xb5, 0xb0, 0x69, 0x7d, 0xfe, 0x08, 0xe0, + 0x8e, 0xaa, 0xe0, 0x08, 0xd5, 0x28, 0x92, 0x51, + 0x73, 0x8a, 0x2f, 0x7a, 0x4a, 0xbf, 0x52, 0x8d, + 0x3e, 0x9b, 0x36, 0x6a, 0xfb, 0x19, 0xf0, 0xea, + 0xfe, 0x05, 0xbd, 0x2d, 0xa9, 0x58, 0x48, 0x02, + 0xa8, 0x20, 0x9e, 0xdc, 0x04, 0x57, 0xc2, 0x0c, + 0xae, 0xc1, 0x03, 0xe7, 0x17, 0x48, 0x80, 0x00, + 0x8d, 0x1b, 0xd0, 0xc5, 0xdc, 0x2a, 0x02, 0x6e, + 0x8e, 0x54, 0xf3, 0x79, 0x31, 0x02, 0x93, 0xc5, + 0xf2, 0x55, 0xea, 0x61, 0xd0, 0xb2, 0x8e, 0xc9, + 0x74, 0x17, 0x0d, 0x38, 0xf8, 0xab, 0xf4, 0x42, + 0xd4, 0xc2, 0xdc, 0xf7, 0x1b, 0xdb, 0x65, 0x36, + 0x9f, 0x56, 0xe2, 0xeb, 0xf7, 0xe5, 0x2d, 0x45, + 0xae, 0xc0, 0x95, 0xbc, 0xe4, 0x1f, 0x22, 0xdc, + 0x0f, 0x54, 0xed, 0x14, 0xb8, 0xf1, 0x2f, 0x5d, + 0xd1, 0x79, 0xa0, 0x81, 0x17, 0x71, 0xa1, 0xd6, + 0xf0, 0x88, 0x9c, 0x1c, 0xc7, 0x95, 0x07, 0xb0, + 0xea, 0xf7, 0xd3, 0xa2, 0x55, 0xfe, 0x85, 0x65, + 0x42, 0x06, 0xec, 0xd2, 0xbe, 0x03, 0x8f, 0x63, + 0x84, 0x4b, 0xb1, 0x47, 0x48, 0x20, 0x71, 0xd2, + 0xdf, 0xc9, 0x59, 0xb0, 0x24, 0x8a, 0x6e, 0xf9, + 0x4a, 0xa1, 0x7b, 0xed, 0x11, 0xb6, 0xf9, 0x9b, + 0xf7, 0x93, 0x0e, 0xcb, 0x7a, 0x32, 0x22, 0x23, + 0x4e, 0x86, 0xce, 0xad, 0x9d, 0x1b, 0x84, 0x57, + 0xaf, 0xa5, 0x04, 0x03, 0x0a, 0xc9, 0x04, 0x97, + 0xd0, 0xce, 0x8e, 0x2a, 0x9a, 0x00, 0x15, 0xeb, + 0xac, 0x96, 0x57, 0xde, 0xe6, 0xc1, 0x2d, 0xbd, + 0xfc, 0xd6, 0x95, 0x0f, 0x5f, 0x19, 0xac, 0xaf, + 0x6c, 0xd8, 0xa6, 0x1e, 0xd8, 0xdb, 0x14, 0xfd, + 0xba, 0x0f, 0xd0, 0x3f, 0x61, 0xe3, 0x76, 0xfc, + 0x47, 0x61, 0x07, 0x24, 0x49, 0x17, 0xca, 0x24, + 0x31, 0x16, 0x26, 0x4f, 0xdc, 0x2b, 0x39, 0xae, + 0x5f, 0xfa, 0x4f, 0x82, 0xef, 0xe1, 0x41, 0x8c, + 0x3e, 0x8e, 0xa7, 0x6c, 0xf2, 0x51, 0xf7, 0x85, + 0x35, 0x6c, 0xad, 0xea, 0x32, 0x35, 0xf3, 0xc0, + 0x14, 0x17, 0xe2, 0x98, 0x27, 0x36, 0x7e, 0x60, + 0x2f, 0x01, 0x60, 0x3e, 0x18, 0xf4, 0x4e, 0xe0, + 0xf5, 0x14, 0x21, 0x81, 0x05, 0x78, 0x1c, 0x5f, + 0x4e, 0x89, 0xbb, 0x23, 0x60, 0xb1, 0x8f, 0x07, + 0x53, 0x16, 0x6e, 0xfb, 0x86, 0x07, 0x90, 0xff, + 0xa6, 0x27, 0x60, 0xe6, 0x3e, 0x92, 0x2a, 0x3c, + 0xa3, 0x57, 0xec, 0x97, 0x23, 0xaf, 0xd2, 0x44, + 0xac, 0x09, 0x87, 0xb0, 0x54, 0xe9, 0x5b, 0x50, + 0x37, 0xfa, 0x12, 0xa4, 0xcb, 0x6f, 0xed, 0x9f, + 0x29, 0x73, 0xa7, 0x09, 0x29, 0x91, 0x93, 0x5c, + 0x54, 0xf4, 0x44, 0xc2, 0x04, 0x64, 0xfc, 0xd2, + 0xf2, 0x0a, 0x0b, 0x45, 0x1f, 0xc5, 0x18, 0xf0, + 0xff, 0x10, 0x1f, 0x3a, 0x97, 0xf8, 0xb1, 0x83, + 0x0e, 0x08, 0xe2, 0x55, 0x75, 0x6a, 0x45, 0x96, + 0xf8, 0x1b, 0xdc, 0xb6, 0x57, 0x83, 0x8c, 0x28, + 0xc0, 0x4a, 0x57, 0xc6, 0xfb, 0x27, 0x3d, 0xfa, + 0x5a, 0x0d, 0x69, 0x56, 0x23, 0x66, 0x02, 0x78, + 0xca, 0xf1, 0xfa, 0xcb, 0xc1, 0xf6, 0x92, 0x1c, + 0xa0, 0xe3, 0x09, 0x7d, 0x48, 0x5e, 0x86, 0xa0, + 0x82, 0xa8, 0xf1, 0x1e, 0xe1, 0xfe, 0xc6, 0x9d, + 0x4f, 0x2e, 0xf4, 0xfc, 0xc6, 0x48, 0x1d, 0xc1, + 0x2a, 0x6a, 0xb7, 0xea, 0x46, 0x89, 0x04, 0xe9, + 0xbd, 0xf1, 0xed, 0x16, 0x76, 0xd8, 0x4b, 0x42, + 0xd5, 0x43, 0xa4, 0xfb, 0x02, 0x01, 0x54, 0x00, + 0xaf, 0x55, 0x52, 0x27, 0xff, 0x00, 0xe2, 0xbb, + 0x4a, 0xf2, 0x69, 0xb4, 0x4e, 0x6c, 0x6b, 0xa3, + 0x96, 0x4f, 0xf4, 0x65, 0x90, 0x2d, 0xc8, 0x57, + 0x1f, 0xb2, 0xf0, 0x86, 0x7b, 0x93, 0x09, 0x49, + 0x31, 0xc4, 0xf4, 0x8f, 0xc8, 0x2d, 0xac, 0x1d, + 0xfc, 0xba, 0xa4, 0xa5, 0x41, 0x90, 0x76, 0x7d, + 0x9e, 0x47, 0xdc, 0x10, 0xe6, 0x0c, 0xf7, 0x0f, + 0xa4, 0xba, 0x4f, 0xe2, 0x46, 0x38, 0x4c, 0x28, + 0xa0, 0x57, 0xb5, 0x3c, 0xb3, 0x4b, 0x8f, 0x03, + 0x04, 0xff, 0xf6, 0xec, 0x60, 0x90, 0x62, 0xfe, + 0x74, 0x76, 0x48, 0xb3, 0xf4, 0x0a, 0x6a, 0x5a, + 0x5b, 0xad, 0xc8, 0x54, 0x62, 0x11, 0x52, 0xd9, + 0x84, 0x1a, 0x09, 0x4b, 0xca, 0x66, 0xaa, 0x3c, + 0x36, 0x08, 0x9d, 0x58, 0xd0, 0x4a, 0x3a, 0x8b, + 0x24, 0xe0, 0x80, 0x9f, 0xe3, 0x76, 0xb6, 0x07, + 0xb1, 0xbc, 0x00, 0x98, 0xb0, 0xc1, 0xe0, 0xf6, + 0x1f, 0x4d, 0xa8, 0xd1, 0x69, 0x44, 0x9c, 0x33, + 0xb0, 0x0f, 0x9c, 0xc9, 0x0c, 0x8c, 0xbc, 0x03, + 0x58, 0x81, 0x76, 0xab, 0x0d, 0xef, 0x25, 0x5a, + 0xf6, 0xab, 0x3b, 0xf1, 0x1f, 0x97, 0x12, 0x8e, + 0x7f, 0x28, 0x77, 0x26, 0x18, 0xc4, 0xc4, 0xda, + 0x2c, 0x43, 0x57, 0xd2, 0x1f, 0x67, 0x95, 0x40, + 0x2c, 0x94, 0x41, 0x69, 0x22, 0x8a, 0x24, 0xd9, + 0xc7, 0xfc, 0xea, 0x49, 0x83, 0x8f, 0x5d, 0x2e, + 0x9d, 0xac, 0x17, 0xb6, 0xe0, 0xc4, 0xe7, 0xe6, + 0xd5, 0xc2, 0x73, 0xa1, 0x8f, 0x33, 0x14, 0x02, + 0xae, 0x01, 0x9f, 0x6f, 0x40, 0x92, 0x4e, 0x03, + 0xc2, 0xa9, 0xf1, 0x36, 0x78, 0xe4, 0xde, 0x39, + 0x4d, 0x29, 0x2e, 0xc2, 0x00, 0x93, 0x79, 0xe4, + 0xb2, 0x29, 0x4b, 0x81, 0x5c, 0x06, 0x06, 0xbc, + 0xc1, 0x01, 0x1c, 0xa7, 0x08, 0xf7, 0x47, 0x1f, + 0x52, 0x4f, 0xdf, 0x94, 0x1e, 0xe6, 0x89, 0xe6, + 0x26, 0x71, 0x2e, 0xa2, 0xd2, 0xfe, 0x04, 0xf2, + 0x12, 0x4c, 0x06, 0x78, 0x34, 0xc0, 0xb9, 0x76, + 0x62, 0x3b, 0x72, 0x25, 0x8c, 0x0d, 0x73, 0x24, + 0xcf, 0x4b, 0x4c, 0x47, 0x20, 0x9d, 0x04, 0x7f, + 0x86, 0x2c, 0x45, 0xb8, 0xfe, 0xb2, 0xaa, 0x36, + 0xf8, 0xe0, 0x24, 0x25, 0x05, 0x23, 0x12, 0x16, + 0xbf, 0x64, 0x10, 0xdd, 0xe4, 0xc0, 0xb0, 0x85, + 0xa7, 0xd3, 0xd1, 0x18, 0x1b, 0x81, 0x6b, 0x94, + 0xfd, 0x07, 0x43, 0xdd, 0x12, 0x37, 0x78, 0x69, + 0xec, 0x8c, 0xd0, 0x41, 0x2c, 0x42, 0x94, 0x3e, + 0x9f, 0xe3, 0x49, 0xb3, 0xb8, 0x45, 0x0b, 0x1d, + 0xc1, 0x9b, 0x4d, 0x21, 0x85, 0x62, 0xea, 0xd1, + 0xc9, 0x12, 0x30, 0x8c, 0x4b, 0x63, 0xeb, 0x7d, + 0x02, 0x52, 0x15, 0xa1, 0x95, 0x48, 0x9f, 0xc2, + 0xce, 0xf3, 0x4b, 0xff, 0x5a, 0xb6, 0x8f, 0xce, + 0xcd, 0x42, 0x21, 0x40, 0x82, 0xad, 0x08, 0x99, + 0x4d, 0x24, 0x58, 0x25, 0xf3, 0x7e, 0x42, 0x86, + 0x06, 0x33, 0x1f, 0x53, 0xbb, 0x07, 0x33, 0xca, + 0xc0, 0x02, 0x18, 0x30, 0x3c, 0xc5, 0x67, 0x1c, + 0x32, 0x3f, 0x2d, 0x58, 0x4c, 0x24, 0x6e, 0x60, + 0x96, 0x1a, 0xf4, 0xd0, 0x55, 0xb8, 0x84, 0xf0, + 0xb9, 0x83, 0xbf, 0x3d, 0x37, 0xe4, 0xa6, 0x06, + 0x1c, 0xd1, 0xd7, 0x91, 0x24, 0xdc, 0x3f, 0xcc, + 0x71, 0xf3, 0x0c, 0x90, 0x2c, 0x1d, 0x2f, 0x90, + 0xc8, 0x3c, 0x6f, 0x2c, 0x5d, 0xad, 0x8c, 0xdf, + 0xbb, 0x0d, 0x2a, 0x7f, 0x4a, 0x34, 0x5a, 0xd9, + 0x83, 0xfd, 0x61, 0x36, 0xe0, 0x0a, 0xb3, 0xf6, + 0x69, 0xb1, 0xaf, 0x81, 0x22, 0xd6, 0x9e, 0x9a, + 0xf8, 0xa6, 0x24, 0x8e, 0x0c, 0xcb, 0x25, 0xc2, + 0xfc, 0xc5, 0x94, 0xbd, 0x23, 0x9c, 0xa9, 0xbd, + 0x76, 0x28, 0xa4, 0x55, 0x92, 0x7c, 0xe6, 0x76, + 0xf7, 0x30, 0xf8, 0x7d, 0xdc, 0x0a, 0x93, 0x9e, + 0x7c, 0x39, 0x0a, 0x70, 0xa0, 0xb2, 0x77, 0xe0, + 0x7a, 0x89, 0x50, 0xce, 0x75, 0xca, 0x2f, 0xa4, + 0x12, 0x0e, 0xcb, 0x75, 0x1f, 0x0a, 0x83, 0xe8, + 0x14, 0x80, 0xa7, 0xb0, 0xe8, 0x11, 0xca, 0x12, + 0x5e, 0xf7, 0x31, 0x65, 0xbd, 0x20, 0x3d, 0x8c, + 0xa6, 0x89, 0x83, 0x68, 0x66, 0x03, 0x28, 0x49, + 0x17, 0xc4, 0x3f, 0x43, 0x02, 0x9b, 0xf8, 0xed, + 0xae, 0x8e, 0x68, 0xbc, 0x8e, 0x39, 0xe7, 0x15, + 0x32, 0x45, 0x66, 0x2c, 0x1f, 0xce, 0x56, 0xc7, + 0xc0, 0x15, 0x52, 0x19, 0x40, 0xcf, 0x87, 0x20, + 0xcd, 0x3d, 0xec, 0x90, 0x8d, 0x04, 0x01, 0x31, + 0x0b, 0x74, 0x80, 0x6e, 0x61, 0xa7, 0xf3, 0x4c, + 0xb2, 0x16, 0x00, 0xd5, 0xdb, 0xcc, 0xbb, 0x2c, + 0x9f, 0xb6, 0x02, 0x4a, 0xcf, 0x71, 0x06, 0xfd, + 0x60, 0xe0, 0x00, 0xbe, 0x22, 0xba, 0x39, 0x36, + 0xa8, 0x7e, 0xe5, 0xcb, 0xea, 0x87, 0xb1, 0xee, + 0xa2, 0x6c, 0x85, 0x94, 0x18, 0x6c, 0xab, 0x9a, + 0x93, 0xa7, 0xab, 0x4e, 0x3b, 0x85, 0xf3, 0xef, + 0x8f, 0x15, 0x74, 0x21, 0x9f, 0x5d, 0x9c, 0x22, + 0x32, 0x71, 0xb5, 0x4d, 0x7f, 0xaa, 0x85, 0xe0, + 0x05, 0x2a, 0x53, 0xbb, 0x3c, 0xab, 0xc3, 0xd2, + 0x73, 0x6e, 0x97, 0xa3, 0xfd, 0x05, 0x58, 0xaa, + 0x49, 0xc8, 0x69, 0xa9, 0x0b, 0x73, 0xd4, 0xe9, + 0x1d, 0x84, 0x60, 0x34, 0x2a, 0x09, 0xb3, 0x0f, + 0x08, 0x13, 0x67, 0x77, 0xb3, 0x24, 0xdf, 0xad, + 0xbf, 0x51, 0x71, 0x2b, 0xbe, 0x4f, 0x5d, 0xf4, + 0xe7, 0x25, 0x4c, 0x24, 0xa2, 0x4a, 0x22, 0xec, + 0xcc, 0x7c, 0x6c, 0x62, 0xee, 0x47, 0x12, 0x43, + 0x88, 0xe4, 0x71, 0xaa, 0x63, 0xaa, 0x2b, 0xed, + 0x70, 0xbf, 0x26, 0x37, 0xcc, 0xa4, 0xff, 0xe9, + 0xb6, 0x65, 0x31, 0x4d, 0x0d, 0x32, 0xd6, 0x84, + 0xb8, 0xab, 0x98, 0xa7, 0x10, 0x44, 0x77, 0xc7, + 0x2a, 0x60, 0xf0, 0xf5, 0xd5, 0xd4, 0x3a, 0x73, + 0x11, 0xa5, 0x1b, 0x18, 0x3c, 0x13, 0xfb, 0xda, + 0x76, 0x9d, 0xeb, 0x3e, 0xb9, 0x7a, 0xce, 0x02, + 0xa7, 0x5e, 0x25, 0x96, 0xd2, 0xbc, 0x85, 0x1a, + 0xd1, 0xa4, 0xe2, 0x02, 0x15, 0x08, 0x49, 0x16, + 0x7c, 0xaf, 0xc6, 0x38, 0x7b, 0x95, 0xf9, 0x37, + 0xc0, 0x87, 0x73, 0x6f, 0x01, 0xcd, 0x2b, 0xf1, + 0xe7, 0x6e, 0x47, 0x18, 0x30, 0xb8, 0x16, 0x87, + 0x1d, 0x23, 0x62, 0x22, 0x85, 0x92, 0x69, 0x46, + 0x9c, 0x65, 0xd8, 0xf1, 0x27, 0x32, 0xe4, 0x16, + 0x7f, 0x9a, 0xba, 0x46, 0x61, 0x60, 0x34, 0xe5, + 0xc0, 0x14, 0xb5, 0xde, 0x4d, 0xd1, 0x71, 0x39, + 0x26, 0xdc, 0x0c, 0x0a, 0x53, 0x9e, 0x31, 0x10, + 0x45, 0x7a, 0xf9, 0xc8, 0xfa, 0x1d, 0x69, 0x5e, + 0x25, 0xc1, 0xe2, 0x00, 0xbf, 0x94, 0xa3, 0xa2, + 0x97, 0xca, 0xb4, 0x6a, 0x89, 0x68, 0xdd, 0xed, + 0x6b, 0x99, 0x5a, 0x87, 0x9e, 0xe9, 0x68, 0xe4, + 0xf2, 0xc2, 0x7e, 0x37, 0x02, 0xdf, 0x96, 0x1a, + 0x5b, 0xed, 0xa1, 0xe8, 0xdf, 0x3c, 0xf7, 0xd2, + 0x25, 0xac, 0xf7, 0x4a, 0x7f, 0x10, 0x27, 0x2b, + 0x02, 0xc7, 0x95, 0x10, 0x5a, 0xb5, 0xb0, 0xcd, + 0xa9, 0xe1, 0x36, 0xe2, 0x1c, 0x87, 0x99, 0x0e, + 0x0a, 0x44, 0xec, 0x97, 0x75, 0xa7, 0x03, 0x27, + 0x38, 0x3b, 0x16, 0x30, 0x00, 0x98, 0xbe, 0x77, + 0xfe, 0x3a, 0xac, 0x6f, 0x8f, 0x4d, 0xe1, 0xa9, + 0x9c, 0xba, 0x39, 0x52, 0xe8, 0xf7, 0xe4, 0xe6, + 0xf9, 0xe9, 0xb3, 0x57, 0x82, 0xb2, 0x23, 0xd6, + 0xa5, 0x14, 0xc0, 0x78, 0xb4, 0xa0, 0xf9, 0x96, + 0xe4, 0x03, 0xe8, 0x6c, 0x27, 0xd8, 0x37, 0x7c, + 0x8f, 0xf4, 0x80, 0x09, 0x09, 0xc9, 0x32, 0x15, + 0xe0, 0x3f, 0x37, 0xa7, 0x1a, 0x5f, 0x8c, 0xfb, + 0xdd, 0xfe, 0x6b, 0x34, 0x28, 0x53, 0x03, 0x4b, + 0x39, 0x91, 0xf2, 0x48, 0x4c, 0x2a, 0x45, 0xfe, + 0x66, 0xf7, 0x23, 0x74, 0xb8, 0x30, 0x70, 0xb4, + 0x0c, 0x2c, 0x65, 0xb1, 0x4e, 0x32, 0x0f, 0x50, + 0xbb, 0x46, 0x9b, 0x03, 0x34, 0x38, 0xfb, 0xe4, + 0x25, 0x37, 0x8d, 0x0f, 0xa1, 0x41, 0x50, 0x85, + 0x92, 0x07, 0x71, 0xff, 0x3c, 0xe6, 0xd9, 0x1d, + 0x55, 0xb7, 0x10, 0x9c, 0xea, 0x70, 0x5f, 0xa3, + 0xba, 0x84, 0x99, 0x91, 0x30, 0x3d, 0x4c, 0x98, + 0x0b, 0x1f, 0x1f, 0xcc, 0x17, 0x94, 0xdd, 0x78, + 0x7d, 0x50, 0xe5, 0xf5, 0x21, 0x88, 0x5a, 0x52, + 0x76, 0x5a, 0x97, 0xbe, 0xba, 0xa9, 0xfe, 0x82, + 0x8a, 0xb5, 0x46, 0xcf, 0x9c, 0xbe, 0xe8, 0x2f, + 0x01, 0x2f, 0x6a, 0x03, 0x8a, 0xfa, 0x4b, 0x0b, + 0xdc, 0x78, 0x79, 0x9c, 0x49, 0xc4, 0x01, 0x26, + 0x16, 0x58, 0xc6, 0xb8, 0xee, 0x6c, 0xc9, 0xa9, + 0x38, 0x7c, 0xcf, 0xf3, 0xf8, 0xd0, 0x6b, 0x99, + 0x43, 0x13, 0xe0, 0x43, 0x8e, 0xfb, 0xb2, 0xdb, + 0x61, 0x67, 0xf4, 0xfc, 0x01, 0x21, 0xd9, 0xb1, + 0x1e, 0x6c, 0x6f, 0x2a, 0x9a, 0x4b, 0x86, 0x3c, + 0x62, 0x03, 0x53, 0x83, 0x11, 0x18, 0x1a, 0x59, + 0x9e, 0x25, 0xfe, 0xdb, 0x85, 0xd0, 0xee, 0x7c, + 0x97, 0x72, 0xca, 0xf3, 0x0d, 0xd4, 0x19, 0x66, + 0x14, 0xaf, 0x46, 0x68, 0x75, 0xdb, 0x8f, 0x5f, + 0x77, 0x7f, 0xfe, 0xa9, 0xe6, 0xa1, 0x9e, 0x46, + 0x5e, 0x92, 0xda, 0xea, 0xdd, 0x89, 0x01, 0xd9, + 0xab, 0x25, 0x7d, 0xb4, 0x64, 0x50, 0x8f, 0xa3, + 0xbe, 0xe2, 0x03, 0xd5, 0xc6, 0x9c, 0xc2, 0xf8, + 0xac, 0xa4, 0x36, 0xa9, 0x37, 0x10, 0x59, 0x00, + 0x45, 0xbb, 0x55, 0x33, 0xb9, 0x6f, 0xbc, 0xa2, + 0x02, 0x9e, 0xa3, 0x1d, 0xf4, 0x17, 0x78, 0x9b, + 0xbc, 0x42, 0x4e, 0x21, 0xc3, 0xde, 0xb5, 0x70, + 0x4a, 0x23, 0x1e, 0xd4, 0x36, 0x5d, 0x7a, 0x08, + 0x37, 0x55, 0x98, 0x07, 0xa0, 0x16, 0xa3, 0x4e, + 0xa1, 0x2b, 0x96, 0x8b, 0x51, 0x63, 0x48, 0xab, + 0xc9, 0x19, 0x6f, 0x5f, 0x25, 0x9d, 0xe7, 0x25, + 0x63, 0xf0, 0x8e, 0xdb, 0x06, 0x2d, 0x42, 0x31, + 0xfd, 0x14, 0x2b, 0x7a, 0x31, 0x43, 0x04, 0xd5, + 0xe2, 0x89, 0x2e, 0xa8, 0xe4, 0x6e, 0xd5, 0xa5, + 0x21, 0x67, 0x9b, 0x92, 0x61, 0x79, 0xdd, 0xe5, + 0x44, 0x43, 0x45, 0x57, 0x13, 0xec, 0x04, 0xc1, + 0x41, 0xa3, 0x14, 0x70, 0x86, 0xda, 0x76, 0x5d, + 0xe8, 0x61, 0xd2, 0xfb, 0x7b, 0xe4, 0x71, 0x46, + 0xa3, 0x52, 0xbf, 0xf2, 0xa0, 0x3c, 0xc1, 0x90, + 0x0c, 0x2e, 0xeb, 0xb3, 0x38, 0xae, 0x13, 0x27, + 0x84, 0xe9, 0x7a, 0xd6, 0x02, 0x40, 0x84, 0xff, + 0x87, 0x1f, 0x37, 0x44, 0xd8, 0x2e, 0x93, 0xf7, + 0x0a, 0xff, 0x5b, 0x4d, 0x07, 0x82, 0xfd, 0x6e, + 0x44, 0xcc, 0x19, 0xc3, 0x7d, 0x7c, 0x31, 0xf9, + 0x0e, 0xa8, 0x1c, 0x0d, 0xcb, 0x8e, 0xe8, 0x33, + 0xb2, 0xff, 0x9e, 0x1d, 0x99, 0x7c, 0x46, 0x5b, + 0xc7, 0x28, 0xec, 0x01, 0x62, 0x82, 0xfe, 0x2a, + 0x22, 0xa3, 0x86, 0x4e, 0x47, 0xe2, 0x57, 0xf1, + 0xb4, 0x58, 0x94, 0x89, 0xe5, 0xf1, 0xcd, 0x4d, + 0x90, 0xd1, 0xa4, 0x4c, 0x34, 0x5d, 0xde, 0xdc, + 0x39, 0x63, 0x8b, 0x85, 0xfd, 0x02, 0x21, 0xf1, + 0x12, 0xa3, 0x6d, 0x65, 0x0f, 0x8d, 0xe5, 0xcd, + 0x70, 0xd5, 0x1d, 0xf8, 0x65, 0x99, 0xfb, 0xe8, + 0xb5, 0x5a, 0x09, 0x39, 0x9e, 0x09, 0x45, 0x62, + 0x22, 0x1d, 0xa2, 0x46, 0xbf, 0x75, 0x20, 0xd1, + 0xe7, 0xb0, 0x06, 0x68, 0xc3, 0x50, 0x48, 0xfc, + 0xf8, 0x5c, 0x67, 0x69, 0x68, 0x66, 0xb6, 0x81, + 0x95, 0x91, 0x81, 0x3d, 0xf6, 0x34, 0xd9, 0x4b, + 0x06, 0x35, 0x17, 0x59, 0x89, 0x18, 0x74, 0x32, + 0x50, 0xcf, 0x81, 0x16, 0x8e, 0x53, 0x9d, 0x1c, + 0xad, 0x2d, 0x8e, 0x16, 0x41, 0xda, 0xca, 0xab, + 0x78, 0x0d, 0xc9, 0x49, 0x61, 0xaa, 0x18, 0xf4, + 0x56, 0x48, 0x29, 0x8c, 0xe3, 0x9a, 0x7d, 0x58, + 0xf8, 0x99, 0x72, 0xf1, 0x78, 0xa8, 0x5a, 0x97, + 0xe3, 0x2a, 0xc6, 0xa9, 0x59, 0xde, 0xcc, 0x62, + 0xfb, 0xab, 0xc5, 0x9a, 0x0b, 0xc7, 0x16, 0x8f, + 0x18, 0x20, 0x6e, 0x01, 0x7e, 0x04, 0xef, 0x72, + 0x83, 0x61, 0xb8, 0x1a, 0x77, 0x0f, 0xd1, 0xa9, + 0x75, 0xe0, 0x4a, 0x11, 0x69, 0x9d, 0xb6, 0xc9, + 0x2e, 0xd3, 0xbf, 0xe2, 0x5b, 0x24, 0x77, 0x30, + 0x85, 0x91, 0xef, 0xa8, 0x93, 0x4e, 0xad, 0x99, + 0xad, 0xcb, 0x6d, 0x9d, 0x8f, 0xd8, 0x0f, 0xe5, + 0x41, 0xd9, 0x9e, 0x0b, 0xce, 0x33, 0xd9, 0xbb, + 0x87, 0x66, 0x2c, 0xa3, 0x0b, 0x68, 0x1b, 0xb0, + 0x71, 0x30, 0xfa, 0x15, 0x2e, 0xe8, 0xc1, 0x99, + 0x71, 0x01, 0xcc, 0xdb, 0x6f, 0x9f, 0x8a, 0xfd, + 0xb4, 0x0f, 0x35, 0xa1, 0x36, 0xf4, 0x3a, 0xc4, + 0x17, 0x77, 0x43, 0x60, 0x10, 0x18, 0xb4, 0xc2, + 0xe5, 0xc0, 0x64, 0xd8, 0x38, 0x7c, 0x05, 0x9a, + 0xfb, 0x2b, 0xb3, 0x9b, 0x9e, 0x34, 0x6b, 0x4b, + 0xc8, 0x3b, 0x77, 0xe0, 0x6f, 0x08, 0xa1, 0x7b, + 0x66, 0x69, 0x2f, 0xdb, 0x34, 0x9e, 0x98, 0x90, + 0x5b, 0x4d, 0x7b, 0xa2, 0x32, 0x8e, 0x64, 0xe6, + 0x0d, 0x75, 0xc9, 0x96, 0xe3, 0x57, 0xba, 0xad, + 0x3e, 0x3b, 0x23, 0xfb, 0x9e, 0x7f, 0xc0, 0x3c, + 0xd5, 0x41, 0x9c, 0xfb, 0xbc, 0xb3, 0x52, 0x49 +#endif +}; +#endif + +static int test_wc_dilithium_public_der_decode(void) +{ + EXPECT_DECLS; +#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ + defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) + dilithium_key* key; + word32 idx = 0; + + key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(key); + + if (key != NULL) { + XMEMSET(key, 0, sizeof(*key)); + } + + ExpectIntEQ(wc_dilithium_init(key), 0); +#ifndef WOLFSSL_NO_ML_DSA_44 + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0); +#elif !defined(WOLFSSL_NO_ML_DSA_65) + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0); +#else + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0); +#endif + ExpectIntEQ(wc_Dilithium_PublicKeyDecode(dilithium_public_der, &idx, key, + (word32)sizeof(dilithium_public_der)), 0); + + wc_dilithium_free(key); + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return EXPECT_RESULT(); +} + static int test_wc_dilithium_der(void) { EXPECT_DECLS; @@ -32276,6 +33059,15 @@ static int test_wc_dilithium_der(void) ExpectIntEQ(len = wc_Dilithium_PublicKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE, 1), pubDerLen); idx = 0; +{ + fprintf(stderr, "\n"); + for (int ii = 0; ii < pubDerLen; ii++) { + if ((ii % 8) == 0) fprintf(stderr, " "); + fprintf(stderr, "0x%02x,", der[ii]); + if ((ii % 8) == 7) fprintf(stderr, "\n"); + else fprintf(stderr, " "); + } +} ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der, &idx, key, len), 0); ExpectIntEQ(len = wc_Dilithium_PrivateKeyToDer(key, der, @@ -83230,6 +84022,7 @@ TEST_CASE testCases[] = { TEST_DECL(test_wc_dilithium_sign), TEST_DECL(test_wc_dilithium_verify), TEST_DECL(test_wc_dilithium_check_key), + TEST_DECL(test_wc_dilithium_public_der_decode), TEST_DECL(test_wc_dilithium_der), TEST_DECL(test_wc_dilithium_make_key_from_seed), TEST_DECL(test_wc_dilithium_verify_kats), diff --git a/wolfcrypt/src/dilithium.c b/wolfcrypt/src/dilithium.c index 8af0a920bf..521353c608 100644 --- a/wolfcrypt/src/dilithium.c +++ b/wolfcrypt/src/dilithium.c @@ -58,6 +58,19 @@ * WOLFSSL_DILITHIUM_SIGN_SMALL_MEM Default: OFF * Compiles signature implementation that uses smaller amounts of memory but * is considerably slower. + * WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC Default: OFF + * Compiles signature implementation that uses smaller amounts of memory but + * is considerably slower. Allocates vectors and decodes private key data + * into them upfront. + * WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A Default: OFF + * Compiles signature implementation that uses smaller amounts of memory but + * is slower. Allocates matrix A and calculates it upfront. + * WOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM Default: OFF + * Compiles key generation implementation that uses smaller amounts of memory + * but is slower. + * WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 Default: OFF + * Compiles the small memory implementations to use a 64-bit polynomial. + * Uses 2KB of memory but is slighlty quicker (2.75-7%). * * WOLFSSL_DILITHIUM_ALIGNMENT Default: 8 * Use to indicate whether loading and storing of words needs to be aligned. @@ -142,6 +155,18 @@ #include #endif +#if defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC) && \ + !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM) + #define WOLFSSL_DILITHIUM_SIGN_SMALL_MEM +#endif +#if defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A) && \ + !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM) + #define WOLFSSL_DILITHIUM_SIGN_SMALL_MEM + #ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC + #error "PRECALC and PRECALC_A is equivalent to non small mem" + #endif +#endif + #ifdef WOLFSSL_WC_DILITHIUM #ifdef DEBUG_DILITHIUM @@ -1678,43 +1703,24 @@ static void dilithium_vec_encode_w1(const sword32* w1, byte k, sword32 gamma2, * @param [in, out] shake128 SHAKE-128 object. * @param [in] seed Seed to hash to generate values. * @param [out] a Polynomial. + * @param [in] h Buffer to hold hashes. * @return 0 on success. - * @return MEMORY_E when dynamic memory allocation fails. * @return Negative on hash error. */ -static int dilithium_rej_ntt_poly(wc_Shake* shake128, byte* seed, sword32* a, - byte* key_h) +static int dilithium_rej_ntt_poly_ex(wc_Shake* shake128, byte* seed, sword32* a, + byte* h) { -#ifdef WOLFSSL_DILITHIUM_SMALL int ret = 0; +#ifdef WOLFSSL_DILITHIUM_SMALL int j = 0; -#if defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC) - byte* h = NULL; -#else - byte h[DILITHIUM_REJ_NTT_POLY_H_SIZE]; -#endif - - (void)key_h; -#ifdef WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC - h = key_h; -#elif defined(WOLFSSL_SMALL_STACK) - h = (byte*)XMALLOC(DILITHIUM_REJ_NTT_POLY_H_SIZE, NULL, - DYNAMIC_TYPE_DILITHIUM); - if (h == NULL) { - ret = MEMORY_E; - } -#endif /* WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC */ - - if (ret == 0) { - #if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0) - /* Reading 4 bytes for 3 so need to set 1 past for last read. */ - h[DILITHIUM_GEN_A_BLOCK_BYTES] = 0; - #endif +#if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0) + /* Reading 4 bytes for 3 so need to set 1 past for last read. */ + h[DILITHIUM_GEN_A_BLOCK_BYTES] = 0; +#endif - /* Initialize SHAKE-128 object for new hash. */ - ret = wc_InitShake128(shake128, NULL, INVALID_DEVID); - } + /* Initialize SHAKE-128 object for new hash. */ + ret = wc_InitShake128(shake128, NULL, INVALID_DEVID); if (ret == 0) { /* Absorb the seed. */ ret = wc_Shake128_Absorb(shake128, seed, DILITHIUM_GEN_A_SEED_SZ); @@ -1750,39 +1756,14 @@ static int dilithium_rej_ntt_poly(wc_Shake* shake128, byte* seed, sword32* a, } } } - -#if !defined(WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC) && defined(WOLFSSL_SMALL_STACK) - XFREE(h, NULL, DYNAMIC_TYPE_DILITHIUM); -#endif - return ret; #else - int ret = 0; unsigned int j = 0; unsigned int c; -#if defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC) - byte* h = NULL; -#else - byte h[DILITHIUM_REJ_NTT_POLY_H_SIZE]; -#endif - - (void)key_h; - -#ifdef WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC - h = key_h; -#elif defined(WOLFSSL_SMALL_STACK) - h = (byte*)XMALLOC(DILITHIUM_REJ_NTT_POLY_H_SIZE, NULL, - DYNAMIC_TYPE_DILITHIUM); - if (h == NULL) { - ret = MEMORY_E; - } -#endif /* WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC */ - if (ret == 0) { - /* Generate enough SHAKE-128 output blocks to give high probability of - * being able to get 256 valid 3-byte, 23-bit values from it. */ - ret = dilithium_squeeze128(shake128, seed, DILITHIUM_GEN_A_SEED_SZ, h, - DILITHIUM_GEN_A_NBLOCKS); - } + /* Generate enough SHAKE-128 output blocks to give high probability of + * being able to get 256 valid 3-byte, 23-bit values from it. */ + ret = dilithium_squeeze128(shake128, seed, DILITHIUM_GEN_A_SEED_SZ, h, + DILITHIUM_GEN_A_NBLOCKS); if (ret == 0) { #if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0) /* Reading 4 bytes for 3 so need to set 1 past for last read. */ @@ -1790,7 +1771,7 @@ static int dilithium_rej_ntt_poly(wc_Shake* shake128, byte* seed, sword32* a, #endif /* Use the first 256 triplets and know we won't exceed required. */ -#ifdef WOLFSSL_DILITHIUM_NO_LARGE_CODE + #ifdef WOLFSSL_DILITHIUM_NO_LARGE_CODE for (c = 0; c < (DILITHIUM_N - 1) * 3; c += 3) { #if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0) /* Load 32-bit value and mask out 23 bits. */ @@ -1826,7 +1807,7 @@ static int dilithium_rej_ntt_poly(wc_Shake* shake128, byte* seed, sword32* a, } } } -#else + #else /* Do 15 bytes at a time: 255 * 3 / 15 = 51 */ for (c = 0; c < DILITHIUM_N * 3; c += 24) { #if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0) @@ -1923,7 +1904,7 @@ static int dilithium_rej_ntt_poly(wc_Shake* shake128, byte* seed, sword32* a, } } } -#endif + #endif /* Keep generating more blocks and using triplets until we have enough. */ while (j < DILITHIUM_N) { @@ -1956,15 +1937,60 @@ static int dilithium_rej_ntt_poly(wc_Shake* shake128, byte* seed, sword32* a, } } } - -#if !defined(WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC) && defined(WOLFSSL_SMALL_STACK) - XFREE(h, NULL, DYNAMIC_TYPE_DILITHIUM); #endif + return ret; +} + +#if (!defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \ + !defined(WOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM)) || \ + defined(WOLFSSL_DILITHIUM_CHECK_KEY) || \ + (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ + !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM)) || \ + (!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \ + !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM)) +/* Generate a random polynomial by rejection. + * + * @param [in, out] shake128 SHAKE-128 object. + * @param [in] seed Seed to hash to generate values. + * @param [out] a Polynomial. + * @param [in] heap Dynamic memory hint. + * @return 0 on success. + * @return MEMORY_E when dynamic memory allocation fails. + * @return Negative on hash error. + */ +static int dilithium_rej_ntt_poly(wc_Shake* shake128, byte* seed, sword32* a, + void* heap) +{ + int ret; +#if defined(WOLFSSL_SMALL_STACK) + byte* h = NULL; +#else + byte h[DILITHIUM_REJ_NTT_POLY_H_SIZE]; +#endif + + (void)heap; + +#if defined(WOLFSSL_SMALL_STACK) + h = (byte*)XMALLOC(DILITHIUM_REJ_NTT_POLY_H_SIZE, heap, + DYNAMIC_TYPE_DILITHIUM); + if (h == NULL) { + ret = MEMORY_E; + } +#endif + + ret = dilithium_rej_ntt_poly_ex(shake128, seed, a, h); + +#if defined(WOLFSSL_SMALL_STACK) + XFREE(h, heap, DYNAMIC_TYPE_DILITHIUM); #endif + + return ret; } +#endif -#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \ +#if (!defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \ + !defined(WOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM)) || \ defined(WOLFSSL_DILITHIUM_CHECK_KEY) || \ (!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \ !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM)) || \ @@ -1987,11 +2013,12 @@ static int dilithium_rej_ntt_poly(wc_Shake* shake128, byte* seed, sword32* a, * @param [in] k First dimension of matrix a. * @param [in] l Second dimension of matrix a. * @param [out] a Matrix of polynomials. + * @param [in] heap Dynamic memory hint. * @return 0 on success. * @return Negative on hash error. */ static int dilithium_expand_a(wc_Shake* shake128, const byte* pub_seed, byte k, - byte l, sword32* a) + byte l, sword32* a, void* heap) { int ret = 0; byte r; @@ -2009,7 +2036,7 @@ static int dilithium_expand_a(wc_Shake* shake128, const byte* pub_seed, byte k, /* Put s into buffer to be hashed. */ seed[DILITHIUM_PUB_SEED_SZ + 0] = s; /* Step 3: Create polynomial from hashing seed. */ - ret = dilithium_rej_ntt_poly(shake128, seed, a, NULL); + ret = dilithium_rej_ntt_poly(shake128, seed, a, heap); /* Next polynomial. */ a += DILITHIUM_N; } @@ -2518,6 +2545,7 @@ static int dilithium_vec_expand_mask(wc_Shake* shake256, byte* seed, #endif #if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + /* Expand commit to a polynomial. * * FIPS 204. 8.3: Algorithm 23 SampleInBall(rho) @@ -2534,41 +2562,23 @@ static int dilithium_vec_expand_mask(wc_Shake* shake256, byte* seed, * 11: end for * 12: return c * - * @param [in] shake256 SHAKE-256 object. - * @param [in] seed Buffer containing seed to expand. - * @param [in] tau Number of +/- 1s in polynomial. - * @param [out] c Commit polynomial. - * @param [in] key_block Memory to use for block from key. + * @param [in] shake256 SHAKE-256 object. + * @param [in] seed Buffer containing seed to expand. + * @param [in] tau Number of +/- 1s in polynomial. + * @param [out] c Commit polynomial. + * @param [in] block Memory to use for block from key. * @return 0 on success. - * @return MEMORY_E when dynamic memory allocation fails. * @return Negative on hash error. */ -static int dilithium_sample_in_ball(wc_Shake* shake256, const byte* seed, - byte tau, sword32* c, byte* key_block) +static int dilithium_sample_in_ball_ex(wc_Shake* shake256, const byte* seed, + byte tau, sword32* c, byte* block) { int ret = 0; unsigned int k; unsigned int i; unsigned int s; -#if defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC) - byte* block = NULL; -#else - byte block[DILITHIUM_GEN_C_BLOCK_BYTES]; -#endif byte signs[DILITHIUM_SIGN_BYTES]; - (void)key_block; - -#ifdef WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC - block = key_block; -#elif defined(WOLFSSL_SMALL_STACK) - block = (byte*)XMALLOC(DILITHIUM_GEN_C_BLOCK_BYTES, NULL, - DYNAMIC_TYPE_DILITHIUM); - if (block == NULL) { - ret = MEMORY_E; - } -#endif - if (ret == 0) { /* Set polynomial to all zeros. */ XMEMSET(c, 0, DILITHIUM_POLY_SIZE); @@ -2613,13 +2623,57 @@ static int dilithium_sample_in_ball(wc_Shake* shake256, const byte* seed, s++; } -#if !defined(WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC) && defined(WOLFSSL_SMALL_STACK) - XFREE(block, NULL, DYNAMIC_TYPE_DILITHIUM); + return ret; +} + +#if (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ + !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM)) || \ + (!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \ + !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM)) +/* Expand commit to a polynomial. + * + * @param [in] shake256 SHAKE-256 object. + * @param [in] seed Buffer containing seed to expand. + * @param [in] tau Number of +/- 1s in polynomial. + * @param [out] c Commit polynomial. + * @param [in] heap Dynamic memory hint. + * @return 0 on success. + * @return MEMORY_E when dynamic memory allocation fails. + * @return Negative on hash error. + */ +static int dilithium_sample_in_ball(wc_Shake* shake256, const byte* seed, + byte tau, sword32* c, void* heap) +{ + int ret = 0; +#if defined(WOLFSSL_SMALL_STACK) + byte* block = NULL; +#else + byte block[DILITHIUM_GEN_C_BLOCK_BYTES]; +#endif + + (void)heap; + +#if defined(WOLFSSL_SMALL_STACK) + block = (byte*)XMALLOC(DILITHIUM_GEN_C_BLOCK_BYTES, heap, + DYNAMIC_TYPE_DILITHIUM); + if (block == NULL) { + ret = MEMORY_E; + } +#endif + + if (ret == 0) { + ret = dilithium_sample_in_ball_ex(shake256, seed, tau, c, block); + } + +#if defined(WOLFSSL_SMALL_STACK) + XFREE(block, heap, DYNAMIC_TYPE_DILITHIUM); #endif return ret; } #endif +#endif + /****************************************************************************** * Decompose operations ******************************************************************************/ @@ -2738,7 +2792,8 @@ static void dilithium_decompose_q32(sword32 r, sword32* r0, sword32* r1) #ifndef WOLFSSL_DILITHIUM_NO_SIGN -#ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM +#if !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM) || \ + defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A) /* Decompose vector of polynomials into high and low based on GAMMA2. * * @param [in] r Vector of polynomials to decompose. @@ -5205,6 +5260,7 @@ static void dilithium_vec_make_pos(sword32* a, byte l) */ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed) { +#ifndef WOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM int ret = 0; const wc_dilithium_params* params = key->params; sword32* a = NULL; @@ -5217,7 +5273,8 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed) #ifdef WC_DILITHIUM_CACHE_MATRIX_A #ifndef WC_DILITHIUM_FIXED_ARRAY if (key->a == NULL) { - key->a = (sword32*)XMALLOC(params->aSz, key->heap, DYNAMIC_TYPE_DILITHIUM); + key->a = (sword32*)XMALLOC(params->aSz, key->heap, + DYNAMIC_TYPE_DILITHIUM); if (key->a == NULL) { ret = MEMORY_E; } @@ -5230,7 +5287,8 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed) #ifdef WC_DILITHIUM_CACHE_PRIV_VECTORS #ifndef WC_DILITHIUM_FIXED_ARRAY if ((ret == 0) && (key->s1 == NULL)) { - key->s1 = (sword32*)XMALLOC(params->aSz, key->heap, DYNAMIC_TYPE_DILITHIUM); + key->s1 = (sword32*)XMALLOC(params->aSz, key->heap, + DYNAMIC_TYPE_DILITHIUM); if (key->s1 == NULL) { ret = MEMORY_E; } @@ -5263,7 +5321,7 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed) s2 = s1 + params->s1Sz / sizeof(*s1); t = s2 + params->s2Sz / sizeof(*s2); #ifndef WC_DILITHIUM_CACHE_MATRIX_A - a = t + params->s2Sz / sizeof(*s2); + a = t + params->s2Sz / sizeof(*t); #endif } } @@ -5281,7 +5339,7 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed) /* Step 3: Expand public seed into a matrix of polynomials. */ ret = dilithium_expand_a(&key->shake, pub_seed, params->k, params->l, - a); + a, key->heap); } if (ret == 0) { byte* priv_seed = key->k + DILITHIUM_PUB_SEED_SZ; @@ -5343,6 +5401,210 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed) XFREE(s1, key->heap, DYNAMIC_TYPE_DILITHIUM); #endif return ret; +#else + int ret = 0; + const wc_dilithium_params* params = key->params; + sword32* a = NULL; + sword32* s1 = NULL; + sword32* s2 = NULL; + sword32* t = NULL; +#ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + sword64* t64 = NULL; +#endif + byte* h = NULL; + byte* pub_seed = key->k; + unsigned int r; + unsigned int s; + + /* Allocate memory for large intermediates. */ + if (ret == 0) { + unsigned int allocSz; + + /* s1-l, s2-k, t-k, a-1 */ + allocSz = params->s1Sz + params->s2Sz + params->s2Sz + + DILITHIUM_REJ_NTT_POLY_H_SIZE + DILITHIUM_POLY_SIZE; + #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + /* t64 */ + allocSz += DILITHIUM_POLY_SIZE * 2; + #endif + s1 = (sword32*)XMALLOC(allocSz, key->heap, DYNAMIC_TYPE_DILITHIUM); + if (s1 == NULL) { + ret = MEMORY_E; + } + else { + s2 = s1 + params->s1Sz / sizeof(*s1); + t = s2 + params->s2Sz / sizeof(*s2); + h = (byte*)(t + params->s2Sz / sizeof(*t)); + a = (sword32*)(h + DILITHIUM_REJ_NTT_POLY_H_SIZE); + #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + t64 = (sword64*)(a + DILITHIUM_N); + #endif + } + } + + if (ret == 0) { + /* Step 2: Create public seed, private seed and K from seed. + * Step 9; Alg 18, Step 1: Public seed is placed into private key. */ + ret = dilithium_shake256(&key->shake, seed, DILITHIUM_SEED_SZ, pub_seed, + DILITHIUM_SEEDS_SZ); + } + if (ret == 0) { + byte* priv_seed = key->k + DILITHIUM_PUB_SEED_SZ; + + /* Step 7; Alg 16 Step 1: Copy public seed into public key. */ + XMEMCPY(key->p, pub_seed, DILITHIUM_PUB_SEED_SZ); + + /* Step 4: Expand private seed into to vectors of polynomials. */ + ret = dilithium_expand_s(&key->shake, priv_seed, params->eta, s1, + params->l, s2, params->k); + } + if (ret == 0) { + byte* k = pub_seed + DILITHIUM_PUB_SEED_SZ; + byte* tr = k + DILITHIUM_K_SZ; + byte* s1p = tr + DILITHIUM_TR_SZ; + byte* s2p = s1p + params->s1EncSz; + byte* t0 = s2p + params->s2EncSz; + byte* t1 = key->p + DILITHIUM_PUB_SEED_SZ; + byte aseed[DILITHIUM_GEN_A_SEED_SZ]; + sword32* s2t = s2; + sword32* tt = t; + + /* Step 9: Move k down to after public seed. */ + XMEMCPY(k, k + DILITHIUM_PRIV_SEED_SZ, DILITHIUM_K_SZ); + /* Step 9. Alg 18 Steps 2-4: Encode s1 into private key. */ + dilthium_vec_encode_eta_bits(s1, params->l, params->eta, s1p); + /* Step 9. Alg 18 Steps 5-7: Encode s2 into private key. */ + dilthium_vec_encode_eta_bits(s2, params->k, params->eta, s2p); + + /* Step 5: NTT(s1) */ + dilithium_vec_ntt_small(s1, params->l); + /* Step 5: t <- NTT-1(A_circum o NTT(s1)) + s2 */ + XMEMCPY(aseed, pub_seed, DILITHIUM_PUB_SEED_SZ); + for (r = 0; (ret == 0) && (r < params->k); r++) { + sword32* s1t = s1; + unsigned int e; + + /* Put r/i into buffer to be hashed. */ + aseed[DILITHIUM_PUB_SEED_SZ + 1] = r; + for (s = 0; (ret == 0) && (s < params->l); s++) { + + /* Put s into buffer to be hashed. */ + aseed[DILITHIUM_PUB_SEED_SZ + 0] = s; + /* Step 3: Expand public seed into a matrix of polynomials. */ + ret = dilithium_rej_ntt_poly_ex(&key->shake, aseed, a, h); + if (ret != 0) { + break; + } + /* Matrix multiply. */ + #ifndef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + if (s == 0) { + #ifdef WOLFSSL_DILITHIUM_SMALL + for (e = 0; e < DILITHIUM_N; e++) { + tt[e] = dilithium_mont_red((sword64)a[e] * s1t[e]); + } + #else + for (e = 0; e < DILITHIUM_N; e += 8) { + tt[e+0] = dilithium_mont_red((sword64)a[e+0]*s1t[e+0]); + tt[e+1] = dilithium_mont_red((sword64)a[e+1]*s1t[e+1]); + tt[e+2] = dilithium_mont_red((sword64)a[e+2]*s1t[e+2]); + tt[e+3] = dilithium_mont_red((sword64)a[e+3]*s1t[e+3]); + tt[e+4] = dilithium_mont_red((sword64)a[e+4]*s1t[e+4]); + tt[e+5] = dilithium_mont_red((sword64)a[e+5]*s1t[e+5]); + tt[e+6] = dilithium_mont_red((sword64)a[e+6]*s1t[e+6]); + tt[e+7] = dilithium_mont_red((sword64)a[e+7]*s1t[e+7]); + } + #endif + } + else { + #ifdef WOLFSSL_DILITHIUM_SMALL + for (e = 0; e < DILITHIUM_N; e++) { + tt[e] += dilithium_mont_red((sword64)a[e] * s1t[e]); + } + #else + for (e = 0; e < DILITHIUM_N; e += 8) { + tt[e+0] += dilithium_mont_red((sword64)a[e+0]*s1t[e+0]); + tt[e+1] += dilithium_mont_red((sword64)a[e+1]*s1t[e+1]); + tt[e+2] += dilithium_mont_red((sword64)a[e+2]*s1t[e+2]); + tt[e+3] += dilithium_mont_red((sword64)a[e+3]*s1t[e+3]); + tt[e+4] += dilithium_mont_red((sword64)a[e+4]*s1t[e+4]); + tt[e+5] += dilithium_mont_red((sword64)a[e+5]*s1t[e+5]); + tt[e+6] += dilithium_mont_red((sword64)a[e+6]*s1t[e+6]); + tt[e+7] += dilithium_mont_red((sword64)a[e+7]*s1t[e+7]); + } + #endif + } + #else + if (s == 0) { + #ifdef WOLFSSL_DILITHIUM_SMALL + for (e = 0; e < DILITHIUM_N; e++) { + t64[e] = (sword64)a[e] * s1t[e]; + } + #else + for (e = 0; e < DILITHIUM_N; e += 8) { + t64[e+0] = (sword64)a[e+0] * s1t[e+0]; + t64[e+1] = (sword64)a[e+1] * s1t[e+1]; + t64[e+2] = (sword64)a[e+2] * s1t[e+2]; + t64[e+3] = (sword64)a[e+3] * s1t[e+3]; + t64[e+4] = (sword64)a[e+4] * s1t[e+4]; + t64[e+5] = (sword64)a[e+5] * s1t[e+5]; + t64[e+6] = (sword64)a[e+6] * s1t[e+6]; + t64[e+7] = (sword64)a[e+7] * s1t[e+7]; + } + #endif + } + else { + #ifdef WOLFSSL_DILITHIUM_SMALL + for (e = 0; e < DILITHIUM_N; e++) { + t64[e] += (sword64)a[e] * s1t[e]; + } + #else + for (e = 0; e < DILITHIUM_N; e += 8) { + t64[e+0] += (sword64)a[e+0] * s1t[e+0]; + t64[e+1] += (sword64)a[e+1] * s1t[e+1]; + t64[e+2] += (sword64)a[e+2] * s1t[e+2]; + t64[e+3] += (sword64)a[e+3] * s1t[e+3]; + t64[e+4] += (sword64)a[e+4] * s1t[e+4]; + t64[e+5] += (sword64)a[e+5] * s1t[e+5]; + t64[e+6] += (sword64)a[e+6] * s1t[e+6]; + t64[e+7] += (sword64)a[e+7] * s1t[e+7]; + } + #endif + } + #endif + /* Next polynomial. */ + s1t += DILITHIUM_N; + } + #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + for (e = 0; e < DILITHIUM_N; e++) { + tt[e] = dilithium_mont_red(t64[e]); + } + #endif + dilithium_invntt(tt); + dilithium_add(tt, s2t); + /* Make positive for decomposing. */ + dilithium_make_pos(tt); + + tt += DILITHIUM_N; + s2t += DILITHIUM_N; + } + + /* Step 6, Step 7, Step 9. Alg 16 Steps 2-4, Alg 18 Steps 8-10. + * Decompose t in t0 and t1 and encode into public and private key. + */ + dilithium_vec_encode_t0_t1(t, params->k, t0, t1); + /* Step 8. Alg 18, Step 1: Hash public key into private key. */ + ret = dilithium_shake256(&key->shake, key->p, params->pkSz, tr, + DILITHIUM_TR_SZ); + } + if (ret == 0) { + /* Public key and private key are available. */ + key->prvKeySet = 1; + key->pubKeySet = 1; + } + + XFREE(s1, key->heap, DYNAMIC_TYPE_DILITHIUM); + return ret; +#endif } /* Make a key from a random seed. @@ -5376,6 +5638,7 @@ static int dilithium_make_key(dilithium_key* key, WC_RNG* rng) #ifndef WOLFSSL_DILITHIUM_NO_SIGN #if !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM) || \ + defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC) || \ defined(WC_DILITHIUM_CACHE_PRIV_VECTORS) /* Decode, from private key, and NTT private key vectors s1, s2, and t0. * @@ -5590,7 +5853,7 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed, { /* Step 5: Create the matrix A from the public seed. */ ret = dilithium_expand_a(&key->shake, pub_seed, params->k, - params->l, a); + params->l, a, key->heap); #ifdef WC_DILITHIUM_CACHE_MATRIX_A key->aSet = (ret == 0); #endif @@ -5655,7 +5918,7 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed, if (ret == 0) { /* Step 17: Compute c from first 256 bits of commit. */ ret = dilithium_sample_in_ball(&key->shake, commit, - params->tau, c, NULL); + params->tau, c, key->heap); } if (ret == 0) { sword32 hi; @@ -5747,10 +6010,18 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed, sword32* c = NULL; sword32* z = NULL; sword32* ct0 = NULL; +#ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + sword64* t64 = NULL; +#endif + byte* blocks = NULL; byte data[DILITHIUM_RND_SZ + DILITHIUM_MU_SZ]; byte* mu = data + DILITHIUM_RND_SZ; byte priv_rand_seed[DILITHIUM_Y_SEED_SZ]; byte* h = sig + params->lambda * 2 + params->zEncSz; +#ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A + byte maxK = (byte)min(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A, + params->k); +#endif /* Check the signature buffer isn't too small. */ if ((ret == 0) && (*sigLen < params->sigSz)) { @@ -5765,24 +6036,55 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed, if (ret == 0) { unsigned int allocSz; - /* y-l, w0-k, w1-k, c-1, s1-1, A-1 */ - allocSz = params->s1Sz + params->s2Sz + params->s2Sz + + /* y-l, w0-k, w1-k, blocks, c-1, z-1, A-1 */ + allocSz = params->s1Sz + params->s2Sz + params->s2Sz + + DILITHIUM_REJ_NTT_POLY_H_SIZE + DILITHIUM_POLY_SIZE + DILITHIUM_POLY_SIZE + DILITHIUM_POLY_SIZE; + #ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC + allocSz += params->s1Sz + params->s2Sz + params->s2Sz; + #elif defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A) + allocSz += maxK * params->l * DILITHIUM_POLY_SIZE; + #endif + #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + allocSz += DILITHIUM_POLY_SIZE * 2; + #endif y = (sword32*)XMALLOC(allocSz, key->heap, DYNAMIC_TYPE_DILITHIUM); if (y == NULL) { ret = MEMORY_E; } else { - w0 = y + params->s1Sz / sizeof(*y_ntt); - w1 = w0 + params->s2Sz / sizeof(*w0); - c = w1 + params->s2Sz / sizeof(*w1); - s1 = c + DILITHIUM_N; - a = s1 + DILITHIUM_N; - s2 = s1; - t0 = s1; - ct0 = s1; - z = s1; - y_ntt = s1; + w0 = y + params->s1Sz / sizeof(*y_ntt); + w1 = w0 + params->s2Sz / sizeof(*w0); + blocks = (byte*)(w1 + params->s2Sz / sizeof(*w1)); + c = (sword32*)(blocks + DILITHIUM_REJ_NTT_POLY_H_SIZE); + z = c + DILITHIUM_N; + a = z + DILITHIUM_N; + ct0 = z; + #if defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A) + y_ntt = w0; + s1 = z; + s2 = z; + t0 = z; + #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + t64 = (sword64*)(a + (1 + maxK * params->l) * DILITHIUM_N); + #endif + #elif defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC) + y_ntt = z; + s1 = a + DILITHIUM_N; + s2 = s1 + params->s1Sz / sizeof(*s1); + t0 = s2 + params->s2Sz / sizeof(*s2); + #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + t64 = (sword64*)(t0 + params->s2Sz / sizeof(*t0)); + #endif + #else + y_ntt = z; + s1 = z; + s2 = z; + t0 = z; + #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + t64 = (sword64*)(a + DILITHIUM_N); + #endif + #endif } } @@ -5800,23 +6102,43 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed, DILITHIUM_RND_SZ + DILITHIUM_MU_SZ, priv_rand_seed, DILITHIUM_PRIV_RAND_SEED_SZ); } +#ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC + if (ret == 0) { + dilithium_make_priv_vecs(key, s1, s2, t0); + } +#endif +#ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A + if (ret == 0) { + /* Step 5: Create the matrix A from the public seed. */ + ret = dilithium_expand_a(&key->shake, pub_seed, maxK, params->l, a, + key->heap); + } +#endif if (ret == 0) { word16 kappa = 0; int valid; /* Step 11: Start rejection sampling loop */ do { + byte aseed[DILITHIUM_GEN_A_SEED_SZ]; byte w1e[DILITHIUM_MAX_W1_ENC_SZ]; sword32* w = w1; byte* commit = sig; byte r; byte s; - byte aseed[DILITHIUM_GEN_A_SEED_SZ]; sword32 hi; - sword32* at = a; sword32* wt = w; sword32* w0t = w0; sword32* w1t = w1; + sword32* at = a; + + #ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A + w0t += WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A * DILITHIUM_N; + w1t += WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A * DILITHIUM_N; + wt += WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A * DILITHIUM_N; + at += WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A * params->l * + DILITHIUM_N; + #endif valid = 1; /* Step 12: Compute vector y from private random seed and kappa. */ @@ -5827,13 +6149,33 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed, (1 << params->gamma1_bits) - params->beta); #endif + #ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A + /* Step 13: NTT-1(A o NTT(y)) */ + XMEMCPY(y_ntt, y, params->s1Sz); + dilithium_vec_ntt(y_ntt, params->l); + dilithium_matrix_mul(w, a, y_ntt, maxK, params->l); + dilithium_vec_invntt(w, maxK); + /* Step 14, Step 22: Make values positive and decompose. */ + dilithium_vec_make_pos(w, maxK); + dilithium_vec_decompose(w, maxK, params->gamma2, w0, w1); + #endif /* Step 5: Create the matrix A from the public seed. */ /* Copy the seed into a buffer that has space for s and r. */ XMEMCPY(aseed, pub_seed, DILITHIUM_PUB_SEED_SZ); + #ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A + r = WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A; + #else + r = 0; + #endif /* Alg 26. Step 1: Loop over first dimension of matrix. */ - for (r = 0; (ret == 0) && valid && (r < params->k); r++) { + for (; (ret == 0) && valid && (r < params->k); r++) { unsigned int e; sword32* yt = y; + #ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A + sword32* y_ntt_t = z; + #else + sword32* y_ntt_t = y_ntt; + #endif /* Put r/i into buffer to be hashed. */ aseed[DILITHIUM_PUB_SEED_SZ + 1] = r; @@ -5842,29 +6184,115 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed, /* Put s into buffer to be hashed. */ aseed[DILITHIUM_PUB_SEED_SZ + 0] = s; /* Alg 26. Step 3: Create polynomial from hashing seed. */ - ret = dilithium_rej_ntt_poly(&key->shake, aseed, at, - NULL); + ret = dilithium_rej_ntt_poly_ex(&key->shake, aseed, at, + blocks); if (ret != 0) { break; } - XMEMCPY(y_ntt, yt, DILITHIUM_POLY_SIZE); - dilithium_ntt(y_ntt); + XMEMCPY(y_ntt_t, yt, DILITHIUM_POLY_SIZE); + dilithium_ntt(y_ntt_t); /* Matrix multiply. */ + #ifndef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 if (s == 0) { + #ifdef WOLFSSL_DILITHIUM_SMALL for (e = 0; e < DILITHIUM_N; e++) { wt[e] = dilithium_mont_red((sword64)at[e] * - y_ntt[e]); + y_ntt_t[e]); } + #else + for (e = 0; e < DILITHIUM_N; e += 8) { + wt[e + 0] = dilithium_mont_red((sword64)at[e + 0] * + y_ntt_t[e + 0]); + wt[e + 1] = dilithium_mont_red((sword64)at[e + 1] * + y_ntt_t[e + 1]); + wt[e + 2] = dilithium_mont_red((sword64)at[e + 2] * + y_ntt_t[e + 2]); + wt[e + 3] = dilithium_mont_red((sword64)at[e + 3] * + y_ntt_t[e + 3]); + wt[e + 4] = dilithium_mont_red((sword64)at[e + 4] * + y_ntt_t[e + 4]); + wt[e + 5] = dilithium_mont_red((sword64)at[e + 5] * + y_ntt_t[e + 5]); + wt[e + 6] = dilithium_mont_red((sword64)at[e + 6] * + y_ntt_t[e + 6]); + wt[e + 7] = dilithium_mont_red((sword64)at[e + 7] * + y_ntt_t[e + 7]); + } + #endif } else { + #ifdef WOLFSSL_DILITHIUM_SMALL for (e = 0; e < DILITHIUM_N; e++) { wt[e] += dilithium_mont_red((sword64)at[e] * - y_ntt[e]); + y_ntt_t[e]); + } + #else + for (e = 0; e < DILITHIUM_N; e += 8) { + wt[e + 0] += dilithium_mont_red((sword64)at[e + 0] * + y_ntt_t[e + 0]); + wt[e + 1] += dilithium_mont_red((sword64)at[e + 1] * + y_ntt_t[e + 1]); + wt[e + 2] += dilithium_mont_red((sword64)at[e + 2] * + y_ntt_t[e + 2]); + wt[e + 3] += dilithium_mont_red((sword64)at[e + 3] * + y_ntt_t[e + 3]); + wt[e + 4] += dilithium_mont_red((sword64)at[e + 4] * + y_ntt_t[e + 4]); + wt[e + 5] += dilithium_mont_red((sword64)at[e + 5] * + y_ntt_t[e + 5]); + wt[e + 6] += dilithium_mont_red((sword64)at[e + 6] * + y_ntt_t[e + 6]); + wt[e + 7] += dilithium_mont_red((sword64)at[e + 7] * + y_ntt_t[e + 7]); + } + #endif + } + #else + if (s == 0) { + #ifdef WOLFSSL_DILITHIUM_SMALL + for (e = 0; e < DILITHIUM_N; e++) { + t64[e] = (sword64)at[e] * y_ntt_t[e]; + } + #else + for (e = 0; e < DILITHIUM_N; e += 8) { + t64[e+0] = (sword64)at[e+0] * y_ntt_t[e+0]; + t64[e+1] = (sword64)at[e+1] * y_ntt_t[e+1]; + t64[e+2] = (sword64)at[e+2] * y_ntt_t[e+2]; + t64[e+3] = (sword64)at[e+3] * y_ntt_t[e+3]; + t64[e+4] = (sword64)at[e+4] * y_ntt_t[e+4]; + t64[e+5] = (sword64)at[e+5] * y_ntt_t[e+5]; + t64[e+6] = (sword64)at[e+6] * y_ntt_t[e+6]; + t64[e+7] = (sword64)at[e+7] * y_ntt_t[e+7]; } + #endif } + else { + #ifdef WOLFSSL_DILITHIUM_SMALL + for (e = 0; e < DILITHIUM_N; e++) { + t64[e] += (sword64)at[e] * y_ntt_t[e]; + } + #else + for (e = 0; e < DILITHIUM_N; e += 8) { + t64[e+0] += (sword64)at[e+0] * y_ntt_t[e+0]; + t64[e+1] += (sword64)at[e+1] * y_ntt_t[e+1]; + t64[e+2] += (sword64)at[e+2] * y_ntt_t[e+2]; + t64[e+3] += (sword64)at[e+3] * y_ntt_t[e+3]; + t64[e+4] += (sword64)at[e+4] * y_ntt_t[e+4]; + t64[e+5] += (sword64)at[e+5] * y_ntt_t[e+5]; + t64[e+6] += (sword64)at[e+6] * y_ntt_t[e+6]; + t64[e+7] += (sword64)at[e+7] * y_ntt_t[e+7]; + } + #endif + } + #endif /* Next polynomial. */ yt += DILITHIUM_N; } + #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + for (e = 0; e < DILITHIUM_N; e++) { + wt[e] = dilithium_mont_red(t64[e]); + } + #endif dilithium_invntt(wt); /* Step 14, Step 22: Make values positive and decompose. */ dilithium_make_pos(wt); @@ -5896,7 +6324,9 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed, } if ((ret == 0) && valid) { sword32* yt = y; + #ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC const byte* s1pt = s1p; + #endif byte* ze = sig + params->lambda * 2; /* Step 15: Encode w1. */ @@ -5907,8 +6337,8 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed, w1e, params->w1EncSz, commit, 2 * params->lambda); if (ret == 0) { /* Step 17: Compute c from first 256 bits of commit. */ - ret = dilithium_sample_in_ball(&key->shake, commit, - params->tau, c, NULL); + ret = dilithium_sample_in_ball_ex(&key->shake, commit, + params->tau, c, blocks); } if (ret == 0) { /* Step 18: NTT(c). */ @@ -5916,6 +6346,7 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed, } for (s = 0; (ret == 0) && valid && (s < params->l); s++) { + #ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC #if !defined(WOLFSSL_NO_ML_DSA_44) || \ !defined(WOLFSSL_NO_ML_DSA_87) /* -2..2 */ @@ -5933,6 +6364,9 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed, #endif dilithium_ntt_small(s1); dilithium_mul(z, c, s1); + #else + dilithium_mul(z, c, s1 + s * DILITHIUM_N); + #endif /* Step 19: cs1 = NTT-1(c o s1) */ dilithium_invntt(z); /* Step 21: z = y + cs1 */ @@ -5969,13 +6403,16 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed, } if ((ret == 0) && valid) { const byte* t0pt = t0p; + #ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC const byte* s2pt = s2p; + #endif sword32* cs2 = ct0; w0t = w0; w1t = w1; byte idx = 0; for (r = 0; valid && (r < params->k); r++) { + #ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC #if !defined(WOLFSSL_NO_ML_DSA_44) || \ !defined(WOLFSSL_NO_ML_DSA_87) /* -2..2 */ @@ -5990,10 +6427,14 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed, dilithium_decode_eta_4_bits(s2pt, s2); s2pt += DILITHIUM_N / 2; } - #endif + #endif dilithium_ntt_small(s2); /* Step 20: cs2 = NTT-1(c o s2) */ dilithium_mul(cs2, c, s2); + #else + /* Step 20: cs2 = NTT-1(c o s2) */ + dilithium_mul(cs2, c, s2 + r * DILITHIUM_N); + #endif dilithium_invntt(cs2); /* Step 22: w0 - cs2 */ dilithium_sub(w0t, cs2); @@ -6002,11 +6443,16 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed, hi = params->gamma2 - params->beta; valid = dilithium_check_low(w0t, hi); if (valid) { + #ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC dilithium_decode_t0(t0pt, t0); dilithium_ntt(t0); /* Step 25: ct0 = NTT-1(c o t0) */ dilithium_mul(ct0, c, t0); + #else + /* Step 25: ct0 = NTT-1(c o t0) */ + dilithium_mul(ct0, c, t0 + r * DILITHIUM_N); + #endif dilithium_invntt(ct0); /* Step 27: Check ct0 has low enough values. */ valid = dilithium_check_low(ct0, params->gamma2); @@ -6199,7 +6645,8 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg, #ifdef WC_DILITHIUM_CACHE_MATRIX_A #ifndef WC_DILITHIUM_FIXED_ARRAY if ((ret == 0) && (key->a == NULL)) { - key->a = (sword32*)XMALLOC(params->aSz, key->heap, DYNAMIC_TYPE_DILITHIUM); + key->a = (sword32*)XMALLOC(params->aSz, key->heap, + DYNAMIC_TYPE_DILITHIUM); if (key->a == NULL) { ret = MEMORY_E; } @@ -6212,7 +6659,8 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg, #ifdef WC_DILITHIUM_CACHE_PUB_VECTORS #ifndef WC_DILITHIUM_FIXED_ARRAY if ((ret == 0) && (key->t1 == NULL)) { - key->t1 = (sword32*)XMALLOC(params->s2Sz, key->heap, DYNAMIC_TYPE_DILITHIUM); + key->t1 = (sword32*)XMALLOC(params->s2Sz, key->heap, + DYNAMIC_TYPE_DILITHIUM); if (key->t1 == NULL) { ret = MEMORY_E; } @@ -6277,7 +6725,7 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg, { /* Step 5: Expand pub seed to compute matrix A. */ ret = dilithium_expand_a(&key->shake, pub_seed, params->k, - params->l, a); + params->l, a, key->heap); #ifdef WC_DILITHIUM_CACHE_MATRIX_A /* Whether we have cached A is dependent on success of operation. */ key->aSet = (ret == 0); @@ -6295,9 +6743,9 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg, mu, DILITHIUM_MU_SZ); } if ((ret == 0) && valid) { - /* Step 9: Compute c from first 256 bits of commit. */ - ret = dilithium_sample_in_ball(&key->shake, commit, params->tau, c, - NULL); + /* Step 9: Compute c from first 256 bits of commit. */ + ret = dilithium_sample_in_ball(&key->shake, commit, params->tau, c, + key->heap); } if ((ret == 0) && valid) { /* Step 10: w = NTT-1(A o NTT(z) - NTT(c) o NTT(t1)) */ @@ -6336,14 +6784,19 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg, sword32* c = NULL; sword32* z = NULL; sword32* w = NULL; +#ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + sword64* t64 = NULL; +#endif +#ifndef WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC + byte* block = NULL; +#endif byte tr[DILITHIUM_TR_SZ]; byte* mu = tr; byte* w1e = NULL; byte* commit_calc = tr; int valid = 0; sword32 hi; - byte i; - unsigned int j; + unsigned int r; byte o; byte* encW1; byte* seed = tr; @@ -6361,17 +6814,27 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg, /* Allocate memory for large intermediates. */ if (ret == 0) { /* z, c, w, t1, w1e. */ - z = (sword32*)XMALLOC(params->s1Sz + 3 * DILITHIUM_POLY_SIZE + - DILITHIUM_MAX_W1_ENC_SZ, key->heap, DYNAMIC_TYPE_DILITHIUM); + unsigned int allocSz; + + allocSz = params->s1Sz + 3 * DILITHIUM_POLY_SIZE + + DILITHIUM_REJ_NTT_POLY_H_SIZE + params->w1EncSz; + #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + allocSz += DILITHIUM_POLY_SIZE * 2; + #endif + z = (sword32*)XMALLOC(allocSz, key->heap, DYNAMIC_TYPE_DILITHIUM); if (z == NULL) { ret = MEMORY_E; } else { - c = z + params->s1Sz / sizeof(*t1); - w = c + DILITHIUM_N; - t1 = w + DILITHIUM_N; - w1e = (byte*)(t1 + DILITHIUM_N); - a = t1; + c = z + params->s1Sz / sizeof(*t1); + w = c + DILITHIUM_N; + t1 = w + DILITHIUM_N; + block = (byte*)(t1 + DILITHIUM_N); + w1e = block + DILITHIUM_REJ_NTT_POLY_H_SIZE; + a = t1; + #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + t64 = (sword64*)(w1e + params->w1EncSz); + #endif } } #else @@ -6382,6 +6845,9 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg, t1 = key->t1; w1e = key->w1e; a = t1; + #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + t64 = key->t64; + #endif } #endif @@ -6398,11 +6864,11 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg, /* Step 9: Compute c from first 256 bits of commit. */ #ifdef WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC - ret = dilithium_sample_in_ball(&key->shake, commit, params->tau, c, + ret = dilithium_sample_in_ball_ex(&key->shake, commit, params->tau, c, key->block); #else - ret = dilithium_sample_in_ball(&key->shake, commit, params->tau, c, - NULL); + ret = dilithium_sample_in_ball_ex(&key->shake, commit, params->tau, c, + block); #endif } if ((ret == 0) && valid) { @@ -6414,8 +6880,9 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg, /* Copy the seed into a buffer that has space for s and r. */ XMEMCPY(seed, pub_seed, DILITHIUM_PUB_SEED_SZ); /* Step 1: Loop over first dimension of matrix. */ - for (i = 0; (ret == 0) && (i < params->k); i++) { - byte s; + for (r = 0; (ret == 0) && (r < params->k); r++) { + unsigned int s; + unsigned int e; const sword32* zt = z; /* Step 1: Decode and NTT vector t1. */ @@ -6425,80 +6892,123 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg, /* Step 10: - NTT(c) o NTT(t1)) */ dilithium_ntt(w); -#ifdef WOLFSSL_DILITHIUM_SMALL - for (j = 0; j < DILITHIUM_N; j++) { - w[j] = -dilithium_mont_red((sword64)c[j] * w[j]); + #ifndef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + #ifdef WOLFSSL_DILITHIUM_SMALL + for (e = 0; e < DILITHIUM_N; e++) { + w[e] = -dilithium_mont_red((sword64)c[e] * w[e]); } -#else - for (j = 0; j < DILITHIUM_N; j += 8) { - w[j+0] = -dilithium_mont_red((sword64)c[j+0] * w[j+0]); - w[j+1] = -dilithium_mont_red((sword64)c[j+1] * w[j+1]); - w[j+2] = -dilithium_mont_red((sword64)c[j+2] * w[j+2]); - w[j+3] = -dilithium_mont_red((sword64)c[j+3] * w[j+3]); - w[j+4] = -dilithium_mont_red((sword64)c[j+4] * w[j+4]); - w[j+5] = -dilithium_mont_red((sword64)c[j+5] * w[j+5]); - w[j+6] = -dilithium_mont_red((sword64)c[j+6] * w[j+6]); - w[j+7] = -dilithium_mont_red((sword64)c[j+7] * w[j+7]); + #else + for (e = 0; e < DILITHIUM_N; e += 8) { + w[e+0] = -dilithium_mont_red((sword64)c[e+0] * w[e+0]); + w[e+1] = -dilithium_mont_red((sword64)c[e+1] * w[e+1]); + w[e+2] = -dilithium_mont_red((sword64)c[e+2] * w[e+2]); + w[e+3] = -dilithium_mont_red((sword64)c[e+3] * w[e+3]); + w[e+4] = -dilithium_mont_red((sword64)c[e+4] * w[e+4]); + w[e+5] = -dilithium_mont_red((sword64)c[e+5] * w[e+5]); + w[e+6] = -dilithium_mont_red((sword64)c[e+6] * w[e+6]); + w[e+7] = -dilithium_mont_red((sword64)c[e+7] * w[e+7]); } -#endif + #endif + #else + #ifdef WOLFSSL_DILITHIUM_SMALL + for (e = 0; e < DILITHIUM_N; e++) { + t64[e] = -(sword64)c[e] * w[e]; + } + #else + for (e = 0; e < DILITHIUM_N; e += 8) { + t64[e+0] = -(sword64)c[e+0] * w[e+0]; + t64[e+1] = -(sword64)c[e+1] * w[e+1]; + t64[e+2] = -(sword64)c[e+2] * w[e+2]; + t64[e+3] = -(sword64)c[e+3] * w[e+3]; + t64[e+4] = -(sword64)c[e+4] * w[e+4]; + t64[e+5] = -(sword64)c[e+5] * w[e+5]; + t64[e+6] = -(sword64)c[e+6] * w[e+6]; + t64[e+7] = -(sword64)c[e+7] * w[e+7]; + } + #endif + #endif /* Step 5: Expand pub seed to compute matrix A. */ /* Put r into buffer to be hashed. */ - seed[DILITHIUM_PUB_SEED_SZ + 1] = i; + seed[DILITHIUM_PUB_SEED_SZ + 1] = r; for (s = 0; (ret == 0) && (s < params->l); s++) { /* Put s into buffer to be hashed. */ seed[DILITHIUM_PUB_SEED_SZ + 0] = s; /* Step 3: Create polynomial from hashing seed. */ #ifdef WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC - ret = dilithium_rej_ntt_poly(&key->shake, seed, a, key->h); + ret = dilithium_rej_ntt_poly_ex(&key->shake, seed, a, key->h); #else - ret = dilithium_rej_ntt_poly(&key->shake, seed, a, NULL); + ret = dilithium_rej_ntt_poly_ex(&key->shake, seed, a, block); #endif /* Step 10: w = A o NTT(z) - NTT(c) o NTT(t1) */ -#ifdef WOLFSSL_DILITHIUM_SMALL - for (j = 0; j < DILITHIUM_N; j++) { - w[j] += dilithium_mont_red((sword64)a[j] * zt[j]); + #ifndef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + #ifdef WOLFSSL_DILITHIUM_SMALL + for (e = 0; e < DILITHIUM_N; e++) { + w[e] += dilithium_mont_red((sword64)a[e] * zt[e]); } -#else - for (j = 0; j < DILITHIUM_N; j += 8) { - w[j+0] += dilithium_mont_red((sword64)a[j+0] * zt[j+0]); - w[j+1] += dilithium_mont_red((sword64)a[j+1] * zt[j+1]); - w[j+2] += dilithium_mont_red((sword64)a[j+2] * zt[j+2]); - w[j+3] += dilithium_mont_red((sword64)a[j+3] * zt[j+3]); - w[j+4] += dilithium_mont_red((sword64)a[j+4] * zt[j+4]); - w[j+5] += dilithium_mont_red((sword64)a[j+5] * zt[j+5]); - w[j+6] += dilithium_mont_red((sword64)a[j+6] * zt[j+6]); - w[j+7] += dilithium_mont_red((sword64)a[j+7] * zt[j+7]); + #else + for (e = 0; e < DILITHIUM_N; e += 8) { + w[e+0] += dilithium_mont_red((sword64)a[e+0] * zt[e+0]); + w[e+1] += dilithium_mont_red((sword64)a[e+1] * zt[e+1]); + w[e+2] += dilithium_mont_red((sword64)a[e+2] * zt[e+2]); + w[e+3] += dilithium_mont_red((sword64)a[e+3] * zt[e+3]); + w[e+4] += dilithium_mont_red((sword64)a[e+4] * zt[e+4]); + w[e+5] += dilithium_mont_red((sword64)a[e+5] * zt[e+5]); + w[e+6] += dilithium_mont_red((sword64)a[e+6] * zt[e+6]); + w[e+7] += dilithium_mont_red((sword64)a[e+7] * zt[e+7]); } -#endif + #endif + #else + #ifdef WOLFSSL_DILITHIUM_SMALL + for (e = 0; e < DILITHIUM_N; e++) { + t64[e] += (sword64)a[e] * zt[e]; + } + #else + for (e = 0; e < DILITHIUM_N; e += 8) { + t64[e+0] += (sword64)a[e+0] * zt[e+0]; + t64[e+1] += (sword64)a[e+1] * zt[e+1]; + t64[e+2] += (sword64)a[e+2] * zt[e+2]; + t64[e+3] += (sword64)a[e+3] * zt[e+3]; + t64[e+4] += (sword64)a[e+4] * zt[e+4]; + t64[e+5] += (sword64)a[e+5] * zt[e+5]; + t64[e+6] += (sword64)a[e+6] * zt[e+6]; + t64[e+7] += (sword64)a[e+7] * zt[e+7]; + } + #endif + #endif /* Next polynomial. */ zt += DILITHIUM_N; } + #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + for (e = 0; e < DILITHIUM_N; e++) { + w[e] = dilithium_mont_red(t64[e]); + } + #endif /* Step 10: w = NTT-1(A o NTT(z) - NTT(c) o NTT(t1)) */ dilithium_invntt(w); -#ifndef WOLFSSL_NO_ML_DSA_44 + #ifndef WOLFSSL_NO_ML_DSA_44 if (params->gamma2 == DILITHIUM_Q_LOW_88) { /* Step 11: Use hint to give full w1. */ - dilithium_use_hint_88(w, h, i, &o); + dilithium_use_hint_88(w, h, r, &o); /* Step 12: Encode w1. */ dilithium_encode_w1_88(w, encW1); encW1 += DILITHIUM_Q_HI_88_ENC_BITS * 2 * DILITHIUM_N / 16; } else -#endif -#if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87) + #endif + #if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87) if (params->gamma2 == DILITHIUM_Q_LOW_32) { /* Step 11: Use hint to give full w1. */ - dilithium_use_hint_32(w, h, params->omega, i, &o); + dilithium_use_hint_32(w, h, params->omega, r, &o); /* Step 12: Encode w1. */ dilithium_encode_w1_32(w, encW1); encW1 += DILITHIUM_Q_HI_32_ENC_BITS * 2 * DILITHIUM_N / 16; } else -#endif + #endif { } } @@ -6541,13 +7051,13 @@ static int oqs_dilithium_make_key(dilithium_key* key, WC_RNG* rng) int ret = 0; OQS_SIG *oqssig = NULL; - if (key->level == 2) { + if (key->level == WC_ML_DSA_44) { oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_44_ipd); } - else if (key->level == 3) { + else if (key->level == WC_ML_DSA_65) { oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_65_ipd); } - else if (key->level == 5) { + else if (key->level == WC_ML_DSA_87) { oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_87_ipd); } else { @@ -6589,13 +7099,13 @@ static int oqs_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig, } if (ret == 0) { - if (key->level == 2) { + if (key->level == WC_ML_DSA_44) { oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_44_ipd); } - else if (key->level == 3) { + else if (key->level == WC_ML_DSA_65) { oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_65_ipd); } - else if (key->level == 5) { + else if (key->level == WC_ML_DSA_87) { oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_87_ipd); } else { @@ -6609,15 +7119,18 @@ static int oqs_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig, /* check and set up out length */ if (ret == 0) { - if ((key->level == 2) && (*sigLen < DILITHIUM_LEVEL2_SIG_SIZE)) { + if ((key->level == WC_ML_DSA_44) && + (*sigLen < DILITHIUM_LEVEL2_SIG_SIZE)) { *sigLen = DILITHIUM_LEVEL2_SIG_SIZE; ret = BUFFER_E; } - else if ((key->level == 3) && (*sigLen < DILITHIUM_LEVEL3_SIG_SIZE)) { + else if ((key->level == WC_ML_DSA_65) && + (*sigLen < DILITHIUM_LEVEL3_SIG_SIZE)) { *sigLen = DILITHIUM_LEVEL3_SIG_SIZE; ret = BUFFER_E; } - else if ((key->level == 5) && (*sigLen < DILITHIUM_LEVEL5_SIG_SIZE)) { + else if ((key->level == WC_ML_DSA_87) && + (*sigLen < DILITHIUM_LEVEL5_SIG_SIZE)) { *sigLen = DILITHIUM_LEVEL5_SIG_SIZE; ret = BUFFER_E; } @@ -6659,13 +7172,13 @@ static int oqs_dilithium_verify_msg(const byte* sig, word32 sigLen, } if (ret == 0) { - if (key->level == 2) { + if (key->level == WC_ML_DSA_44) { oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_44_ipd); } - else if (key->level == 3) { + else if (key->level == WC_ML_DSA_65) { oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_65_ipd); } - else if (key->level == 5) { + else if (key->level == WC_ML_DSA_87) { oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_87_ipd); } else { @@ -6980,7 +7493,7 @@ int wc_dilithium_init_id(dilithium_key* key, const unsigned char* id, int len, } /* Set the maximum level here */ - wc_dilithium_set_level(key, 5); + wc_dilithium_set_level(key, WC_ML_DSA_87); return ret; } @@ -7010,7 +7523,7 @@ int wc_dilithium_init_label(dilithium_key* key, const char* label, void* heap, } /* Set the maximum level here */ - wc_dilithium_set_level(key, 5); + wc_dilithium_set_level(key, WC_ML_DSA_87); return ret; } @@ -7030,7 +7543,8 @@ int wc_dilithium_set_level(dilithium_key* key, byte level) if (key == NULL) { ret = BAD_FUNC_ARG; } - if ((ret == 0) && (level != 2) && (level != 3) && (level != 5)) { + if ((ret == 0) && (level != WC_ML_DSA_44) && (level != WC_ML_DSA_65) && + (level != WC_ML_DSA_87)) { ret = BAD_FUNC_ARG; } @@ -7085,8 +7599,8 @@ int wc_dilithium_get_level(dilithium_key* key, byte* level) if ((key == NULL) || (level == NULL)) { ret = BAD_FUNC_ARG; } - if ((ret == 0) && (key->level != 2) && (key->level != 3) && - (key->level != 5)) { + if ((ret == 0) && (key->level != WC_ML_DSA_44) && + (key->level != WC_ML_DSA_65) && (key->level != WC_ML_DSA_87)) { ret = BAD_FUNC_ARG; } @@ -7138,13 +7652,13 @@ int wc_dilithium_size(dilithium_key* key) int ret = BAD_FUNC_ARG; if (key != NULL) { - if (key->level == 2) { + if (key->level == WC_ML_DSA_44) { ret = DILITHIUM_LEVEL2_KEY_SIZE; } - else if (key->level == 3) { + else if (key->level == WC_ML_DSA_65) { ret = DILITHIUM_LEVEL3_KEY_SIZE; } - else if (key->level == 5) { + else if (key->level == WC_ML_DSA_87) { ret = DILITHIUM_LEVEL5_KEY_SIZE; } } @@ -7164,13 +7678,13 @@ int wc_dilithium_priv_size(dilithium_key* key) int ret = BAD_FUNC_ARG; if (key != NULL) { - if (key->level == 2) { + if (key->level == WC_ML_DSA_44) { ret = DILITHIUM_LEVEL2_PRV_KEY_SIZE; } - else if (key->level == 3) { + else if (key->level == WC_ML_DSA_65) { ret = DILITHIUM_LEVEL3_PRV_KEY_SIZE; } - else if (key->level == 5) { + else if (key->level == WC_ML_DSA_87) { ret = DILITHIUM_LEVEL5_PRV_KEY_SIZE; } } @@ -7211,13 +7725,13 @@ int wc_dilithium_pub_size(dilithium_key* key) int ret = BAD_FUNC_ARG; if (key != NULL) { - if (key->level == 2) { + if (key->level == WC_ML_DSA_44) { ret = DILITHIUM_LEVEL2_PUB_KEY_SIZE; } - else if (key->level == 3) { + else if (key->level == WC_ML_DSA_65) { ret = DILITHIUM_LEVEL3_PUB_KEY_SIZE; } - else if (key->level == 5) { + else if (key->level == WC_ML_DSA_87) { ret = DILITHIUM_LEVEL5_PUB_KEY_SIZE; } } @@ -7257,13 +7771,13 @@ int wc_dilithium_sig_size(dilithium_key* key) int ret = BAD_FUNC_ARG; if (key != NULL) { - if (key->level == 2) { + if (key->level == WC_ML_DSA_44) { ret = DILITHIUM_LEVEL2_SIG_SIZE; } - else if (key->level == 3) { + else if (key->level == WC_ML_DSA_65) { ret = DILITHIUM_LEVEL3_SIG_SIZE; } - else if (key->level == 5) { + else if (key->level == WC_ML_DSA_87) { ret = DILITHIUM_LEVEL5_SIG_SIZE; } } @@ -7367,7 +7881,7 @@ int wc_dilithium_check_key(dilithium_key* key) const byte* pub_seed = key->p; ret = dilithium_expand_a(&key->shake, pub_seed, params->k, - params->l, a); + params->l, a, key->heap); #ifdef WC_DILITHIUM_CACHE_MATRIX_A key->aSet = (ret == 0); #endif @@ -7478,7 +7992,7 @@ int wc_dilithium_export_public(dilithium_key* key, byte* out, word32* outLen) if (ret == 0) { /* Get length passed in for checking. */ inLen = *outLen; - if (key->level == 2) { + if (key->level == WC_ML_DSA_44) { /* Set out length. */ *outLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE; /* Validate length passed in. */ @@ -7486,7 +8000,7 @@ int wc_dilithium_export_public(dilithium_key* key, byte* out, word32* outLen) ret = BUFFER_E; } } - else if (key->level == 3) { + else if (key->level == WC_ML_DSA_65) { /* Set out length. */ *outLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE; /* Validate length passed in. */ @@ -7494,7 +8008,7 @@ int wc_dilithium_export_public(dilithium_key* key, byte* out, word32* outLen) ret = BUFFER_E; } } - else if (key->level == 5) { + else if (key->level == WC_ML_DSA_87) { /* Set out length. */ *outLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE; /* Validate length passed in. */ @@ -7540,19 +8054,19 @@ int wc_dilithium_import_public(const byte* in, word32 inLen, dilithium_key* key) ret = BAD_FUNC_ARG; } if (ret == 0) { - if (key->level == 2) { + if (key->level == WC_ML_DSA_44) { /* Check length. */ if (inLen != DILITHIUM_LEVEL2_PUB_KEY_SIZE) { ret = BAD_FUNC_ARG; } } - else if (key->level == 3) { + else if (key->level == WC_ML_DSA_65) { /* Check length. */ if (inLen != DILITHIUM_LEVEL3_PUB_KEY_SIZE) { ret = BAD_FUNC_ARG; } } - else if (key->level == 5) { + else if (key->level == WC_ML_DSA_87) { /* Check length. */ if (inLen != DILITHIUM_LEVEL5_PUB_KEY_SIZE) { ret = BAD_FUNC_ARG; @@ -7603,7 +8117,7 @@ int wc_dilithium_import_public(const byte* in, word32 inLen, dilithium_key* key) if (ret == 0) { /* Compute matrix a from public key data. */ ret = dilithium_expand_a(&key->shake, key->p, key->params->k, - key->params->l, key->a); + key->params->l, key->a, key->heap); if (ret == 0) { key->aSet = 1; } @@ -7672,7 +8186,7 @@ static int dilithium_set_priv_key(const byte* priv, word32 privSz, if (ret == 0) { /* Compute matrix a from private key data. */ ret = dilithium_expand_a(&key->shake, key->k, params->k, params->l, - key->a); + key->a, key->heap); if (ret == 0) { key->aSet = 1; } @@ -7725,8 +8239,8 @@ int wc_dilithium_import_private(const byte* priv, word32 privSz, if ((priv == NULL) || (key == NULL)) { ret = BAD_FUNC_ARG; } - if ((ret == 0) && (key->level != 2) && (key->level != 3) && - (key->level != 5)) { + if ((ret == 0) && (key->level != WC_ML_DSA_44) && + (key->level != WC_ML_DSA_65) && (key->level != WC_ML_DSA_87)) { ret = BAD_FUNC_ARG; } @@ -7762,8 +8276,8 @@ int wc_dilithium_import_key(const byte* priv, word32 privSz, if ((pub == NULL) && (pubSz != 0)) { ret = BAD_FUNC_ARG; } - if ((ret == 0) && (key->level != 2) && (key->level != 3) && - (key->level != 5)) { + if ((ret == 0) && (key->level != WC_ML_DSA_44) && + (key->level != WC_ML_DSA_65) && (key->level != WC_ML_DSA_87)) { ret = BAD_FUNC_ARG; } @@ -7808,13 +8322,13 @@ int wc_dilithium_export_private(dilithium_key* key, byte* out, if (ret == 0) { inLen = *outLen; /* check and set up out length */ - if (key->level == 2) { + if (key->level == WC_ML_DSA_44) { *outLen = DILITHIUM_LEVEL2_KEY_SIZE; } - else if (key->level == 3) { + else if (key->level == WC_ML_DSA_65) { *outLen = DILITHIUM_LEVEL3_KEY_SIZE; } - else if (key->level == 5) { + else if (key->level == WC_ML_DSA_87) { *outLen = DILITHIUM_LEVEL5_KEY_SIZE; } else { @@ -7901,13 +8415,13 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx, if (ret == 0) { /* Get OID sum for level. */ - if (key->level == 2) { + if (key->level == WC_ML_DSA_44) { keytype = DILITHIUM_LEVEL2k; } - else if (key->level == 3) { + else if (key->level == WC_ML_DSA_65) { keytype = DILITHIUM_LEVEL3k; } - else if (key->level == 5) { + else if (key->level == WC_ML_DSA_87) { keytype = DILITHIUM_LEVEL5k; } else { @@ -7923,19 +8437,19 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx, } if ((ret == 0) && (pubKey == NULL) && (pubKeyLen == 0)) { /* Check if the public key is included in the private key. */ - if ((key->level == 2) && + if ((key->level == WC_ML_DSA_44) && (privKeyLen == DILITHIUM_LEVEL2_PRV_KEY_SIZE)) { pubKey = privKey + DILITHIUM_LEVEL2_KEY_SIZE; pubKeyLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE; privKeyLen -= DILITHIUM_LEVEL2_PUB_KEY_SIZE; } - else if ((key->level == 3) && + else if ((key->level == WC_ML_DSA_65) && (privKeyLen == DILITHIUM_LEVEL3_PRV_KEY_SIZE)) { pubKey = privKey + DILITHIUM_LEVEL3_KEY_SIZE; pubKeyLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE; privKeyLen -= DILITHIUM_LEVEL3_PUB_KEY_SIZE; } - else if ((key->level == 5) && + else if ((key->level == WC_ML_DSA_87) && (privKeyLen == DILITHIUM_LEVEL5_PRV_KEY_SIZE)) { pubKey = privKey + DILITHIUM_LEVEL5_KEY_SIZE; pubKeyLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE; @@ -7969,8 +8483,103 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx, #endif /* WOLFSSL_DILITHIUM_PRIVATE_KEY */ +#endif /* WOLFSSL_DILITHIUM_NO_ASN1 */ + #ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY +#if defined(WOLFSSL_DILITHIUM_NO_ASN1) +#ifndef WOLFSSL_NO_ML_DSA_44 +static unsigned char dilithium_oid_44[] = { + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b, + 0x0c, 0x04, 0x04 +}; +#endif +#ifndef WOLFSSL_NO_ML_DSA_65 +static unsigned char dilithium_oid_65[] = { + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b, + 0x0c, 0x06, 0x05 +}; +#endif +#ifndef WOLFSSL_NO_ML_DSA_87 +static unsigned char dilithium_oid_87[] = { + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b, + 0x0c, 0x08, 0x07 +}; +#endif + +static int dilitihium_get_der_length(const byte* input, word32* inOutIdx, + int *length, word32 inSz) +{ + int ret = 0; + word32 idx = *inOutIdx; + word32 len = 0; + + if (idx >= inSz) { + ret = ASN_PARSE_E; + } + else if (input[idx] < 0x80) { + len = input[idx]; + idx++; + } + else if ((input[idx] == 0x80) || (input[idx] >= 0x83)) { + ret = ASN_PARSE_E; + } + else if (input[idx] == 0x81) { + if (idx + 1 >= inSz) { + ret = ASN_PARSE_E; + } + else if (input[idx + 1] < 0x80) { + ret = ASN_PARSE_E; + } + else { + len = input[idx + 1]; + idx += 2; + } + } + else if (input[idx] == 0x82) { + if (idx + 2 >= inSz) { + ret = ASN_PARSE_E; + } + else { + len = ((word16)input[idx + 1] << 8) + input[idx + 2]; + idx += 3; + if (len < 0x100) { + ret = ASN_PARSE_E; + } + } + } + + if ((ret == 0) && ((idx + len) > inSz)) { + ret = ASN_PARSE_E; + } + + *length = (int)len; + *inOutIdx = idx; + return ret; +} + +static int dilithium_check_type(const byte* input, word32* inOutIdx, byte type, + word32 inSz) +{ + int ret = 0; + word32 idx = *inOutIdx; + + if (idx >= inSz) { + ret = ASN_PARSE_E; + } + else if (input[idx] != type){ + ret = ASN_PARSE_E; + } + else { + idx++; + } + + *inOutIdx = idx; + return ret; +} + +#endif /* WOLFSSL_DILITHIUM_NO_ASN1 */ + /* Decode the DER encoded Dilithium public key. * * @param [in] input Array holding DER encoded data. @@ -7989,7 +8598,6 @@ int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx, int ret = 0; const byte* pubKey; word32 pubKeyLen = 0; - int keytype = 0; /* Validate parameters. */ if ((input == NULL) || (inOutIdx == NULL) || (key == NULL) || (inSz == 0)) { @@ -8000,17 +8608,27 @@ int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx, /* Try to import the key directly. */ ret = wc_dilithium_import_public(input, inSz, key); if (ret != 0) { + #if !defined(WOLFSSL_DILITHIUM_NO_ASN1) + int keytype = 0; + #else + int length; + unsigned char* oid; + int oidLen; + word32 idx = 0; + #endif + /* Start again. */ ret = 0; + #if !defined(WOLFSSL_DILITHIUM_NO_ASN1) /* Get OID sum for level. */ - if (key->level == 2) { + if (key->level == WC_ML_DSA_44) { keytype = DILITHIUM_LEVEL2k; } - else if (key->level == 3) { + else if (key->level == WC_ML_DSA_65) { keytype = DILITHIUM_LEVEL3k; } - else if (key->level == 5) { + else if (key->level == WC_ML_DSA_87) { keytype = DILITHIUM_LEVEL5k; } else { @@ -8022,6 +8640,77 @@ int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx, ret = DecodeAsymKeyPublic_Assign(input, inOutIdx, inSz, &pubKey, &pubKeyLen, keytype); } + #else + /* Get OID sum for level. */ + #ifndef WOLFSSL_NO_ML_DSA_44 + if (key->level == WC_ML_DSA_44) { + oid = dilithium_oid_44; + oidLen = (int)sizeof(dilithium_oid_44); + } + else + #endif + #ifndef WOLFSSL_NO_ML_DSA_65 + if (key->level == WC_ML_DSA_65) { + oid = dilithium_oid_65; + oidLen = (int)sizeof(dilithium_oid_65); + } + else + #endif + #ifndef WOLFSSL_NO_ML_DSA_87 + if (key->level == WC_ML_DSA_87) { + oid = dilithium_oid_87; + oidLen = (int)sizeof(dilithium_oid_87); + } + else + #endif + { + /* Level not set. */ + ret = BAD_FUNC_ARG; + } + if (ret == 0) { + ret = dilithium_check_type(input, &idx, 0x30, inSz); + } + if (ret == 0) { + ret = dilitihium_get_der_length(input, &idx, &length, inSz); + } + if (ret == 0) { + ret = dilithium_check_type(input, &idx, 0x30, inSz); + } + if (ret == 0) { + ret = dilitihium_get_der_length(input, &idx, &length, inSz); + } + if (ret == 0) { + ret = dilithium_check_type(input, &idx, 0x06, inSz); + } + if (ret == 0) { + ret = dilitihium_get_der_length(input, &idx, &length, inSz); + } + if (ret == 0) { + if ((length != oidLen) || + (XMEMCMP(input + idx, oid, oidLen) != 0)) { + ret = ASN_PARSE_E; + } + idx += oidLen; + } + if (ret == 0) { + ret = dilithium_check_type(input, &idx, 0x03, inSz); + } + if (ret == 0) { + ret = dilitihium_get_der_length(input, &idx, &length, inSz); + } + if (ret == 0) { + if (input[idx] != 0) { + ret = ASN_PARSE_E; + } + idx++; + length--; + } + if (ret == 0) { + /* This is the raw point data compressed or uncompressed. */ + pubKeyLen = (word32)length; + pubKey = input + idx; + } + #endif if (ret == 0) { /* Import public key data. */ ret = wc_dilithium_import_public(pubKey, pubKeyLen, key); @@ -8031,6 +8720,8 @@ int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx, return ret; } +#ifndef WOLFSSL_DILITHIUM_NO_ASN1 + #ifdef WC_ENABLE_ASYM_KEY_EXPORT /* Encode the public part of a Dilithium key in DER. * @@ -8062,15 +8753,15 @@ int wc_Dilithium_PublicKeyToDer(dilithium_key* key, byte* output, word32 len, if (ret == 0) { /* Get OID and length for level. */ - if (key->level == 2) { + if (key->level == WC_ML_DSA_44) { keytype = DILITHIUM_LEVEL2k; pubKeyLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE; } - else if (key->level == 3) { + else if (key->level == WC_ML_DSA_65) { keytype = DILITHIUM_LEVEL3k; pubKeyLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE; } - else if (key->level == 5) { + else if (key->level == WC_ML_DSA_87) { keytype = DILITHIUM_LEVEL5k; pubKeyLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE; } @@ -8089,10 +8780,14 @@ int wc_Dilithium_PublicKeyToDer(dilithium_key* key, byte* output, word32 len, } #endif /* WC_ENABLE_ASYM_KEY_EXPORT */ +#endif /* !WOLFSSL_DILITHIUM_NO_ASN1 */ + #endif /* WOLFSSL_DILITHIUM_PUBLIC_KEY */ #ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY +#ifndef WOLFSSL_DILITHIUM_NO_ASN1 + #ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY /* Encode the private and public data of a Dilithium key in DER. * @@ -8112,15 +8807,15 @@ int wc_Dilithium_KeyToDer(dilithium_key* key, byte* output, word32 len) /* Validate parameters and check public and private key set. */ if ((key != NULL) && key->prvKeySet && key->pubKeySet) { /* Create DER for level. */ - if (key->level == 2) { + if (key->level == WC_ML_DSA_44) { ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL2_KEY_SIZE, key->p, DILITHIUM_LEVEL2_PUB_KEY_SIZE, output, len, DILITHIUM_LEVEL2k); } - else if (key->level == 3) { + else if (key->level == WC_ML_DSA_65) { ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL3_KEY_SIZE, key->p, DILITHIUM_LEVEL3_PUB_KEY_SIZE, output, len, DILITHIUM_LEVEL3k); } - else if (key->level == 5) { + else if (key->level == WC_ML_DSA_87) { ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL5_KEY_SIZE, key->p, DILITHIUM_LEVEL5_PUB_KEY_SIZE, output, len, DILITHIUM_LEVEL5k); } @@ -8148,15 +8843,15 @@ int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output, word32 len) /* Validate parameters and check private key set. */ if ((key != NULL) && key->prvKeySet) { /* Create DER for level. */ - if (key->level == 2) { + if (key->level == WC_ML_DSA_44) { ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL2_KEY_SIZE, NULL, 0, output, len, DILITHIUM_LEVEL2k); } - else if (key->level == 3) { + else if (key->level == WC_ML_DSA_65) { ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL3_KEY_SIZE, NULL, 0, output, len, DILITHIUM_LEVEL3k); } - else if (key->level == 5) { + else if (key->level == WC_ML_DSA_87) { ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL5_KEY_SIZE, NULL, 0, output, len, DILITHIUM_LEVEL5k); } @@ -8165,8 +8860,8 @@ int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output, word32 len) return ret; } -#endif /* WOLFSSL_DILITHIUM_PRIVATE_KEY */ - #endif /* WOLFSSL_DILITHIUM_NO_ASN1 */ +#endif /* WOLFSSL_DILITHIUM_PRIVATE_KEY */ + #endif /* HAVE_DILITHIUM */ diff --git a/wolfssl/wolfcrypt/dilithium.h b/wolfssl/wolfcrypt/dilithium.h index f82682f06d..742c8ecb91 100644 --- a/wolfssl/wolfcrypt/dilithium.h +++ b/wolfssl/wolfcrypt/dilithium.h @@ -602,6 +602,9 @@ struct dilithium_key { sword32 w[DILITHIUM_N]; sword32 t1[DILITHIUM_N]; byte w1e[DILITHIUM_MAX_W1_ENC_SZ]; +#ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + sword64 t64[DILITHIUM_N]; +#endif byte h[DILITHIUM_REJ_NTT_POLY_H_SIZE]; byte block[DILITHIUM_GEN_C_BLOCK_BYTES]; #endif /* WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC && @@ -712,11 +715,13 @@ int wc_dilithium_export_key(dilithium_key* key, byte* priv, word32 *privSz, WOLFSSL_API int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx, dilithium_key* key, word32 inSz); #endif +#endif /* WOLFSSL_DILITHIUM_NO_ASN1 */ #ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY WOLFSSL_API int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx, dilithium_key* key, word32 inSz); #endif +#ifndef WOLFSSL_DILITHIUM_NO_ASN1 #ifdef WC_ENABLE_ASYM_KEY_EXPORT WOLFSSL_API int wc_Dilithium_PublicKeyToDer(dilithium_key* key, byte* output, word32 inLen, int withAlg); From 31380aca13ca4a380b546c320ba544347663d47e Mon Sep 17 00:00:00 2001 From: Marco Oliverio Date: Mon, 29 Jul 2024 15:00:41 +0000 Subject: [PATCH 25/71] fixup! ocsp: don't free ocsp request if saved in ssl->ctx->certOcspRequest --- src/internal.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/src/internal.c b/src/internal.c index ece556c8f4..0509918f50 100644 --- a/src/internal.c +++ b/src/internal.c @@ -23311,14 +23311,16 @@ int SendFinished(WOLFSSL* ssl) */ static int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request, DecodedCert* cert, byte* certData, word32 length, - byte *takeOwnership) + byte *ctxOwnsRequest) { - byte ctxOwnsRequest = 0; int ret; if (request != NULL) XMEMSET(request, 0, sizeof(OcspRequest)); + if (ctxOwnsRequest!= NULL) + *ctxOwnsRequest = 0; + InitDecodedCert(cert, certData, length, ssl->heap); /* TODO: Setup async support here */ ret = ParseCertRelative(cert, CERT_TYPE, VERIFY, SSL_CM(ssl), NULL); @@ -23334,7 +23336,8 @@ static int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request, if (wc_LockMutex(ocspLock) == 0) { if (ssl->ctx->certOcspRequest == NULL) { ssl->ctx->certOcspRequest = request; - ctxOwnsRequest = 1; + if (ctxOwnsRequest!= NULL) + *ctxOwnsRequest = 1; } wc_UnLockMutex(ocspLock); } @@ -23342,8 +23345,6 @@ static int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request, } FreeDecodedCert(cert); - if (takeOwnership != NULL) - *takeOwnership = ctxOwnsRequest; return ret; } From 2d5462d77dc00e9f0a26f0df7a8fe3740adab456 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Mon, 29 Jul 2024 18:18:07 +0200 Subject: [PATCH 26/71] wolfSSL_X509_REQ_add1_attr_by_NID: clean up push call for analyzers --- src/x509.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/x509.c b/src/x509.c index 09c56dc8c3..d570f5ad6f 100644 --- a/src/x509.c +++ b/src/x509.c @@ -14517,11 +14517,12 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req, req->reqAttributes->type = STACK_TYPE_X509_REQ_ATTR; } } - ret = wolfSSL_sk_push(req->reqAttributes, attr); - if ((ret != WOLFSSL_SUCCESS) || (req->reqAttributes->type == STACK_TYPE_CIPHER)) { - /* CIPHER type makes a copy */ + if (req->reqAttributes->type == STACK_TYPE_X509_REQ_ATTR) + ret = wolfSSL_sk_push(req->reqAttributes, attr); + else + ret = WOLFSSL_FAILURE; + if (ret != WOLFSSL_SUCCESS) wolfSSL_X509_ATTRIBUTE_free(attr); - } } return ret; From 6d39a78dbaefaf53f6a6bc83e9c2a0f89b5b774f Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 25 Jul 2024 11:52:06 -0700 Subject: [PATCH 27/71] Fix for using sprintf. Resolves warning: ``` ./configure CC="gcc -fsanitize=address" && make In file included from ./wolfclu/clu_header_main.h:71: /usr/local/include/wolfssl/test.h:1103:18: error: 'sprintf' is deprecated: This function is provided for compatibility reasons only. Due to security concerns inherent in the design of sprintf(3), it is highly recommended that you use snprintf(3) instead. [-Werror,-Wdeprecated-declarations] strLen = sprintf(serialMsg, " %s", words[3]); ^ ``` --- wolfssl/test.h | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/wolfssl/test.h b/wolfssl/test.h index ae75fb42a1..888d7f1ae4 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -1099,10 +1099,11 @@ static WC_INLINE void ShowX509Ex(WOLFSSL_X509* x509, const char* hdr, char serialMsg[80]; /* testsuite has multiple threads writing to stdout, get output - message ready to write once */ - strLen = sprintf(serialMsg, " %s", words[3]); + * message ready to write once */ + strLen = XSNPRINTF(serialMsg, sizeof(serialMsg), " %s", words[3]); for (i = 0; i < sz; i++) - sprintf(serialMsg + strLen + (i*3), ":%02x ", serial[i]); + strLen = XSNPRINTF(serialMsg + strLen, sizeof(serialMsg) - strLen, + ":%02x ", serial[i]); printf("%s\n", serialMsg); } From f9dc5e9f4d02cb0976d941cb33cdb37806f40f2b Mon Sep 17 00:00:00 2001 From: David Garske Date: Mon, 29 Jul 2024 13:26:04 -0700 Subject: [PATCH 28/71] Fixes for uses of deprecated sprintf. If C89 remap XSNPRINTF to use sprintf. --- src/bio.c | 13 +++---- src/x509.c | 71 ++++++++++++++++++--------------------- tests/api.c | 4 +-- tests/quic.c | 2 +- testsuite/testsuite.c | 17 +++++----- wolfcrypt/src/asn.c | 12 ------- wolfcrypt/test/test.c | 6 +--- wolfssl/wolfcrypt/types.h | 2 ++ 8 files changed, 54 insertions(+), 73 deletions(-) diff --git a/src/bio.c b/src/bio.c index bd6bbdc1d9..43492126df 100644 --- a/src/bio.c +++ b/src/bio.c @@ -3345,21 +3345,22 @@ int wolfSSL_BIO_dump(WOLFSSL_BIO *bio, const char *buf, int length) return wolfSSL_BIO_write(bio, "\tNULL", 5); } - XSPRINTF(line, "%04x - ", lineOffset); + (void)XSNPRINTF(line, sizeof(line), "%04x - ", lineOffset); o = 7; for (i = 0; i < BIO_DUMP_LINE_LEN; i++) { if (i < length) - XSPRINTF(line + o,"%02x ", (unsigned char)buf[i]); + (void)XSNPRINTF(line + o, (int)sizeof(line) - o, + "%02x ", (unsigned char)buf[i]); else - XSPRINTF(line + o, " "); + (void)XSNPRINTF(line + o, (int)sizeof(line) - o, " "); if (i == 7) - XSPRINTF(line + o + 2, "-"); + (void)XSNPRINTF(line + o + 2, (int)sizeof(line) - (o + 2), "-"); o += 3; } - XSPRINTF(line + o, " "); + (void)XSNPRINTF(line + o, (int)sizeof(line) - o, " "); o += 2; for (i = 0; (i < BIO_DUMP_LINE_LEN) && (i < length); i++) { - XSPRINTF(line + o, "%c", + (void)XSNPRINTF(line + o, (int)sizeof(line) - o, "%c", ((31 < buf[i]) && (buf[i] < 127)) ? buf[i] : '.'); o++; } diff --git a/src/x509.c b/src/x509.c index 09c56dc8c3..04e2a8be93 100644 --- a/src/x509.c +++ b/src/x509.c @@ -7040,7 +7040,6 @@ int wolfSSL_X509_signature_print(WOLFSSL_BIO *bp, for (i = 0; i < length; ++i) { char hex_digits[4]; -#ifdef XSNPRINTF if (XSNPRINTF(hex_digits, sizeof(hex_digits), "%c%02X", i>0 ? ':' : ' ', (unsigned int)sigalg->algorithm->obj[idx+i]) >= (int)sizeof(hex_digits)) @@ -7048,10 +7047,6 @@ int wolfSSL_X509_signature_print(WOLFSSL_BIO *bp, WOLFSSL_MSG("buffer overrun"); return WOLFSSL_FAILURE; } -#else - XSPRINTF(hex_digits, "%c%02X", i>0 ? ':' : ' ', - (unsigned int)sigalg->algorithm->obj[idx+i]); -#endif if (wolfSSL_BIO_puts(bp, hex_digits) <= 0) return WOLFSSL_FAILURE; } @@ -9005,14 +9000,13 @@ int wolfSSL_X509_VERIFY_PARAM_set1_ip(WOLFSSL_X509_VERIFY_PARAM* param, if (iplen == 4) { /* ipv4 www.xxx.yyy.zzz max 15 length + Null termination */ buf = (char*)XMALLOC(16, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (!buf) { WOLFSSL_MSG("failed malloc"); return ret; } - XSPRINTF(buf, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]); - buf[15] = '\0'; + (void)XSNPRINTF(buf, 16, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]); + buf[15] = '\0'; /* null terminate */ } else if (iplen == 16) { /* ipv6 normal address scheme @@ -9041,47 +9035,46 @@ int wolfSSL_X509_VERIFY_PARAM_set1_ip(WOLFSSL_X509_VERIFY_PARAM* param, * to re-construct IP address in ascii. */ buf = (char*)XMALLOC(max_ipv6_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (!buf) { WOLFSSL_MSG("failed malloc"); return ret; } p = buf; for (i = 0; i < 16; i += 2) { - val = (((word32)(ip[i]<<8)) | (ip[i+1])) & 0xFFFF; - if (val == 0){ - if (!write_zero) { + val = (((word32)(ip[i]<<8)) | (ip[i+1])) & 0xFFFF; + if (val == 0){ + if (!write_zero) { *p = ':'; - } - p++; - *p = '\0'; - write_zero = 1; - } - else { - if (i != 0) - *p++ = ':'; - XSPRINTF(p, "%x", val); - } - /* sanity check */ - if (XSTRLEN(buf) > max_ipv6_len) { - WOLFSSL_MSG("The target ip address exceeds buffer length(40)"); - XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - buf = NULL; - break; - } - /* move the pointer to the last */ - /* XSTRLEN includes NULL because of XSPRINTF use */ - p = buf + (XSTRLEN(buf)); + } + p++; + *p = '\0'; + write_zero = 1; + } + else { + if (i != 0) { + *p++ = ':'; + } + (void)XSNPRINTF(p, max_ipv6_len - (size_t)(p - buf), "%x", val); + } + /* sanity check */ + if (XSTRLEN(buf) > max_ipv6_len) { + WOLFSSL_MSG("The target ip address exceeds buffer length(40)"); + XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + buf = NULL; + break; + } + /* move the pointer to the last */ + /* XSTRLEN includes NULL because of XSPRINTF use */ + p = buf + (XSTRLEN(buf)); } /* termination */ - if(i == 16 && buf) { + if (i == 16 && buf) { p--; if ((*p) == ':') { - /* when the last character is :, the following segments are zero - * Therefore, adding : and null termination - */ - p++; - *p++ = ':'; + /* when the last character is :, the following segments are zero + * Therefore, adding : and null termination */ + p++; + *p++ = ':'; *p = '\0'; } } @@ -9092,7 +9085,7 @@ int wolfSSL_X509_VERIFY_PARAM_set1_ip(WOLFSSL_X509_VERIFY_PARAM* param, } if (buf) { - /* set address to ip asc */ + /* set address to ip asc */ ret = wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(param, buf); XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); } diff --git a/tests/api.c b/tests/api.c index 161590af24..6c2d24222e 100644 --- a/tests/api.c +++ b/tests/api.c @@ -58278,7 +58278,7 @@ static int test_wolfSSL_BIO_connect(void) server_args.signal = &ready; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); - ExpectIntGT(XSPRINTF(buff, "%d", ready.port), 0); + ExpectIntGT(XSNPRINTF(buff, sizeof(buff), "%d", ready.port), 0); /* Start the test proper */ /* Setup the TCP BIO */ @@ -58325,7 +58325,7 @@ static int test_wolfSSL_BIO_connect(void) server_args.signal = &ready; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); - ExpectIntGT(XSPRINTF(buff, "%d", ready.port), 0); + ExpectIntGT(XSNPRINTF(buff, sizeof(buff), "%d", ready.port), 0); ExpectNotNull(sslBio = BIO_new_ssl_connect(ctx)); ExpectIntEQ(BIO_set_conn_hostname(sslBio, (char*)wolfSSLIP), 1); diff --git a/tests/quic.c b/tests/quic.c index bbd103d81a..bc93c4a7d9 100644 --- a/tests/quic.c +++ b/tests/quic.c @@ -848,7 +848,7 @@ static void check_crypto_records(QuicTestContext *from, OutputBuffer *out, int i rec_name = "Finished"; break; default: - sprintf(lbuffer, "%d", rec_type); + (void)XSNPRINTF(lbuffer, sizeof(lbuffer), "%d", rec_type); rec_name = lbuffer; break; } diff --git a/testsuite/testsuite.c b/testsuite/testsuite.c index 5fa0ce4999..3e0986e155 100644 --- a/testsuite/testsuite.c +++ b/testsuite/testsuite.c @@ -300,7 +300,7 @@ static int test_crl_monitor(void) printf("\nRunning CRL monitor test\n"); - sprintf(rounds, "%d", CRL_MONITOR_TEST_ROUNDS); + (void)XSNPRINTF(rounds, sizeof(rounds), "%d", CRL_MONITOR_TEST_ROUNDS); XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&client_args, 0, sizeof(func_args)); @@ -320,18 +320,19 @@ static int test_crl_monitor(void) InitTcpReady(&ready); start_thread(server_test, &server_args, &serverThread); wait_tcp_ready(&server_args); - sprintf(portNum, "%d", server_args.signal->port); + (void)XSNPRINTF(portNum, sizeof(portNum), "%d", server_args.signal->port); for (i = 0; i < CRL_MONITOR_TEST_ROUNDS; i++) { int expectFail; if (i % 2 == 0) { + /* succeed on even rounds */ - sprintf(buf, "%s/%s", tmpDir, "crl.pem"); + (void)XSNPRINTF(buf, sizeof(buf), "%s/%s", tmpDir, "crl.pem"); if (STAGE_FILE("certs/crl/crl.pem", buf) != 0) { fprintf(stderr, "[%d] Failed to copy file to %s\n", i, buf); goto cleanup; } - sprintf(buf, "%s/%s", tmpDir, "crl.revoked"); + (void)XSNPRINTF(buf, sizeof(buf), "%s/%s", tmpDir, "crl.revoked"); /* The monitor can be holding the file handle and this will cause * the remove call to fail. Let's give the monitor a some time to * finish up. */ @@ -349,12 +350,12 @@ static int test_crl_monitor(void) } else { /* fail on odd rounds */ - sprintf(buf, "%s/%s", tmpDir, "crl.revoked"); + (void)XSNPRINTF(buf, sizeof(buf), "%s/%s", tmpDir, "crl.revoked"); if (STAGE_FILE("certs/crl/crl.revoked", buf) != 0) { fprintf(stderr, "[%d] Failed to copy file to %s\n", i, buf); goto cleanup; } - sprintf(buf, "%s/%s", tmpDir, "crl.pem"); + (void)XSNPRINTF(buf, sizeof(buf), "%s/%s", tmpDir, "crl.pem"); /* The monitor can be holding the file handle and this will cause * the remove call to fail. Let's give the monitor a some time to * finish up. */ @@ -395,9 +396,9 @@ static int test_crl_monitor(void) cleanup: if (ret != 0 && i >= 0) fprintf(stderr, "test_crl_monitor failed on iteration %d\n", i); - sprintf(buf, "%s/%s", tmpDir, "crl.pem"); + (void)XSNPRINTF(buf, sizeof(buf), "%s/%s", tmpDir, "crl.pem"); rem_file(buf); - sprintf(buf, "%s/%s", tmpDir, "crl.revoked"); + (void)XSNPRINTF(buf, sizeof(buf), "%s/%s", tmpDir, "crl.revoked"); rem_file(buf); (void)rem_dir(tmpDir); return ret; diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index f32f462066..227ab0566b 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -15071,19 +15071,13 @@ int GetFormattedTime(void* currTime, byte* buf, word32 len) hour = ts->tm_hour; mini = ts->tm_min; sec = ts->tm_sec; - #if defined(WOLF_C89) if (len < ASN_UTC_TIME_SIZE) { WOLFSSL_MSG("buffer for GetFormattedTime is too short."); return BUFFER_E; } - ret = XSPRINTF((char*)buf, - "%02d%02d%02d%02d%02d%02dZ", year, mon, day, - hour, mini, sec); - #else ret = XSNPRINTF((char*)buf, len, "%02d%02d%02d%02d%02d%02dZ", year, mon, day, hour, mini, sec); - #endif } else { /* GeneralizedTime */ @@ -15093,19 +15087,13 @@ int GetFormattedTime(void* currTime, byte* buf, word32 len) hour = ts->tm_hour; mini = ts->tm_min; sec = ts->tm_sec; - #if defined(WOLF_C89) if (len < ASN_GENERALIZED_TIME_SIZE) { WOLFSSL_MSG("buffer for GetFormattedTime is too short."); return BUFFER_E; } - ret = XSPRINTF((char*)buf, - "%4d%02d%02d%02d%02d%02dZ", year, mon, day, - hour, mini, sec); - #else ret = XSNPRINTF((char*)buf, len, "%4d%02d%02d%02d%02d%02dZ", year, mon, day, hour, mini, sec); - #endif } return ret; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index c9e10ae5d2..7c357e6818 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -49806,11 +49806,7 @@ static wc_test_ret_t pkcs7signed_run_vectors( #endif for (j = 0, k = 2; j < (int)sizeof(digest); j++, k += 2) { - #if defined(WOLF_C89) - XSPRINTF((char*)&transId[k], "%02x", digest[j]); - #else - (void)XSNPRINTF((char*)&transId[k], 3, "%02x", digest[j]); - #endif + (void)XSNPRINTF((char*)&transId[k], 3, "%02x", digest[j]); } } diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 641246cbde..b907e92487 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -831,6 +831,8 @@ typedef struct w64wrapper { #elif defined(WOLF_C89) #include #define XSPRINTF sprintf + /* snprintf not available for C89, so remap using macro */ + #define XSNPRINTF(f, len, ...) sprintf(f, ...) #else #include #define XSNPRINTF snprintf From 1681cb2d7e5ca7b4a1061d6f199870aa012ccc26 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Tue, 30 Jul 2024 09:09:26 +1000 Subject: [PATCH 29/71] Dilithium: DER encoding fix Underlying function SetAsymKeyDer() changed semantics. Update tests to reflect new behaviour. --- tests/api.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/api.c b/tests/api.c index 161590af24..275df0b291 100644 --- a/tests/api.c +++ b/tests/api.c @@ -33388,7 +33388,7 @@ static int test_wc_dilithium_der(void) ExpectIntEQ(wc_Dilithium_PublicKeyToDer(NULL, der , DILITHIUM_MAX_DER_SIZE, 0), BAD_FUNC_ARG); ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key , der , 0 , - 0), BUFFER_E); + 0), BUFFER_E ); /* Get length only. */ ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key , NULL, 0 , 0), pubLen); @@ -33401,8 +33401,8 @@ static int test_wc_dilithium_der(void) ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(NULL, NULL, 0 ), BAD_FUNC_ARG); - ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(key , NULL, - 0 ), BAD_FUNC_ARG); + ExpectIntGT(wc_Dilithium_PrivateKeyToDer(key , NULL, + 0 ), 0); ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(NULL, der , 0 ), BAD_FUNC_ARG); ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(NULL, NULL, @@ -33410,15 +33410,15 @@ static int test_wc_dilithium_der(void) ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(NULL, der , DILITHIUM_MAX_DER_SIZE), BAD_FUNC_ARG); ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(key , der , - 0 ), BAD_FUNC_ARG); + 0 ), BUFFER_E); /* Get length only. */ ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(key , NULL, DILITHIUM_MAX_DER_SIZE), privDerLen); ExpectIntEQ(wc_Dilithium_KeyToDer(NULL, NULL, 0 ), BAD_FUNC_ARG); - ExpectIntEQ(wc_Dilithium_KeyToDer(key , NULL, 0 ), - BAD_FUNC_ARG); + ExpectIntGT(wc_Dilithium_KeyToDer(key , NULL, 0 ), + 0 ); ExpectIntEQ(wc_Dilithium_KeyToDer(NULL, der , 0 ), BAD_FUNC_ARG); ExpectIntEQ(wc_Dilithium_KeyToDer(NULL, NULL, DILITHIUM_MAX_DER_SIZE), @@ -33426,7 +33426,7 @@ static int test_wc_dilithium_der(void) ExpectIntEQ(wc_Dilithium_KeyToDer(NULL, der , DILITHIUM_MAX_DER_SIZE), BAD_FUNC_ARG); ExpectIntEQ(wc_Dilithium_KeyToDer(key , der , 0 ), - BAD_FUNC_ARG); + BUFFER_E ); /* Get length only. */ ExpectIntEQ(wc_Dilithium_KeyToDer(key , NULL, DILITHIUM_MAX_DER_SIZE), keyDerLen); From f1e01e4636e15941376372b130ec76c9cb513c46 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Thu, 18 Jul 2024 11:15:23 +1000 Subject: [PATCH 30/71] RISC-V 64: Add assembly code for SHA-256 Move common defines out of AES file to header file. --- src/include.am | 13 + wolfcrypt/src/port/riscv/riscv-64-aes.c | 118 -- wolfcrypt/src/port/riscv/riscv-64-sha256.c | 1431 +++++++++++++++++++ wolfcrypt/src/sha256.c | 4 +- wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h | 166 +++ 5 files changed, 1612 insertions(+), 120 deletions(-) create mode 100644 wolfcrypt/src/port/riscv/riscv-64-sha256.c diff --git a/src/include.am b/src/include.am index 1679e3b567..a9992a851b 100644 --- a/src/include.am +++ b/src/include.am @@ -229,6 +229,10 @@ endif !BUILD_X86_ASM endif !BUILD_ARMASM endif !BUILD_ARMASM_NEON +if BUILD_RISCV_ASM +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-sha256.c +endif BUILD_RISCV_ASM + if BUILD_SHA512 if BUILD_ARMASM_NEON src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha512.c @@ -384,6 +388,10 @@ endif BUILD_INTELASM endif !BUILD_ARMASM endif !BUILD_ARMASM_NEON +if BUILD_RISCV_ASM +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-sha256.c +endif BUILD_RISCV_ASM + if BUILD_SHA512 if BUILD_ARMASM_NEON src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha512.c @@ -595,6 +603,11 @@ endif BUILD_INTELASM endif !BUILD_X86_ASM endif !BUILD_ARMASM endif !BUILD_ARMASM_NEON + +if BUILD_RISCV_ASM +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-sha256.c +endif BUILD_RISCV_ASM + endif !BUILD_FIPS_CURRENT if BUILD_AFALG diff --git a/wolfcrypt/src/port/riscv/riscv-64-aes.c b/wolfcrypt/src/port/riscv/riscv-64-aes.c index 3a8a2bc742..c438d252ad 100644 --- a/wolfcrypt/src/port/riscv/riscv-64-aes.c +++ b/wolfcrypt/src/port/riscv/riscv-64-aes.c @@ -56,24 +56,8 @@ static WC_INLINE void memcpy16(byte* out, const byte* in) out64[1] = in64[1]; } -#ifdef WOLFSSL_RISCV_BASE_BIT_MANIPULATION - -/* Reverse bytes in 64-bit register. */ -#define REV8(rd, rs) \ - ASM_WORD((0b011010111000 << 20) | (0b101 << 12) | \ - (0b0010011 << 0) | \ - (rs << 15) | (rd << 7)) - -#endif /* WOLFSSL_RISCV_BASE_BIT_MANIPULATION */ - #ifdef WOLFSSL_RISCV_BIT_MANIPULATION -/* rd = rs1[0..31] | rs2[0..31]. */ -#define PACK(rd, rs1, rs2) \ - ASM_WORD((0b0000100 << 25) | (0b100 << 12) | \ - (0b0110011 << 0) | \ - (rs2 << 20) | (rs1 << 15) | (rd << 7)) - /* Reverse bits in each byte of 64-bit register. */ #define BREV8(rd, rs) \ ASM_WORD(0b01101000011100000101000000010011 | \ @@ -90,31 +74,6 @@ static WC_INLINE void memcpy16(byte* out, const byte* in) (vs2 << 20) | (vd << 7)) #endif -/* vd = vs2 + [i,] */ -#define VADD_VI(vd, vs2, i) \ - ASM_WORD((0b000000 << 26) | (0b1 << 25) | \ - (0b011 << 12) | (0b1010111 << 0) | \ - (vd << 7) | (i << 15) | (vs2 << 20)) -/* vd = vs1 + vs2 */ -#define VADD_VV(vd, vs1, vs2) \ - ASM_WORD((0b000000 << 26) | (0b1 << 25) | \ - (0b000 << 12) | (0b1010111 << 0) | \ - (vs2 << 20) | (vs1 << 15) | (vd << 7)) -/* vd = vs1 ^ vs2 */ -#define VXOR_VV(vd, vs1, vs2) \ - ASM_WORD((0b001011 << 26) | (0b1 << 25) | \ - (0b000 << 12) | (0b1010111 << 0) | \ - (vd << 7) | (vs1 << 15) | (vs2 << 20)) -/* vd = vs1 & vs2 */ -#define VAND_VV(vd, vs1, vs2) \ - ASM_WORD((0b001001 << 26) | (0b1 << 25) | \ - (0b000 << 12) | (0b1010111 << 0) | \ - (vd << 7) | (vs1 << 15) | (vs2 << 20)) -/* vd = vs1 | vs2 */ -#define VOR_VV(vd, vs1, vs2) \ - ASM_WORD((0b001010 << 26) | (0b1 << 25) | \ - (0b000 << 12) | (0b1010111 << 0) | \ - (vd << 7) | (vs1 << 15) | (vs2 << 20)) /* vd = vs2 << uimm */ #define VSLL_VI(vd, vs2, uimm) \ @@ -127,29 +86,6 @@ static WC_INLINE void memcpy16(byte* out, const byte* in) (0b011 << 12) | (0b1010111 << 0) | \ (vd << 7) | (uimm << 15) | (vs2 << 20)) -/* vd[shift..max] = vs2[0..max-shift] */ -#define VSLIDEUP_VI(vd, vs2, shift) \ - ASM_WORD((0b001110 << 26) | (0b1 << 25) | \ - (0b011 << 12) | (0b1010111 << 0) | \ - (vd << 7) | (shift << 15) | (vs2 << 20)) - -/* vd[0..max-shift] = vs2[shift..max] */ -#define VSLIDEDOWN_VI(vd, vs2, shift) \ - ASM_WORD((0b001111 << 26) | (0b1 << 25) | \ - (0b011 << 12) | (0b1010111 << 0) | \ - (vd << 7) | (shift << 15) | (vs2 << 20)) - -/* vd[i] = vs1[vs2[i] */ -#define VRGATHER_VV(vd, vs1, vs2) \ - ASM_WORD((0b001100 << 26) | (0b1 << 25) | \ - (0b000 << 12) | (0b1010111 << 0) | \ - (vd << 7) | (vs1 << 15) | (vs2 << 20)) - -/* Reverse order of bytes in words of vector regsiter. */ -#define VREV8(vd, vs2) \ - ASM_WORD((0b010010 << 26) | (0b1 << 25) | (0b01001<< 15) | \ - (0b010 << 12) | (0b1010111 << 0) | \ - (vs2 << 20) | (vd << 7)) /* Vector register set if equal: vd[i] = vs1[i] == vs2[i] ? 1 : 0 */ #define VMSEQ_VV(vd, vs1, vs2) \ @@ -169,60 +105,6 @@ static WC_INLINE void memcpy16(byte* out, const byte* in) (0b010 << 12) | (0b1010111 << 0) | \ (vs2 << 20) | (rd << 7)) -/* 64-bit width when loading. */ -#define WIDTH_64 0b111 -/* 32-bit width when loading. */ -#define WIDTH_32 0b110 - -/* Load n Vector registers with width-bit components. */ -#define VLRE_V(vd, rs1, cnt, width) \ - ASM_WORD(0b0000111 | (width << 12) | (0b00101000 << 20) | \ - (0 << 28) | ((cnt - 1) << 29) | (vd << 7) | (rs1 << 15)) -/* Load 1 Vector register with 64-bit components. */ -#define VL1RE64_V(vd, rs1) VLRE_V(vd, rs1, 1, WIDTH_64) -/* Load 1 Vector register with 32-bit components. */ -#define VL1RE32_V(vd, rs1) VLRE_V(vd, rs1, 1, WIDTH_32) -/* Load 2 Vector register with 32-bit components. */ -#define VL2RE32_V(vd, rs1) VLRE_V(vd, rs1, 2, WIDTH_32) -/* Load 4 Vector register with 32-bit components. */ -#define VL4RE32_V(vd, rs1) VLRE_V(vd, rs1, 4, WIDTH_32) -/* Load 8 Vector register with 32-bit components. */ -#define VL8RE32_V(vd, rs1) VLRE_V(vd, rs1, 8, WIDTH_32) - -/* Store n Vector register. */ -#define VSR_V(vs3, rs1, cnt) \ - ASM_WORD(0b0100111 | (0b00101000 << 20) | (0 << 28) | \ - ((cnt-1) << 29) | (vs3 << 7) | (rs1 << 15)) -/* Store 1 Vector register. */ -#define VS1R_V(vs3, rs1) VSR_V(vs3, rs1, 1) -/* Store 2 Vector register. */ -#define VS2R_V(vs3, rs1) VSR_V(vs3, rs1, 2) -/* Store 4 Vector register. */ -#define VS4R_V(vs3, rs1) VSR_V(vs3, rs1, 4) -/* Store 8 Vector register. */ -#define VS8R_V(vs3, rs1) VSR_V(vs3, rs1, 8) - -/* Move from vector register to vector registor. */ -#define VMV_V_V(vd, vs1) \ - ASM_WORD((0b1010111 << 0) | (0b000 << 12) | (0b1 << 25) | \ - (0b010111 << 26) | (vd << 7) | (vs1 << 15)) -/* Splat register to each component of the vector registor. */ -#define VMV_V_X(vd, rs1) \ - ASM_WORD((0b1010111 << 0) | (0b100 << 12) | (0b1 << 25) | \ - (0b010111 << 26) | (vd << 7) | (rs1 << 15)) -/* Move n vector registers to vector registers. */ -#define VMVR_V(vd, vs2, n) \ - ASM_WORD((0b1010111 << 0) | (0b011 << 12) | (0b1 << 25) | \ - (0b100111 << 26) | (vd << 7) | ((n-1) << 15) | \ - (vs2 << 20)) - -/* Set the options of vector instructions. */ -#define VSETIVLI(rd, n, vma, vta, vsew, vlmul) \ - ASM_WORD((0b11 << 30) | (0b111 << 12) | (0b1010111 << 0) | \ - (rd << 7) | (n << 15) | (vma << 27) | \ - (vta << 26) | (vsew << 23) | (vlmul << 20)) - - #if defined(WOLFSSL_RISCV_VECTOR_CRYPTO_ASM) /* diff --git a/wolfcrypt/src/port/riscv/riscv-64-sha256.c b/wolfcrypt/src/port/riscv/riscv-64-sha256.c new file mode 100644 index 0000000000..62d26745e1 --- /dev/null +++ b/wolfcrypt/src/port/riscv/riscv-64-sha256.c @@ -0,0 +1,1431 @@ +/* riscv-sha256.c + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include + +#ifdef WOLFSSL_RISCV_ASM +#if !defined(NO_SHA256) || defined(WOLFSSL_SHA224) + +#if FIPS_VERSION3_LT(6,0,0) && defined(HAVE_FIPS) + #undef HAVE_FIPS +#else + #if defined(HAVE_FIPS) && FIPS_VERSION3_GE(6,0,0) + /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ + #define FIPS_NO_WRAPPERS + #endif +#endif + +#include +#if FIPS_VERSION3_GE(6,0,0) + const unsigned int wolfCrypt_FIPS_sha256_ro_sanity[2] = + { 0x1a2b3c4d, 0x00000014 }; + int wolfCrypt_FIPS_SHA256_sanity(void) + { + return 0; + } +#endif +#include +#include + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +/* Constants to add in each round. */ +static const FLASH_QUALIFIER ALIGN32 word32 K[64] = { + 0x428A2F98L, 0x71374491L, 0xB5C0FBCFL, 0xE9B5DBA5L, 0x3956C25BL, + 0x59F111F1L, 0x923F82A4L, 0xAB1C5ED5L, 0xD807AA98L, 0x12835B01L, + 0x243185BEL, 0x550C7DC3L, 0x72BE5D74L, 0x80DEB1FEL, 0x9BDC06A7L, + 0xC19BF174L, 0xE49B69C1L, 0xEFBE4786L, 0x0FC19DC6L, 0x240CA1CCL, + 0x2DE92C6FL, 0x4A7484AAL, 0x5CB0A9DCL, 0x76F988DAL, 0x983E5152L, + 0xA831C66DL, 0xB00327C8L, 0xBF597FC7L, 0xC6E00BF3L, 0xD5A79147L, + 0x06CA6351L, 0x14292967L, 0x27B70A85L, 0x2E1B2138L, 0x4D2C6DFCL, + 0x53380D13L, 0x650A7354L, 0x766A0ABBL, 0x81C2C92EL, 0x92722C85L, + 0xA2BFE8A1L, 0xA81A664BL, 0xC24B8B70L, 0xC76C51A3L, 0xD192E819L, + 0xD6990624L, 0xF40E3585L, 0x106AA070L, 0x19A4C116L, 0x1E376C08L, + 0x2748774CL, 0x34B0BCB5L, 0x391C0CB3L, 0x4ED8AA4AL, 0x5B9CCA4FL, + 0x682E6FF3L, 0x748F82EEL, 0x78A5636FL, 0x84C87814L, 0x8CC70208L, + 0x90BEFFFAL, 0xA4506CEBL, 0xBEF9A3F7L, 0xC67178F2L +}; + +/* Initialze SHA-256 object for hashing. + * + * @param [in, out] sha256 SHA-256 object. + */ +static void InitSha256(wc_Sha256* sha256) +{ + /* Set initial hash values. */ +#ifndef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM + sha256->digest[0] = 0x6A09E667L; + sha256->digest[1] = 0xBB67AE85L; + sha256->digest[2] = 0x3C6EF372L; + sha256->digest[3] = 0xA54FF53AL; + sha256->digest[4] = 0x510E527FL; + sha256->digest[5] = 0x9B05688CL; + sha256->digest[6] = 0x1F83D9ABL; + sha256->digest[7] = 0x5BE0CD19L; +#else + /* f, e, b, a, h, g, d, c */ + sha256->digest[0] = 0x9B05688CL; + sha256->digest[1] = 0x510E527FL; + sha256->digest[2] = 0xBB67AE85L; + sha256->digest[3] = 0x6A09E667L; + sha256->digest[4] = 0x5BE0CD19L; + sha256->digest[5] = 0x1F83D9ABL; + sha256->digest[6] = 0xA54FF53AL; + sha256->digest[7] = 0x3C6EF372L; +#endif + + /* No hashed data. */ + sha256->buffLen = 0; + /* No data hashed. */ + sha256->loLen = 0; + sha256->hiLen = 0; + +#ifdef WOLFSSL_HASH_FLAGS + sha256->flags = 0; +#endif +} + +/* More data hashed, add length to 64-bit cumulative total. + * + * @param [in, out] sha256 SHA-256 object. Assumed not NULL. + * @param [in] len Length to add. + */ +static WC_INLINE void AddLength(wc_Sha256* sha256, word32 len) +{ + word32 tmp = sha256->loLen; + if ((sha256->loLen += len) < tmp) + sha256->hiLen++; /* carry low to high */ +} + +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + +/* Load a word with bytes reversed. */ +#define LOAD_WORD_REV(r, o, p, t0, t1, t2) \ + "lbu " #t0 ", " #o "(" #p ")\n\t" \ + "lbu " #t1 ", " #o "+1(" #p ")\n\t" \ + "lbu " #t2 ", " #o "+2(" #p ")\n\t" \ + "lbu " #r ", " #o "+3(" #p ")\n\t" \ + "slli " #t0 ", " #t0 ", 24\n\t" \ + "slli " #t1 ", " #t1 ", 16\n\t" \ + "slli " #t2 ", " #t2 ", 8\n\t" \ + "or " #r ", " #r ", " #t0 "\n\t" \ + "or " #r ", " #r ", " #t1 "\n\t" \ + "or " #r ", " #r ", " #t2 "\n\t" + +/* Load a word with bytes reversed. */ +#define LOAD_DWORD_REV(r, o, p, t0, t1, t2, t3) \ + "lbu " #t0 ", " #o "(" #p ")\n\t" \ + "lbu " #t1 ", " #o "+1(" #p ")\n\t" \ + "lbu " #t2 ", " #o "+2(" #p ")\n\t" \ + "lbu " #r ", " #o "+3(" #p ")\n\t" \ + "slli " #t0 ", " #t0 ", 24\n\t" \ + "slli " #t1 ", " #t1 ", 16\n\t" \ + "slli " #t2 ", " #t2 ", 8\n\t" \ + "or " #r ", " #r ", " #t0 "\n\t" \ + "or " #r ", " #r ", " #t1 "\n\t" \ + "or " #r ", " #r ", " #t2 "\n\t" \ + "lbu " #t0 ", " #o "+4(" #p ")\n\t" \ + "lbu " #t1 ", " #o "+5(" #p ")\n\t" \ + "lbu " #t2 ", " #o "+6(" #p ")\n\t" \ + "lbu " #t3 ", " #o "+7(" #p ")\n\t" \ + "slli " #t0 ", " #t0 ", 56\n\t" \ + "slli " #t1 ", " #t1 ", 48\n\t" \ + "slli " #t2 ", " #t2 ", 40\n\t" \ + "slli " #t3 ", " #t3 ", 32\n\t" \ + "or " #r ", " #r ", " #t0 "\n\t" \ + "or " #r ", " #r ", " #t1 "\n\t" \ + "or " #r ", " #r ", " #t2 "\n\t" \ + "or " #r ", " #r ", " #t3 "\n\t" + +#define PACK_BB(rd, rs1, rs2, rrd, rrs1, rrs2) \ + "slli " #rd ", " #rs1 ", 32\n\t" \ + "slli " #rs2 ", " #rs2 ", 32\n\t" \ + "srli " #rd ", " #rs1 ", 32\n\t" \ + "or " #rd ", " #rd ", " #rs2 "\n\t" + +#else + +#define PACK_BB(rd, rs1, rs2, rrd, rrs1, rrs2) \ + PACK(rrd, rrs1, rrs2) + +#endif + +#ifndef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM + +#ifdef WOLFSSL_RISCV_SCALAR_CRYPTO_ASM + +/* SHA-256 SUM0 operation. */ +#define SHA256SUM0(rd, rs1) \ + ASM_WORD((0b000100000000 << 20) | (0b001 << 12) | 0b0010011 | \ + (rs1 << 15) | (rd << 7)) +/* SHA-256 SUM1 operation. */ +#define SHA256SUM1(rd, rs1) \ + ASM_WORD((0b000100000001 << 20) | (0b001 << 12) | 0b0010011 | \ + (rs1 << 15) | (rd << 7)) +/* SHA-256 SIGMA0 operation. */ +#define SHA256SIG0(rd, rs1) \ + ASM_WORD((0b000100000010 << 20) | (0b001 << 12) | 0b0010011 | \ + (rs1 << 15) | (rd << 7)) +/* SHA-256 SIGMA1 operation. */ +#define SHA256SIG1(rd, rs1) \ + ASM_WORD((0b000100000011 << 20) | (0b001 << 12) | 0b0010011 | \ + (rs1 << 15) | (rd << 7)) + +/* One round of compression. */ +#define RND(a, b, c, d, e, f, g, h, w, k) \ + /* Get e and a */ \ + "mv a4, " #e "\n\t" \ + "mv a5, " #a "\n\t" \ + /* Sigma1(e) */ \ + SHA256SUM1(REG_A4, REG_A4) \ + /* Sigma0(a) */ \ + SHA256SUM0(REG_A5, REG_A5) \ + /* Maj(a, b, c) = t5 */ \ + /* Ch(e, f, g) = t6 */ \ + /* f ^ g */ \ + "xor t6, " #f ", " #g "\n\t" \ + /* a ^ b */ \ + "xor t4, " #a ", " #b "\n\t" \ + /* b ^ c */ \ + "xor t5, " #b ", " #c "\n\t" \ + /* (f ^ g) & e */ \ + "and t6, t6, " #e "\n\t" \ + /* h + sigma1 */ \ + "addw " #h ", " #h ", a4\n\t" \ + /* (a^b) & (b^c) */ \ + "and t5, t5, t4\n\t" \ + /* ((f ^ g) & e) ^ g */ \ + "xor t6, t6, " #g "\n\t" \ + /* K + W */ \ + "addw t4, " #k ", " #w "\n\t" \ + /* ((a^b) & (b^c)) ^ b */ \ + "xor t5, t5, " #b "\n\t" \ + /* h + sigma1 + Ch */ \ + "addw " #h ", " #h ", t6\n\t" \ + /* 't0' = h + sigma1 + Ch + K + W */ \ + "addw " #h ", " #h ", t4\n\t" \ + /* Sigma0(a) + Maj = 't1' */ \ + "addw t5, a5, t5\n\t" \ + /* d += 't0' */ \ + "addw " #d ", " #d ", " #h "\n\t" \ + /* 't0' += 't1' */ \ + "addw " #h ", " #h ", t5\n\t" + +/* Two message schedule updates. */ +#define W_UPDATE_2(w0, w1, w4, w5, w7, reg_w0, reg_w1, reg_w7) \ + /* W[i-15] = W[1] */ \ + "srli t4, " #w0 ", 32\n\t" \ + /* W[i-7] = W[9] */ \ + "srli t6, " #w4 ", 32\n\t" \ + /* Gamma0(W[1]) */ \ + SHA256SIG0(REG_A4, REG_T4) \ + /* Gamma1(W[i-2]) = Gamma1(W[14]) */ \ + SHA256SIG1(REG_A5, reg_w7) \ + /* Gamma1(W[14]) + W[9] */ \ + "addw a5, a5, t6\n\t" \ + /* Gamma0(W[1]) + W[i-16] = Gamma0(W[1]) + W[0] */ \ + "addw " #w0 ", " #w0 ", a4\n\t" \ + /* W[i+1-2] = W[15] */ \ + "srli t5, " #w7 ", 32\n\t" \ + /* W[0] = Gamma1(W[14]) + W[9] + Gamma0(W[1]) + W[0] */ \ + "addw " #w0 ", a5, " #w0 "\n\t" \ + \ + /* W[i+1-16] = W[1] = t4 */ \ + /* Gamma0(W[i+1-15]) = Gamma0(W[2]) */ \ + SHA256SIG0(REG_A6, reg_w1) \ + /* Gamma1(W[i+1-2]) = Gamma1(W[15]) */ \ + SHA256SIG1(REG_A7, REG_T5) \ + /* Gamma1(W[15]) + W[i+1-7] = Gamma1(W[15]) + W[10] */ \ + "addw a7, a7, " #w5 "\n\t" \ + /* Gamma0(W[2]) + W[i+1-16] = Gamma0(W[2]) + W[1] */ \ + "addw t5, a6, t4\n\t" \ + /* Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15]) + W[i-16] */ \ + "addw a7, a7, t5\n\t" \ + /* Place in W[i+1-16] = W[1] */ \ + PACK_BB(w0, w0, a7, reg_w0, reg_w0, REG_A7) + +#else + +/* SHA-256 SIGMA1 operation. */ +#define SHA256SIG1(rd, rs1) \ + "slliw t6, " #rs1 ", 15\n\t" \ + "srliw t5, " #rs1 ", 17\n\t" \ + "slliw t4, " #rs1 ", 13\n\t" \ + "srliw " #rd ", " #rs1 ", 19\n\t" \ + "or t6, t6, t5\n\t" \ + "srliw t5, " #rs1 ", 10\n\t" \ + "xor " #rd ", "#rd ", t4\n\t" \ + "xor t6, t6, t5\n\t" \ + "xor " #rd ", " #rd ", t6\n\t" \ + +/* One round of compression. */ +#define RND(a, b, c, d, e, f, g, h, w, k) \ + /* a4 = Sigma1(e) */ \ + "slliw t5, " #e ", 26\n\t" \ + "srliw t4, " #e ", 6\n\t" \ + "slliw t6, " #e ", 21\n\t" \ + "srliw a4, " #e ", 11\n\t" \ + "slliw a5, " #e ", 7\n\t" \ + "or t4, t4, t5\n\t" \ + "xor a4, a4, t6\n\t" \ + "srliw t5, " #e ", 25\n\t" \ + "xor t4, t4, a5\n\t" \ + "xor a4, a4, t5\n\t" \ + /* a5 = Sigma0(a) */ \ + "slliw t5, " #a ", 30\n\t" \ + "xor a4, a4, t4\n\t" \ + "srliw t4, " #a ", 2\n\t" \ + "slliw t6, " #a ", 19\n\t" \ + /* h + sigma1 */ \ + "addw " #h ", " #h ", a4\n\t" \ + "srliw a5, " #a ", 13\n\t" \ + "slliw a4, " #a ", 10\n\t" \ + "or t4, t4, t5\n\t" \ + "xor a5, a5, t6\n\t" \ + "srliw t6, " #a ", 22\n\t" \ + "xor t4, t4, a4\n\t" \ + "xor a5, a5, t6\n\t" \ + /* Maj(a, b, c) = t5 */ \ + /* Ch(e, f, g) = t6 */ \ + /* f ^ g */ \ + "xor t6, " #f ", " #g "\n\t" \ + /* a ^ b */ \ + "xor t5, " #a ", " #b "\n\t" \ + /* b ^ c */ \ + "xor a4, " #b ", " #c "\n\t" \ + "xor a5, a5, t4\n\t" \ + /* (f ^ g) & e */ \ + "and t6, t6, " #e "\n\t" \ + /* (a^b) & (b^c) */ \ + "and t5, t5, a4\n\t" \ + /* ((f ^ g) & e) ^ g */ \ + "xor t6, t6, " #g "\n\t" \ + /* K + W */ \ + "addw a4, " #k ", " #w "\n\t" \ + /* h + sigma1 + Ch */ \ + "addw " #h ", " #h ", t6\n\t" \ + /* ((a^b) & (b^c)) ^ b */ \ + "xor t5, t5, " #b "\n\t" \ + /* 't0' = h + sigma1 + Ch + K + W */ \ + "addw " #h ", " #h ", a4\n\t" \ + /* 't1' = Sigma0(a) + Maj */ \ + "addw t5, a5, t5\n\t" \ + /* d += 't0' */ \ + "addw " #d ", " #d ", " #h "\n\t" \ + /* h = 't0' + 't1' */ \ + "addw " #h ", " #h ", t5\n\t" + +/* Two message schedule updates. */ +#define W_UPDATE_2(w0, w1, w4, w5, w7, reg_w0, reg_w1, reg_w7) \ + /* W[i-15] = W[1] */ \ + "srli a7, " #w0 ", 32\n\t" \ + /* W[i-7] = W[9] */ \ + "srli a6, " #w4 ", 32\n\t" \ + /* Gamma0(W[1]) */ \ + "slliw t4, a7, 25\n\t" \ + "srliw t5, a7, 7\n\t" \ + "slliw t6, a7, 14\n\t" \ + "srliw a4, a7, 18\n\t" \ + "or t4, t4, t5\n\t" \ + "srliw t5, a7, 3\n\t" \ + "xor a4, a4, t6\n\t" \ + "xor t4, t4, t5\n\t" \ + /* Gamma1(W[i-2]) = Gamma1(W[14]) */ \ + "slliw t6, " #w7 ", 15\n\t" \ + "srliw t5, " #w7 ", 17\n\t" \ + "xor a4, a4, t4\n\t" \ + "slliw t4, " #w7 ", 13\n\t" \ + "srliw a5, " #w7 ", 19\n\t" \ + "or t6, t6, t5\n\t" \ + "srliw t5, " #w7 ", 10\n\t" \ + "xor a5, a5, t4\n\t" \ + "xor t6, t6, t5\n\t" \ + "xor a5, a5, t6\n\t" \ + /* Gamma0(W[1]) + W[i-16] = Gamma0(W[1]) + W[0] */ \ + "addw " #w0 ", " #w0 ", a4\n\t" \ + /* Gamma1(W[14]) + W[9] */ \ + "addw a5, a5, a6\n\t" \ + /* W[0] = Gamma1(W[14]) + W[9] + Gamma0(W[1]) + W[0] */ \ + "addw " #w0 ", a5, " #w0 "\n\t" \ + \ + /* W[i+1-16] = W[1] = a7 */ \ + /* W[i+1-2] = W[15] */ \ + "srli a4, " #w7 ", 32\n\t" \ + /* Gamma0(W[i+1-15]) = Gamma0(W[2]) */ \ + "slliw t4, " #w1 ", 25\n\t" \ + "srliw t5, " #w1 ", 7\n\t" \ + "slliw t6, " #w1 ", 14\n\t" \ + "srliw a6, " #w1 ", 18\n\t" \ + "or t4, t4, t5\n\t" \ + "srliw t5, " #w1 ", 3\n\t" \ + "xor a6, a6, t6\n\t" \ + "xor t4, t4, t5\n\t" \ + /* Gamma1(W[i+1-2]) = Gamma1(W[15]) */ \ + "slliw t6, a4, 15\n\t" \ + "srliw t5, a4, 17\n\t" \ + "xor a6, a6, t4\n\t" \ + "slliw t4, a4, 13\n\t" \ + "srliw a5, a4, 19\n\t" \ + "or t6, t6, t5\n\t" \ + "srliw t5, a4, 10\n\t" \ + "xor a5, a5, t4\n\t" \ + "xor t6, t6, t5\n\t" \ + "xor a5, a5, t6\n\t" \ + /* Gamma0(W[2]) + W[i+1-16] = Gamma0(W[2]) + W[1] */ \ + "addw t5, a6, a7\n\t" \ + /* Gamma1(W[15]) + W[i+1-7] = Gamma1(W[15]) + W[10] */ \ + "addw a5, a5, " #w5 "\n\t" \ + /* Gamma1(W[i-2]) + W[i-7] + Gamma0(W[i-15]) + W[i-16] */ \ + "addw a5, a5, t5\n\t" \ + /* Place in W[i+1-16] = W[1] */ \ + PACK_BB(w0, w0, a5, reg_w0, reg_w0, REG_A5) + +#endif /* WOLFSSL_RISCV_SCALAR_CRYPTO_ASM */ + +/* Two rounds of compression. */ +#define RND2(a, b, c, d, e, f, g, h, w, o) \ + /* Get k[i], k[i+1] */ \ + "ld a6, " #o "(%[k])\n\t" \ + RND(a, b, c, d, e, f, g, h, w, a6) \ + /* Move k[i+1] down */ \ + "srli a6, a6, 32\n\t" \ + /* Move W[i] down */ \ + "srli a7, " #w ", 32\n\t" \ + RND(h, a, b, c, d, e, f, g, a7, a6) + +/* Sixteen rounds of compression with message scheduling. */ +#define RND16() \ + RND2(t0, t1, t2, t3, s8, s9, s10, s11, s0, 0) \ + W_UPDATE_2(s0, s1, s4, s5, s7, REG_S0, REG_S1, REG_S7) \ + RND2(s10, s11, t0, t1, t2, t3, s8, s9, s1, 8) \ + W_UPDATE_2(s1, s2, s5, s6, s0, REG_S1, REG_S2, REG_S0) \ + RND2(s8, s9, s10, s11, t0, t1, t2, t3, s2, 16) \ + W_UPDATE_2(s2, s3, s6, s7, s1, REG_S2, REG_S3, REG_S1) \ + RND2(t2, t3, s8, s9, s10, s11, t0, t1, s3, 24) \ + W_UPDATE_2(s3, s4, s7, s0, s2, REG_S3, REG_S4, REG_S2) \ + RND2(t0, t1, t2, t3, s8, s9, s10, s11, s4, 32) \ + W_UPDATE_2(s4, s5, s0, s1, s3, REG_S4, REG_S5, REG_S3) \ + RND2(s10, s11, t0, t1, t2, t3, s8, s9, s5, 40) \ + W_UPDATE_2(s5, s6, s1, s2, s4, REG_S5, REG_S6, REG_S4) \ + RND2(s8, s9, s10, s11, t0, t1, t2, t3, s6, 48) \ + W_UPDATE_2(s6, s7, s2, s3, s5, REG_S6, REG_S7, REG_S5) \ + RND2(t2, t3, s8, s9, s10, s11, t0, t1, s7, 56) \ + W_UPDATE_2(s7, s0, s3, s4, s6, REG_S7, REG_S0, REG_S6) + +/* Sixteen rounds of compression only. */ +#define RND16_LAST() \ + RND2(t0, t1, t2, t3, s8, s9, s10, s11, s0, 0) \ + RND2(s10, s11, t0, t1, t2, t3, s8, s9, s1, 8) \ + RND2(s8, s9, s10, s11, t0, t1, t2, t3, s2, 16) \ + RND2(t2, t3, s8, s9, s10, s11, t0, t1, s3, 24) \ + RND2(t0, t1, t2, t3, s8, s9, s10, s11, s4, 32) \ + RND2(s10, s11, t0, t1, t2, t3, s8, s9, s5, 40) \ + RND2(s8, s9, s10, s11, t0, t1, t2, t3, s6, 48) \ + RND2(t2, t3, s8, s9, s10, s11, t0, t1, s7, 56) + +/* Transform the message data. + * + * @param [in, out] sha256 SHA-256 object. + * @param [in] data Buffer of data to hash. + * @param [in] blocks Number of blocks of data to hash. + */ +static WC_INLINE void Sha256Transform(wc_Sha256* sha256, const byte* data, + word32 blocks) +{ + word32* k = (word32*)K; + + __asm__ __volatile__ ( + /* Load digest. */ + "ld t0, 0(%[digest])\n\t" + "ld t2, 8(%[digest])\n\t" + "ld s8, 16(%[digest])\n\t" + "ld s10, 24(%[digest])\n\t" + "srli t1, t0, 32\n\t" + "srli t3, t2, 32\n\t" + "srli s9, s8, 32\n\t" + "srli s11, s10, 32\n\t" + + /* 4 rounds of 16 per block. */ + "slli %[blocks], %[blocks], 2\n\t" + + "\n1:\n\t" + /* beginning of SHA256 block operation */ + /* Load W */ +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + LOAD_DWORD_REV(s0, 0, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s1, 8, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s2, 16, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s3, 24, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s4, 32, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s5, 40, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s6, 48, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s7, 56, %[data], a4, a5, a6, a7) +#else + "lwu a4, 0(%[data])\n\t" + "lwu s0, 4(%[data])\n\t" + "lwu a5, 8(%[data])\n\t" + "lwu s1, 12(%[data])\n\t" + "lwu a6, 16(%[data])\n\t" + "lwu s2, 20(%[data])\n\t" + "lwu a7, 24(%[data])\n\t" + "lwu s3, 28(%[data])\n\t" + PACK_BB(s0, s0, a4, REG_S0, REG_S0, REG_A4) + PACK_BB(s1, s1, a5, REG_S1, REG_S1, REG_A5) + PACK_BB(s2, s2, a6, REG_S2, REG_S2, REG_A6) + PACK_BB(s3, s3, a7, REG_S3, REG_S3, REG_A7) + REV8(REG_S0, REG_S0) + REV8(REG_S1, REG_S1) + REV8(REG_S2, REG_S2) + REV8(REG_S3, REG_S3) + "lwu a4, 32(%[data])\n\t" + "lwu s4, 36(%[data])\n\t" + "lwu a5, 40(%[data])\n\t" + "lwu s5, 44(%[data])\n\t" + "lwu a6, 48(%[data])\n\t" + "lwu s6, 52(%[data])\n\t" + "lwu a7, 56(%[data])\n\t" + "lwu s7, 60(%[data])\n\t" + PACK_BB(s4, s4, a4, REG_S4, REG_S4, REG_A4) + PACK_BB(s5, s5, a5, REG_S5, REG_S5, REG_A5) + PACK_BB(s6, s6, a6, REG_S6, REG_S6, REG_A6) + PACK_BB(s7, s7, a7, REG_S7, REG_S7, REG_A7) + REV8(REG_S4, REG_S4) + REV8(REG_S5, REG_S5) + REV8(REG_S6, REG_S6) + REV8(REG_S7, REG_S7) +#endif + + /* Subtract one as there are only 3 loops. */ + "addi %[blocks], %[blocks], -1\n\t" + "\n2:\n\t" + RND16() + "addi %[blocks], %[blocks], -1\n\t" + "add %[k], %[k], 64\n\t" + "andi a4, %[blocks], 3\n\t" + "bnez a4, 2b \n\t" + RND16_LAST() + "addi %[k], %[k], -192\n\t" + + "# Add working vars back into digest state.\n\t" + "ld a4, 0(%[digest])\n\t" + "ld a5, 8(%[digest])\n\t" + "ld a6, 16(%[digest])\n\t" + "ld a7, 24(%[digest])\n\t" + "addw t0, t0, a4\n\t" + "addw t2, t2, a5\n\t" + "addw s8, s8, a6\n\t" + "addw s10, s10, a7\n\t" + "srli a4, a4, 32\n\t" + "srli a5, a5, 32\n\t" + "srli a6, a6, 32\n\t" + "srli a7, a7, 32\n\t" + "addw t1, t1, a4\n\t" + "addw t3, t3, a5\n\t" + "addw s9, s9, a6\n\t" + "addw s11, s11, a7\n\t" + + /* Store digest. */ + "sw t0, 0(%[digest])\n\t" + "sw t1, 4(%[digest])\n\t" + "sw t2, 8(%[digest])\n\t" + "sw t3, 12(%[digest])\n\t" + "sw s8, 16(%[digest])\n\t" + "sw s9, 20(%[digest])\n\t" + "sw s10, 24(%[digest])\n\t" + "sw s11, 28(%[digest])\n\t" + + "add %[data], %[data], 64\n\t" + "bnez %[blocks], 1b \n\t" + + : [blocks] "+r" (blocks), [data] "+r" (data), [k] "+r" (k) + : [digest] "r" (sha256->digest) + : "cc", "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6", + "a4", "a5", "a6", "a7", + "s0", "s1", "s2", "s3", "s4", "s5", "s6", "s7", "s8", "s9", "s10", + "s11" + ); +} + +#else + +/* Two rounds of compression using low two 32-bit W values. + * Assumes K has been added into W values. + */ +#define VSHA2CL_VV(vd, vs1, vs2) \ + ASM_WORD((0b101111 << 26) | (0b1 << 25) | \ + (0b010 << 12) | (0b1110111 << 0) | \ + (vd << 7) | (vs1 << 15) | (vs2 << 20)) + +/* Two rounds of compression using upper two 32-bit W values. + * Assumes K has been added into W values. + */ +#define VSHA2CH_VV(vd, vs1, vs2) \ + ASM_WORD((0b101110 << 26) | (0b1 << 25) | \ + (0b010 << 12) | (0b1110111 << 0) | \ + (vd << 7) | (vs1 << 15) | (vs2 << 20)) + +/* Update 4 W values - message scheduling. */ +#define VSHA2MS_VV(vd, vs1, vs2) \ + ASM_WORD((0b101101 << 26) | (0b1 << 25) | \ + (0b010 << 12) | (0b1110111 << 0) | \ + (vd << 7) | (vs1 << 15) | (vs2 << 20)) + +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION +/* Indecies to use with gather vector instruction to reverse bytes. */ +static const word32 rev_idx[4] = { + 0x00010203, 0x04050607, 0x08090a0b, 0x0c0d0e0f +}; +#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ + +#define RND4(w0, w1, w2, w3, k) \ + /* Four rounds of compression. */ \ + VADD_VV(REG_V7, w0, k) \ + VMV_X_S(REG_T1, w1) \ + VSHA2CL_VV(REG_V5, REG_V7, REG_V4) \ + VMV_V_V(REG_V6, w2) \ + VSHA2CH_VV(REG_V4, REG_V7, REG_V5) \ + /* Update 4 W values - message schedule. */ \ + VMV_S_X(REG_V6, REG_T1) \ + VSHA2MS_VV(w0, w3, REG_V6) + +#define RND4_LAST(w, k) \ + /* Four rounds of compression. */ \ + VADD_VV(REG_V7, w, k) \ + VSHA2CL_VV(REG_V5, REG_V7, REG_V4) \ + VSHA2CH_VV(REG_V4, REG_V7, REG_V5) + +#define RND16(k) \ + RND4(REG_V0, REG_V1, REG_V2, REG_V3, (k + 0)) \ + RND4(REG_V1, REG_V2, REG_V3, REG_V0, (k + 1)) \ + RND4(REG_V2, REG_V3, REG_V0, REG_V1, (k + 2)) \ + RND4(REG_V3, REG_V0, REG_V1, REG_V2, (k + 3)) + +#define RND16_LAST(k) \ + RND4_LAST(REG_V0, (k + 0)) \ + RND4_LAST(REG_V1, (k + 1)) \ + RND4_LAST(REG_V2, (k + 2)) \ + RND4_LAST(REG_V3, (k + 3)) + +/* Transform the message data. + * + * @param [in, out] sha256 SHA-256 object. + * @param [in] data Buffer of data to hash. + * @param [in] blocks Number of blocks of data to hash. + */ +static void Sha256Transform(wc_Sha256* sha256, const byte* data, + word32 blocks) +{ + word32* k = (word32*)K; + + __asm__ __volatile__ ( + VSETIVLI(REG_ZERO, 4, 1, 1, 0b010, 0b000) + + /* Load: a|b|e|f, c|d|g|h + * 3 2 1 0 3 2 1 0 + */ + "mv t0, %[digest]\n\t" + VL2RE32_V(REG_V4, REG_T0) + + "mv t0, %[k]\n\t" + VL8RE32_V(REG_V8, REG_T0) + "addi t0, %[k], 128\n\t" + VL8RE32_V(REG_V16, REG_T0) + + "\n1:\n\t" + VMV_V_V(REG_V30, REG_V4) + VMV_V_V(REG_V31, REG_V5) + + /* Load 16 W into 4 vectors of 4 32-bit words. */ + "mv t0, %[data]\n\t" + VL4RE32_V(REG_V0, REG_T0) + VREV8(REG_V0, REG_V0) + VREV8(REG_V1, REG_V1) + VREV8(REG_V2, REG_V2) + VREV8(REG_V3, REG_V3) + + RND16(REG_V8) + RND16(REG_V12) + RND16(REG_V16) + RND16_LAST(REG_V20) + + VADD_VV(REG_V4, REG_V4, REG_V30) + VADD_VV(REG_V5, REG_V5, REG_V31) + + "addi %[blocks], %[blocks], -1\n\t" + "add %[data], %[data], 64\n\t" + "bnez %[blocks], 1b \n\t" + + "mv t0, %[digest]\n\t" + VS2R_V(REG_V4, REG_T0) + + : [blocks] "+r" (blocks), [data] "+r" (data), [k] "+r" (k) + : [digest] "r" (sha256->digest) +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + , [rev_idx] "r" (rev_idx) +#endif + : "cc", "memory", "t0", "t1" + ); +} + +#endif /* WOLFSSL_RISCV_VECTOR_CRYPTO_ASM */ + +/* Update the hash with data. + * + * @param [in, out] sha256 SHA-256 object. + * @param [in] data Buffer of data to hash. + * @param [in] len Number of bytes in buffer to hash. + * @return 0 on success. + */ +static WC_INLINE int Sha256Update(wc_Sha256* sha256, const byte* data, + word32 len) +{ + word32 add; + word32 blocks; + + /* only perform actions if a buffer is passed in */ + if (len > 0) { + AddLength(sha256, len); + + if (sha256->buffLen > 0) { + /* fill leftover buffer with data */ + add = min(len, WC_SHA256_BLOCK_SIZE - sha256->buffLen); + XMEMCPY((byte*)(sha256->buffer) + sha256->buffLen, data, add); + sha256->buffLen += add; + data += add; + len -= add; + if (sha256->buffLen == WC_SHA256_BLOCK_SIZE) { + Sha256Transform(sha256, (byte*)sha256->buffer, 1); + sha256->buffLen = 0; + } + } + + /* number of blocks in a row to complete */ + blocks = len / WC_SHA256_BLOCK_SIZE; + + if (blocks > 0) { + Sha256Transform(sha256, data, blocks); + data += blocks * WC_SHA256_BLOCK_SIZE; + len -= blocks * WC_SHA256_BLOCK_SIZE; + } + + if (len > 0) { + /* copy over any remaining data leftover */ + XMEMCPY(sha256->buffer, data, len); + sha256->buffLen = len; + } + } + + /* account for possibility of not used if len = 0 */ + (void)add; + (void)blocks; + + return 0; +} + +/* Finalize the hash and put into buffer. + * + * @param [in, out] sha256 SHA-256 object. + * @param [out] hash Buffer to hold hash result. + */ +static WC_INLINE void Sha256Final(wc_Sha256* sha256, byte* hash) +{ + byte* local; + + local = (byte*)sha256->buffer; + local[sha256->buffLen++] = 0x80; /* add 1 */ + + /* pad with zeros */ + if (sha256->buffLen > WC_SHA256_PAD_SIZE) { + XMEMSET(&local[sha256->buffLen], 0, + WC_SHA256_BLOCK_SIZE - sha256->buffLen); + Sha256Transform(sha256, (byte*)sha256->buffer, 1); + sha256->buffLen = 0; + } + XMEMSET(&local[sha256->buffLen], 0, WC_SHA256_PAD_SIZE - sha256->buffLen); + + /* put lengths in bits */ + sha256->hiLen = (sha256->loLen >> (8*sizeof(sha256->loLen) - 3)) + + (sha256->hiLen << 3); + sha256->loLen = sha256->loLen << 3; + + XMEMCPY(&local[WC_SHA256_PAD_SIZE], &sha256->hiLen, sizeof(word32)); + XMEMCPY(&local[WC_SHA256_PAD_SIZE + sizeof(word32)], &sha256->loLen, + sizeof(word32)); + + /* store lengths */ + __asm__ __volatile__ ( + /* Reverse byte order of 32-bit words. */ +#if defined(WOLFSSL_RISCV_BASE_BIT_MANIPULATION) + "ld t1, 56(%[buff])\n\t" + REV8(REG_T1, REG_T1) + "srli t0, t1, 32\n\t" + "sw t0, 56(%[buff])\n\t" + "sw t1, 60(%[buff])\n\t" +#else + LOAD_WORD_REV(t0, 56, %[buff], t2, t3, t4) + LOAD_WORD_REV(t1, 60, %[buff], t2, t3, t4) + "sw t0, 56(%[buff])\n\t" + "sw t1, 60(%[buff])\n\t" +#endif + : + : [buff] "r" (sha256->buffer) + : "cc", "memory", "t0", "t1", "t2", "t3", "t4" + ); + + Sha256Transform(sha256, (byte*)sha256->buffer, 1); + + __asm__ __volatile__ ( + /* Reverse byte order of 32-bit words. */ +#if defined(WOLFSSL_RISCV_VECTOR_CRYPTO_ASM) + VSETIVLI(REG_ZERO, 4, 1, 1, 0b010, 0b000) + "mv t0, %[digest]\n\t" + VL2RE32_V(REG_V8, REG_T0) + VREV8(REG_V8, REG_V8) + VREV8(REG_V9, REG_V9) + /* a|b|e|f, c|d|g|h + * 3 2 1 0 3 2 1 0 */ + VSLIDEDOWN_VI(REG_V0, REG_V8, 3) /* a */ + VSLIDEDOWN_VI(REG_V2, REG_V8, 2) /* b */ + VSLIDEDOWN_VI(REG_V1, REG_V8, 1) /* e */ + VSLIDEDOWN_VI(REG_V3, REG_V9, 3) /* c */ + VSLIDEDOWN_VI(REG_V4, REG_V9, 2) /* d */ + VSLIDEDOWN_VI(REG_V5, REG_V9, 1) /* g */ + /* -|-|-|a, -|-|-|e */ + VSLIDEUP_VI(REG_V0, REG_V2, 1) + /* -|-|b|a, -|-|-|e */ + VSLIDEUP_VI(REG_V0, REG_V3, 2) + /* -|c|b|a, -|-|-|e */ + VSLIDEUP_VI(REG_V0, REG_V4, 3) + /* d|c|b|a, -|-|-|e */ + VSLIDEUP_VI(REG_V1, REG_V8, 1) + /* d|c|b|a, -|-|f|e */ + VSLIDEUP_VI(REG_V1, REG_V5, 2) + /* d|c|b|a, -|g|f|e */ + VSLIDEUP_VI(REG_V1, REG_V9, 3) + /* d|c|b|a, h|g|f|e */ + "mv t0, %[hash]\n\t" + VS2R_V(REG_V0, REG_T0) +#elif defined(WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION) + VSETIVLI(REG_ZERO, 4, 1, 1, 0b010, 0b000) + "mv t0, %[digest]\n\t" + VL2RE32_V(REG_V0, REG_T0) + VREV8(REG_V0, REG_V0) + VREV8(REG_V1, REG_V1) + "mv t0, %[hash]\n\t" + VS2R_V(REG_V0, REG_T0) +#elif defined(WOLFSSL_RISCV_BASE_BIT_MANIPULATION) + "ld t1, 0(%[digest])\n\t" + "ld t3, 8(%[digest])\n\t" + "ld s1, 16(%[digest])\n\t" + "ld s3, 24(%[digest])\n\t" + REV8(REG_T1, REG_T1) + REV8(REG_T3, REG_T3) + REV8(REG_S1, REG_S1) + REV8(REG_S3, REG_S3) + "srli t0, t1, 32\n\t" + "srli t2, t3, 32\n\t" + "srli s0, s1, 32\n\t" + "srli s2, s3, 32\n\t" + "sw t0, 0(%[hash])\n\t" + "sw t1, 4(%[hash])\n\t" + "sw t2, 8(%[hash])\n\t" + "sw t3, 12(%[hash])\n\t" + "sw s0, 16(%[hash])\n\t" + "sw s1, 20(%[hash])\n\t" + "sw s2, 24(%[hash])\n\t" + "sw s3, 28(%[hash])\n\t" +#else + LOAD_WORD_REV(t0, 0, %[digest], t2, t3, t4) + LOAD_WORD_REV(t1, 4, %[digest], t2, t3, t4) + LOAD_WORD_REV(s0, 8, %[digest], t2, t3, t4) + LOAD_WORD_REV(s1, 12, %[digest], t2, t3, t4) + "sw t0, 0(%[hash])\n\t" + "sw t1, 4(%[hash])\n\t" + "sw s0, 8(%[hash])\n\t" + "sw s1, 12(%[hash])\n\t" + LOAD_WORD_REV(t0, 16, %[digest], t2, t3, t4) + LOAD_WORD_REV(t1, 20, %[digest], t2, t3, t4) + LOAD_WORD_REV(s0, 24, %[digest], t2, t3, t4) + LOAD_WORD_REV(s1, 28, %[digest], t2, t3, t4) + "sw t0, 16(%[hash])\n\t" + "sw t1, 20(%[hash])\n\t" + "sw s0, 24(%[hash])\n\t" + "sw s1, 28(%[hash])\n\t" +#endif + : + : [digest] "r" (sha256->digest), [hash] "r" (hash) +#if defined(WOLFSSL_RISCV_VECTOR_CRYPTO_ASM) && \ + !defined(WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION) + , [rev_idx] "r" (rev_idx) +#endif + : "cc", "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6", + "s0", "s1", "s2", "s3" + ); +} + + +#ifndef NO_SHA256 + +/* Initialize SHA-256 object for hashing. + * + * @param [in, out] sha256 SHA-256 object. + * @param [in] heap Dynamic memory hint. + * @param [in] devId Device Id. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha256 is NULL. + */ +int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId) +{ + int ret = 0; + + /* Validate parameters. */ + if (sha256 == NULL) { + ret = BAD_FUNC_ARG; + } + else { + sha256->heap = heap; + #ifdef WOLF_CRYPTO_CB + sha256->devId = devId; + #endif + (void)devId; + + InitSha256(sha256); + } + + return ret; +} + +/* Initialize SHA-256 object for hashing. + * + * @param [in, out] sha256 SHA-256 object. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha256 is NULL. + */ +int wc_InitSha256(wc_Sha256* sha256) +{ + return wc_InitSha256_ex(sha256, NULL, INVALID_DEVID); +} + +/* Free the SHA-256 hash. + * + * @param [in] sha256 SHA-256 object. + */ +void wc_Sha256Free(wc_Sha256* sha256) +{ + /* No dynamic memory allocated. */ + (void)sha256; +} + +/* Update the hash with data. + * + * @param [in, out] sha256 SHA-256 object. + * @param [in] data Buffer of data to hash. + * @param [in] len Number of bytes in buffer to hash. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha256 is NULL. + * @return BAD_FUNC_ARG when data is NULL but len is not 0. + */ +int wc_Sha256Update(wc_Sha256* sha256, const byte* data, word32 len) +{ + int ret; + + /* Validate parameters. */ + if ((sha256 == NULL) || ((data == NULL) && (len != 0))) { + ret = BAD_FUNC_ARG; + } + else { + ret = Sha256Update(sha256, data, len); + } + + return ret; +} + +/* Put the current hash into buffer. + * + * @param [in, out] sha256 SHA-256 object. + * @param [out] hash Buffer to hold hash result. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha256 or hash is NULL. + */ +int wc_Sha256FinalRaw(wc_Sha256* sha256, byte* hash) +{ + int ret = 0; + + /* Validate parameters. */ + if ((sha256 == NULL) || (hash == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + #ifdef LITTLE_ENDIAN_ORDER + word32 digest[WC_SHA256_DIGEST_SIZE / sizeof(word32)]; + + ByteReverseWords((word32*)digest, (word32*)sha256->digest, + WC_SHA256_DIGEST_SIZE); + XMEMCPY(hash, digest, WC_SHA256_DIGEST_SIZE); + #else + XMEMCPY(hash, sha256->digest, WC_SHA256_DIGEST_SIZE); + #endif + } + + return ret; +} + +/* Finalize the hash and put into buffer. + * + * @param [in, out] sha256 SHA-256 object. + * @param [out] hash Buffer to hold hash result. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha256 or hash is NULL. + */ +int wc_Sha256Final(wc_Sha256* sha256, byte* hash) +{ + int ret = 0; + + /* Validate parameters. */ + if ((sha256 == NULL) || (hash == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + /* Finalize hash. */ + Sha256Final(sha256, hash); + /* Restart SHA-256 object for next hash. */ + InitSha256(sha256); + } + + return ret; +} + +/* Finalize the hash and put into buffer but don't modify state. + * + * @param [in, out] sha256 SHA-256 object. + * @param [out] hash Buffer to hold hash result. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha256 or hash is NULL. + */ +int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash) +{ + int ret; + + /* Validate parameters. */ + if ((sha256 == NULL) || (hash == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + wc_Sha256 tmpSha256; + /* Create a copy of the hash to finalize. */ + ret = wc_Sha256Copy(sha256, &tmpSha256); + if (ret == 0) { + /* Finalize copy. */ + Sha256Final(&tmpSha256, hash); + } + } + + return ret; +} + +#ifdef WOLFSSL_HASH_FLAGS +/* Set flags of SHA-256 object. + * + * @param [in, out] sha256 SHA-256 object. + * @param [in] flags Flags to set. + * @return 0 on success. + */ +int wc_Sha256SetFlags(wc_Sha256* sha256, word32 flags) +{ + /* Check we have an object to use. */ + if (sha256 != NULL) { + sha256->flags = flags; + } + return 0; +} +/* Get flags of SHA-256 object. + * + * @param [in] sha256 SHA-256 object. + * @param [out] flags Flags from SHA-256 object. + * @return 0 on success. + */ +int wc_Sha256GetFlags(wc_Sha256* sha256, word32* flags) +{ + /* Check we have an object and return parameter to use. */ + if ((sha256 != NULL) && (flags != NULL)) { + *flags = sha256->flags; + } + return 0; +} +#endif + +/* Deep copy the SHA-256 object. + * + * @param [in] src SHA-256 object to copy. + * @param [out] dst SHA-256 object to fill. + * @return 0 on success. + * @return BAD_FUNC_ARG when src or dst is NULL. + */ +int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst) +{ + int ret = 0; + + /* Validate parameters. */ + if ((src == NULL) || (dst == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + XMEMCPY(dst, src, sizeof(wc_Sha256)); + } + + return ret; +} + +#ifdef OPENSSL_EXTRA +/* Update the hash with one block of data. + * + * @param [in, out] sha256 SHA-256 object. + * @param [in] data Buffer of data to hash. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha256 or data is NULL. + */ +int wc_Sha256Transform(wc_Sha256* sha256, const unsigned char* data) +{ + int ret = 0; + + /* Validate parameters. */ + if ((sha256 == NULL) || (data == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + #ifdef LITTLE_ENDIAN_ORDER + ByteReverseWords(sha256->buffer, (word32*)data, WC_SHA256_BLOCK_SIZE); + #else + XMEMCPY(sha256->buffer, data, WC_SHA256_BLOCK_SIZE); + #endif + Sha256Transform(sha256, (byte*)sha256->buffer, 1); + } + + return ret; +} +#endif + +#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_FULL_HASH) +/* Update the hash with one block of data and optionally get hash. + * + * @param [in, out] sha256 SHA-256 object. + * @param [in] data Buffer of data to hash. + * @param [out] hash Buffer to hold hash. May be NULL. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha256 or data is NULL. + */ +int wc_Sha256HashBlock(wc_Sha256* sha256, const unsigned char* data, + unsigned char* hash) +{ + int ret = 0; + + /* Validate parameters. */ + if ((sha256 == NULL) || (data == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + /* Hash block. */ + Sha256Transform(sha256, data, 1); + + if (hash != NULL) { + /* Reverse bytes in digest. */ + #ifdef LITTLE_ENDIAN_ORDER + word32* hash32 = (word32*)hash; + word32* digest = (word32*)sha256->digest; + hash32[0] = ByteReverseWord32(digest[0]); + hash32[1] = ByteReverseWord32(digest[1]); + hash32[2] = ByteReverseWord32(digest[2]); + hash32[3] = ByteReverseWord32(digest[3]); + hash32[4] = ByteReverseWord32(digest[4]); + hash32[5] = ByteReverseWord32(digest[5]); + hash32[6] = ByteReverseWord32(digest[6]); + hash32[7] = ByteReverseWord32(digest[7]); + #else + XMEMCPY(hash, sha256->digest, WC_SHA256_DIGEST_SIZE); + #endif + /* Reset state. */ + #ifndef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM + sha256->digest[0] = 0x6A09E667L; + sha256->digest[1] = 0xBB67AE85L; + sha256->digest[2] = 0x3C6EF372L; + sha256->digest[3] = 0xA54FF53AL; + sha256->digest[4] = 0x510E527FL; + sha256->digest[5] = 0x9B05688CL; + sha256->digest[6] = 0x1F83D9ABL; + sha256->digest[7] = 0x5BE0CD19L; + #else + /* f, e, b, a, h, g, d, c */ + sha256->digest[0] = 0x9B05688CL; + sha256->digest[1] = 0x510E527FL; + sha256->digest[2] = 0xBB67AE85L; + sha256->digest[3] = 0x6A09E667L; + sha256->digest[4] = 0x5BE0CD19L; + sha256->digest[5] = 0x1F83D9ABL; + sha256->digest[6] = 0xA54FF53AL; + sha256->digest[7] = 0x3C6EF372L; + #endif + } + } + + return ret; +} +#endif /* WOLFSSL_HAVE_LMS && !WOLFSSL_LMS_FULL_HASH */ + +#endif /* !NO_SHA256 */ + + +#ifdef WOLFSSL_SHA224 + +/* Initialze SHA-224 object for hashing. + * + * @param [in, out] sha224 SHA-224 object. + */ +static void InitSha224(wc_Sha224* sha224) +{ + /* Set initial hash values. */ +#ifndef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM + sha224->digest[0] = 0xc1059ed8; + sha224->digest[1] = 0x367cd507; + sha224->digest[2] = 0x3070dd17; + sha224->digest[3] = 0xf70e5939; + sha224->digest[4] = 0xffc00b31; + sha224->digest[5] = 0x68581511; + sha224->digest[6] = 0x64f98fa7; + sha224->digest[7] = 0xbefa4fa4; +#else + /* f, e, b, a, h, g, d, c */ + sha224->digest[0] = 0x68581511; + sha224->digest[1] = 0xffc00b31; + sha224->digest[2] = 0x367cd507; + sha224->digest[3] = 0xc1059ed8; + sha224->digest[4] = 0xbefa4fa4; + sha224->digest[5] = 0x64f98fa7; + sha224->digest[6] = 0xf70e5939; + sha224->digest[7] = 0x3070dd17; +#endif + + /* No hashed data. */ + sha224->buffLen = 0; + /* No data hashed. */ + sha224->loLen = 0; + sha224->hiLen = 0; + +#ifdef WOLFSSL_HASH_FLAGS + sha224->flags = 0; +#endif +} + +/* Initialize SHA-224 object for hashing. + * + * @param [in, out] sha224 SHA-224 object. + * @param [in] heap Dynamic memory hint. + * @param [in] devId Device Id. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha224 is NULL. + */ +int wc_InitSha224_ex(wc_Sha224* sha224, void* heap, int devId) +{ + int ret = 0; + + /* Validate parameters. */ + if (sha224 == NULL) { + ret = BAD_FUNC_ARG; + } + else { + sha224->heap = heap; + (void)devId; + + InitSha224(sha224); + } + + return ret; +} + +/* Initialize SHA-224 object for hashing. + * + * @param [in, out] sha224 SHA-224 object. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha224 is NULL. + */ +int wc_InitSha224(wc_Sha224* sha224) +{ + return wc_InitSha224_ex(sha224, NULL, INVALID_DEVID); +} + +/* Update the hash with data. + * + * @param [in, out] sha224 SHA-224 object. + * @param [in] data Buffer of data to hash. + * @param [in] len Number of bytes in buffer to hash. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha224 is NULL. + * @return BAD_FUNC_ARG when data is NULL but len is not 0. + */ +int wc_Sha224Update(wc_Sha224* sha224, const byte* data, word32 len) +{ + int ret; + + /* Validate parameters. */ + if ((sha224 == NULL) || ((data == NULL) && (len > 0))) { + ret = BAD_FUNC_ARG; + } + else { + ret = Sha256Update((wc_Sha256 *)sha224, data, len); + } + + return ret; +} + +/* Finalize the hash and put into buffer. + * + * @param [in, out] sha224 SHA-224 object. + * @param [out] hash Buffer to hold hash result. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha224 or hash is NULL. + */ +int wc_Sha224Final(wc_Sha224* sha224, byte* hash) +{ + int ret = 0; + + /* Validate parameters. */ + if ((sha224 == NULL) || (hash == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + word32 hashTmp[WC_SHA256_DIGEST_SIZE/sizeof(word32)]; + /* Finalize hash. */ + Sha256Final((wc_Sha256*)sha224, (byte*)hashTmp); + /* Return only 224 bits. */ + XMEMCPY(hash, hashTmp, WC_SHA224_DIGEST_SIZE); + /* Restart SHA-256 object for next hash. */ + InitSha224(sha224); + } + + return ret; +} + +/* Free the SHA-224 hash. + * + * @param [in] sha224 SHA-224 object. + */ +void wc_Sha224Free(wc_Sha224* sha224) +{ + /* No dynamic memory allocated. */ + (void)sha224; +} + +/* Finalize the hash and put into buffer but don't modify state. + * + * @param [in, out] sha224 SHA-224 object. + * @param [out] hash Buffer to hold hash result. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha224 or hash is NULL. + */ +int wc_Sha224GetHash(wc_Sha224* sha224, byte* hash) +{ + int ret; + + /* Validate parameters. */ + if ((sha224 == NULL) || (hash == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + wc_Sha224 tmpSha224; + /* Create a copy of the hash to finalize. */ + ret = wc_Sha224Copy(sha224, &tmpSha224); + if (ret == 0) { + /* Finalize copy. */ + ret = wc_Sha224Final(&tmpSha224, hash); + } + } + + return ret; +} + +#ifdef WOLFSSL_HASH_FLAGS +/* Set flags of SHA-224 object. + * + * @param [in, out] sha224 SHA-224 object. + * @param [in] flags Flags to set. + * @return 0 on success. + */ +int wc_Sha224SetFlags(wc_Sha224* sha224, word32 flags) +{ + /* Check we have an object to use. */ + if (sha224 != NULL) { + sha224->flags = flags; + } + return 0; +} +/* Get flags of SHA-224 object. + * + * @param [in] sha224 SHA-224 object. + * @param [out] flags Flags from SHA-224 object. + * @return 0 on success. + */ +int wc_Sha224GetFlags(wc_Sha224* sha224, word32* flags) +{ + /* Check we have an object and return parameter to use. */ + if ((sha224 != NULL) && (flags != NULL)) { + *flags = sha224->flags; + } + return 0; +} +#endif + +/* Deep copy the SHA-224 object. + * + * @param [in] src SHA-224 object to copy. + * @param [out] dst SHA-224 object to fill. + * @return 0 on success. + * @return BAD_FUNC_ARG when src or dst is NULL. + */ +int wc_Sha224Copy(wc_Sha224* src, wc_Sha224* dst) +{ + int ret = 0; + + /* Validate parameters. */ + if ((src == NULL) || (dst == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + XMEMCPY(dst, src, sizeof(wc_Sha224)); + } + + return ret; +} + +#endif /* WOLFSSL_SHA224 */ + +#endif /* !NO_SHA256 || WOLFSSL_SHA224 */ +#endif /* WOLFSSL_RISCV_ASM */ diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index cb01abe1cc..180a6c044b 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -63,8 +63,8 @@ on the specific device platform. #endif -#if !defined(NO_SHA256) && (!defined(WOLFSSL_ARMASM) && \ - !defined(WOLFSSL_ARMASM_NO_NEON)) +#if !defined(NO_SHA256) && !(defined(WOLFSSL_ARMASM) || \ + defined(WOLFSSL_ARMASM_NO_NEON)) && !defined(WOLFSSL_RISCV_ASM) #if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ diff --git a/wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h b/wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h index 25e69b3f08..5407654ee9 100644 --- a/wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h +++ b/wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h @@ -27,6 +27,7 @@ #define ASM_WORD(i) \ ".word " #i "\n\t" + #define REG_X0 0 #define REG_X1 1 #define REG_X2 2 @@ -127,6 +128,171 @@ #define REG_V30 30 #define REG_V31 31 + +#ifdef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + +/* Reverse bytes in 64-bit register. */ +#define REV8(rd, rs) \ + ASM_WORD((0b011010111000 << 20) | (0b101 << 12) | \ + (0b0010011 << 0) | \ + (rs << 15) | (rd << 7)) + +/* rd = rs1[0..31] | rs2[0..31]. */ +#define PACK(rd, rs1, rs2) \ + ASM_WORD((0b0000100 << 25) | (0b100 << 12) | 0b0110011 | \ + (rs2 << 20) | (rs1 << 15) | (rd << 7)) + +#endif /* WOLFSSL_RISCV_BASE_BIT_MANIPULATION */ + +/* + * Load and store + */ + +/* 64-bit width when loading. */ +#define WIDTH_64 0b111 +/* 32-bit width when loading. */ +#define WIDTH_32 0b110 + +/* Load n Vector registers with width-bit components. */ +#define VLRE_V(vd, rs1, cnt, width) \ + ASM_WORD(0b0000111 | (width << 12) | (0b00101000 << 20) | \ + (0 << 28) | ((cnt - 1) << 29) | (vd << 7) | (rs1 << 15)) +/* Load 1 Vector register with 64-bit components. */ +#define VL1RE64_V(vd, rs1) VLRE_V(vd, rs1, 1, WIDTH_64) +/* Load 1 Vector register with 32-bit components. */ +#define VL1RE32_V(vd, rs1) VLRE_V(vd, rs1, 1, WIDTH_32) +/* Load 2 Vector register with 32-bit components. */ +#define VL2RE32_V(vd, rs1) VLRE_V(vd, rs1, 2, WIDTH_32) +/* Load 4 Vector register with 32-bit components. */ +#define VL4RE32_V(vd, rs1) VLRE_V(vd, rs1, 4, WIDTH_32) +/* Load 8 Vector register with 32-bit components. */ +#define VL8RE32_V(vd, rs1) VLRE_V(vd, rs1, 8, WIDTH_32) + +/* Store n Vector register. */ +#define VSR_V(vs3, rs1, cnt) \ + ASM_WORD(0b0100111 | (0b00101000 << 20) | (0 << 28) | \ + ((cnt-1) << 29) | (vs3 << 7) | (rs1 << 15)) +/* Store 1 Vector register. */ +#define VS1R_V(vs3, rs1) VSR_V(vs3, rs1, 1) +/* Store 2 Vector register. */ +#define VS2R_V(vs3, rs1) VSR_V(vs3, rs1, 2) +/* Store 4 Vector register. */ +#define VS4R_V(vs3, rs1) VSR_V(vs3, rs1, 4) +/* Store 8 Vector register. */ +#define VS8R_V(vs3, rs1) VSR_V(vs3, rs1, 8) + +/* Move from vector register to vector registor. */ +#define VMV_V_V(vd, vs1) \ + ASM_WORD((0b1010111 << 0) | (0b000 << 12) | (0b1 << 25) | \ + (0b010111 << 26) | (vd << 7) | (vs1 << 15)) +/* Splat register to each component of the vector registor. */ +#define VMV_V_X(vd, rs1) \ + ASM_WORD((0b1010111 << 0) | (0b100 << 12) | (0b1 << 25) | \ + (0b010111 << 26) | (vd << 7) | (rs1 << 15)) +/* Move n vector registers to vector registers. */ +#define VMVR_V(vd, vs2, n) \ + ASM_WORD((0b1010111 << 0) | (0b011 << 12) | (0b1 << 25) | \ + (0b100111 << 26) | (vd << 7) | ((n-1) << 15) | \ + (vs2 << 20)) + + +/* + * Arithmetic + */ + +/* vd = vs2 + [i,] */ +#define VADD_VI(vd, vs2, i) \ + ASM_WORD((0b000000 << 26) | (0b1 << 25) | \ + (0b011 << 12) | (0b1010111 << 0) | \ + (vd << 7) | (i << 15) | (vs2 << 20)) +/* vd = vs1 + vs2 */ +#define VADD_VV(vd, vs1, vs2) \ + ASM_WORD((0b000000 << 26) | (0b1 << 25) | \ + (0b000 << 12) | (0b1010111 << 0) | \ + (vs2 << 20) | (vs1 << 15) | (vd << 7)) +/* vd = vs1 ^ vs2 */ +#define VXOR_VV(vd, vs1, vs2) \ + ASM_WORD((0b001011 << 26) | (0b1 << 25) | \ + (0b000 << 12) | (0b1010111 << 0) | \ + (vd << 7) | (vs1 << 15) | (vs2 << 20)) +/* vd = vs1 & vs2 */ +#define VAND_VV(vd, vs1, vs2) \ + ASM_WORD((0b001001 << 26) | (0b1 << 25) | \ + (0b000 << 12) | (0b1010111 << 0) | \ + (vd << 7) | (vs1 << 15) | (vs2 << 20)) +/* vd = vs1 | vs2 */ +#define VOR_VV(vd, vs1, vs2) \ + ASM_WORD((0b001010 << 26) | (0b1 << 25) | \ + (0b000 << 12) | (0b1010111 << 0) | \ + (vd << 7) | (vs1 << 15) | (vs2 << 20)) + + +/* + * Permute + */ + +/* x[rd] = vs2[0] */ +#define VMV_X_S(rd, vs2) \ + ASM_WORD((0b010000 << 26) | (0b1 << 25) | \ + (0b010 << 12) | (0b1010111 << 0) | \ + (rd << 7) | (vs2 << 20)) + +/* vd[0] = x[rs1] */ +#define VMV_S_X(vd, rs1) \ + ASM_WORD((0b010000 << 26) | (0b1 << 25) | \ + (0b110 << 12) | (0b1010111 << 0) | \ + (vd << 7) | (rs1 << 15)) + +/* vd[shift..max] = vs2[0..max-shift] + * Sliding up doesn't change bottom part of destination. + */ +#define VSLIDEUP_VI(vd, vs2, shift) \ + ASM_WORD((0b001110 << 26) | (0b1 << 25) | \ + (0b011 << 12) | (0b1010111 << 0) | \ + (vd << 7) | (shift << 15) | (vs2 << 20)) + +/* vd[0..max-shift] = vs2[shift..max] + * Sliding down change top part of destination. + */ +#define VSLIDEDOWN_VI(vd, vs2, shift) \ + ASM_WORD((0b001111 << 26) | (0b1 << 25) | \ + (0b011 << 12) | (0b1010111 << 0) | \ + (vd << 7) | (shift << 15) | (vs2 << 20)) + +/* vd[i] = vs1[vs2[i]] */ +#define VRGATHER_VV(vd, vs1, vs2) \ + ASM_WORD((0b001100 << 26) | (0b1 << 25) | \ + (0b000 << 12) | (0b1010111 << 0) | \ + (vd << 7) | (vs1 << 15) | (vs2 << 20)) + + +/* + * Setting options. + */ + +/* Set the options of vector instructions. */ +#define VSETIVLI(rd, n, vma, vta, vsew, vlmul) \ + ASM_WORD((0b11 << 30) | (0b111 << 12) | (0b1010111 << 0) | \ + (rd << 7) | (n << 15) | (vma << 27) | \ + (vta << 26) | (vsew << 23) | (vlmul << 20)) + + +#if defined(WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION) || \ + defined(WOLFSSL_RISCV_VECTOR_CRYPTO_ASM) + +/* + * Bit Manipulation + */ + +/* Reverse order of bytes in words of vector regsiter. */ +#define VREV8(vd, vs2) \ + ASM_WORD((0b010010 << 26) | (0b1 << 25) | (0b01001<< 15) | \ + (0b010 << 12) | (0b1010111 << 0) | \ + (vs2 << 20) | (vd << 7)) + +#endif /* WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION || + * WOLFSSL_RISCV_VECTOR_CRYPTO_ASM */ + #endif /* WOLFSSL_RISCV_ASM */ #endif /* WOLF_CRYPT_RISCV_64_ASM_H */ From 36d01cdb9b39d784c39fdd6ac1aedc2eda1aebdf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Frauenschl=C3=A4ger?= Date: Mon, 29 Jul 2024 08:55:40 +0200 Subject: [PATCH 31/71] Fix memory leak in wc_GeneratePreTBS() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In the wc_GeneratePreTBS() method (used for WOLFSSL_DUAL_ALG_CERTS support), there was a workaround for alt names in certificates, as the CopyDecodedToX509() method wasn't properly copying them. As a proper copy mechanism is implemented now, we have to remove the workaround as it now causes a memory leak of the copied values. Signed-off-by: Tobias Frauenschläger --- src/x509.c | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/src/x509.c b/src/x509.c index 04e2a8be93..035e1b190c 100644 --- a/src/x509.c +++ b/src/x509.c @@ -7521,20 +7521,12 @@ int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out) int wc_GeneratePreTBS(DecodedCert* cert, byte *der, int derSz) { int ret = 0; WOLFSSL_X509 *x = NULL; - byte certOwnsAltNames = 0; byte certIsCSR = 0; if ((cert == NULL) || (der == NULL) || (derSz <= 0)) { return BAD_FUNC_ARG; } - /* The call to CopyDecodedToX509() transfers ownership of the altNames in - * the DecodedCert to the temporary X509 object, causing the list to be - * freed in wolfSSL_X509_free(). As this is an unintended side-effect, we - * have to save the ownerFlag here and transfer ownership back to the - * DecodedCert prior to freeing the X509 object. */ - certOwnsAltNames = cert->weOwnAltNames; - #ifdef WOLFSSL_CERT_REQ certIsCSR = cert->isCSR; #endif @@ -7547,9 +7539,6 @@ int wc_GeneratePreTBS(DecodedCert* cert, byte *der, int derSz) { ret = CopyDecodedToX509(x, cert); } - /* CopyDecodedToX509() clears cert->weOwnAltNames. Restore it. */ - cert->weOwnAltNames = certOwnsAltNames; - if (ret == 0) { /* Remove the altsigval extension. */ XFREE(x->altSigValDer, x->heap, DYNAMIC_TYPE_X509_EXT); @@ -7565,9 +7554,6 @@ int wc_GeneratePreTBS(DecodedCert* cert, byte *der, int derSz) { } if (x != NULL) { - /* Safe the altNames list from being freed unitentionally. */ - x->altNames = NULL; - wolfSSL_X509_free(x); } From 50d60bf0e7eaeee67a222b6a3fc3473d15c0c708 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A1s=20Fekete?= Date: Tue, 30 Jul 2024 12:42:43 -0400 Subject: [PATCH 32/71] Code sonar cleanup (#7782) * Fix Warning 826814.9284764 * Fix Warning 826836.9285316 Co-authored-by: Andras Fekete --- src/ssl_load.c | 15 ++++++++++----- wolfcrypt/src/wc_port.c | 17 +++++++++++++++++ wolfssl/wolfcrypt/types.h | 9 +++++++++ 3 files changed, 36 insertions(+), 5 deletions(-) diff --git a/src/ssl_load.c b/src/ssl_load.c index ea4ac4e78e..da4279e39e 100644 --- a/src/ssl_load.c +++ b/src/ssl_load.c @@ -5095,9 +5095,9 @@ int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx) { int ret; #ifdef XGETENV - char* certDir; - char* certFile; - word32 flags; + char* certDir = NULL; + char* certFile = NULL; + word32 flags = 0; #elif !defined(WOLFSSL_SYS_CA_CERTS) (void)ctx; #endif @@ -5105,8 +5105,8 @@ int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx) WOLFSSL_ENTER("wolfSSL_CTX_set_default_verify_paths"); #ifdef XGETENV - certDir = XGETENV("SSL_CERT_DIR"); - certFile = XGETENV("SSL_CERT_FILE"); + certDir = wc_strdup_ex(XGETENV("SSL_CERT_DIR"), DYNAMIC_TYPE_TMP_BUFFER); + certFile = wc_strdup_ex(XGETENV("SSL_CERT_FILE"), DYNAMIC_TYPE_TMP_BUFFER); flags = WOLFSSL_LOAD_FLAG_PEM_CA_ONLY; if ((certDir != NULL) || (certFile != NULL)) { @@ -5152,6 +5152,10 @@ int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx) #endif } +#ifdef XGETENV + XFREE(certFile, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(certDir, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif WOLFSSL_LEAVE("wolfSSL_CTX_set_default_verify_paths", ret); return ret; @@ -5267,6 +5271,7 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz, pAlloc = (byte*)XMALLOC(pSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); gAlloc = (byte*)XMALLOC(gSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); if ((pAlloc == NULL) || (gAlloc == NULL)) { + /* Memory will be freed below in the (ret != 1) block */ ret = MEMORY_E; } } diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 7ff02abf41..572c20e131 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -1177,6 +1177,23 @@ int wc_strncasecmp(const char *s1, const char *s2, size_t n) } #endif /* USE_WOLF_STRNCASECMP */ +#ifdef USE_WOLF_STRDUP +char* wc_strdup_ex(const char *src, int memType) { + char *ret = NULL; + int len = 0; + + if (src) { + len = (int)XSTRLEN(src); + ret = (char*)XMALLOC(len, NULL, memType); + if (ret != NULL) { + XMEMCPY(ret, src, len); + } + } + + return ret; +} +#endif + #ifdef WOLFSSL_ATOMIC_OPS #ifdef HAVE_C___ATOMIC diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index b907e92487..af7f596e9a 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -919,6 +919,15 @@ typedef struct w64wrapper { WOLFSSL_API int wc_strncasecmp(const char *s1, const char *s2, size_t n); #endif + #if !defined(XSTRDUP) && !defined(USE_WOLF_STRDUP) + #define USE_WOLF_STRDUP + #endif + #ifdef USE_WOLF_STRDUP + WOLFSSL_LOCAL char* wc_strdup_ex(const char *src, int memType); + #define wc_strdup(src) wc_strdup_ex(src, DYNAMIC_TYPE_TMP_BUFFER) + #define XSTRDUP(src) wc_strdup(src) + #endif + #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) #ifndef XGETENV #ifdef NO_GETENV From fb3185bb72b44bab6c5200582a1d059b2a500d3f Mon Sep 17 00:00:00 2001 From: Lealem Amedie Date: Tue, 30 Jul 2024 10:46:56 -0600 Subject: [PATCH 33/71] Remove HAVE_NULL_CIPHER from --enable-openssh --- configure.ac | 5 ----- 1 file changed, 5 deletions(-) diff --git a/configure.ac b/configure.ac index 43aaa84b7f..3194321612 100644 --- a/configure.ac +++ b/configure.ac @@ -3570,11 +3570,6 @@ AC_ARG_ENABLE([nullcipher], [ ENABLED_NULL_CIPHER=no ] ) -if test "$ENABLED_OPENSSH" = "yes" -then - ENABLED_NULL_CIPHER="yes" -fi - if test "$ENABLED_NULL_CIPHER" = "yes" then AM_CFLAGS="$AM_CFLAGS -DHAVE_NULL_CIPHER" From 20f7d6f9f4949bc19cf04c78c9210072929309f9 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 26 Jul 2024 11:49:53 -0700 Subject: [PATCH 34/71] ASN macro simplification. Added new `--enable-asn=all` and `WOLFSSL_ASN_ALL` option. Added granular macros for ASN features like: `WOLFSSL_ASN_CA_ISSUER`, `WOLFSSL_ASN_PARSE_KEYUSAGE`, `WOLFSSL_ASN_TIME_STRING`, `WOLFSSL_OCSP_PARSE_STATUS`. --- configure.ac | 65 ++-- src/internal.c | 87 +++-- src/ocsp.c | 24 +- src/ssl.c | 2 +- src/x509.c | 17 +- tests/api.c | 19 +- wolfcrypt/src/asn.c | 557 ++++++++++++++++----------------- wolfssl/internal.h | 6 +- wolfssl/wolfcrypt/asn.h | 33 +- wolfssl/wolfcrypt/asn_public.h | 2 - wolfssl/wolfcrypt/settings.h | 110 +++++++ 11 files changed, 504 insertions(+), 418 deletions(-) diff --git a/configure.ac b/configure.ac index 4578438607..133e432290 100644 --- a/configure.ac +++ b/configure.ac @@ -1992,7 +1992,7 @@ AC_ARG_ENABLE([ffmpeg], ) -#IP alternative name Support +# IP alternative name Support AC_ARG_ENABLE([ip-alt-name], [AS_HELP_STRING([--enable-ip-alt-name],[Enable IP subject alternative name (default: disabled)])], [ ENABLE_IP_ALT_NAME=$enableval ], @@ -2004,7 +2004,7 @@ then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_IP_ALT_NAME" fi -#Qt Support +# QT Support AC_ARG_ENABLE([qt], [AS_HELP_STRING([--enable-qt],[Enable qt (default: disabled)])], [ ENABLED_QT=$enableval ], @@ -4744,43 +4744,52 @@ fi # ASN + # turn off asn, which means no certs, no rsa, no dsa, no ecc, # and no big int (unless dh is on) + +# turn off ASN if leanpsk on +if test "$ENABLED_LEANPSK" = "yes" +then + enable_asn=no +fi + AC_ARG_ENABLE([asn], [AS_HELP_STRING([--enable-asn],[Enable ASN (default: enabled)])], [ ENABLED_ASN=$enableval ], [ ENABLED_ASN=yes ] ) -if test "$ENABLED_ASN" = "no" -then - AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_ASN_CRYPT" - enable_pwdbased=no -else - if test "$ENABLED_ASN" = "template"; then - ENABLED_ASN="yes" - fi - if test "$ENABLED_ASN" = "yes"; then +for v in `echo $ENABLED_ASN | tr "," " "` +do + case $v in + all) + # Enable all ASN features + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_ALL" + ENABLED_ASN=yes + ;; + template | yes) AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_TEMPLATE" - elif test "$ENABLED_ASN" = "original"; then + ENABLED_ASN=yes + ;; + original) AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_ORIGINAL" - else - AC_MSG_ERROR([Invalid asn option. Valid are: template or original. Seen: $ENABLED_ASN.]) - fi - - # turn off ASN if leanpsk on - if test "$ENABLED_LEANPSK" = "yes" - then - AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_BIG_INT" + ENABLED_ASN=yes + ;; + nocrypt) + AM_CFLAGS="$AM_CFLAGS -DNO_ASN_CRYPT" + enable_pwdbased=no + ;; + no) + AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_ASN_CRYPT" + enable_pwdbased=no ENABLED_ASN=no - else - if test "$ENABLED_ASN" = "nocrypt" - then - AM_CFLAGS="$AM_CFLAGS -DNO_ASN_CRYPT" - enable_pwdbased=no - fi - fi -fi + ;; + *) + AC_MSG_ERROR([Invalid asn option. Valid are: all, template/yes, original, nocrypt or no. Seen: $ENABLED_ASN.]) + break;; +esac +done if test "$ENABLED_RSA" = "yes" && test "$ENABLED_RSAVFY" = "no" && \ test "$ENABLED_ASN" = "no" && test "$ENABLED_LOWRESOURCE" = "no" diff --git a/src/internal.c b/src/internal.c index 324ec932cd..ea48f2e328 100644 --- a/src/internal.c +++ b/src/internal.c @@ -12540,13 +12540,13 @@ int CheckForAltNames(DecodedCert* dCert, const char* domain, word32 domainLen, while (altName) { WOLFSSL_MSG("\tindividual AltName check"); -#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) +#ifdef WOLFSSL_IP_ALT_NAME if (altName->type == ASN_IP_TYPE) { buf = altName->ipString; len = (word32)XSTRLEN(buf); } else -#endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */ +#endif /* WOLFSSL_IP_ALT_NAME */ { buf = altName->name; len = (word32)altName->len; @@ -12817,6 +12817,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert) int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) { int ret = 0; + int minSz; if (x509 == NULL || dCert == NULL || dCert->subjectCNLen < 0) @@ -12866,49 +12867,45 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) #endif /* WOLFSSL_CERT_REQ */ #ifdef WOLFSSL_SEP - { - int minSz = min(dCert->deviceTypeSz, EXTERNAL_SERIAL_SIZE); - if (minSz > 0) { - x509->deviceTypeSz = minSz; - XMEMCPY(x509->deviceType, dCert->deviceType, minSz); - } - else - x509->deviceTypeSz = 0; - minSz = min(dCert->hwTypeSz, EXTERNAL_SERIAL_SIZE); - if (minSz > 0) { - x509->hwTypeSz = minSz; - XMEMCPY(x509->hwType, dCert->hwType, minSz); - } - else - x509->hwTypeSz = 0; - minSz = min(dCert->hwSerialNumSz, EXTERNAL_SERIAL_SIZE); - if (minSz > 0) { - x509->hwSerialNumSz = minSz; - XMEMCPY(x509->hwSerialNum, dCert->hwSerialNum, minSz); - } - else - x509->hwSerialNumSz = 0; + minSz = min(dCert->deviceTypeSz, EXTERNAL_SERIAL_SIZE); + if (minSz > 0) { + x509->deviceTypeSz = minSz; + XMEMCPY(x509->deviceType, dCert->deviceType, minSz); + } + else + x509->deviceTypeSz = 0; + minSz = min(dCert->hwTypeSz, EXTERNAL_SERIAL_SIZE); + if (minSz > 0) { + x509->hwTypeSz = minSz; + XMEMCPY(x509->hwType, dCert->hwType, minSz); + } + else + x509->hwTypeSz = 0; + minSz = min(dCert->hwSerialNumSz, EXTERNAL_SERIAL_SIZE); + if (minSz > 0) { + x509->hwSerialNumSz = minSz; + XMEMCPY(x509->hwSerialNum, dCert->hwSerialNum, minSz); } + else + x509->hwSerialNumSz = 0; #endif /* WOLFSSL_SEP */ - { - int minSz; - if (dCert->beforeDateLen > 0) { - minSz = (int)min(dCert->beforeDate[1], MAX_DATE_SZ); - x509->notBefore.type = dCert->beforeDate[0]; - x509->notBefore.length = minSz; - XMEMCPY(x509->notBefore.data, &dCert->beforeDate[2], minSz); - } - else - x509->notBefore.length = 0; - if (dCert->afterDateLen > 0) { - minSz = (int)min(dCert->afterDate[1], MAX_DATE_SZ); - x509->notAfter.type = dCert->afterDate[0]; - x509->notAfter.length = minSz; - XMEMCPY(x509->notAfter.data, &dCert->afterDate[2], minSz); - } - else - x509->notAfter.length = 0; + + if (dCert->beforeDateLen > 0) { + minSz = (int)min(dCert->beforeDate[1], MAX_DATE_SZ); + x509->notBefore.type = dCert->beforeDate[0]; + x509->notBefore.length = minSz; + XMEMCPY(x509->notBefore.data, &dCert->beforeDate[2], minSz); + } + else + x509->notBefore.length = 0; + if (dCert->afterDateLen > 0) { + minSz = (int)min(dCert->afterDate[1], MAX_DATE_SZ); + x509->notAfter.type = dCert->afterDate[0]; + x509->notAfter.length = minSz; + XMEMCPY(x509->notAfter.data, &dCert->afterDate[2], minSz); } + else + x509->notAfter.length = 0; if (dCert->publicKey != NULL && dCert->pubKeySize != 0) { x509->pubKey.buffer = (byte*)XMALLOC( @@ -13047,7 +13044,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) ret = MEMORY_E; } } - #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + #ifdef WOLFSSL_ASN_CA_ISSUER if (dCert->extAuthInfoCaIssuer != NULL && dCert->extAuthInfoCaIssuerSz > 0) { x509->authInfoCaIssuer = (byte*)XMALLOC(dCert->extAuthInfoCaIssuerSz, x509->heap, DYNAMIC_TYPE_X509_EXT); @@ -13133,10 +13130,10 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) #ifndef IGNORE_NETSCAPE_CERT_TYPE x509->nsCertType = dCert->nsCertType; #endif - #if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) + #ifdef WOLFSSL_SEP x509->certPolicySet = dCert->extCertPolicySet; x509->certPolicyCrit = dCert->extCertPolicyCrit; - #endif /* WOLFSSL_SEP || WOLFSSL_QT */ + #endif #ifdef WOLFSSL_CERT_EXT { int i; diff --git a/src/ocsp.c b/src/ocsp.c index b8f4fdd377..9e3a99656b 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -668,8 +668,9 @@ int CheckOcspResponder(OcspResponse *bs, DecodedCert *cert, void* vp) return ret; } -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ - defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIGHTY) + +/* compatibility layer OCSP functions */ +#ifdef OPENSSL_EXTRA int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs, WOLFSSL_OCSP_CERTID* id, int* status, int* reason, WOLFSSL_ASN1_TIME** revtime, WOLFSSL_ASN1_TIME** thisupd, @@ -695,10 +696,15 @@ int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs, if (status != NULL) *status = single->status->status; +#ifdef WOLFSSL_OCSP_PARSE_STATUS if (thisupd != NULL) *thisupd = &single->status->thisDateParsed; if (nextupd != NULL) *nextupd = &single->status->nextDateParsed; +#else + (void)thisupd; + (void)nextupd; +#endif /* TODO: Not needed for Nginx or httpd */ if (reason != NULL) @@ -1191,9 +1197,7 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_CERTID_dup(WOLFSSL_OCSP_CERTID* id) } return certId; } -#endif -#if defined(OPENSSL_ALL) || defined(APACHE_HTTPD) || defined(WOLFSSL_HAPROXY) #ifndef NO_BIO int wolfSSL_i2d_OCSP_REQUEST_bio(WOLFSSL_BIO* out, WOLFSSL_OCSP_REQUEST *req) @@ -1295,7 +1299,8 @@ WOLFSSL_OCSP_CERTID* wolfSSL_d2i_OCSP_CERTID(WOLFSSL_OCSP_CERTID** cidOut, return NULL; } -const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id(const WOLFSSL_OCSP_SINGLERESP *single) +const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id( + const WOLFSSL_OCSP_SINGLERESP *single) { return single; } @@ -1392,9 +1397,6 @@ WOLFSSL_OCSP_SINGLERESP* wolfSSL_OCSP_resp_get0(WOLFSSL_OCSP_BASICRESP *bs, int return single; } -#endif /* OPENSSL_ALL || APACHE_HTTPD || WOLFSSL_HAPROXY */ - -#ifdef OPENSSL_EXTRA #ifndef NO_WOLFSSL_STUB int wolfSSL_OCSP_REQUEST_add_ext(OcspRequest* req, WOLFSSL_X509_EXTENSION* ext, int idx) @@ -1467,12 +1469,14 @@ int wolfSSL_OCSP_id_get0_info(WOLFSSL_ASN1_STRING **name, #if defined(WOLFSSL_QT) || defined(WOLFSSL_HAPROXY) /* Serial number starts at 0 index of ser->data */ - XMEMCPY(&ser->data[i], cid->status->serial, (size_t)cid->status->serialSz); + XMEMCPY(&ser->data[i], cid->status->serial, + (size_t)cid->status->serialSz); ser->length = cid->status->serialSz; #else ser->data[i++] = ASN_INTEGER; i += SetLength(cid->status->serialSz, ser->data + i); - XMEMCPY(&ser->data[i], cid->status->serial, (size_t)cid->status->serialSz); + XMEMCPY(&ser->data[i], cid->status->serial, + (size_t)cid->status->serialSz); ser->length = i + cid->status->serialSz; #endif diff --git a/src/ssl.c b/src/ssl.c index 6beb751818..d99823c447 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -22731,7 +22731,7 @@ void wolfSSL_ERR_remove_state(unsigned long id) } } -#endif /* OPENSSL_EXTRA */ +#endif /* OPENSSL_EXTRA */ #ifdef OPENSSL_ALL diff --git a/src/x509.c b/src/x509.c index 04e2a8be93..af170b039d 100644 --- a/src/x509.c +++ b/src/x509.c @@ -1067,7 +1067,9 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) case CERT_POLICY_OID: if (!isSet) break; + #ifdef WOLFSSL_SEP ext->crit = x509->certPolicyCrit; + #endif break; case KEY_USAGE_OID: @@ -2504,7 +2506,8 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, else { WOLFSSL_MSG("No Cert Policy set"); } - #elif defined(WOLFSSL_SEP) + #endif /* WOLFSSL_CERT_EXT */ + #ifdef WOLFSSL_SEP if (x509->certPolicySet) { if (c != NULL) { *c = x509->certPolicyCrit; @@ -2520,8 +2523,6 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, else { WOLFSSL_MSG("No Cert Policy set"); } - #else - WOLFSSL_MSG("wolfSSL not built with WOLFSSL_SEP or WOLFSSL_CERT_EXT"); #endif break; } @@ -3711,7 +3712,7 @@ char* wolfSSL_X509_get_next_altname(WOLFSSL_X509* cert) } ret = cert->altNamesNext->name; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) +#ifdef WOLFSSL_IP_ALT_NAME /* return the IP address as a string */ if (cert->altNamesNext->type == ASN_IP_TYPE) { ret = cert->altNamesNext->ipString; @@ -5668,9 +5669,9 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) case NID_key_usage: crit = x509->keyUsageCrit; break; case NID_crl_distribution_points: crit= x509->CRLdistCrit; break; case NID_ext_key_usage: crit= x509->extKeyUsageCrit; break; - #if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) - case NID_certificate_policies: crit = x509->certPolicyCrit; break; - #endif /* WOLFSSL_SEP || WOLFSSL_QT */ + #ifdef WOLFSSL_SEP + case NID_certificate_policies: crit = x509->certPolicyCrit; break; + #endif /* WOLFSSL_SEP */ } } @@ -5873,7 +5874,7 @@ static int X509PrintSubjAltName(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, break; } } - #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) + #ifdef WOLFSSL_IP_ALT_NAME else if (entry->type == ASN_IP_TYPE) { len = XSNPRINTF(scratch, MAX_WIDTH, "IP Address:%s", entry->ipString); diff --git a/tests/api.c b/tests/api.c index 6c2d24222e..9bfd9b14aa 100644 --- a/tests/api.c +++ b/tests/api.c @@ -4268,8 +4268,8 @@ static int test_wolfSSL_CertManagerCheckOCSPResponse(void) static int test_wolfSSL_CheckOCSPResponse(void) { EXPECT_DECLS; -#if defined(HAVE_OCSP) && !defined(NO_RSA) && !defined(NO_SHA) && \ - defined(OPENSSL_ALL) +#if defined(HAVE_OCSP) && defined(OPENSSL_EXTRA) && \ + !defined(NO_RSA) && !defined(NO_SHA) const char* responseFile = "./certs/ocsp/test-response.der"; const char* responseMultiFile = "./certs/ocsp/test-multi-response.der"; const char* responseNoInternFile = @@ -53340,7 +53340,7 @@ static int test_wolfSSL_X509_sign(void) ExpectIntEQ(wolfSSL_X509_add_altname(x509, "Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch", ASN_DNS_TYPE), SSL_SUCCESS); -#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) +#ifdef WOLFSSL_IP_ALT_NAME { unsigned char ip4_type[] = {127,128,0,255}; unsigned char ip6_type[] = {0xdd, 0xcc, 0xba, 0xab, @@ -53373,7 +53373,7 @@ static int test_wolfSSL_X509_sign(void) #if defined(OPENSSL_ALL) && defined(WOLFSSL_ALT_NAMES) ExpectIntEQ(X509_get_ext_count(x509), 1); #endif -#if defined(WOLFSSL_ALT_NAMES) && (defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)) +#if defined(WOLFSSL_ALT_NAMES) && defined(WOLFSSL_IP_ALT_NAME) ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, "127.128.0.255", 0), 1); ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, "DDCC:BAAB:FFEE:9988:7766:5544:0033:2211", 0), 1); #endif @@ -53389,7 +53389,7 @@ static int test_wolfSSL_X509_sign(void) #ifndef WOLFSSL_ALT_NAMES /* Valid case - size should be 781-786 with 16 byte serial number */ ExpectTrue((781 + snSz <= ret) && (ret <= 781 + 5 + snSz)); -#elif defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) +#elif defined(WOLFSSL_IP_ALT_NAME) /* Valid case - size should be 955-960 with 16 byte serial number */ ExpectTrue((939 + snSz <= ret) && (ret <= 939 + 5 + snSz)); #else @@ -64446,7 +64446,7 @@ static int test_wolfSSL_OCSP_id_cmp(void) static int test_wolfSSL_OCSP_SINGLERESP_get0_id(void) { EXPECT_DECLS; -#if defined(OPENSSL_ALL) && defined(HAVE_OCSP) +#if defined(HAVE_OCSP) && defined(OPENSSL_EXTRA) WOLFSSL_OCSP_SINGLERESP single; const WOLFSSL_OCSP_CERTID* certId; @@ -64463,7 +64463,8 @@ static int test_wolfSSL_OCSP_SINGLERESP_get0_id(void) static int test_wolfSSL_OCSP_single_get0_status(void) { EXPECT_DECLS; -#if defined(OPENSSL_ALL) && defined(HAVE_OCSP) +#if defined(HAVE_OCSP) && defined(OPENSSL_EXTRA) && \ + defined(WOLFSSL_OCSP_PARSE_STATUS) WOLFSSL_OCSP_SINGLERESP single; CertStatus certStatus; WOLFSSL_ASN1_TIME* thisDate; @@ -64498,7 +64499,7 @@ static int test_wolfSSL_OCSP_single_get0_status(void) static int test_wolfSSL_OCSP_resp_count(void) { EXPECT_DECLS; -#if defined(OPENSSL_ALL) && defined(HAVE_OCSP) +#if defined(HAVE_OCSP) && defined(OPENSSL_EXTRA) WOLFSSL_OCSP_BASICRESP basicResp; WOLFSSL_OCSP_SINGLERESP singleRespOne; WOLFSSL_OCSP_SINGLERESP singleRespTwo; @@ -64519,7 +64520,7 @@ static int test_wolfSSL_OCSP_resp_count(void) static int test_wolfSSL_OCSP_resp_get0(void) { EXPECT_DECLS; -#if defined(OPENSSL_ALL) && defined(HAVE_OCSP) +#if defined(HAVE_OCSP) && defined(OPENSSL_EXTRA) WOLFSSL_OCSP_BASICRESP basicResp; WOLFSSL_OCSP_SINGLERESP singleRespOne; WOLFSSL_OCSP_SINGLERESP singleRespTwo; diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 227ab0566b..ade8552911 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -5706,8 +5706,7 @@ int EncodeObjectId(const word16* in, word32 inSz, byte* out, word32* outSz) } #endif /* HAVE_OID_ENCODING */ -#if defined(HAVE_OID_DECODING) || defined(WOLFSSL_ASN_PRINT) || \ - defined(OPENSSL_ALL) +#if defined(HAVE_OID_DECODING) || defined(WOLFSSL_ASN_PRINT) /* Encode dotted form of OID into byte array version. * * @param [in] in Byte array containing OID. @@ -5754,7 +5753,7 @@ int DecodeObjectId(const byte* in, word32 inSz, word16* out, word32* outSz) return 0; } -#endif /* HAVE_OID_DECODING || WOLFSSL_ASN_PRINT || OPENSSL_ALL */ +#endif /* HAVE_OID_DECODING || WOLFSSL_ASN_PRINT */ /* Decode the header of a BER/DER encoded OBJECT ID. * @@ -11427,10 +11426,10 @@ void FreeAltNames(DNS_entry* altNames, void* heap) DNS_entry* tmp = altNames->next; XFREE(altNames->name, heap, DYNAMIC_TYPE_ALTNAME); - #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) + #ifdef WOLFSSL_IP_ALT_NAME XFREE(altNames->ipString, heap, DYNAMIC_TYPE_ALTNAME); #endif - #if defined(OPENSSL_ALL) + #ifdef WOLFSSL_RID_ALT_NAME XFREE(altNames->ridString, heap, DYNAMIC_TYPE_ALTNAME); #endif XFREE(altNames, heap, DYNAMIC_TYPE_ALTNAME); @@ -11465,17 +11464,17 @@ DNS_entry* AltNameDup(DNS_entry* from, void* heap) ret->name = CopyString(from->name, from->len, heap, DYNAMIC_TYPE_ALTNAME); -#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) +#ifdef WOLFSSL_IP_ALT_NAME ret->ipString = CopyString(from->ipString, 0, heap, DYNAMIC_TYPE_ALTNAME); #endif -#ifdef OPENSSL_ALL +#ifdef WOLFSSL_RID_ALT_NAME ret->ridString = CopyString(from->ridString, 0, heap, DYNAMIC_TYPE_ALTNAME); #endif if (ret->name == NULL -#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) +#ifdef WOLFSSL_IP_ALT_NAME || (from->ipString != NULL && ret->ipString == NULL) #endif -#ifdef OPENSSL_ALL +#ifdef WOLFSSL_RID_ALT_NAME || (from->ridString != NULL && ret->ridString == NULL) #endif ) { @@ -13324,7 +13323,7 @@ static const byte rdnChoice[] = { }; #endif -#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) +#ifdef WOLFSSL_IP_ALT_NAME /* used to set the human readable string for the IP address with a ASN_IP_TYPE * DNS entry * return 0 on success @@ -13388,9 +13387,9 @@ static int GenerateDNSEntryIPString(DNS_entry* entry, void* heap) return ret; } -#endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */ +#endif /* WOLFSSL_IP_ALT_NAME */ -#if defined(OPENSSL_ALL) +#ifdef WOLFSSL_RID_ALT_NAME /* used to set the human readable string for the registeredID with an * ASN_RID_TYPE DNS entry * return 0 on success @@ -13399,7 +13398,9 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap) { int i, j, ret = 0; int nameSz = 0; +#if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA) int nid = 0; +#endif int tmpSize = MAX_OID_SZ; word32 oid = 0; word32 idx = 0; @@ -13419,40 +13420,46 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap) ret = GetOID((const byte*)entry->name, &idx, &oid, oidIgnoreType, entry->len); + if (ret == 0) { + #if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA) + if ((nid = oid2nid(oid, oidCsrAttrType)) > 0) { + /* OID has known string value */ + finalName = (char*)wolfSSL_OBJ_nid2ln(nid); + } + else + #endif + { + /* Decode OBJECT_ID into dotted form array. */ + ret = DecodeObjectId((const byte*)(entry->name),(word32)entry->len, + tmpName, (word32*)&tmpSize); - if (ret == 0 && (nid = oid2nid(oid, oidCsrAttrType)) > 0) { - /* OID has known string value */ - finalName = (char*)wolfSSL_OBJ_nid2ln(nid); - } - else { - /* Decode OBJECT_ID into dotted form array. */ - ret = DecodeObjectId((const byte*)(entry->name),(word32)entry->len, - tmpName, (word32*)&tmpSize); - - if (ret == 0) { - j = 0; - /* Append each number of dotted form. */ - for (i = 0; i < tmpSize; i++) { - if (j >= MAX_OID_SZ) { - return BUFFER_E; - } + if (ret == 0) { + j = 0; + /* Append each number of dotted form. */ + for (i = 0; i < tmpSize; i++) { + if (j >= MAX_OID_SZ) { + return BUFFER_E; + } - if (i < tmpSize - 1) { - ret = XSNPRINTF(oidName + j, MAX_OID_SZ - j, "%d.", tmpName[i]); - } - else { - ret = XSNPRINTF(oidName + j, MAX_OID_SZ - j, "%d", tmpName[i]); - } + if (i < tmpSize - 1) { + ret = XSNPRINTF(oidName + j, MAX_OID_SZ - j, "%d.", + tmpName[i]); + } + else { + ret = XSNPRINTF(oidName + j, MAX_OID_SZ - j, "%d", + tmpName[i]); + } - if (ret >= 0) { - j += ret; - } - else { - return BUFFER_E; + if (ret >= 0) { + j += ret; + } + else { + return BUFFER_E; + } } + ret = 0; + finalName = oidName; } - ret = 0; - finalName = oidName; } } @@ -13473,7 +13480,7 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap) return ret; } -#endif /* OPENSSL_ALL && WOLFSSL_ASN_TEMPLATE */ +#endif /* WOLFSSL_RID_ALT_NAME */ #ifdef WOLFSSL_ASN_TEMPLATE @@ -13553,29 +13560,29 @@ static int SetDNSEntry(DecodedCert* cert, const char* str, int strLen, XMEMCPY(dnsEntry->name, str, (size_t)strLen); dnsEntry->name[strLen] = '\0'; -#if defined(OPENSSL_ALL) +#ifdef WOLFSSL_RID_ALT_NAME /* store registeredID as a string */ if (type == ASN_RID_TYPE) { - if ((ret = GenerateDNSEntryRIDString(dnsEntry, cert->heap)) != 0) { - XFREE(dnsEntry->name, cert->heap, DYNAMIC_TYPE_ALTNAME); - XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); - } + ret = GenerateDNSEntryRIDString(dnsEntry, cert->heap); } #endif -#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) +#ifdef WOLFSSL_IP_ALT_NAME /* store IP addresses as a string */ if (type == ASN_IP_TYPE) { - if ((ret = GenerateDNSEntryIPString(dnsEntry, cert->heap)) != 0) { - XFREE(dnsEntry->name, cert->heap, DYNAMIC_TYPE_ALTNAME); - XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); - } + ret = GenerateDNSEntryIPString(dnsEntry, cert->heap); } +#endif } if (ret == 0) { -#endif ret = AddDNSEntryToList(entries, dnsEntry); } + /* failure cleanup */ + if (ret != 0 && dnsEntry != NULL) { + XFREE(dnsEntry->name, cert->heap, DYNAMIC_TYPE_ALTNAME); + XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); + } + return ret; } #endif @@ -14506,7 +14513,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ !defined(WOLFCRYPT_ONLY) if (nameType == ASN_ISSUER) { -#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) && \ +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) &&\ (defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT)) dName->rawLen = min(cert->issuerRawLen, WC_ASN_NAME_MAX); XMEMCPY(dName->raw, cert->issuerRaw, dName->rawLen); @@ -14907,8 +14914,7 @@ int ExtractDate(const unsigned char* date, unsigned char format, } -#if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \ - defined(OPENSSL_EXTRA) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#ifdef WOLFSSL_ASN_TIME_STRING int GetTimeString(byte* date, int format, char* buf, int len) { struct tm t; @@ -14954,8 +14960,7 @@ int GetTimeString(byte* date, int format, char* buf, int len) return 1; } -#endif /* OPENSSL_ALL || WOLFSSL_MYSQL_COMPATIBLE || - * OPENSSL_EXTRA || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ +#endif /* WOLFSSL_ASN_TIME_STRING */ /* Check time struct for valid values. Returns 0 for success */ static int ValidateGmtime(struct tm* inTime) @@ -18040,7 +18045,9 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert) #ifndef WOLFSSL_ASN_TEMPLATE static void AddAltName(DecodedCert* cert, DNS_entry* dnsEntry) { -#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_ALT_NAMES_NO_REV) +#if (defined(WOLFSSL_ASN_ALL) || defined(OPENSSL_EXTRA)) && \ + !defined(WOLFSSL_ALT_NAMES_NO_REV) + /* logic to add alt name to end of list */ dnsEntry->next = NULL; if (cert->altNames == NULL) { /* First on list */ @@ -18335,8 +18342,7 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag, idx += (word32)len; } } - #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || \ - defined(WOLFSSL_IP_ALT_NAME) + #ifdef WOLFSSL_IP_ALT_NAME /* GeneralName choice: iPAddress */ else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_IP_TYPE)) { ret = SetDNSEntry(cert, (const char*)(input + idx), len, ASN_IP_TYPE, @@ -18345,9 +18351,8 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag, idx += (word32)len; } } - #endif /* WOLFSSL_QT || OPENSSL_ALL */ - - #ifdef OPENSSL_ALL + #endif /* WOLFSSL_IP_ALT_NAME */ + #ifdef WOLFSSL_RID_ALT_NAME /* GeneralName choice: registeredID */ else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_RID_TYPE)) { ret = SetDNSEntry(cert, (const char*)(input + idx), len, @@ -18356,7 +18361,7 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag, idx += (word32)len; } } - #endif + #endif /* WOLFSSL_RID_ALT_NAME */ #endif /* IGNORE_NAME_CONSTRAINTS */ #if defined(WOLFSSL_SEP) || defined(WOLFSSL_FPKI) /* GeneralName choice: otherName */ @@ -18833,7 +18838,7 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert) length -= strLen; idx += (word32)strLen; } -#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) +#ifdef WOLFSSL_IP_ALT_NAME else if (current_byte == (ASN_CONTEXT_SPECIFIC | ASN_IP_TYPE)) { DNS_entry* ipAddr; int strLen; @@ -18868,21 +18873,19 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert) XMEMCPY(ipAddr->name, &input[idx], strLen); ipAddr->name[strLen] = '\0'; - #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) if (GenerateDNSEntryIPString(ipAddr, cert->heap) != 0) { WOLFSSL_MSG("\tOut of Memory for IP string"); XFREE(ipAddr->name, cert->heap, DYNAMIC_TYPE_ALTNAME); XFREE(ipAddr, cert->heap, DYNAMIC_TYPE_ALTNAME); return MEMORY_E; } - #endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */ AddAltName(cert, ipAddr); length -= strLen; idx += (word32)strLen; } -#endif /* WOLFSSL_QT || OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */ -#if defined(OPENSSL_ALL) +#endif /* WOLFSSL_IP_ALT_NAME */ +#ifdef WOLFSSL_RID_ALT_NAME else if (current_byte == (ASN_CONTEXT_SPECIFIC | ASN_RID_TYPE)) { DNS_entry* rid; int strLen; @@ -18929,7 +18932,7 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert) length -= strLen; idx += (word32)strLen; } -#endif /* OPENSSL_ALL */ +#endif /* WOLFSSL_RID_ALT_NAME */ #endif /* IGNORE_NAME_CONSTRAINTS */ else if (current_byte == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_OTHER_TYPE)) { @@ -19531,15 +19534,11 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert) /* Set ocsp entry */ if (b == GENERALNAME_URI && oid == AIA_OCSP_OID && - cert->extAuthInfo == NULL) - { + cert->extAuthInfo == NULL) { cert->extAuthInfoSz = length; cert->extAuthInfo = input + idx; - #if !defined(OPENSSL_ALL) && !defined(WOLFSSL_QT) - break; - #endif } - #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + #ifdef WOLFSSL_ASN_CA_ISSUER /* Set CaIssuers entry */ else if ((b == GENERALNAME_URI) && oid == AIA_CA_ISSUER_OID && cert->extAuthInfoCaIssuer == NULL) @@ -19547,7 +19546,7 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert) cert->extAuthInfoCaIssuerSz = length; cert->extAuthInfoCaIssuer = input + idx; } - #endif + #endif idx += (word32)length; } @@ -19585,11 +19584,8 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert) GetASN_GetConstRef(&dataASN[ACCESSDESCASN_IDX_LOC], &cert->extAuthInfo, &sz32); cert->extAuthInfoSz = (int)sz32; - #if !defined(OPENSSL_ALL) && !defined(WOLFSSL_QT) - break; - #endif } - #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + #ifdef WOLFSSL_ASN_CA_ISSUER /* Check we have CA Issuer and URI. */ else if ((dataASN[ACCESSDESCASN_IDX_METH].data.oid.sum == AIA_CA_ISSUER_OID) && @@ -19600,7 +19596,7 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert) &cert->extAuthInfoCaIssuer, &sz32); cert->extAuthInfoCaIssuerSz = (int)sz32; } - #endif + #endif /* Otherwise skip. */ } } @@ -20416,8 +20412,7 @@ static int DecodeNameConstraints(const byte* input, word32 sz, } #endif /* IGNORE_NAME_CONSTRAINTS */ -#if (defined(WOLFSSL_CERT_EXT) && !defined(WOLFSSL_SEP)) || \ - defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#ifdef WOLFSSL_CERT_EXT /* Decode ITU-T X.690 OID format to a string representation * return string length */ @@ -20469,10 +20464,10 @@ int DecodePolicyOID(char *out, word32 outSz, const byte *in, word32 inSz) exit: return w; } -#endif /* WOLFSSL_CERT_EXT && !WOLFSSL_SEP */ +#endif /* WOLFSSL_CERT_EXT */ -#if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_QT) - #ifdef WOLFSSL_ASN_TEMPLATE +#if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT) +#ifdef WOLFSSL_ASN_TEMPLATE /* ASN.1 template for PolicyInformation. * X.509: RFC 5280, 4.2.1.4 - Certificate Policies. */ @@ -20491,230 +20486,221 @@ int DecodePolicyOID(char *out, word32 outSz, const byte *in, word32 inSz) /* Number of items in ASN.1 template for PolicyInformation. */ #define policyInfoASN_Length (sizeof(policyInfoASN) / sizeof(ASNItem)) - #endif +#endif - /* Reference: https://tools.ietf.org/html/rfc5280#section-4.2.1.4 */ - static int DecodeCertPolicy(const byte* input, word32 sz, DecodedCert* cert) - { - #ifndef WOLFSSL_ASN_TEMPLATE - word32 idx = 0; - word32 oldIdx; - int policy_length = 0; - int ret; - int total_length = 0; - #if !defined(WOLFSSL_SEP) && defined(WOLFSSL_CERT_EXT) && \ - !defined(WOLFSSL_DUP_CERTPOL) - int i; - #endif +/* Reference: https://tools.ietf.org/html/rfc5280#section-4.2.1.4 */ +static int DecodeCertPolicy(const byte* input, word32 sz, DecodedCert* cert) +{ +#ifndef WOLFSSL_ASN_TEMPLATE + word32 idx = 0; + word32 oldIdx; + int policy_length = 0; + int ret; + int total_length = 0; +#if defined(WOLFSSL_CERT_EXT) && !defined(WOLFSSL_DUP_CERTPOL) + int i; +#endif - WOLFSSL_ENTER("DecodeCertPolicy"); + WOLFSSL_ENTER("DecodeCertPolicy"); - #if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT) - /* Check if cert is null before dereferencing below */ - if (cert == NULL) - return BAD_FUNC_ARG; - #else - (void)cert; - #endif + /* Check if cert is null before dereferencing below */ + if (cert == NULL) + return BAD_FUNC_ARG; - #if defined(WOLFSSL_CERT_EXT) - cert->extCertPoliciesNb = 0; - #endif +#if defined(WOLFSSL_CERT_EXT) + cert->extCertPoliciesNb = 0; +#endif - if (GetSequence(input, &idx, &total_length, sz) < 0) { - WOLFSSL_MSG("\tGet CertPolicy total seq failed"); - return ASN_PARSE_E; - } + if (GetSequence(input, &idx, &total_length, sz) < 0) { + WOLFSSL_MSG("\tGet CertPolicy total seq failed"); + return ASN_PARSE_E; + } + + /* Validate total length */ + if (total_length > (int)(sz - idx)) { + WOLFSSL_MSG("\tCertPolicy length mismatch"); + return ASN_PARSE_E; + } + + /* Unwrap certificatePolicies */ + do { + int length = 0; - /* Validate total length */ - if (total_length > (int)(sz - idx)) { - WOLFSSL_MSG("\tCertPolicy length mismatch"); + if (GetSequence(input, &idx, &policy_length, sz) < 0) { + WOLFSSL_MSG("\tGet CertPolicy seq failed"); return ASN_PARSE_E; } - /* Unwrap certificatePolicies */ - do { - int length = 0; + oldIdx = idx; + ret = GetASNObjectId(input, &idx, &length, sz); + if (ret != 0) + return ret; + policy_length -= (int)(idx - oldIdx); - if (GetSequence(input, &idx, &policy_length, sz) < 0) { - WOLFSSL_MSG("\tGet CertPolicy seq failed"); + if (length > 0) { + /* Verify length won't overrun buffer */ + if (length > (int)(sz - idx)) { + WOLFSSL_MSG("\tCertPolicy length exceeds input buffer"); return ASN_PARSE_E; } - oldIdx = idx; - ret = GetASNObjectId(input, &idx, &length, sz); - if (ret != 0) - return ret; - policy_length -= (int)(idx - oldIdx); - - if (length > 0) { - /* Verify length won't overrun buffer */ - if (length > (int)(sz - idx)) { - WOLFSSL_MSG("\tCertPolicy length exceeds input buffer"); - return ASN_PARSE_E; - } - - #if defined(WOLFSSL_SEP) + #ifdef WOLFSSL_SEP + if (cert->deviceType == NULL) { cert->deviceType = (byte*)XMALLOC((size_t)length, cert->heap, - DYNAMIC_TYPE_X509_EXT); + DYNAMIC_TYPE_X509_EXT); if (cert->deviceType == NULL) { WOLFSSL_MSG("\tCouldn't alloc memory for deviceType"); return MEMORY_E; } cert->deviceTypeSz = length; XMEMCPY(cert->deviceType, input + idx, (size_t)length); - break; - #elif defined(WOLFSSL_CERT_EXT) - /* decode cert policy */ - if (DecodePolicyOID(cert->extCertPolicies[ - cert->extCertPoliciesNb], MAX_CERTPOL_SZ, - input + idx, length) <= 0) { - WOLFSSL_MSG("\tCouldn't decode CertPolicy"); - WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); - return ASN_PARSE_E; - } - #ifndef WOLFSSL_DUP_CERTPOL - /* From RFC 5280 section 4.2.1.4 "A certificate policy OID MUST - * NOT appear more than once in a certificate policies - * extension". This is a sanity check for duplicates. - * extCertPolicies should only have OID values, additional - * qualifiers need to be stored in a separate array. */ - for (i = 0; i < cert->extCertPoliciesNb; i++) { - if (XMEMCMP(cert->extCertPolicies[i], + } + #endif + + #ifdef WOLFSSL_CERT_EXT + /* decode cert policy */ + if (DecodePolicyOID(cert->extCertPolicies[ + cert->extCertPoliciesNb], MAX_CERTPOL_SZ, + input + idx, length) <= 0) { + WOLFSSL_MSG("\tCouldn't decode CertPolicy"); + WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); + return ASN_PARSE_E; + } + #ifndef WOLFSSL_DUP_CERTPOL + /* From RFC 5280 section 4.2.1.4 "A certificate policy OID MUST + * NOT appear more than once in a certificate policies + * extension". This is a sanity check for duplicates. + * extCertPolicies should only have OID values, additional + * qualifiers need to be stored in a separate array. */ + for (i = 0; i < cert->extCertPoliciesNb; i++) { + if (XMEMCMP(cert->extCertPolicies[i], cert->extCertPolicies[cert->extCertPoliciesNb], MAX_CERTPOL_SZ) == 0) { - WOLFSSL_MSG("Duplicate policy OIDs not allowed"); - WOLFSSL_MSG("Use WOLFSSL_DUP_CERTPOL if wanted"); - WOLFSSL_ERROR_VERBOSE(CERTPOLICIES_E); - return CERTPOLICIES_E; - } + WOLFSSL_MSG("Duplicate policy OIDs not allowed"); + WOLFSSL_MSG("Use WOLFSSL_DUP_CERTPOL if wanted"); + WOLFSSL_ERROR_VERBOSE(CERTPOLICIES_E); + return CERTPOLICIES_E; } - #endif /* !WOLFSSL_DUP_CERTPOL */ - cert->extCertPoliciesNb++; - #else - WOLFSSL_LEAVE("DecodeCertPolicy : unsupported mode", 0); - return 0; - #endif } - idx += (word32)policy_length; - } while((int)idx < total_length - #if defined(WOLFSSL_CERT_EXT) - && cert->extCertPoliciesNb < MAX_CERTPOL_NB + #endif /* !WOLFSSL_DUP_CERTPOL */ + cert->extCertPoliciesNb++; #endif - ); - - WOLFSSL_LEAVE("DecodeCertPolicy", 0); - return 0; - #else /* WOLFSSL_ASN_TEMPLATE */ - word32 idx = 0; - int ret = 0; - int total_length = 0; - #if !defined(WOLFSSL_SEP) && defined(WOLFSSL_CERT_EXT) && \ - !defined(WOLFSSL_DUP_CERTPOL) - int i; + } + idx += (word32)policy_length; + } while((int)idx < total_length + #ifdef WOLFSSL_CERT_EXT + && cert->extCertPoliciesNb < MAX_CERTPOL_NB #endif + ); - WOLFSSL_ENTER("DecodeCertPolicy"); - #if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT) - /* Check if cert is null before dereferencing below */ - if (cert == NULL) - ret = BAD_FUNC_ARG; - #endif + WOLFSSL_LEAVE("DecodeCertPolicy", 0); + return 0; +#else /* WOLFSSL_ASN_TEMPLATE */ + word32 idx = 0; + int ret = 0; + int total_length = 0; +#if defined(WOLFSSL_CERT_EXT) && !defined(WOLFSSL_DUP_CERTPOL) + int i; +#endif - if (ret == 0) { - #if defined(WOLFSSL_CERT_EXT) - cert->extCertPoliciesNb = 0; - #endif + WOLFSSL_ENTER("DecodeCertPolicy"); - /* Strip SEQUENCE OF and check using all data. */ - if (GetASN_Sequence(input, &idx, &total_length, (word32)sz, 1) < 0) - { - ret = ASN_PARSE_E; - } + /* Check if cert is null before dereferencing below */ + if (cert == NULL) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + #if defined(WOLFSSL_CERT_EXT) + cert->extCertPoliciesNb = 0; + #endif + + /* Strip SEQUENCE OF and check using all data. */ + if (GetASN_Sequence(input, &idx, &total_length, (word32)sz, 1) < 0) + { + ret = ASN_PARSE_E; } + } - /* Unwrap certificatePolicies */ - while ((ret == 0) && ((int)idx < total_length) - #if defined(WOLFSSL_CERT_EXT) - && (cert->extCertPoliciesNb < MAX_CERTPOL_NB) - #endif - ) { - ASNGetData dataASN[policyInfoASN_Length]; - byte* data = NULL; - word32 length = 0; + /* Unwrap certificatePolicies */ + while ((ret == 0) && ((int)idx < total_length) + #if defined(WOLFSSL_CERT_EXT) + && (cert->extCertPoliciesNb < MAX_CERTPOL_NB) + #endif + ) { + ASNGetData dataASN[policyInfoASN_Length]; + byte* data = NULL; + word32 length = 0; - /* Clear dynamic data and check OID is a cert policy type. */ - XMEMSET(dataASN, 0, sizeof(dataASN)); - GetASN_OID(&dataASN[POLICYINFOASN_IDX_ID], oidCertPolicyType); - ret = GetASN_Items(policyInfoASN, dataASN, policyInfoASN_Length, 1, - input, &idx, (word32)sz); - if (ret == 0) { - /* Get the OID. */ - GetASN_OIDData(&dataASN[POLICYINFOASN_IDX_ID], &data, &length); - if (length == 0) { - ret = ASN_PARSE_E; - } - } - #if defined(WOLFSSL_SEP) - /* Store OID in device type. */ - if (ret == 0) { - cert->deviceType = (byte*)XMALLOC(length, cert->heap, - DYNAMIC_TYPE_X509_EXT); - if (cert->deviceType == NULL) { - WOLFSSL_MSG("\tCouldn't alloc memory for deviceType"); - ret = MEMORY_E; - } + /* Clear dynamic data and check OID is a cert policy type. */ + XMEMSET(dataASN, 0, sizeof(dataASN)); + GetASN_OID(&dataASN[POLICYINFOASN_IDX_ID], oidCertPolicyType); + ret = GetASN_Items(policyInfoASN, dataASN, policyInfoASN_Length, 1, + input, &idx, (word32)sz); + if (ret == 0) { + /* Get the OID. */ + GetASN_OIDData(&dataASN[POLICYINFOASN_IDX_ID], &data, &length); + if (length == 0) { + ret = ASN_PARSE_E; } - if (ret == 0) { + } + #ifdef WOLFSSL_SEP + /* Store OID in device type. */ + if (ret == 0 && cert->deviceType == NULL) { + cert->deviceType = (byte*)XMALLOC(length, cert->heap, + DYNAMIC_TYPE_X509_EXT); + if (cert->deviceType != NULL) { /* Store device type data and length. */ cert->deviceTypeSz = (int)length; XMEMCPY(cert->deviceType, data, length); - break; } - #elif defined(WOLFSSL_CERT_EXT) - if (ret == 0) { - /* Decode cert policy. */ - if (DecodePolicyOID( - cert->extCertPolicies[cert->extCertPoliciesNb], - MAX_CERTPOL_SZ, data, length) <= 0) { - WOLFSSL_MSG("\tCouldn't decode CertPolicy"); - WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); - ret = ASN_PARSE_E; - } + else { + WOLFSSL_MSG("\tCouldn't alloc memory for deviceType"); + ret = MEMORY_E; } - #ifndef WOLFSSL_DUP_CERTPOL - /* From RFC 5280 section 4.2.1.4 "A certificate policy OID MUST - * NOT appear more than once in a certificate policies - * extension". This is a sanity check for duplicates. - * extCertPolicies should only have OID values, additional - * qualifiers need to be stored in a separate array. */ - for (i = 0; (ret == 0) && (i < cert->extCertPoliciesNb); i++) { - if (XMEMCMP(cert->extCertPolicies[i], - cert->extCertPolicies[cert->extCertPoliciesNb], - MAX_CERTPOL_SZ) == 0) { - WOLFSSL_MSG("Duplicate policy OIDs not allowed"); - WOLFSSL_MSG("Use WOLFSSL_DUP_CERTPOL if wanted"); - WOLFSSL_ERROR_VERBOSE(CERTPOLICIES_E); - ret = CERTPOLICIES_E; - } + } + #endif /* WOLFSSL_SEP */ + + #ifdef WOLFSSL_CERT_EXT + if (ret == 0) { + /* Decode cert policy. */ + if (DecodePolicyOID( + cert->extCertPolicies[cert->extCertPoliciesNb], + MAX_CERTPOL_SZ, data, length) <= 0) { + WOLFSSL_MSG("\tCouldn't decode CertPolicy"); + WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); + ret = ASN_PARSE_E; } - #endif /* !defined(WOLFSSL_DUP_CERTPOL) */ - if (ret == 0) { - /* Keep count of policies seen. */ - cert->extCertPoliciesNb++; + } + #ifndef WOLFSSL_DUP_CERTPOL + /* From RFC 5280 section 4.2.1.4 "A certificate policy OID MUST + * NOT appear more than once in a certificate policies + * extension". This is a sanity check for duplicates. + * extCertPolicies should only have OID values, additional + * qualifiers need to be stored in a separate array. */ + for (i = 0; (ret == 0) && (i < cert->extCertPoliciesNb); i++) { + if (XMEMCMP(cert->extCertPolicies[i], + cert->extCertPolicies[cert->extCertPoliciesNb], + MAX_CERTPOL_SZ) == 0) { + WOLFSSL_MSG("Duplicate policy OIDs not allowed"); + WOLFSSL_MSG("Use WOLFSSL_DUP_CERTPOL if wanted"); + WOLFSSL_ERROR_VERBOSE(CERTPOLICIES_E); + ret = CERTPOLICIES_E; } - #else - (void)data; - WOLFSSL_LEAVE("DecodeCertPolicy : unsupported mode", 0); - break; - #endif } - - WOLFSSL_LEAVE("DecodeCertPolicy", 0); - return ret; - #endif /* WOLFSSL_ASN_TEMPLATE */ + #endif /* !WOLFSSL_DUP_CERTPOL */ + if (ret == 0) { + /* Keep count of policies seen. */ + cert->extCertPoliciesNb++; + } + #endif /* WOLFSSL_CERT_EXT */ } -#endif /* WOLFSSL_SEP */ + + WOLFSSL_LEAVE("DecodeCertPolicy", 0); + return ret; +#endif /* WOLFSSL_ASN_TEMPLATE */ +} +#endif /* WOLFSSL_SEP || WOLFSSL_CERT_EXT */ #ifdef WOLFSSL_SUBJ_DIR_ATTR #ifdef WOLFSSL_ASN_TEMPLATE @@ -21244,15 +21230,11 @@ static int DecodeExtensionType(const byte* input, word32 length, word32 oid, /* Certificate policies. */ case CERT_POLICY_OID: - #if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) + #ifdef WOLFSSL_SEP VERIFY_AND_SET_OID(cert->extCertPolicySet); - #if defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL) - cert->extCertPolicyCrit = critical ? 1 : 0; - #endif + cert->extCertPolicyCrit = critical ? 1 : 0; #endif - #if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT) || \ - defined(WOLFSSL_QT) + #if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT) if (DecodeCertPolicy(input, length, cert) < 0) { ret = ASN_PARSE_E; } @@ -24121,7 +24103,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm, Signer /* If you end up here with error -188, * consider using WOLFSSL_ALT_CERT_CHAINS. */ #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) - /* ret needs to be self-signer error for Qt compat */ + /* ret needs to be self-signer error for openssl compatibility */ if (cert->selfSigned) { WOLFSSL_ERROR_VERBOSE(ASN_SELF_SIGNED_E); return ASN_SELF_SIGNED_E; @@ -28140,8 +28122,7 @@ int wc_EncodeNameCanonical(EncodedName* name, const char* nameStr, } #endif /* WOLFSSL_CERT_GEN || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ -#if (defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)) || \ - (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) +#ifdef WOLFSSL_ASN_PARSE_KEYUSAGE /* Convert key usage string (comma delimited, null terminated) to word16 * Returns 0 on success, negative on error */ @@ -28264,7 +28245,7 @@ int ParseExtKeyUsageStr(const char* value, byte* extKeyUsage, void* heap) return ret; } -#endif /* (CERT_GEN && CERT_EXT) || (OPENSSL_ALL || OPENSSL_EXTRA) */ +#endif /* WOLFSSL_ASN_PARSE_KEYUSAGE */ #ifdef WOLFSSL_CERT_GEN /* Encodes one attribute of the name (issuer/subject) @@ -35899,7 +35880,7 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size, if (idx >= size) return BUFFER_E; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#ifdef WOLFSSL_OCSP_PARSE_STATUS single->status->thisDateAsn = source + idx; localIdx = 0; if (GetDateInfo(single->status->thisDateAsn, &localIdx, NULL, @@ -35935,7 +35916,7 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size, idx++; if (GetLength(source, &idx, &length, size) < 0) return ASN_PARSE_E; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#ifdef WOLFSSL_OCSP_PARSE_STATUS single->status->nextDateAsn = source + idx; localIdx = 0; if (GetDateInfo(single->status->nextDateAsn, &localIdx, NULL, @@ -36071,8 +36052,7 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size, } if (ret == 0) { #endif - #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ - defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) + #ifdef WOLFSSL_OCSP_PARSE_STATUS /* Store ASN.1 version of thisDate. */ cs->thisDateAsn = GetASNItem_Addr( dataASN[SINGLERESPONSEASN_IDX_THISUPDATE_GT], source); @@ -36095,8 +36075,7 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size, if ((ret == 0) && (dataASN[SINGLERESPONSEASN_IDX_NEXTUPDATE_GT].tag != 0)) { #endif - #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ - defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) + #ifdef WOLFSSL_OCSP_PARSE_STATUS /* Store ASN.1 version of thisDate. */ cs->nextDateAsn = GetASNItem_Addr( dataASN[SINGLERESPONSEASN_IDX_NEXTUPDATE_GT], source); @@ -37521,9 +37500,7 @@ void FreeOcspRequest(OcspRequest* req) XFREE(req->url, req->heap, DYNAMIC_TYPE_OCSP_REQUEST); req->url = NULL; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ - defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_APACHE_HTTPD) || \ - defined(HAVE_LIGHTY) +#ifdef OPENSSL_EXTRA if (req->cid != NULL) wolfSSL_OCSP_CERTID_free((WOLFSSL_OCSP_CERTID*)req->cid); req->cid = NULL; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index a119007679..49387b0669 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -5176,13 +5176,9 @@ struct WOLFSSL_X509 { byte hwType[EXTERNAL_SERIAL_SIZE]; int hwSerialNumSz; byte hwSerialNum[EXTERNAL_SERIAL_SIZE]; -#endif /* WOLFSSL_SEP */ -#if (defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || \ - defined (OPENSSL_EXTRA)) && \ - (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) byte certPolicySet; byte certPolicyCrit; -#endif /* (WOLFSSL_SEP || WOLFSSL_QT) && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ +#endif /* WOLFSSL_SEP */ #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) WOLFSSL_STACK* ext_sk; /* Store X509_EXTENSIONS from wolfSSL_X509_get_ext */ WOLFSSL_STACK* ext_sk_full; /* Store X509_EXTENSIONS from wolfSSL_X509_get0_extensions */ diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 625618e1a7..3656feb7eb 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -1418,10 +1418,10 @@ struct DNS_entry { int type; /* i.e. ASN_DNS_TYPE */ int len; /* actual DNS len */ char* name; /* actual DNS name */ -#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) +#ifdef WOLFSSL_IP_ALT_NAME char* ipString; /* human readable form of IP address */ #endif -#if defined(OPENSSL_ALL) +#ifdef WOLFSSL_RID_ALT_NAME char* ridString; /* human readable form of registeredID */ #endif @@ -1714,7 +1714,7 @@ struct DecodedCert { word32 extensionsIdx; /* if want to go back and parse later */ const byte* extAuthInfo; /* Authority Information Access URI */ int extAuthInfoSz; /* length of the URI */ -#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) +#ifdef WOLFSSL_ASN_CA_ISSUER const byte* extAuthInfoCaIssuer; /* Authority Info Access caIssuer URI */ int extAuthInfoCaIssuerSz; /* length of the caIssuer URI */ #endif @@ -1804,7 +1804,7 @@ struct DecodedCert { char* subjectSN; int subjectSNLen; char subjectSNEnc; - #ifdef WOLFSSL_CERT_NAME_ALL +#ifdef WOLFSSL_CERT_NAME_ALL char* subjectN; int subjectNLen; char subjectNEnc; @@ -1817,7 +1817,7 @@ struct DecodedCert { char* subjectDNQ; int subjectDNQLen; char subjectDNQEnc; - #endif /*WOLFSSL_CERT_NAME_ALL */ +#endif /* WOLFSSL_CERT_NAME_ALL */ char* subjectC; int subjectCLen; char subjectCEnc; @@ -1882,7 +1882,7 @@ struct DecodedCert { char* issuerEmail; int issuerEmailLen; #endif /* WOLFSSL_HAVE_ISSUER_NAMES */ -#endif /* defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) */ +#endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) /* WOLFSSL_X509_NAME structures (used void* to avoid including ssl.h) */ void* issuerName; @@ -1962,7 +1962,7 @@ struct DecodedCert { byte extSubjAltNameSet : 1; byte inhibitAnyOidSet : 1; byte selfSigned : 1; /* Indicates subject and issuer are same */ -#if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) +#ifdef WOLFSSL_SEP byte extCertPolicySet : 1; #endif byte extCRLdistCrit : 1; @@ -1988,7 +1988,7 @@ struct DecodedCert { byte extAltSigAlgSet : 1; byte extAltSigValSet : 1; #endif /* WOLFSSL_DUAL_ALG_CERTS */ -#if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) +#ifdef WOLFSSL_SEP byte extCertPolicyCrit : 1; #endif #ifdef WOLFSSL_CERT_REQ @@ -2040,7 +2040,7 @@ struct Signer { #ifndef IGNORE_NAME_CONSTRAINTS Base_entry* permittedNames; Base_entry* excludedNames; -#endif /* IGNORE_NAME_CONSTRAINTS */ +#endif /* !IGNORE_NAME_CONSTRAINTS */ byte subjectNameHash[SIGNER_DIGEST_SIZE]; /* sha hash of names in certificate */ #if defined(HAVE_OCSP) || defined(HAVE_CRL) @@ -2263,8 +2263,7 @@ WOLFSSL_LOCAL int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz, int* algoID, void* heap); typedef struct tm wolfssl_tm; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) || \ - defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#ifdef WOLFSSL_ASN_TIME_STRING WOLFSSL_LOCAL int GetTimeString(byte* date, int format, char* buf, int len); #endif #if !defined(NO_ASN_TIME) && !defined(USER_TIME) && \ @@ -2431,13 +2430,12 @@ WOLFSSL_LOCAL int AllocCopyDer(DerBuffer** der, const unsigned char* buff, word32 length, int type, void* heap); WOLFSSL_LOCAL void FreeDer(DerBuffer** der); -#if (defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)) || \ - (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) +#ifdef WOLFSSL_ASN_PARSE_KEYUSAGE WOLFSSL_LOCAL int ParseKeyUsageStr(const char* value, word16* keyUsage, void* heap); WOLFSSL_LOCAL int ParseExtKeyUsageStr(const char* value, byte* extKeyUsage, void* heap); -#endif /* (CERT_GEN && CERT_EXT) || (OPENSSL_ALL || OPENSSL_EXTRA) */ +#endif #endif /* !NO_CERTS */ @@ -2529,8 +2527,7 @@ struct CertStatus { byte nextDate[MAX_DATE_SIZE]; byte thisDateFormat; byte nextDateFormat; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ - defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) +#ifdef WOLFSSL_OCSP_PARSE_STATUS WOLFSSL_ASN1_TIME thisDateParsed; WOLFSSL_ASN1_TIME nextDateParsed; byte* thisDateAsn; @@ -2615,10 +2612,6 @@ struct OcspRequest { int serialSz; #ifdef OPENSSL_EXTRA WOLFSSL_ASN1_INTEGER* serialInt; -#endif -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ - defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_APACHE_HTTPD) || \ - defined(HAVE_LIGHTY) void* cid; /* WOLFSSL_OCSP_CERTID kept to free */ #endif byte* url; /* copy of the extAuthInfo in source cert */ diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index 7b100545ce..ae77875774 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -361,7 +361,6 @@ typedef struct WOLFSSL_ASN1_INTEGER { #endif #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ -#if defined(WOLFSSL_CERT_GEN) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) #ifdef WOLFSSL_MULTI_ATTRIB #ifndef CTC_MAX_ATTRIB #define CTC_MAX_ATTRIB 4 @@ -375,7 +374,6 @@ typedef struct NameAttrib { char value[CTC_NAME_SIZE]; /* name */ } NameAttrib; #endif /* WOLFSSL_MULTI_ATTRIB */ -#endif /* WOLFSSL_CERT_GEN || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #ifdef WOLFSSL_CUSTOM_OID typedef struct CertOidField { diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 3fa0ba5627..0153e49725 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2889,6 +2889,116 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_ASN_TEMPLATE #endif + +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + #undef WOLFSSL_ASN_ALL + #define WOLFSSL_ASN_ALL +#endif + +/* Enable all parsing features for ASN */ +#ifdef WOLFSSL_ASN_ALL + /* Alternate Names */ + #undef WOLFSSL_ALT_NAMES + #define WOLFSSL_ALT_NAMES + + /* Alternate Name: human readable form of IP address*/ + #undef WOLFSSL_IP_ALT_NAME + #define WOLFSSL_IP_ALT_NAME + + /* Alternate name: human readable form of registered ID */ + #undef WOLFSSL_RID_ALT_NAME + #define WOLFSSL_RID_ALT_NAME + + /* CA Issuer URI */ + #undef WOLFSSL_ASN_CA_ISSUER + #define WOLFSSL_ASN_CA_ISSUER + + /* FPKI (Federal PKI) extensions */ + #undef WOLFSSL_FPKI + #define WOLFSSL_FPKI + + /* Certificate policies */ + #undef WOLFSSL_SEP + #define WOLFSSL_SEP + + /* Support for full AuthorityKeyIdentifier extension. + * Only supports copying full AKID from an existing certificate */ + #undef WOLFSSL_AKID_NAME + #define WOLFSSL_AKID_NAME + + #undef WOLFSSL_CERT_EXT + #define WOLFSSL_CERT_EXT + + /* Support for SubjectDirectoryAttributes extension */ + #undef WOLFSSL_SUBJ_DIR_ATTR + #define WOLFSSL_SUBJ_DIR_ATTR + + /* Support for SubjectInfoAccess extension */ + #undef WOLFSSL_SUBJ_INFO_ACC + #define WOLFSSL_SUBJ_INFO_ACC + + #undef WOLFSSL_CERT_NAME_ALL + #define WOLFSSL_CERT_NAME_ALL + + #undef WOLFSSL_HAVE_ISSUER_NAMES + #define WOLFSSL_HAVE_ISSUER_NAMES + + #undef WOLFSSL_MULTI_ATTRIB + #define WOLFSSL_MULTI_ATTRIB + + #undef ASN_BER_TO_DER + #define ASN_BER_TO_DER + + #undef WOLFSSL_CUSTOM_OID + #define WOLFSSL_CUSTOM_OID + + #undef HAVE_OID_ENCODING + #define HAVE_OID_ENCODING + + #undef HAVE_OID_DECODING + #define HAVE_OID_DECODING + + #undef HAVE_SMIME + #define HAVE_SMIME + + #undef WOLFSSL_ASN_TIME_STRING + #define WOLFSSL_ASN_TIME_STRING + + #undef WOLFSSL_ASN_PARSE_KEYUSAGE + #define WOLFSSL_ASN_PARSE_KEYUSAGE + + #undef WOLFSSL_OCSP_PARSE_STATUS + #define WOLFSSL_OCSP_PARSE_STATUS +#endif + +#if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \ + defined(OPENSSL_EXTRA) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) + #undef WOLFSSL_ASN_TIME_STRING + #define WOLFSSL_ASN_TIME_STRING +#endif + +#if (defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)) || \ + (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) + #undef WOLFSSL_ASN_PARSE_KEYUSAGE + #define WOLFSSL_ASN_PARSE_KEYUSAGE +#endif + +#if defined(HAVE_OCSP) && !defined(WOLFCRYPT_ONLY) && \ + (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ + defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) || \ + defined(WOLFSSL_APACHE_HTTPD)) + #undef WOLFSSL_OCSP_PARSE_STATUS + #define WOLFSSL_OCSP_PARSE_STATUS +#endif + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(WOLFSSL_CERT_GEN) + #undef WOLFSSL_MULTI_ATTRIB + #define WOLFSSL_MULTI_ATTRIB +#endif + + +/* Linux Kernel Module */ #ifdef WOLFSSL_LINUXKM #ifdef HAVE_CONFIG_H #include From afb6fe6c5f2ea20da7da7db01f88b1d4d43d874a Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 26 Jul 2024 15:23:02 -0700 Subject: [PATCH 35/71] Fixes for building due to missing OCSP and DecodePolicyOID (`--enable-curl` and `--enable-openssh`). --- src/ocsp.c | 14 +++++++++++--- wolfcrypt/src/asn.c | 5 +++-- wolfssl/ocsp.h | 16 ++++++---------- 3 files changed, 20 insertions(+), 15 deletions(-) diff --git a/src/ocsp.c b/src/ocsp.c index 9e3a99656b..962c209d2f 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -702,8 +702,10 @@ int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs, if (nextupd != NULL) *nextupd = &single->status->nextDateParsed; #else - (void)thisupd; - (void)nextupd; + if (thisupd != NULL) + *thisupd = NULL; + if (nextupd != NULL) + *nextupd = NULL; #endif /* TODO: Not needed for Nginx or httpd */ @@ -1348,11 +1350,17 @@ int wolfSSL_OCSP_single_get0_status(WOLFSSL_OCSP_SINGLERESP *single, if (single == NULL) return WOLFSSL_FAILURE; +#ifdef WOLFSSL_OCSP_PARSE_STATUS if (thisupd != NULL) *thisupd = &single->status->thisDateParsed; if (nextupd != NULL) *nextupd = &single->status->nextDateParsed; - +#else + if (thisupd != NULL) + *thisupd = NULL; + if (nextupd != NULL) + *nextupd = NULL; +#endif if (reason != NULL) *reason = 0; if (revtime != NULL) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index ade8552911..c8a0dec8b2 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -20412,7 +20412,8 @@ static int DecodeNameConstraints(const byte* input, word32 sz, } #endif /* IGNORE_NAME_CONSTRAINTS */ -#ifdef WOLFSSL_CERT_EXT +#if defined(WOLFSSL_CERT_EXT) || \ + defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) /* Decode ITU-T X.690 OID format to a string representation * return string length */ @@ -20464,7 +20465,7 @@ int DecodePolicyOID(char *out, word32 outSz, const byte *in, word32 inSz) exit: return w; } -#endif /* WOLFSSL_CERT_EXT */ +#endif /* WOLFSSL_CERT_EXT || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT) #ifdef WOLFSSL_ASN_TEMPLATE diff --git a/wolfssl/ocsp.h b/wolfssl/ocsp.h index 52ea54b679..b05510cfcf 100644 --- a/wolfssl/ocsp.h +++ b/wolfssl/ocsp.h @@ -67,13 +67,11 @@ WOLFSSL_LOCAL int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int resp WOLFSSL_LOCAL int CheckOcspResponder(OcspResponse *bs, DecodedCert *cert, void* vp); -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ - defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIGHTY) - - WOLFSSL_API int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs, - WOLFSSL_OCSP_CERTID *id, int *status, int *reason, - WOLFSSL_ASN1_TIME **revtime, WOLFSSL_ASN1_TIME **thisupd, - WOLFSSL_ASN1_TIME **nextupd); +#ifdef OPENSSL_EXTRA +WOLFSSL_API int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs, + WOLFSSL_OCSP_CERTID *id, int *status, int *reason, + WOLFSSL_ASN1_TIME **revtime, WOLFSSL_ASN1_TIME **thisupd, + WOLFSSL_ASN1_TIME **nextupd); WOLFSSL_API const char *wolfSSL_OCSP_cert_status_str(long s); WOLFSSL_API int wolfSSL_OCSP_check_validity(WOLFSSL_ASN1_TIME* thisupd, WOLFSSL_ASN1_TIME* nextupd, long sec, long maxsec); @@ -132,8 +130,6 @@ WOLFSSL_API int wolfSSL_OCSP_resp_count(WOLFSSL_OCSP_BASICRESP *bs); WOLFSSL_API WOLFSSL_OCSP_SINGLERESP* wolfSSL_OCSP_resp_get0( WOLFSSL_OCSP_BASICRESP *bs, int idx); -#endif -#ifdef OPENSSL_EXTRA WOLFSSL_API int wolfSSL_OCSP_REQUEST_add_ext(OcspRequest* req, WOLFSSL_X509_EXTENSION* ext, int idx); WOLFSSL_API OcspResponse* wolfSSL_OCSP_response_create(int status, @@ -148,7 +144,7 @@ WOLFSSL_API int wolfSSL_OCSP_request_add1_nonce(OcspRequest* req, unsigned char* val, int sz); WOLFSSL_API int wolfSSL_OCSP_check_nonce(OcspRequest* req, WOLFSSL_OCSP_BASICRESP* bs); -#endif +#endif /* OPENSSL_EXTRA */ #ifdef __cplusplus From bbbc1e074cbbacc84588e4a1b4a628ae6e9f167f Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 26 Jul 2024 16:25:50 -0700 Subject: [PATCH 36/71] Fixes for clang-tidy. --- src/ocsp.c | 4 +--- src/x509.c | 20 ++++++++++++-------- wolfcrypt/src/ecc.c | 7 +++---- 3 files changed, 16 insertions(+), 15 deletions(-) diff --git a/src/ocsp.c b/src/ocsp.c index 962c209d2f..70f6bf6f87 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -284,7 +284,7 @@ static int GetOcspStatus(WOLFSSL_OCSP* ocsp, OcspRequest* request, * ocsp Context object for OCSP status. * response OCSP response message data. * responseSz Length of OCSP response message data. - * reponseBuffer Buffer object to return the response with. + * responseBuffer Buffer object to return the response with. * status The certificate status object. * entry The OCSP entry for this certificate. * ocspRequest Request corresponding to response. @@ -880,10 +880,8 @@ int wolfSSL_OCSP_basic_verify(WOLFSSL_OCSP_BASICRESP *bs, return WOLFSSL_FAILURE; #endif -#ifdef OPENSSL_EXTRA if (bs->verifyError != OCSP_VERIFY_ERROR_NONE) goto out; -#endif if (flags & OCSP_TRUSTOTHER) { for (idx = 0; idx < wolfSSL_sk_X509_num(certs); idx++) { diff --git a/src/x509.c b/src/x509.c index af170b039d..088e217cce 100644 --- a/src/x509.c +++ b/src/x509.c @@ -1426,6 +1426,11 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo break; default: #ifdef WOLFSSL_CUSTOM_OID + { + char *oid = NULL; + byte *val = NULL; + int err = 0; + if ((ext->obj == NULL) || (ext->value.length == 0)) { WOLFSSL_MSG("Extension has insufficient information."); return WOLFSSL_FAILURE; @@ -1438,12 +1443,10 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo } /* This is a viable custom extension. */ - char *oid = XMALLOC(MAX_OID_STRING_SZ, x509->heap, - DYNAMIC_TYPE_X509_EXT); - byte *val = XMALLOC(ext->value.length, x509->heap, - DYNAMIC_TYPE_X509_EXT); - int err = 0; - + oid = (char*)XMALLOC(MAX_OID_STRING_SZ, x509->heap, + DYNAMIC_TYPE_X509_EXT); + val = (byte*)XMALLOC(ext->value.length, x509->heap, + DYNAMIC_TYPE_X509_EXT); if ((oid == NULL) || (val == NULL)) { WOLFSSL_MSG("Memory allocation failure.\n"); err = 1; @@ -1468,12 +1471,13 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo x509->custom_exts[x509->customExtCount].val = val; x509->custom_exts[x509->customExtCount].valSz = ext->value.length; x509->customExtCount++; + break; + } #else WOLFSSL_MSG("Unsupported extension to add"); return WOLFSSL_FAILURE; #endif /* WOLFSSL_CUSTOM_OID */ - break; - } + } /* switch (nid) */ return WOLFSSL_SUCCESS; } diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index c4f1f6f21e..1d5e8135c4 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -15437,9 +15437,8 @@ int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz) /* find matching OID sum (based on encoded value) */ for (x = 0; ecc_sets[x].size != 0; x++) { if (ecc_sets[x].oidSum == oidSum) { - int ret; #ifdef HAVE_OID_ENCODING - ret = 0; + int ret = 0; /* check cache */ oid_cache_t* o = &ecc_oid_cache[x]; if (o->oidSz == 0) { @@ -15457,6 +15456,7 @@ int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz) if (ret == 0) { ret = ecc_sets[x].id; } + return ret; #else if (oidSz) { *oidSz = ecc_sets[x].oidSz; @@ -15464,9 +15464,8 @@ int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz) if (oid) { *oid = ecc_sets[x].oid; } - ret = ecc_sets[x].id; + return ecc_sets[x].id; #endif - return ret; } } From 877c1d781f5b445980e75e49714bf4a12231e1eb Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 30 Jul 2024 10:39:48 -0700 Subject: [PATCH 37/71] Fix bad C89 XSNPRINTF remap. --- wolfssl/wolfcrypt/types.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index b907e92487..8e4b0aa358 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -832,7 +832,7 @@ typedef struct w64wrapper { #include #define XSPRINTF sprintf /* snprintf not available for C89, so remap using macro */ - #define XSNPRINTF(f, len, ...) sprintf(f, ...) + #define XSNPRINTF(f, len, ...) sprintf(f, __VA_ARGS__) #else #include #define XSNPRINTF snprintf From 1d9b86e2b0e81e1d870a70d8ca35c60d82b937f8 Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 30 Jul 2024 11:51:20 -0700 Subject: [PATCH 38/71] Fix for TLS v1.2 secret callback, incorrectly detecting bad master secret. API test cleanups (no sleep needed). --- src/internal.c | 37 ++++++++++++++++++++----------------- src/ssl.c | 5 ++--- tests/api.c | 25 +++++++++++-------------- 3 files changed, 33 insertions(+), 34 deletions(-) diff --git a/src/internal.c b/src/internal.c index 324ec932cd..93e7d1a36f 100644 --- a/src/internal.c +++ b/src/internal.c @@ -344,7 +344,7 @@ void wolfssl_priv_der_unblind(DerBuffer* key, DerBuffer* mask) { wolfSSL_CTX_keylog_cb_func logCb = NULL; int msSz; - int hasVal; + int invalidCount; int i; const char* label = SSC_CR; int labelSz = sizeof(SSC_CR); @@ -355,32 +355,34 @@ void wolfssl_priv_der_unblind(DerBuffer* key, DerBuffer* mask) int ret; (void)ctx; - if (ssl == NULL || secret == NULL || *secretSz == 0) + if (ssl == NULL || secret == NULL || secretSz == NULL || *secretSz == 0) return BAD_FUNC_ARG; if (ssl->arrays == NULL) return BAD_FUNC_ARG; - /* get the user-callback func from CTX*/ + /* get the user-callback func from CTX */ logCb = ssl->ctx->keyLogCb; - if (logCb == NULL) - return 0; + if (logCb == NULL) { + return 0; /* no logging callback */ + } - /* need to make sure the given master-secret has a meaningful value */ + /* make sure the given master-secret has a meaningful value */ msSz = *secretSz; - hasVal = 0; + invalidCount = 0; for (i = 0; i < msSz; i++) { - if (*((byte*)secret) != 0) { - hasVal = 1; - break; + if (((byte*)secret)[i] == 0) { + invalidCount++; } } - if (hasVal == 0) - return 0; /* master-secret looks invalid */ + if (invalidCount == *secretSz) { + WOLFSSL_MSG("master-secret is not valid"); + return 0; /* ignore error */ + } /* build up a hex-decoded keylog string - "CLIENT_RANDOM " - note that each keylog string does not have CR/LF. - */ + * "CLIENT_RANDOM " + * note that each keylog string does not have CR/LF. + */ buffSz = labelSz + (RAN_LEN * 2) + 1 + ((*secretSz) * 2) + 1; log = XMALLOC(buffSz, ssl->heap, DYNAMIC_TYPE_SECRET); if (log == NULL) @@ -410,8 +412,9 @@ void wolfssl_priv_der_unblind(DerBuffer* key, DerBuffer* mask) ret = 0; } } - else - ret = MEMORY_E; + else { + ret = BUFFER_E; + } } /* Zero out Base16 encoded secret and other data. */ ForceZero(log, buffSz); diff --git a/src/ssl.c b/src/ssl.c index 6beb751818..23c4db1cfa 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -23353,7 +23353,7 @@ void wolfSSL_CTX_set_keylog_callback(WOLFSSL_CTX* ctx, wolfSSL_CTX_keylog_cb_func cb) { WOLFSSL_ENTER("wolfSSL_CTX_set_keylog_callback"); - /* stores the callback into WOLFSSL_CTX */ + /* stores the callback into WOLFSSL_CTX */ if (ctx != NULL) { ctx->keyLogCb = cb; } @@ -23364,8 +23364,7 @@ wolfSSL_CTX_keylog_cb_func wolfSSL_CTX_get_keylog_callback( WOLFSSL_ENTER("wolfSSL_CTX_get_keylog_callback"); if (ctx != NULL) return ctx->keyLogCb; - else - return NULL; + return NULL; } #endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */ diff --git a/tests/api.c b/tests/api.c index c24932b43b..45b38139e4 100644 --- a/tests/api.c +++ b/tests/api.c @@ -49570,20 +49570,19 @@ static THREAD_RETURN WOLFSSL_THREAD server_task_ech(void* args) #endif /* HAVE_ECH && WOLFSSL_TLS13 */ #if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK) -static void keyLog_callback(const WOLFSSL* ssl, const char* line ) +static void keyLog_callback(const WOLFSSL* ssl, const char* line) { + XFILE fp; + const byte lf = '\n'; AssertNotNull(ssl); AssertNotNull(line); - XFILE fp; - const byte lf = '\n'; fp = XFOPEN("./MyKeyLog.txt", "a"); - XFWRITE( line, 1, strlen(line),fp); - XFWRITE( (void*)&lf,1,1,fp); + XFWRITE(line, 1, XSTRLEN(line), fp); + XFWRITE((void*)&lf, 1, 1, fp); XFFLUSH(fp); XFCLOSE(fp); - } #endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */ static int test_wolfSSL_CTX_set_keylog_callback(void) @@ -49631,12 +49630,14 @@ static int test_wolfSSL_Tls12_Key_Logging_test(void) { EXPECT_DECLS; #if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK) -/* This test is intended for checking whether keylog callback is called - * in client during TLS handshake between the client and a server. - */ + /* This test is intended for checking whether keylog callback is called + * in client during TLS handshake between the client and a server. + */ test_ssl_cbf server_cbf; test_ssl_cbf client_cbf; XFILE fp = XBADFILE; + char buff[500]; + int found = 0; XMEMSET(&server_cbf, 0, sizeof(test_ssl_cbf)); XMEMSET(&client_cbf, 0, sizeof(test_ssl_cbf)); @@ -49653,16 +49654,12 @@ static int test_wolfSSL_Tls12_Key_Logging_test(void) ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf, &server_cbf, NULL), TEST_SUCCESS); - XSLEEP_MS(100); /* check if the keylog file exists */ - - char buff[300] = {0}; - int found = 0; - ExpectTrue((fp = XFOPEN("./MyKeyLog.txt", "r")) != XBADFILE); XFFLUSH(fp); /* Just to make sure any buffers get flushed */ + XMEMSET(buff, 0, sizeof(buff)); while (EXPECT_SUCCESS() && XFGETS(buff, (int)sizeof(buff), fp) != NULL) { if (0 == strncmp(buff,"CLIENT_RANDOM ", sizeof("CLIENT_RANDOM ")-1)) { found = 1; From 548a2c6d8ea056c74bba80ffb71df288f7cd6e21 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 31 Jul 2024 09:42:46 -0700 Subject: [PATCH 39/71] Fixed issues building with nocrypt. Improved logic on `ASN_BER_TO_DER`. Improved logic on unknown extension callback (new `WC_ASN_UNKNOWN_EXT_CB` gate). --- src/ssl.c | 3 +- src/ssl_certman.c | 8 ++- wolfcrypt/src/asn.c | 19 +++---- wolfcrypt/src/pkcs7.c | 17 +++---- wolfcrypt/test/test.c | 10 ++-- wolfssl/internal.h | 3 +- wolfssl/ssl.h | 3 +- wolfssl/wolfcrypt/asn.h | 20 ++++---- wolfssl/wolfcrypt/pkcs7.h | 6 +-- wolfssl/wolfcrypt/settings.h | 98 ++++++++++++++++++++++-------------- wolfssl/wolfcrypt/types.h | 3 +- 11 files changed, 97 insertions(+), 93 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index d99823c447..361a54545c 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -5359,8 +5359,7 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify) InitDecodedCert(cert, der->buffer, der->length, cm->heap); -#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) && \ - defined(HAVE_OID_DECODING) +#ifdef WC_ASN_UNKNOWN_EXT_CB if (cm->unknownExtCallback != NULL) { wc_SetUnknownExtCallback(cert, cm->unknownExtCallback); } diff --git a/src/ssl_certman.c b/src/ssl_certman.c index bbacae489a..f9d87450ec 100644 --- a/src/ssl_certman.c +++ b/src/ssl_certman.c @@ -609,8 +609,7 @@ void wolfSSL_CertManagerSetVerify(WOLFSSL_CERT_MANAGER* cm, VerifyCallback vc) } #endif /* NO_WOLFSSL_CM_VERIFY */ -#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \ - && defined(HAVE_OID_DECODING) +#ifdef WC_ASN_UNKNOWN_EXT_CB void wolfSSL_CertManagerSetUnknownExtCallback(WOLFSSL_CERT_MANAGER* cm, wc_UnknownExtCallback cb) { @@ -620,7 +619,7 @@ void wolfSSL_CertManagerSetUnknownExtCallback(WOLFSSL_CERT_MANAGER* cm, } } -#endif /* WOLFSSL_CUSTOM_OID && WOLFSSL_ASN_TEMPLATE && HAVE_OID_DECODING */ +#endif /* WC_ASN_UNKNOWN_EXT_CB */ #if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) /* Verify the certificate. @@ -690,8 +689,7 @@ int CM_VerifyBuffer_ex(WOLFSSL_CERT_MANAGER* cm, const unsigned char* buff, /* Create a decoded certificate with DER buffer. */ InitDecodedCert(cert, buff, (word32)sz, cm->heap); -#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \ - && defined(HAVE_OID_DECODING) +#ifdef WC_ASN_UNKNOWN_EXT_CB if (cm->unknownExtCallback != NULL) wc_SetUnknownExtCallback(cert, cm->unknownExtCallback); #endif diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index c8a0dec8b2..7887ee747c 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -3660,7 +3660,7 @@ int StreamOctetString(const byte* inBuf, word32 inBufSz, byte* out, word32* outS /* Convert BER to DER */ -/* Pull informtation from the ASN.1 BER encoded item header */ +/* Pull information from the ASN.1 BER encoded item header */ static int GetBerHeader(const byte* data, word32* idx, word32 maxIdx, byte* pTag, word32* pLen, int* indef) { @@ -6226,7 +6226,8 @@ static int RsaPssHashOidToMgf1(word32 oid, int* mgf) return ret; } -#ifndef NO_CERTS +#if !defined(NO_CERTS) && !defined(NO_ASN_CRYPT) + /* Convert a hash OID to a fake signature OID. * * @param [in] oid Hash OID. @@ -21407,8 +21408,7 @@ enum { #define certExtASN_Length (sizeof(certExtASN) / sizeof(ASNItem)) #endif -#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \ - && defined(HAVE_OID_DECODING) +#ifdef WC_ASN_UNKNOWN_EXT_CB int wc_SetUnknownExtCallback(DecodedCert* cert, wc_UnknownExtCallback cb) { if (cert == NULL) { @@ -21429,7 +21429,7 @@ int wc_SetUnknownExtCallbackEx(DecodedCert* cert, cert->unknownExtCallbackExCtx = ctx; return 0; } -#endif +#endif /* WC_ASN_UNKNOWN_EXT_CB */ /* * Processing the Certificate Extensions. This does not modify the current @@ -21583,7 +21583,7 @@ static int DecodeCertExtensions(DecodedCert* cert) /* Decode the extension by type. */ ret = DecodeExtensionType(input + idx, length, oid, critical, cert, &isUnknownExt); -#if defined(WOLFSSL_CUSTOM_OID) && defined(HAVE_OID_DECODING) +#ifdef WC_ASN_UNKNOWN_EXT_CB if (isUnknownExt && (cert->unknownExtCallback != NULL || cert->unknownExtCallbackEx != NULL)) { word16 decOid[MAX_OID_SZ]; @@ -21612,8 +21612,9 @@ static int DecodeCertExtensions(DecodedCert* cert) cert->unknownExtCallbackExCtx); } } -#endif +#else (void)isUnknownExt; +#endif /* Move index on to next extension. */ idx += length; @@ -34482,7 +34483,7 @@ int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx, #endif /* WOLFSSL_ASN_TEMPLATE */ } -#if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) +#ifdef HAVE_ECC_KEY_EXPORT /* build DER formatted ECC key, include optional public key if requested, * return length on success, negative on error */ int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen, @@ -34913,7 +34914,7 @@ int wc_EccKeyToPKCS8(ecc_key* key, byte* output, return eccToPKCS8(key, output, outLen, 1); } #endif /* HAVE_PKCS8 */ -#endif /* HAVE_ECC_KEY_EXPORT && !NO_ASN_CRYPT */ +#endif /* HAVE_ECC_KEY_EXPORT */ #endif /* HAVE_ECC */ #ifdef WC_ENABLE_ASYM_KEY_IMPORT diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 31d8d8c63c..d07f1f7889 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -830,8 +830,7 @@ int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId) return 0; } -#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \ - && defined(HAVE_OID_DECODING) +#ifdef WC_ASN_UNKNOWN_EXT_CB void wc_PKCS7_SetUnknownExtCallback(PKCS7* pkcs7, wc_UnknownExtCallback cb) { if (pkcs7 != NULL) { @@ -1083,8 +1082,7 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz) int devId; Pkcs7Cert* cert; Pkcs7Cert* lastCert; -#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \ - && defined(HAVE_OID_DECODING) +#ifdef WC_ASN_UNKNOWN_EXT_CB wc_UnknownExtCallback cb; #endif @@ -1095,16 +1093,14 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz) heap = pkcs7->heap; devId = pkcs7->devId; cert = pkcs7->certList; -#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \ - && defined(HAVE_OID_DECODING) - cb = pkcs7->unknownExtCallback; +#ifdef WC_ASN_UNKNOWN_EXT_CB + cb = pkcs7->unknownExtCallback; /* save / restore callback */ #endif ret = wc_PKCS7_Init(pkcs7, heap, devId); if (ret != 0) return ret; -#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \ - && defined(HAVE_OID_DECODING) +#ifdef WC_ASN_UNKNOWN_EXT_CB pkcs7->unknownExtCallback = cb; #endif pkcs7->certList = cert; @@ -1155,8 +1151,7 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz) } InitDecodedCert(dCert, derCert, derCertSz, pkcs7->heap); -#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \ - && defined(HAVE_OID_DECODING) +#ifdef WC_ASN_UNKNOWN_EXT_CB if (pkcs7->unknownExtCallback != NULL) wc_SetUnknownExtCallback(dCert, pkcs7->unknownExtCallback); #endif diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 7c357e6818..024f6397cf 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -711,9 +711,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void); #if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prime_test(void); #endif -#if defined(ASN_BER_TO_DER) && \ - (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL)) +#ifdef ASN_BER_TO_DER WOLFSSL_TEST_SUBROUTINE wc_test_ret_t berder_test(void); #endif WOLFSSL_TEST_SUBROUTINE wc_test_ret_t logging_test(void); @@ -53957,9 +53955,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prime_test(void) #endif /* WOLFSSL_PUBLIC_MP */ -#if defined(ASN_BER_TO_DER) && \ - (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL)) +#ifdef ASN_BER_TO_DER /* wc_BerToDer is only public facing in the case of test cert or opensslextra */ typedef struct berDerTestData { const byte *in; @@ -54075,7 +54071,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t berder_test(void) return 0; } -#endif +#endif /* ASN_BER_TO_DER */ #ifdef DEBUG_WOLFSSL static THREAD_LS_T int log_cnt = 0; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 49387b0669..88188bd1d1 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2650,8 +2650,7 @@ struct WOLFSSL_CERT_MANAGER { #ifdef HAVE_DILITHIUM short minDilithiumKeySz; /* minimum allowed Dilithium key size */ #endif -#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \ - && defined(HAVE_OID_DECODING) +#ifdef WC_ASN_UNKNOWN_EXT_CB wc_UnknownExtCallback unknownExtCallback; #endif }; diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 059de3430e..dde5841377 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -3690,8 +3690,7 @@ WOLFSSL_API void wolfSSL_CTX_SetPerformTlsRecordProcessingCb(WOLFSSL_CTX* ctx, WOLFSSL_API void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm); WOLFSSL_API int wolfSSL_CertManager_up_ref(WOLFSSL_CERT_MANAGER* cm); -#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \ - && defined(HAVE_OID_DECODING) +#ifdef WC_ASN_UNKNOWN_EXT_CB WOLFSSL_API void wolfSSL_CertManagerSetUnknownExtCallback( WOLFSSL_CERT_MANAGER* cm, wc_UnknownExtCallback cb); diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 3656feb7eb..8cab879ebd 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -1660,8 +1660,7 @@ typedef struct TrustedPeerCert TrustedPeerCert; typedef struct SignatureCtx SignatureCtx; typedef struct CertSignCtx CertSignCtx; -#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \ - && defined(HAVE_OID_DECODING) +#ifdef WC_ASN_UNKNOWN_EXT_CB typedef int (*wc_UnknownExtCallback)(const word16* oid, word32 oidSz, int crit, const unsigned char* der, word32 derSz); typedef int (*wc_UnknownExtCallbackEx)(const word16* oid, word32 oidSz, @@ -1887,7 +1886,7 @@ struct DecodedCert { /* WOLFSSL_X509_NAME structures (used void* to avoid including ssl.h) */ void* issuerName; void* subjectName; -#endif /* OPENSSL_EXTRA */ +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #ifdef WOLFSSL_SEP int deviceTypeSz; byte* deviceType; @@ -1997,8 +1996,7 @@ struct DecodedCert { #ifdef HAVE_RPK byte isRPK : 1; /* indicate the cert is Raw-Public-Key cert in RFC7250 */ #endif -#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \ - && defined(HAVE_OID_DECODING) +#ifdef WC_ASN_UNKNOWN_EXT_CB wc_UnknownExtCallback unknownExtCallback; wc_UnknownExtCallbackEx unknownExtCallbackEx; void *unknownExtCallbackExCtx; @@ -2141,15 +2139,16 @@ typedef enum MimeStatus } MimeStatus; #endif /* HAVE_SMIME */ - WOLFSSL_LOCAL int HashIdAlg(word32 oidSum); WOLFSSL_LOCAL int CalcHashId(const byte* data, word32 len, byte* hash); WOLFSSL_LOCAL int CalcHashId_ex(const byte* data, word32 len, byte* hash, int hashAlg); WOLFSSL_LOCAL int GetName(DecodedCert* cert, int nameType, int maxIdx); -WOLFSSL_ASN_API int wc_BerToDer(const byte* ber, word32 berSz, byte* der, +#ifdef ASN_BER_TO_DER +WOLFSSL_API int wc_BerToDer(const byte* ber, word32 berSz, byte* der, word32* derSz); +#endif WOLFSSL_LOCAL int StreamOctetString(const byte* inBuf, word32 inBufSz, byte* out, word32* outSz, word32* idx); @@ -2167,11 +2166,10 @@ WOLFSSL_ASN_API void FreeDecodedCert(DecodedCert* cert); WOLFSSL_ASN_API int ParseCert(DecodedCert* cert, int type, int verify, void* cm); -#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \ - && defined(HAVE_OID_DECODING) -WOLFSSL_ASN_API int wc_SetUnknownExtCallback(DecodedCert* cert, +#ifdef WC_ASN_UNKNOWN_EXT_CB +WOLFSSL_API int wc_SetUnknownExtCallback(DecodedCert* cert, wc_UnknownExtCallback cb); -WOLFSSL_ASN_API int wc_SetUnknownExtCallbackEx(DecodedCert* cert, +WOLFSSL_API int wc_SetUnknownExtCallbackEx(DecodedCert* cert, wc_UnknownExtCallbackEx cb, void *ctx); #endif diff --git a/wolfssl/wolfcrypt/pkcs7.h b/wolfssl/wolfcrypt/pkcs7.h index 758abdcbbf..59011091b1 100644 --- a/wolfssl/wolfcrypt/pkcs7.h +++ b/wolfssl/wolfcrypt/pkcs7.h @@ -345,8 +345,7 @@ struct PKCS7 { word32 plainDigestSz; word32 pkcs7DigestSz; -#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \ - && defined(HAVE_OID_DECODING) +#ifdef WC_ASN_UNKNOWN_EXT_CB wc_UnknownExtCallback unknownExtCallback; #endif @@ -363,8 +362,7 @@ struct PKCS7 { }; WOLFSSL_API PKCS7* wc_PKCS7_New(void* heap, int devId); -#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \ - && defined(HAVE_OID_DECODING) +#ifdef WC_ASN_UNKNOWN_EXT_CB WOLFSSL_API void wc_PKCS7_SetUnknownExtCallback(PKCS7* pkcs7, wc_UnknownExtCallback cb); #endif diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 0153e49725..2c8aa0766e 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -415,36 +415,31 @@ * --------------------------------------------------------------------------- */ #ifdef WOLFSSL_DUAL_ALG_CERTS + #ifdef NO_RSA + #error "Need RSA or else dual alg cert example will not work." + #endif -#ifndef WOLFSSL_ASN_TEMPLATE - #error "Dual alg cert support requires the ASN.1 template feature." -#endif - -#ifdef NO_RSA - #error "Need RSA or else dual alg cert example will not work." -#endif - -#ifndef HAVE_ECC - #error "Need ECDSA or else dual alg cert example will not work." -#endif + #ifndef HAVE_ECC + #error "Need ECDSA or else dual alg cert example will not work." + #endif -#undef WOLFSSL_CERT_GEN -#define WOLFSSL_CERT_GEN + #undef WOLFSSL_CERT_GEN + #define WOLFSSL_CERT_GEN -#undef WOLFSSL_CUSTOM_OID -#define WOLFSSL_CUSTOM_OID + #undef WOLFSSL_CUSTOM_OID + #define WOLFSSL_CUSTOM_OID -#undef HAVE_OID_ENCODING -#define HAVE_OID_ENCODING + #undef HAVE_OID_ENCODING + #define HAVE_OID_ENCODING -#undef WOLFSSL_CERT_EXT -#define WOLFSSL_CERT_EXT + #undef WOLFSSL_CERT_EXT + #define WOLFSSL_CERT_EXT -#undef OPENSSL_EXTRA -#define OPENSSL_EXTRA + #undef OPENSSL_EXTRA + #define OPENSSL_EXTRA -#undef HAVE_OID_DECODING -#define HAVE_OID_DECODING + #undef HAVE_OID_DECODING + #define HAVE_OID_DECODING #endif /* WOLFSSL_DUAL_ALG_CERTS */ @@ -1648,6 +1643,7 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_STATIC_PSK /* Server side support to be added at a later date. */ #define NO_WOLFSSL_SERVER + /* Need WOLFSSL_PUBLIC_ASN to use ProcessPeerCert callback. */ #define WOLFSSL_PUBLIC_ASN @@ -2889,6 +2885,9 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_ASN_TEMPLATE #endif +#if defined(WOLFSSL_DUAL_ALG_CERTS) && !defined(WOLFSSL_ASN_TEMPLATE) + #error "Dual alg cert support requires the ASN.1 template feature." +#endif #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) #undef WOLFSSL_ASN_ALL @@ -2926,6 +2925,7 @@ extern void uITRON4_free(void *p) ; #undef WOLFSSL_AKID_NAME #define WOLFSSL_AKID_NAME + /* Extended ASN.1 parsing support (typically used with cert gen) */ #undef WOLFSSL_CERT_EXT #define WOLFSSL_CERT_EXT @@ -2940,35 +2940,50 @@ extern void uITRON4_free(void *p) ; #undef WOLFSSL_CERT_NAME_ALL #define WOLFSSL_CERT_NAME_ALL + /* Store pointers to issuer name components and their lengths and encodings. */ #undef WOLFSSL_HAVE_ISSUER_NAMES #define WOLFSSL_HAVE_ISSUER_NAMES + /* Additional ASN.1 encoded name fields. See CTC_MAX_ATTRIB for max limit */ #undef WOLFSSL_MULTI_ATTRIB #define WOLFSSL_MULTI_ATTRIB + /* Parsing of indefinite length encoded ASN.1 + * Optionally used by PKCS7/PKCS12 */ #undef ASN_BER_TO_DER #define ASN_BER_TO_DER + /* Enable custom OID support for subject and request extensions */ #undef WOLFSSL_CUSTOM_OID #define WOLFSSL_CUSTOM_OID + /* Support for full OID (not just sum) encoding */ #undef HAVE_OID_ENCODING #define HAVE_OID_ENCODING + /* Support for full OID (not just sum) decoding */ #undef HAVE_OID_DECODING #define HAVE_OID_DECODING + /* S/MIME - Secure Multipurpose Internet Mail Extension (used with PKCS7) */ #undef HAVE_SMIME #define HAVE_SMIME + /* Enable compatibility layer function for getting time string */ #undef WOLFSSL_ASN_TIME_STRING #define WOLFSSL_ASN_TIME_STRING + /* Support for parsing key usage */ #undef WOLFSSL_ASN_PARSE_KEYUSAGE #define WOLFSSL_ASN_PARSE_KEYUSAGE + /* Support for parsing OCSP status */ #undef WOLFSSL_OCSP_PARSE_STATUS #define WOLFSSL_OCSP_PARSE_STATUS + + /* Extended Key Usage */ + #undef WOLFSSL_EKU_OID + #define WOLFSSL_EKU_OID #endif #if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \ @@ -2997,6 +3012,26 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_MULTI_ATTRIB #endif +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + #undef WOLFSSL_EKU_OID + #define WOLFSSL_EKU_OID +#endif + +/* Disable time checking if no timer */ +#if defined(NO_ASN_TIME) + #define NO_ASN_TIME_CHECK +#endif + +/* ASN Unknown Extension Callback support */ +#if defined(WOLFSSL_CUSTOM_OID) && defined(HAVE_OID_DECODING) + #undef WC_ASN_UNKNOWN_EXT_CB + #define WC_ASN_UNKNOWN_EXT_CB +#endif + +#if defined(WC_ASN_UNKNOWN_EXT_CB) && !defined(WOLFSSL_ASN_TEMPLATE) + #error ASN unknown extension callback is only supported with ASN template +#endif + /* Linux Kernel Module */ #ifdef WOLFSSL_LINUXKM @@ -3124,30 +3159,15 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_SESSION_ID_CTX #endif /* OPENSSL_EXTRA && !OPENSSL_COEXIST */ -/* --------------------------------------------------------------------------- - * Special small OpenSSL compat layer for certs - * --------------------------------------------------------------------------- - */ #ifdef OPENSSL_EXTRA_X509_SMALL - #undef WOLFSSL_EKU_OID - #define WOLFSSL_EKU_OID - - #undef WOLFSSL_MULTI_ATTRIB - #define WOLFSSL_MULTI_ATTRIB - #undef WOLFSSL_NO_OPENSSL_RAND_CB #define WOLFSSL_NO_OPENSSL_RAND_CB -#endif /* OPENSSL_EXTRA_X509_SMALL */ +#endif #ifdef HAVE_SNI #define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 #endif -/* Disable time checking if no timer */ -#if defined(NO_ASN_TIME) - #define NO_ASN_TIME_CHECK -#endif - /* both CURVE and ED small math should be enabled */ #ifdef CURVED25519_SMALL #define CURVE25519_SMALL diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 8e4b0aa358..3026924e7f 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -875,7 +875,8 @@ typedef struct w64wrapper { #endif /* !XSNPRINTF */ #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || \ - defined(HAVE_ALPN) || defined(WOLFSSL_SNIFFER) + defined(HAVE_ALPN) || defined(WOLFSSL_SNIFFER) || \ + defined(WOLFSSL_ASN_PARSE_KEYUSAGE) /* use only Thread Safe version of strtok */ #if defined(USE_WOLF_STRTOK) #define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr)) From 6017c86e5d88450e05ec0bf9424b5c6d6eb48f0e Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Wed, 31 Jul 2024 19:36:59 +0000 Subject: [PATCH 40/71] wolfcrypt/src/wc_port.c: fix -Wconversions in wc_strdup_ex(). --- wolfcrypt/src/wc_port.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 572c20e131..32571585ec 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -1180,10 +1180,10 @@ int wc_strncasecmp(const char *s1, const char *s2, size_t n) #ifdef USE_WOLF_STRDUP char* wc_strdup_ex(const char *src, int memType) { char *ret = NULL; - int len = 0; + word32 len = 0; if (src) { - len = (int)XSTRLEN(src); + len = (word32)XSTRLEN(src); ret = (char*)XMALLOC(len, NULL, memType); if (ret != NULL) { XMEMCPY(ret, src, len); From 7023d5212cea772acbbb0881ec7215c3bc223cd7 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 31 Jul 2024 13:10:52 -0700 Subject: [PATCH 41/71] Fix for `--enable-all --enable-asn=original`. --- wolfssl/wolfcrypt/settings.h | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 2c8aa0766e..c5971de683 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -3023,13 +3023,15 @@ extern void uITRON4_free(void *p) ; #endif /* ASN Unknown Extension Callback support */ -#if defined(WOLFSSL_CUSTOM_OID) && defined(HAVE_OID_DECODING) +#if defined(WOLFSSL_CUSTOM_OID) && defined(HAVE_OID_DECODING) && \ + defined(WOLFSSL_ASN_TEMPLATE) #undef WC_ASN_UNKNOWN_EXT_CB #define WC_ASN_UNKNOWN_EXT_CB -#endif - -#if defined(WC_ASN_UNKNOWN_EXT_CB) && !defined(WOLFSSL_ASN_TEMPLATE) - #error ASN unknown extension callback is only supported with ASN template +#else + /* if user supplied build option and not using ASN template, raise error */ + #if defined(WC_ASN_UNKNOWN_EXT_CB) && !defined(WOLFSSL_ASN_TEMPLATE) + #error ASN unknown extension callback is only supported with ASN template + #endif #endif From 1dd94bb0cb95e1a16d3c7197be29b0cb886c6108 Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 31 Jul 2024 08:40:16 -0700 Subject: [PATCH 42/71] Fix for .c files to ensure macro guards for wildcard. --- wolfcrypt/src/port/autosar/cryif.c | 6 ++++-- wolfcrypt/src/port/autosar/crypto.c | 4 ++-- wolfcrypt/src/port/autosar/csm.c | 7 ++++--- wolfcrypt/src/port/autosar/test.c | 5 +++++ 4 files changed, 15 insertions(+), 7 deletions(-) diff --git a/wolfcrypt/src/port/autosar/cryif.c b/wolfcrypt/src/port/autosar/cryif.c index 0bd767b4b2..6fd9cc1a22 100644 --- a/wolfcrypt/src/port/autosar/cryif.c +++ b/wolfcrypt/src/port/autosar/cryif.c @@ -28,13 +28,15 @@ #endif #include + +#ifdef WOLFSSL_AUTOSAR +#ifndef NO_WOLFSSL_AUTOSAR_CRYIF + #include #include #include #include -#ifdef WOLFSSL_AUTOSAR -#ifndef NO_WOLFSSL_AUTOSAR_CRYIF #include diff --git a/wolfcrypt/src/port/autosar/crypto.c b/wolfcrypt/src/port/autosar/crypto.c index f7812f190c..d5a7509f6b 100644 --- a/wolfcrypt/src/port/autosar/crypto.c +++ b/wolfcrypt/src/port/autosar/crypto.c @@ -25,12 +25,12 @@ #endif #include -#include -#include #ifdef WOLFSSL_AUTOSAR #ifndef NO_WOLFSSL_AUTOSAR_CRYPTO +#include +#include #include #include #include diff --git a/wolfcrypt/src/port/autosar/csm.c b/wolfcrypt/src/port/autosar/csm.c index f5df124b9a..8fa6063a71 100644 --- a/wolfcrypt/src/port/autosar/csm.c +++ b/wolfcrypt/src/port/autosar/csm.c @@ -25,14 +25,15 @@ #endif #include + +#ifdef WOLFSSL_AUTOSAR +#ifndef NO_WOLFSSL_AUTOSAR_CSM + #include #include #include #include -#ifdef WOLFSSL_AUTOSAR -#ifndef NO_WOLFSSL_AUTOSAR_CSM - /* AutoSAR 4.4 */ /* basic shim layer to plug in wolfSSL crypto */ diff --git a/wolfcrypt/src/port/autosar/test.c b/wolfcrypt/src/port/autosar/test.c index 4c311f189f..29cd8fc3e2 100644 --- a/wolfcrypt/src/port/autosar/test.c +++ b/wolfcrypt/src/port/autosar/test.c @@ -24,6 +24,9 @@ #endif #include + +#ifdef WOLFSSL_AUTOSAR + #include #include #define BLOCK_SIZE 16 @@ -428,3 +431,5 @@ int main(int argc, char* argv[]) #endif /* REDIRECTION_CONFIG */ return ret; } + +#endif /* WOLFSSL_AUTOSAR */ From ebb49b6e685d8719ee4fb182155e7e98333dab8b Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Thu, 1 Aug 2024 16:57:42 +1000 Subject: [PATCH 43/71] RISC-V ChaCha20: assembly implementations ChaCha20: scalar and vector implementations vector implementations doing 6, 4, 2, 1 block at a time. scalar implemetations using roriw and pack vector implementations using VROR_VI and roriw. RISC-V SHA-256: avoid using s0 if it can be helped. --- configure.ac | 10 +- src/include.am | 14 +- wolfcrypt/src/chacha.c | 3 + wolfcrypt/src/port/riscv/riscv-64-aes.c | 12 - wolfcrypt/src/port/riscv/riscv-64-chacha.c | 2379 +++++++++++++++++++ wolfcrypt/src/port/riscv/riscv-64-sha256.c | 38 +- wolfcrypt/test/test.c | 4 +- wolfssl/wolfcrypt/chacha.h | 3 +- wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h | 60 +- 9 files changed, 2470 insertions(+), 53 deletions(-) create mode 100644 wolfcrypt/src/port/riscv/riscv-64-chacha.c diff --git a/configure.ac b/configure.ac index 344247c637..b1dc35a1a5 100644 --- a/configure.ac +++ b/configure.ac @@ -3077,10 +3077,14 @@ do AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_CARRYLESS" ;; zkn|zkned) - # AES encrypt/decrpyt + # AES encrypt/decrpyt, SHA-2 ENABLED_RISCV_ASM=yes AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_SCALAR_CRYPTO_ASM" ;; + zv) + ENABLED_RISCV_ASM=yes + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_VECTOR" + ;; zvkg) # VGMUL, VHHSH ENABLED_RISCV_ASM=yes @@ -3097,12 +3101,12 @@ do AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION" ;; zvkned) - # Vector AES + # Vector AES, SHA-2 ENABLED_RISCV_ASM=yes AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_RISCV_VECTOR_CRYPTO_ASM" ;; *) - AC_MSG_ERROR([Invalid RISC-V option [yes,zbkb,zbb,zbc,zbkc,zkn,zkned,zvkg,zvbc,zvbb,zvkb,zvkned]: $ENABLED_RISCV_ASM.]) + AC_MSG_ERROR([Invalid RISC-V option [yes,zbkb,zbb,zbc,zbkc,zkn,zkned,zv,zvkg,zvbc,zvbb,zvkb,zvkned]: $ENABLED_RISCV_ASM.]) break ;; esac diff --git a/src/include.am b/src/include.am index 056f7ef559..4d96fd2ebe 100644 --- a/src/include.am +++ b/src/include.am @@ -971,17 +971,21 @@ if BUILD_CHACHA if BUILD_ARMASM_NEON src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-chacha.c else +if BUILD_RISCV_ASM +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-chacha.c +else src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/chacha.c +endif !BUILD_RISCV_ASM if !BUILD_X86_ASM if BUILD_INTELASM src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/chacha_asm.S -endif -endif -endif +endif BUILD_INTELASM +endif !BUILD_X86_ASM +endif !BUILD_ARMASM_NEON if BUILD_POLY1305 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/chacha20_poly1305.c -endif -endif +endif BUILD_POLY1305 +endif BUILD_CHACHA if !BUILD_INLINE src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/misc.c diff --git a/wolfcrypt/src/chacha.c b/wolfcrypt/src/chacha.c index c05ff1c65c..b87418a724 100644 --- a/wolfcrypt/src/chacha.c +++ b/wolfcrypt/src/chacha.c @@ -38,6 +38,9 @@ Public domain. #if defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_ARMASM_NO_NEON) /* implementation is located in wolfcrypt/src/port/arm/armv8-chacha.c */ +#elif defined(WOLFSSL_RISCV_ASM) + /* implementation located in wolfcrypt/src/port/rsicv/riscv-64-chacha.c */ + #else #if defined(HAVE_CHACHA) diff --git a/wolfcrypt/src/port/riscv/riscv-64-aes.c b/wolfcrypt/src/port/riscv/riscv-64-aes.c index c438d252ad..292c854d18 100644 --- a/wolfcrypt/src/port/riscv/riscv-64-aes.c +++ b/wolfcrypt/src/port/riscv/riscv-64-aes.c @@ -75,18 +75,6 @@ static WC_INLINE void memcpy16(byte* out, const byte* in) #endif -/* vd = vs2 << uimm */ -#define VSLL_VI(vd, vs2, uimm) \ - ASM_WORD((0b100101 << 26) | (0b1 << 25) | \ - (0b011 << 12) | (0b1010111 << 0) | \ - (vd << 7) | (uimm << 15) | (vs2 << 20)) -/* vd = vs2 >> uimm */ -#define VSRL_VI(vd, vs2, uimm) \ - ASM_WORD((0b101000 << 26) | (0b1 << 25) | \ - (0b011 << 12) | (0b1010111 << 0) | \ - (vd << 7) | (uimm << 15) | (vs2 << 20)) - - /* Vector register set if equal: vd[i] = vs1[i] == vs2[i] ? 1 : 0 */ #define VMSEQ_VV(vd, vs1, vs2) \ ASM_WORD((0b011000 << 26) | (0b1 << 25) | \ diff --git a/wolfcrypt/src/port/riscv/riscv-64-chacha.c b/wolfcrypt/src/port/riscv/riscv-64-chacha.c new file mode 100644 index 0000000000..75c7f50d22 --- /dev/null +++ b/wolfcrypt/src/port/riscv/riscv-64-chacha.c @@ -0,0 +1,2379 @@ +/* riscv-64-chacha.c + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* The paper NEON crypto by Daniel J. Bernstein and Peter Schwabe was used to + * optimize for ARM: + * https://cryptojedi.org/papers/veccrypto-20120320.pdf + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include +#include + +#ifdef WOLFSSL_RISCV_ASM +#ifdef HAVE_CHACHA + +#include +#include +#include +#include +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#ifdef CHACHA_AEAD_TEST + #include +#endif + +#ifdef CHACHA_TEST + #include +#endif + +/* Number of rounds */ +#define ROUNDS 20 + +#define U32C(v) (v##U) +#define U32V(v) ((word32)(v) & U32C(0xFFFFFFFF)) +#define U8TO32_LITTLE(p) (((word32*)(p))[0]) + +#define PLUS(v,w) (U32V((v) + (w))) +#define PLUSONE(v) (PLUS((v),1)) + +#define ARM_SIMD_LEN_BYTES 16 + +/** + * Set up iv(nonce). Earlier versions used 64 bits instead of 96, this version + * uses the typical AEAD 96 bit nonce and can do record sizes of 256 GB. + */ +int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter) +{ + word32 temp[CHACHA_IV_WORDS];/* used for alignment of memory */ + + if (ctx == NULL) + return BAD_FUNC_ARG; + + XMEMCPY(temp, inIv, CHACHA_IV_BYTES); + + ctx->left = 0; + ctx->X[CHACHA_IV_BYTES+0] = counter; /* block counter */ + ctx->X[CHACHA_IV_BYTES+1] = temp[0]; /* fixed variable from nonce */ + ctx->X[CHACHA_IV_BYTES+2] = temp[1]; /* counter from nonce */ + ctx->X[CHACHA_IV_BYTES+3] = temp[2]; /* counter from nonce */ + + return 0; +} + +/* "expand 32-byte k" as unsigned 32 byte */ +static const word32 sigma[4] = {0x61707865, 0x3320646e, 0x79622d32, 0x6b206574}; +/* "expand 16-byte k" as unsigned 16 byte */ +static const word32 tau[4] = {0x61707865, 0x3120646e, 0x79622d36, 0x6b206574}; + +/** + * Key setup. 8 word iv (nonce) + */ +int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz) +{ + const word32* constants; + const byte* k; + +#ifdef XSTREAM_ALIGN + word32 alignKey[8]; +#endif + + if (ctx == NULL) + return BAD_FUNC_ARG; + + if (keySz != (CHACHA_MAX_KEY_SZ/2) && keySz != CHACHA_MAX_KEY_SZ) + return BAD_FUNC_ARG; + +#ifdef XSTREAM_ALIGN + if ((wc_ptr_t)key % 4) { + WOLFSSL_MSG("wc_ChachaSetKey unaligned key"); + XMEMCPY(alignKey, key, keySz); + k = (byte*)alignKey; + } + else { + k = key; + } +#else + k = key; +#endif /* XSTREAM_ALIGN */ + + ctx->X[4] = U8TO32_LITTLE(k + 0); + ctx->X[5] = U8TO32_LITTLE(k + 4); + ctx->X[6] = U8TO32_LITTLE(k + 8); + ctx->X[7] = U8TO32_LITTLE(k + 12); + if (keySz == CHACHA_MAX_KEY_SZ) { + k += 16; + constants = sigma; + } + else { + constants = tau; + } + ctx->X[ 8] = U8TO32_LITTLE(k + 0); + ctx->X[ 9] = U8TO32_LITTLE(k + 4); + ctx->X[10] = U8TO32_LITTLE(k + 8); + ctx->X[11] = U8TO32_LITTLE(k + 12); + ctx->X[ 0] = constants[0]; + ctx->X[ 1] = constants[1]; + ctx->X[ 2] = constants[2]; + ctx->X[ 3] = constants[3]; + ctx->left = 0; + + return 0; +} + + +#define CC_A0 "a4" +#define CC_A1 "a5" +#define CC_A2 "a6" +#define CC_A3 "a7" +#define CC_B0 "t3" +#define CC_B1 "t4" +#define CC_B2 "t5" +#define CC_B3 "t6" +#define CC_C0 "s2" +#define CC_C1 "s3" +#define CC_C2 "s4" +#define CC_C3 "s5" +#define CC_D0 "s6" +#define CC_D1 "s7" +#define CC_D2 "s8" +#define CC_D3 "s9" +#define CC_T0 "t0" +#define CC_T1 "t1" +#define CC_T2 "t2" +#define CC_T3 "s1" + +#if defined(WOLFSSL_RISCV_VECTOR) + +static const word32 L_chacha20_vec_inc_first_word[] = { + 0x1, + 0x0, + 0x0, + 0x0, +}; + +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + +#define PART_ROUND_ODD_ABD_5(s, sr) \ + VADD_VV(REG_V0, REG_V0, REG_V1) \ + "add " CC_A0 ", " CC_A0 ", " CC_B0 "\n\t" \ + VADD_VV(REG_V4, REG_V4, REG_V5) \ + "add " CC_A1 ", " CC_A1 ", " CC_B1 "\n\t" \ + VADD_VV(REG_V8, REG_V8, REG_V9) \ + "add " CC_A2 ", " CC_A2 ", " CC_B2 "\n\t" \ + VADD_VV(REG_V12, REG_V12, REG_V13) \ + "add " CC_A3 ", " CC_A3 ", " CC_B3 "\n\t" \ + VADD_VV(REG_V16, REG_V16, REG_V17) \ + VXOR_VV(REG_V3, REG_V3, REG_V0) \ + "xor " CC_D0 ", " CC_D0 ", " CC_A0 "\n\t" \ + VXOR_VV(REG_V7, REG_V7, REG_V4) \ + "xor " CC_D1 ", " CC_D1 ", " CC_A1 "\n\t" \ + VXOR_VV(REG_V11, REG_V11, REG_V8) \ + "xor " CC_D2 ", " CC_D2 ", " CC_A2 "\n\t" \ + VXOR_VV(REG_V15, REG_V15, REG_V12) \ + "xor " CC_D3 ", " CC_D3 ", " CC_A3 "\n\t" \ + VXOR_VV(REG_V19, REG_V19, REG_V16) \ + VSLL_VI(REG_V20, REG_V3, s) \ + "slli " CC_T0 ", " CC_D0 ", " #s "\n\t" \ + VSLL_VI(REG_V21, REG_V7, s) \ + "slli " CC_T1 ", " CC_D1 ", " #s "\n\t" \ + VSLL_VI(REG_V22, REG_V11, s) \ + "slli " CC_T2 ", " CC_D2 ", " #s "\n\t" \ + VSLL_VI(REG_V23, REG_V15, s) \ + "slli " CC_T3 ", " CC_D3 ", " #s "\n\t" \ + VSLL_VI(REG_V24, REG_V19, s) \ + VSRL_VI(REG_V3, REG_V3, sr) \ + "srliw " CC_D0 ", " CC_D0 ", " #sr "\n\t" \ + VSRL_VI(REG_V7, REG_V7, sr) \ + "srliw " CC_D1 ", " CC_D1 ", " #sr "\n\t" \ + VSRL_VI(REG_V11, REG_V11, sr) \ + "srliw " CC_D2 ", " CC_D2 ", " #sr "\n\t" \ + VSRL_VI(REG_V15, REG_V15, sr) \ + "srliw " CC_D3 ", " CC_D3 ", " #sr "\n\t" \ + VSRL_VI(REG_V19, REG_V19, sr) \ + VOR_VV(REG_V3, REG_V3, REG_V20) \ + "or " CC_D0 ", " CC_D0 ", " CC_T0 "\n\t" \ + VOR_VV(REG_V7, REG_V7, REG_V21) \ + "or " CC_D1 ", " CC_D1 ", " CC_T1 "\n\t" \ + VOR_VV(REG_V11, REG_V11, REG_V22) \ + "or " CC_D2 ", " CC_D2 ", " CC_T2 "\n\t" \ + VOR_VV(REG_V15, REG_V15, REG_V23) \ + "or " CC_D3 ", " CC_D3 ", " CC_T3 "\n\t" \ + VOR_VV(REG_V19, REG_V19, REG_V24) + +#define PART_ROUND_ODD_CDB_5(s, sr) \ + VADD_VV(REG_V2, REG_V2, REG_V3) \ + "add " CC_C0 ", " CC_C0 ", " CC_D0 "\n\t" \ + VADD_VV(REG_V6, REG_V6, REG_V7) \ + "add " CC_C1 ", " CC_C1 ", " CC_D1 "\n\t" \ + VADD_VV(REG_V10, REG_V10, REG_V11) \ + "add " CC_C2 ", " CC_C2 ", " CC_D2 "\n\t" \ + VADD_VV(REG_V14, REG_V14, REG_V15) \ + "add " CC_C3 ", " CC_C3 ", " CC_D3 "\n\t" \ + VADD_VV(REG_V18, REG_V18, REG_V19) \ + VXOR_VV(REG_V1, REG_V1, REG_V2) \ + "xor " CC_B0 ", " CC_B0 ", " CC_C0 "\n\t" \ + VXOR_VV(REG_V5, REG_V5, REG_V6) \ + "xor " CC_B1 ", " CC_B1 ", " CC_C1 "\n\t" \ + VXOR_VV(REG_V9, REG_V9, REG_V10) \ + "xor " CC_B2 ", " CC_B2 ", " CC_C2 "\n\t" \ + VXOR_VV(REG_V13, REG_V13, REG_V14) \ + "xor " CC_B3 ", " CC_B3 ", " CC_C3 "\n\t" \ + VXOR_VV(REG_V17, REG_V17, REG_V18) \ + VSLL_VI(REG_V20, REG_V1, s) \ + "slli " CC_T0 ", " CC_B0 ", " #s "\n\t" \ + VSLL_VI(REG_V21, REG_V5, s) \ + "slli " CC_T1 ", " CC_B1 ", " #s "\n\t" \ + VSLL_VI(REG_V22, REG_V9, s) \ + "slli " CC_T2 ", " CC_B2 ", " #s "\n\t" \ + VSLL_VI(REG_V23, REG_V13, s) \ + "slli " CC_T3 ", " CC_B3 ", " #s "\n\t" \ + VSLL_VI(REG_V24, REG_V17, s) \ + VSRL_VI(REG_V1, REG_V1, sr) \ + "srliw " CC_B0 ", " CC_B0 ", " #sr "\n\t" \ + VSRL_VI(REG_V5, REG_V5, sr) \ + "srliw " CC_B1 ", " CC_B1 ", " #sr "\n\t" \ + VSRL_VI(REG_V9, REG_V9, sr) \ + "srliw " CC_B2 ", " CC_B2 ", " #sr "\n\t" \ + VSRL_VI(REG_V13, REG_V13, sr) \ + "srliw " CC_B3 ", " CC_B3 ", " #sr "\n\t" \ + VSRL_VI(REG_V17, REG_V17, sr) \ + VOR_VV(REG_V1, REG_V1, REG_V20) \ + "or " CC_B0 ", " CC_B0 ", " CC_T0 "\n\t" \ + VOR_VV(REG_V5, REG_V5, REG_V21) \ + "or " CC_B1 ", " CC_B1 ", " CC_T1 "\n\t" \ + VOR_VV(REG_V9, REG_V9, REG_V22) \ + "or " CC_B2 ", " CC_B2 ", " CC_T2 "\n\t" \ + VOR_VV(REG_V13, REG_V13, REG_V23) \ + "or " CC_B3 ", " CC_B3 ", " CC_T3 "\n\t" \ + VOR_VV(REG_V17, REG_V17, REG_V24) + +#define PART_ROUND_EVEN_ABD_5(s, sr) \ + VADD_VV(REG_V0, REG_V0, REG_V1) \ + "add " CC_A0 ", " CC_A0 ", " CC_B1 "\n\t" \ + VADD_VV(REG_V4, REG_V4, REG_V5) \ + "add " CC_A1 ", " CC_A1 ", " CC_B2 "\n\t" \ + VADD_VV(REG_V8, REG_V8, REG_V9) \ + "add " CC_A2 ", " CC_A2 ", " CC_B3 "\n\t" \ + VADD_VV(REG_V12, REG_V12, REG_V13) \ + "add " CC_A3 ", " CC_A3 ", " CC_B0 "\n\t" \ + VADD_VV(REG_V16, REG_V16, REG_V17) \ + VXOR_VV(REG_V3, REG_V3, REG_V0) \ + "xor " CC_D3 ", " CC_D3 ", " CC_A0 "\n\t" \ + VXOR_VV(REG_V7, REG_V7, REG_V4) \ + "xor " CC_D0 ", " CC_D0 ", " CC_A1 "\n\t" \ + VXOR_VV(REG_V11, REG_V11, REG_V8) \ + "xor " CC_D1 ", " CC_D1 ", " CC_A2 "\n\t" \ + VXOR_VV(REG_V15, REG_V15, REG_V12) \ + "xor " CC_D2 ", " CC_D2 ", " CC_A3 "\n\t" \ + VXOR_VV(REG_V19, REG_V19, REG_V16) \ + VSLL_VI(REG_V20, REG_V3, s) \ + "slli " CC_T0 ", " CC_D3 ", " #s "\n\t" \ + VSLL_VI(REG_V21, REG_V7, s) \ + "slli " CC_T1 ", " CC_D0 ", " #s "\n\t" \ + VSLL_VI(REG_V22, REG_V11, s) \ + "slli " CC_T2 ", " CC_D1 ", " #s "\n\t" \ + VSLL_VI(REG_V23, REG_V15, s) \ + "slli " CC_T3 ", " CC_D2 ", " #s "\n\t" \ + VSLL_VI(REG_V24, REG_V19, s) \ + VSRL_VI(REG_V3, REG_V3, sr) \ + "srliw " CC_D3 ", " CC_D3 ", " #sr "\n\t" \ + VSRL_VI(REG_V7, REG_V7, sr) \ + "srliw " CC_D0 ", " CC_D0 ", " #sr "\n\t" \ + VSRL_VI(REG_V11, REG_V11, sr) \ + "srliw " CC_D1 ", " CC_D1 ", " #sr "\n\t" \ + VSRL_VI(REG_V15, REG_V15, sr) \ + "srliw " CC_D2 ", " CC_D2 ", " #sr "\n\t" \ + VSRL_VI(REG_V19, REG_V19, sr) \ + VOR_VV(REG_V3, REG_V3, REG_V20) \ + "or " CC_D3 ", " CC_D3 ", " CC_T0 "\n\t" \ + VOR_VV(REG_V7, REG_V7, REG_V21) \ + "or " CC_D0 ", " CC_D0 ", " CC_T1 "\n\t" \ + VOR_VV(REG_V11, REG_V11, REG_V22) \ + "or " CC_D1 ", " CC_D1 ", " CC_T2 "\n\t" \ + VOR_VV(REG_V15, REG_V15, REG_V23) \ + "or " CC_D2 ", " CC_D2 ", " CC_T3 "\n\t" \ + VOR_VV(REG_V19, REG_V19, REG_V24) + +#define PART_ROUND_EVEN_CDB_5(s, sr) \ + VADD_VV(REG_V2, REG_V2, REG_V3) \ + "add " CC_C2 ", " CC_C2 ", " CC_D3 "\n\t" \ + VADD_VV(REG_V6, REG_V6, REG_V7) \ + "add " CC_C3 ", " CC_C3 ", " CC_D0 "\n\t" \ + VADD_VV(REG_V10, REG_V10, REG_V11) \ + "add " CC_C0 ", " CC_C0 ", " CC_D1 "\n\t" \ + VADD_VV(REG_V14, REG_V14, REG_V15) \ + "add " CC_C1 ", " CC_C1 ", " CC_D2 "\n\t" \ + VADD_VV(REG_V18, REG_V18, REG_V19) \ + VXOR_VV(REG_V1, REG_V1, REG_V2) \ + "xor " CC_B1 ", " CC_B1 ", " CC_C2 "\n\t" \ + VXOR_VV(REG_V5, REG_V5, REG_V6) \ + "xor " CC_B2 ", " CC_B2 ", " CC_C3 "\n\t" \ + VXOR_VV(REG_V9, REG_V9, REG_V10) \ + "xor " CC_B3 ", " CC_B3 ", " CC_C0 "\n\t" \ + VXOR_VV(REG_V13, REG_V13, REG_V14) \ + "xor " CC_B0 ", " CC_B0 ", " CC_C1 "\n\t" \ + VXOR_VV(REG_V17, REG_V17, REG_V18) \ + VSLL_VI(REG_V20, REG_V1, s) \ + "slli " CC_T0 ", " CC_B1 ", " #s "\n\t" \ + VSLL_VI(REG_V21, REG_V5, s) \ + "slli " CC_T1 ", " CC_B2 ", " #s "\n\t" \ + VSLL_VI(REG_V22, REG_V9, s) \ + "slli " CC_T2 ", " CC_B3 ", " #s "\n\t" \ + VSLL_VI(REG_V23, REG_V13, s) \ + "slli " CC_T3 ", " CC_B0 ", " #s "\n\t" \ + VSLL_VI(REG_V24, REG_V17, s) \ + VSRL_VI(REG_V1, REG_V1, sr) \ + "srliw " CC_B1 ", " CC_B1 ", " #sr "\n\t" \ + VSRL_VI(REG_V5, REG_V5, sr) \ + "srliw " CC_B2 ", " CC_B2 ", " #sr "\n\t" \ + VSRL_VI(REG_V9, REG_V9, sr) \ + "srliw " CC_B3 ", " CC_B3 ", " #sr "\n\t" \ + VSRL_VI(REG_V13, REG_V13, sr) \ + "srliw " CC_B0 ", " CC_B0 ", " #sr "\n\t" \ + VSRL_VI(REG_V17, REG_V17, sr) \ + VOR_VV(REG_V1, REG_V1, REG_V20) \ + "or " CC_B1 ", " CC_B1 ", " CC_T0 "\n\t" \ + VOR_VV(REG_V5, REG_V5, REG_V21) \ + "or " CC_B2 ", " CC_B2 ", " CC_T1 "\n\t" \ + VOR_VV(REG_V9, REG_V9, REG_V22) \ + "or " CC_B3 ", " CC_B3 ", " CC_T2 "\n\t" \ + VOR_VV(REG_V13, REG_V13, REG_V23) \ + "or " CC_B0 ", " CC_B0 ", " CC_T3 "\n\t" \ + VOR_VV(REG_V17, REG_V17, REG_V24) + +#elif !defined(WOLFSSL_RISCV_BASE_BIT_MANIPULATION ) + +#define PART_ROUND_ODD_ABD_5(s, sr) \ + VADD_VV(REG_V0, REG_V0, REG_V1) \ + "add " CC_A0 ", " CC_A0 ", " CC_B0 "\n\t" \ + VADD_VV(REG_V4, REG_V4, REG_V5) \ + "add " CC_A1 ", " CC_A1 ", " CC_B1 "\n\t" \ + VADD_VV(REG_V8, REG_V8, REG_V9) \ + "add " CC_A2 ", " CC_A2 ", " CC_B2 "\n\t" \ + VADD_VV(REG_V12, REG_V12, REG_V13) \ + "add " CC_A3 ", " CC_A3 ", " CC_B3 "\n\t" \ + VADD_VV(REG_V16, REG_V16, REG_V17) \ + "xor " CC_D0 ", " CC_D0 ", " CC_A0 "\n\t" \ + VXOR_VV(REG_V3, REG_V3, REG_V0) \ + "xor " CC_D1 ", " CC_D1 ", " CC_A1 "\n\t" \ + VXOR_VV(REG_V7, REG_V7, REG_V4) \ + "xor " CC_D2 ", " CC_D2 ", " CC_A2 "\n\t" \ + VXOR_VV(REG_V11, REG_V11, REG_V8) \ + "xor " CC_D3 ", " CC_D3 ", " CC_A3 "\n\t" \ + VXOR_VV(REG_V15, REG_V15, REG_V12) \ + "slli " CC_T0 ", " CC_D0 ", " #s "\n\t" \ + VXOR_VV(REG_V19, REG_V19, REG_V16) \ + "slli " CC_T1 ", " CC_D1 ", " #s "\n\t" \ + VROR_VI(REG_V3, sr, REG_V3) \ + "slli " CC_T2 ", " CC_D2 ", " #s "\n\t" \ + VROR_VI(REG_V7, sr, REG_V7) \ + "slli " CC_T3 ", " CC_D3 ", " #s "\n\t" \ + VROR_VI(REG_V11, sr, REG_V11) \ + "srliw " CC_D0 ", " CC_D0 ", " #sr "\n\t" \ + VROR_VI(REG_V15, sr, REG_V15) \ + "srliw " CC_D1 ", " CC_D1 ", " #sr "\n\t" \ + VROR_VI(REG_V19, sr, REG_V19) \ + "srliw " CC_D2 ", " CC_D2 ", " #sr "\n\t" \ + "srliw " CC_D3 ", " CC_D3 ", " #sr "\n\t" \ + "or " CC_D0 ", " CC_D0 ", " CC_T0 "\n\t" \ + "or " CC_D1 ", " CC_D1 ", " CC_T1 "\n\t" \ + "or " CC_D2 ", " CC_D2 ", " CC_T2 "\n\t" \ + "or " CC_D3 ", " CC_D3 ", " CC_T3 "\n\t" + +#define PART_ROUND_ODD_CDB_5(s, sr) \ + VADD_VV(REG_V2, REG_V2, REG_V3) \ + "add " CC_C0 ", " CC_C0 ", " CC_D0 "\n\t" \ + VADD_VV(REG_V6, REG_V6, REG_V7) \ + "add " CC_C1 ", " CC_C1 ", " CC_D1 "\n\t" \ + VADD_VV(REG_V10, REG_V10, REG_V11) \ + "add " CC_C2 ", " CC_C2 ", " CC_D2 "\n\t" \ + VADD_VV(REG_V14, REG_V14, REG_V15) \ + "add " CC_C3 ", " CC_C3 ", " CC_D3 "\n\t" \ + VADD_VV(REG_V18, REG_V18, REG_V19) \ + "xor " CC_B0 ", " CC_B0 ", " CC_C0 "\n\t" \ + VXOR_VV(REG_V1, REG_V1, REG_V2) \ + "xor " CC_B1 ", " CC_B1 ", " CC_C1 "\n\t" \ + VXOR_VV(REG_V5, REG_V5, REG_V6) \ + "xor " CC_B2 ", " CC_B2 ", " CC_C2 "\n\t" \ + VXOR_VV(REG_V9, REG_V9, REG_V10) \ + "xor " CC_B3 ", " CC_B3 ", " CC_C3 "\n\t" \ + VXOR_VV(REG_V13, REG_V13, REG_V14) \ + "slli " CC_T0 ", " CC_B0 ", " #s "\n\t" \ + VXOR_VV(REG_V17, REG_V17, REG_V18) \ + "slli " CC_T1 ", " CC_B1 ", " #s "\n\t" \ + VROR_VI(REG_V1, sr, REG_V1) \ + "slli " CC_T2 ", " CC_B2 ", " #s "\n\t" \ + VROR_VI(REG_V5, sr, REG_V5) \ + "slli " CC_T3 ", " CC_B3 ", " #s "\n\t" \ + VROR_VI(REG_V9, sr, REG_V9) \ + "srliw " CC_B0 ", " CC_B0 ", " #sr "\n\t" \ + VROR_VI(REG_V13, sr, REG_V13) \ + "srliw " CC_B1 ", " CC_B1 ", " #sr "\n\t" \ + VROR_VI(REG_V17, sr, REG_V17) \ + "srliw " CC_B2 ", " CC_B2 ", " #sr "\n\t" \ + "srliw " CC_B3 ", " CC_B3 ", " #sr "\n\t" \ + "or " CC_B0 ", " CC_B0 ", " CC_T0 "\n\t" \ + "or " CC_B1 ", " CC_B1 ", " CC_T1 "\n\t" \ + "or " CC_B2 ", " CC_B2 ", " CC_T2 "\n\t" \ + "or " CC_B3 ", " CC_B3 ", " CC_T3 "\n\t" + +#define PART_ROUND_EVEN_ABD_5(s, sr) \ + VADD_VV(REG_V0, REG_V0, REG_V1) \ + "add " CC_A0 ", " CC_A0 ", " CC_B1 "\n\t" \ + VADD_VV(REG_V4, REG_V4, REG_V5) \ + "add " CC_A1 ", " CC_A1 ", " CC_B2 "\n\t" \ + VADD_VV(REG_V8, REG_V8, REG_V9) \ + "add " CC_A2 ", " CC_A2 ", " CC_B3 "\n\t" \ + VADD_VV(REG_V12, REG_V12, REG_V13) \ + "add " CC_A3 ", " CC_A3 ", " CC_B0 "\n\t" \ + VADD_VV(REG_V16, REG_V16, REG_V17) \ + "xor " CC_D3 ", " CC_D3 ", " CC_A0 "\n\t" \ + VXOR_VV(REG_V3, REG_V3, REG_V0) \ + "xor " CC_D0 ", " CC_D0 ", " CC_A1 "\n\t" \ + VXOR_VV(REG_V7, REG_V7, REG_V4) \ + "xor " CC_D1 ", " CC_D1 ", " CC_A2 "\n\t" \ + VXOR_VV(REG_V11, REG_V11, REG_V8) \ + "xor " CC_D2 ", " CC_D2 ", " CC_A3 "\n\t" \ + VXOR_VV(REG_V15, REG_V15, REG_V12) \ + "slli " CC_T0 ", " CC_D3 ", " #s "\n\t" \ + VXOR_VV(REG_V19, REG_V19, REG_V16) \ + "slli " CC_T1 ", " CC_D0 ", " #s "\n\t" \ + VROR_VI(REG_V3, sr, REG_V3) \ + "slli " CC_T2 ", " CC_D1 ", " #s "\n\t" \ + VROR_VI(REG_V7, sr, REG_V7) \ + "slli " CC_T3 ", " CC_D2 ", " #s "\n\t" \ + VROR_VI(REG_V11, sr, REG_V11) \ + "srliw " CC_D3 ", " CC_D3 ", " #sr "\n\t" \ + VROR_VI(REG_V15, sr, REG_V15) \ + "srliw " CC_D0 ", " CC_D0 ", " #sr "\n\t" \ + VROR_VI(REG_V19, sr, REG_V19) \ + "srliw " CC_D1 ", " CC_D1 ", " #sr "\n\t" \ + "srliw " CC_D2 ", " CC_D2 ", " #sr "\n\t" \ + "or " CC_D3 ", " CC_D3 ", " CC_T0 "\n\t" \ + "or " CC_D0 ", " CC_D0 ", " CC_T1 "\n\t" \ + "or " CC_D1 ", " CC_D1 ", " CC_T2 "\n\t" \ + "or " CC_D2 ", " CC_D2 ", " CC_T3 "\n\t" + +#define PART_ROUND_EVEN_CDB_5(s, sr) \ + VADD_VV(REG_V2, REG_V2, REG_V3) \ + "add " CC_C2 ", " CC_C2 ", " CC_D3 "\n\t" \ + VADD_VV(REG_V6, REG_V6, REG_V7) \ + "add " CC_C3 ", " CC_C3 ", " CC_D0 "\n\t" \ + VADD_VV(REG_V10, REG_V10, REG_V11) \ + "add " CC_C0 ", " CC_C0 ", " CC_D1 "\n\t" \ + VADD_VV(REG_V14, REG_V14, REG_V15) \ + "add " CC_C1 ", " CC_C1 ", " CC_D2 "\n\t" \ + VADD_VV(REG_V18, REG_V18, REG_V19) \ + "xor " CC_B1 ", " CC_B1 ", " CC_C2 "\n\t" \ + VXOR_VV(REG_V1, REG_V1, REG_V2) \ + "xor " CC_B2 ", " CC_B2 ", " CC_C3 "\n\t" \ + VXOR_VV(REG_V5, REG_V5, REG_V6) \ + "xor " CC_B3 ", " CC_B3 ", " CC_C0 "\n\t" \ + VXOR_VV(REG_V9, REG_V9, REG_V10) \ + "xor " CC_B0 ", " CC_B0 ", " CC_C1 "\n\t" \ + VXOR_VV(REG_V13, REG_V13, REG_V14) \ + "slli " CC_T0 ", " CC_B1 ", " #s "\n\t" \ + VXOR_VV(REG_V17, REG_V17, REG_V18) \ + "slli " CC_T1 ", " CC_B2 ", " #s "\n\t" \ + VROR_VI(REG_V1, sr, REG_V1) \ + "slli " CC_T2 ", " CC_B3 ", " #s "\n\t" \ + VROR_VI(REG_V5, sr, REG_V5) \ + "slli " CC_T3 ", " CC_B0 ", " #s "\n\t" \ + VROR_VI(REG_V9, sr, REG_V9) \ + "srliw " CC_B1 ", " CC_B1 ", " #sr "\n\t" \ + VROR_VI(REG_V13, sr, REG_V13) \ + "srliw " CC_B2 ", " CC_B2 ", " #sr "\n\t" \ + VROR_VI(REG_V17, sr, REG_V17) \ + "srliw " CC_B3 ", " CC_B3 ", " #sr "\n\t" \ + "srliw " CC_B0 ", " CC_B0 ", " #sr "\n\t" \ + "or " CC_B1 ", " CC_B1 ", " CC_T0 "\n\t" \ + "or " CC_B2 ", " CC_B2 ", " CC_T1 "\n\t" \ + "or " CC_B3 ", " CC_B3 ", " CC_T2 "\n\t" \ + "or " CC_B0 ", " CC_B0 ", " CC_T3 "\n\t" + +#else + +#define PART_ROUND_ODD_ABD_5(s, sr) \ + VADD_VV(REG_V0, REG_V0, REG_V1) \ + "add " CC_A0 ", " CC_A0 ", " CC_B0 "\n\t" \ + VADD_VV(REG_V4, REG_V4, REG_V5) \ + "add " CC_A1 ", " CC_A1 ", " CC_B1 "\n\t" \ + VADD_VV(REG_V8, REG_V8, REG_V9) \ + "add " CC_A2 ", " CC_A2 ", " CC_B2 "\n\t" \ + VADD_VV(REG_V12, REG_V12, REG_V13) \ + "add " CC_A3 ", " CC_A3 ", " CC_B3 "\n\t" \ + VADD_VV(REG_V16, REG_V16, REG_V17) \ + VXOR_VV(REG_V3, REG_V3, REG_V0) \ + "xor " CC_D0 ", " CC_D0 ", " CC_A0 "\n\t" \ + VXOR_VV(REG_V7, REG_V7, REG_V4) \ + "xor " CC_D1 ", " CC_D1 ", " CC_A1 "\n\t" \ + VXOR_VV(REG_V11, REG_V11, REG_V8) \ + "xor " CC_D2 ", " CC_D2 ", " CC_A2 "\n\t" \ + VXOR_VV(REG_V15, REG_V15, REG_V12) \ + "xor " CC_D3 ", " CC_D3 ", " CC_A3 "\n\t" \ + VXOR_VV(REG_V19, REG_V19, REG_V16) \ + VROR_VI(REG_V3, sr, REG_V3) \ + RORIW(REG_S6, REG_S6, sr) \ + VROR_VI(REG_V7, sr, REG_V7) \ + RORIW(REG_S7, REG_S7, sr) \ + VROR_VI(REG_V11, sr, REG_V11) \ + RORIW(REG_S8, REG_S8, sr) \ + VROR_VI(REG_V15, sr, REG_V15) \ + RORIW(REG_S9, REG_S9, sr) \ + VROR_VI(REG_V19, sr, REG_V19) + +#define PART_ROUND_ODD_CDB_5(s, sr) \ + VADD_VV(REG_V2, REG_V2, REG_V3) \ + "add " CC_C0 ", " CC_C0 ", " CC_D0 "\n\t" \ + VADD_VV(REG_V6, REG_V6, REG_V7) \ + "add " CC_C1 ", " CC_C1 ", " CC_D1 "\n\t" \ + VADD_VV(REG_V10, REG_V10, REG_V11) \ + "add " CC_C2 ", " CC_C2 ", " CC_D2 "\n\t" \ + VADD_VV(REG_V14, REG_V14, REG_V15) \ + "add " CC_C3 ", " CC_C3 ", " CC_D3 "\n\t" \ + VADD_VV(REG_V18, REG_V18, REG_V19) \ + VXOR_VV(REG_V1, REG_V1, REG_V2) \ + "xor " CC_B0 ", " CC_B0 ", " CC_C0 "\n\t" \ + VXOR_VV(REG_V5, REG_V5, REG_V6) \ + "xor " CC_B1 ", " CC_B1 ", " CC_C1 "\n\t" \ + VXOR_VV(REG_V9, REG_V9, REG_V10) \ + "xor " CC_B2 ", " CC_B2 ", " CC_C2 "\n\t" \ + VXOR_VV(REG_V13, REG_V13, REG_V14) \ + "xor " CC_B3 ", " CC_B3 ", " CC_C3 "\n\t" \ + VXOR_VV(REG_V17, REG_V17, REG_V18) \ + VROR_VI(REG_V1, sr, REG_V1) \ + RORIW(REG_T3, REG_T3, sr) \ + VROR_VI(REG_V5, sr, REG_V5) \ + RORIW(REG_T4, REG_T4, sr) \ + VROR_VI(REG_V9, sr, REG_V9) \ + RORIW(REG_T5, REG_T5, sr) \ + VROR_VI(REG_V13, sr, REG_V13) \ + RORIW(REG_T6, REG_T6, sr) \ + VROR_VI(REG_V17, sr, REG_V17) + +#define PART_ROUND_EVEN_ABD_5(s, sr) \ + VADD_VV(REG_V0, REG_V0, REG_V1) \ + "add " CC_A0 ", " CC_A0 ", " CC_B1 "\n\t" \ + VADD_VV(REG_V4, REG_V4, REG_V5) \ + "add " CC_A1 ", " CC_A1 ", " CC_B2 "\n\t" \ + VADD_VV(REG_V8, REG_V8, REG_V9) \ + "add " CC_A2 ", " CC_A2 ", " CC_B3 "\n\t" \ + VADD_VV(REG_V12, REG_V12, REG_V13) \ + "add " CC_A3 ", " CC_A3 ", " CC_B0 "\n\t" \ + VADD_VV(REG_V16, REG_V16, REG_V17) \ + VXOR_VV(REG_V3, REG_V3, REG_V0) \ + "xor " CC_D3 ", " CC_D3 ", " CC_A0 "\n\t" \ + VXOR_VV(REG_V7, REG_V7, REG_V4) \ + "xor " CC_D0 ", " CC_D0 ", " CC_A1 "\n\t" \ + VXOR_VV(REG_V11, REG_V11, REG_V8) \ + "xor " CC_D1 ", " CC_D1 ", " CC_A2 "\n\t" \ + VXOR_VV(REG_V15, REG_V15, REG_V12) \ + "xor " CC_D2 ", " CC_D2 ", " CC_A3 "\n\t" \ + VXOR_VV(REG_V19, REG_V19, REG_V16) \ + VROR_VI(REG_V3, sr, REG_V3) \ + RORIW(REG_S9, REG_S9, sr) \ + VROR_VI(REG_V7, sr, REG_V7) \ + RORIW(REG_S6, REG_S6, sr) \ + VROR_VI(REG_V11, sr, REG_V11) \ + RORIW(REG_S7, REG_S7, sr) \ + VROR_VI(REG_V15, sr, REG_V15) \ + RORIW(REG_S8, REG_S8, sr) \ + VROR_VI(REG_V19, sr, REG_V19) + +#define PART_ROUND_EVEN_CDB_5(s, sr) \ + VADD_VV(REG_V2, REG_V2, REG_V3) \ + "add " CC_C2 ", " CC_C2 ", " CC_D3 "\n\t" \ + VADD_VV(REG_V6, REG_V6, REG_V7) \ + "add " CC_C3 ", " CC_C3 ", " CC_D0 "\n\t" \ + VADD_VV(REG_V10, REG_V10, REG_V11) \ + "add " CC_C0 ", " CC_C0 ", " CC_D1 "\n\t" \ + VADD_VV(REG_V14, REG_V14, REG_V15) \ + "add " CC_C1 ", " CC_C1 ", " CC_D2 "\n\t" \ + VADD_VV(REG_V18, REG_V18, REG_V19) \ + VXOR_VV(REG_V1, REG_V1, REG_V2) \ + "xor " CC_B1 ", " CC_B1 ", " CC_C2 "\n\t" \ + VXOR_VV(REG_V5, REG_V5, REG_V6) \ + "xor " CC_B2 ", " CC_B2 ", " CC_C3 "\n\t" \ + VXOR_VV(REG_V9, REG_V9, REG_V10) \ + "xor " CC_B3 ", " CC_B3 ", " CC_C0 "\n\t" \ + VXOR_VV(REG_V13, REG_V13, REG_V14) \ + "xor " CC_B0 ", " CC_B0 ", " CC_C1 "\n\t" \ + VXOR_VV(REG_V17, REG_V17, REG_V18) \ + VROR_VI(REG_V1, sr, REG_V1) \ + RORIW(REG_T4, REG_T4, sr) \ + VROR_VI(REG_V5, sr, REG_V5) \ + RORIW(REG_T5, REG_T5, sr) \ + VROR_VI(REG_V9, sr, REG_V9) \ + RORIW(REG_T6, REG_T6, sr) \ + VROR_VI(REG_V13, sr, REG_V13) \ + RORIW(REG_T3, REG_T3, sr) \ + VROR_VI(REG_V17, sr, REG_V17) + +#endif + +#define QUARTER_ROUND_ODD_5() \ + /* a += b; d ^= a; d <<<= 16; */ \ + PART_ROUND_ODD_ABD_5(16, 16) \ + /* c += d; b ^= c; b <<<= 12; */ \ + PART_ROUND_ODD_CDB_5(12, 20) \ + /* a += b; d ^= a; d <<<= 8; */ \ + PART_ROUND_ODD_ABD_5( 8, 24) \ + /* c += d; b ^= c; b <<<= 7; */ \ + PART_ROUND_ODD_CDB_5( 7, 25) + +#define QUARTER_ROUND_EVEN_5() \ + /* a += b; d ^= a; d <<<= 16; */ \ + PART_ROUND_EVEN_ABD_5(16, 16) \ + /* c += d; b ^= c; b <<<= 12; */ \ + PART_ROUND_EVEN_CDB_5(12, 20) \ + /* a += b; d ^= a; d <<<= 8; */ \ + PART_ROUND_EVEN_ABD_5( 8, 24) \ + /* c += d; b ^= c; b <<<= 7; */ \ + PART_ROUND_EVEN_CDB_5( 7, 25) + +#define SHUFFLE_5(r, t, i) \ + VRGATHER_VV(t + 0, i, r + 0) \ + VRGATHER_VV(t + 1, i, r + 4) \ + VRGATHER_VV(t + 2, i, r + 8) \ + VRGATHER_VV(t + 3, i, r + 12) \ + VRGATHER_VV(t + 4, i, r + 16) \ + VMV_V_V(r + 0, t + 0) \ + VMV_V_V(r + 4, t + 1) \ + VMV_V_V(r + 8, t + 2) \ + VMV_V_V(r + 12, t + 3) \ + VMV_V_V(r + 16, t + 4) + +#define ODD_SHUFFLE_5() \ + /* a=0,1,2,3; b=4,5,6,7; c=8,9,10,11; d=12,13,14,15 \ + * => a=0,1,2,3; b=5,6,7,4; c=10,11,8,9; d=15,12,13,14 */ \ + SHUFFLE_5(REG_V3, REG_V20, REG_V27) \ + SHUFFLE_5(REG_V1, REG_V20, REG_V25) \ + SHUFFLE_5(REG_V2, REG_V20, REG_V26) + +#define EVEN_SHUFFLE_5() \ + /* a=0,1,2,3; b=5,6,7,4; c=10,11,8,9; d=15,12,13,14 \ + * => a=0,1,2,3; b=4,5,6,7; c=8,9,10,11; d=12,13,14,15 */ \ + SHUFFLE_5(REG_V3, REG_V20, REG_V25) \ + SHUFFLE_5(REG_V1, REG_V20, REG_V27) \ + SHUFFLE_5(REG_V2, REG_V20, REG_V26) + +static WC_INLINE void wc_chacha_encrypt_384(const word32* input, const byte* m, + byte* c, word32 bytes) +{ + word64 bytes64 = (word64)bytes; + + __asm__ __volatile__ ( + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + /* The layout of used vector registers is: + * v0-v3 - first block + * v4-v7 - second block + * v8-v11 - third block + * v12-v15 - fourth block + * v16-v19 - fifth block + * v20-v24 - temp/message + * v25-v27 - indeces for rotating words in vector + * v28-v31 - input + * + * v0 0 1 2 3 + * v1 4 5 6 7 + * v2 8 9 10 11 + * v3 12 13 14 15 + * load CHACHA state with indices placed as shown above + */ + + /* Load state to encrypt */ + "mv t2, %[input]\n\t" + VL4RE32_V(REG_V28, REG_T2) + VID_V(REG_V20) + VSLIDEDOWN_VI(REG_V25, REG_V20, 1) + VSLIDEUP_VI(REG_V25, REG_V20, 3) + VSLIDEDOWN_VI(REG_V26, REG_V20, 2) + VSLIDEUP_VI(REG_V26, REG_V20, 2) + VSLIDEDOWN_VI(REG_V27, REG_V20, 3) + VSLIDEUP_VI(REG_V27, REG_V20, 1) + "\n" + "L_chacha20_riscv_384_outer:\n\t" + /* Move state into regular registers */ + "ld a4, 0(%[input])\n\t" + "ld a6, 8(%[input])\n\t" + "ld t3, 16(%[input])\n\t" + "ld t5, 24(%[input])\n\t" + "ld s2, 32(%[input])\n\t" + "ld s4, 40(%[input])\n\t" + "lw s7, 52(%[input])\n\t" + "ld s8, 56(%[input])\n\t" + "srli a5, a4, 32\n\t" + "srli a7, a6, 32\n\t" + "srli t4, t3, 32\n\t" + "srli t6, t5, 32\n\t" + "srli s3, s2, 32\n\t" + "srli s5, s4, 32\n\t" + "srli s9, s8, 32\n\t" + VMV_X_S(REG_S6, REG_V31) + /* Move state into vector registers */ + VMVR_V(REG_V0, REG_V28, 4) + VMVR_V(REG_V4, REG_V28, 4) + VMVR_V(REG_V8, REG_V28, 4) + VMVR_V(REG_V12, REG_V28, 4) + VMVR_V(REG_V16, REG_V28, 4) + /* Set counter word */ + "addi t1, s6, 1\n\t" + VMV_S_X(REG_V7, REG_T1) + "addi t1, s6, 2\n\t" + VMV_S_X(REG_V11, REG_T1) + "addi t1, s6, 3\n\t" + VMV_S_X(REG_V15, REG_T1) + "addi t1, s6, 4\n\t" + VMV_S_X(REG_V19, REG_T1) + "addi s6, s6, 5\n\t" + /* Set number of odd+even rounds to perform */ + "li a3, 10\n\t" + "\n" + "L_chacha20_riscv_384_loop:\n\t" + /* Odd Round */ + QUARTER_ROUND_ODD_5() + ODD_SHUFFLE_5() + /* Even Round */ + QUARTER_ROUND_EVEN_5() + EVEN_SHUFFLE_5() + "addi a3, a3, -1\n\t" + "bnez a3, L_chacha20_riscv_384_loop\n\t" + /* Load message */ + "mv t2, %[m]\n\t" + VL4RE32_V(REG_V20, REG_T2) + "addi %[m], %[m], 64\n\t" + /* Add back state, XOR in message and store (load next block) */ + /* BLOCK 1 */ + VADD_VV(REG_V0, REG_V0, REG_V28) + VADD_VV(REG_V1, REG_V1, REG_V29) + VADD_VV(REG_V2, REG_V2, REG_V30) + VADD_VV(REG_V3, REG_V3, REG_V31) + VXOR_VV(REG_V0, REG_V0, REG_V20) + VXOR_VV(REG_V1, REG_V1, REG_V21) + VXOR_VV(REG_V2, REG_V2, REG_V22) + VXOR_VV(REG_V3, REG_V3, REG_V23) + "mv t2, %[m]\n\t" + VL4RE32_V(REG_V20, REG_T2) + "addi %[m], %[m], 64\n\t" + VMV_X_S(REG_T0, REG_V31) + "mv t2, %[c]\n\t" + VS4R_V(REG_V0, REG_T2) + "addi %[c], %[c], 64\n\t" + /* BLOCK 2 */ + "addi t0, t0, 1\n\t" + VMV_S_X(REG_V31, REG_T0) + VADD_VV(REG_V4, REG_V4, REG_V28) + VADD_VV(REG_V5, REG_V5, REG_V29) + VADD_VV(REG_V6, REG_V6, REG_V30) + VADD_VV(REG_V7, REG_V7, REG_V31) + VXOR_VV(REG_V4, REG_V4, REG_V20) + VXOR_VV(REG_V5, REG_V5, REG_V21) + VXOR_VV(REG_V6, REG_V6, REG_V22) + VXOR_VV(REG_V7, REG_V7, REG_V23) + "mv t2, %[m]\n\t" + VL4RE32_V(REG_V20, REG_T2) + "addi %[m], %[m], 64\n\t" + "mv t2, %[c]\n\t" + VS4R_V(REG_V4, REG_T2) + "addi %[c], %[c], 64\n\t" + /* BLOCK 3 */ + "addi t0, t0, 1\n\t" + VMV_S_X(REG_V31, REG_T0) + VADD_VV(REG_V8, REG_V8, REG_V28) + VADD_VV(REG_V9, REG_V9, REG_V29) + VADD_VV(REG_V10, REG_V10, REG_V30) + VADD_VV(REG_V11, REG_V11, REG_V31) + VXOR_VV(REG_V8, REG_V8, REG_V20) + VXOR_VV(REG_V9, REG_V9, REG_V21) + VXOR_VV(REG_V10, REG_V10, REG_V22) + VXOR_VV(REG_V11, REG_V11, REG_V23) + "mv t2, %[m]\n\t" + VL4RE32_V(REG_V20, REG_T2) + "addi %[m], %[m], 64\n\t" + "mv t2, %[c]\n\t" + VS4R_V(REG_V8, REG_T2) + "addi %[c], %[c], 64\n\t" + /* BLOCK 4 */ + "addi t0, t0, 1\n\t" + VMV_S_X(REG_V31, REG_T0) + VADD_VV(REG_V12, REG_V12, REG_V28) + VADD_VV(REG_V13, REG_V13, REG_V29) + VADD_VV(REG_V14, REG_V14, REG_V30) + VADD_VV(REG_V15, REG_V15, REG_V31) + VXOR_VV(REG_V12, REG_V12, REG_V20) + VXOR_VV(REG_V13, REG_V13, REG_V21) + VXOR_VV(REG_V14, REG_V14, REG_V22) + VXOR_VV(REG_V15, REG_V15, REG_V23) + "mv t2, %[m]\n\t" + VL4RE32_V(REG_V20, REG_T2) + "addi %[m], %[m], 64\n\t" + "mv t2, %[c]\n\t" + VS4R_V(REG_V12, REG_T2) + "addi %[c], %[c], 64\n\t" + /* BLOCK 5 */ + "addi t0, t0, 1\n\t" + VMV_S_X(REG_V31, REG_T0) + VADD_VV(REG_V16, REG_V16, REG_V28) + VADD_VV(REG_V17, REG_V17, REG_V29) + VADD_VV(REG_V18, REG_V18, REG_V30) + VADD_VV(REG_V19, REG_V19, REG_V31) + VXOR_VV(REG_V16, REG_V16, REG_V20) + VXOR_VV(REG_V17, REG_V17, REG_V21) + VXOR_VV(REG_V18, REG_V18, REG_V22) + VXOR_VV(REG_V19, REG_V19, REG_V23) + "mv t2, %[m]\n\t" + VL4RE32_V(REG_V20, REG_T2) + "addi %[m], %[m], 64\n\t" + "mv t2, %[c]\n\t" + VS4R_V(REG_V16, REG_T2) + "addi %[c], %[c], 64\n\t" + /* BLOCK 6 */ + /* Move regular registers into vector registers for adding and xor */ + "addi t0, t0, 1\n\t" + VMV_S_X(REG_V0, REG_A4) + VMV_S_X(REG_V1, REG_T3) + VMV_S_X(REG_V2, REG_S2) + VMV_S_X(REG_V3, REG_S6) + VMV_S_X(REG_V4, REG_A5) + VMV_S_X(REG_V5, REG_T4) + VMV_S_X(REG_V6, REG_S3) + VMV_S_X(REG_V7, REG_S7) + VSLIDEUP_VI(REG_V0, REG_V4, 1) + VSLIDEUP_VI(REG_V1, REG_V5, 1) + VSLIDEUP_VI(REG_V2, REG_V6, 1) + VSLIDEUP_VI(REG_V3, REG_V7, 1) + VMV_S_X(REG_V4, REG_A6) + VMV_S_X(REG_V5, REG_T5) + VMV_S_X(REG_V6, REG_S4) + VMV_S_X(REG_V7, REG_S8) + VSLIDEUP_VI(REG_V0, REG_V4, 2) + VSLIDEUP_VI(REG_V1, REG_V5, 2) + VSLIDEUP_VI(REG_V2, REG_V6, 2) + VSLIDEUP_VI(REG_V3, REG_V7, 2) + VMV_S_X(REG_V4, REG_A7) + VMV_S_X(REG_V5, REG_T6) + VMV_S_X(REG_V6, REG_S5) + VMV_S_X(REG_V7, REG_S9) + VSLIDEUP_VI(REG_V0, REG_V4, 3) + VSLIDEUP_VI(REG_V1, REG_V5, 3) + VSLIDEUP_VI(REG_V2, REG_V6, 3) + VSLIDEUP_VI(REG_V3, REG_V7, 3) + VMV_S_X(REG_V31, REG_T0) + /* Add back state, XOR in message and store */ + VADD_VV(REG_V0, REG_V0, REG_V28) + VADD_VV(REG_V1, REG_V1, REG_V29) + VADD_VV(REG_V2, REG_V2, REG_V30) + VADD_VV(REG_V3, REG_V3, REG_V31) + VXOR_VV(REG_V0, REG_V0, REG_V20) + VXOR_VV(REG_V1, REG_V1, REG_V21) + VXOR_VV(REG_V2, REG_V2, REG_V22) + VXOR_VV(REG_V3, REG_V3, REG_V23) + "mv t2, %[c]\n\t" + VS4R_V(REG_V0, REG_T2) + "addi %[c], %[c], 64\n\t" + "addi %[bytes], %[bytes], -384\n\t" + "addi t0, t0, 1\n\t" + VMV_S_X(REG_V31, REG_T0) + "bnez %[bytes], L_chacha20_riscv_384_outer\n\t" + : [m] "+r" (m), [c] "+r" (c), [bytes] "+r" (bytes64) + : [input] "r" (input) + : "memory", "t0", "t1", "t2", "s1", "a3", + "t3", "t4", "t5", "t6", + "a4", "a5", "a6", "a7", + "s2", "s3", "s4", "s5", + "s6", "s7", "s8", "s9" + ); +} + +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + +#define PART_ROUND_ODD_ABD(s, sr) \ + "add " CC_A0 ", " CC_A0 ", " CC_B0 "\n\t" \ + VADD_VV(REG_V0, REG_V0, REG_V1) \ + "add " CC_A1 ", " CC_A1 ", " CC_B1 "\n\t" \ + VADD_VV(REG_V4, REG_V4, REG_V5) \ + "add " CC_A2 ", " CC_A2 ", " CC_B2 "\n\t" \ + VADD_VV(REG_V8, REG_V8, REG_V9) \ + "add " CC_A3 ", " CC_A3 ", " CC_B3 "\n\t" \ + VXOR_VV(REG_V3, REG_V3, REG_V0) \ + "xor " CC_D0 ", " CC_D0 ", " CC_A0 "\n\t" \ + VXOR_VV(REG_V7, REG_V7, REG_V4) \ + "xor " CC_D1 ", " CC_D1 ", " CC_A1 "\n\t" \ + VXOR_VV(REG_V11, REG_V11, REG_V8) \ + "xor " CC_D2 ", " CC_D2 ", " CC_A2 "\n\t" \ + VSLL_VI(REG_V20, REG_V3, s) \ + "xor " CC_D3 ", " CC_D3 ", " CC_A3 "\n\t" \ + VSLL_VI(REG_V21, REG_V7, s) \ + "slli " CC_T0 ", " CC_D0 ", " #s "\n\t" \ + VSLL_VI(REG_V22, REG_V11, s) \ + "slli " CC_T1 ", " CC_D1 ", " #s "\n\t" \ + VSRL_VI(REG_V3, REG_V3, sr) \ + "slli " CC_T2 ", " CC_D2 ", " #s "\n\t" \ + VSRL_VI(REG_V7, REG_V7, sr) \ + "slli " CC_T3 ", " CC_D3 ", " #s "\n\t" \ + VSRL_VI(REG_V11, REG_V11, sr) \ + "srliw " CC_D0 ", " CC_D0 ", " #sr "\n\t" \ + VOR_VV(REG_V3, REG_V3, REG_V20) \ + "srliw " CC_D1 ", " CC_D1 ", " #sr "\n\t" \ + VOR_VV(REG_V7, REG_V7, REG_V21) \ + "srliw " CC_D2 ", " CC_D2 ", " #sr "\n\t" \ + VOR_VV(REG_V11, REG_V11, REG_V22) \ + "srliw " CC_D3 ", " CC_D3 ", " #sr "\n\t" \ + "or " CC_D0 ", " CC_D0 ", " CC_T0 "\n\t" \ + "or " CC_D1 ", " CC_D1 ", " CC_T1 "\n\t" \ + "or " CC_D2 ", " CC_D2 ", " CC_T2 "\n\t" \ + "or " CC_D3 ", " CC_D3 ", " CC_T3 "\n\t" + +#define PART_ROUND_ODD_CDB(s, sr) \ + "add " CC_C0 ", " CC_C0 ", " CC_D0 "\n\t" \ + VADD_VV(REG_V2, REG_V2, REG_V3) \ + "add " CC_C1 ", " CC_C1 ", " CC_D1 "\n\t" \ + VADD_VV(REG_V6, REG_V6, REG_V7) \ + "add " CC_C2 ", " CC_C2 ", " CC_D2 "\n\t" \ + VADD_VV(REG_V10, REG_V10, REG_V11) \ + "add " CC_C3 ", " CC_C3 ", " CC_D3 "\n\t" \ + VXOR_VV(REG_V1, REG_V1, REG_V2) \ + "xor " CC_B0 ", " CC_B0 ", " CC_C0 "\n\t" \ + VXOR_VV(REG_V5, REG_V5, REG_V6) \ + "xor " CC_B1 ", " CC_B1 ", " CC_C1 "\n\t" \ + VXOR_VV(REG_V9, REG_V9, REG_V10) \ + "xor " CC_B2 ", " CC_B2 ", " CC_C2 "\n\t" \ + VSLL_VI(REG_V20, REG_V1, s) \ + "xor " CC_B3 ", " CC_B3 ", " CC_C3 "\n\t" \ + VSLL_VI(REG_V21, REG_V5, s) \ + "slli " CC_T0 ", " CC_B0 ", " #s "\n\t" \ + VSLL_VI(REG_V22, REG_V9, s) \ + "slli " CC_T1 ", " CC_B1 ", " #s "\n\t" \ + VSRL_VI(REG_V1, REG_V1, sr) \ + "slli " CC_T2 ", " CC_B2 ", " #s "\n\t" \ + VSRL_VI(REG_V5, REG_V5, sr) \ + "slli " CC_T3 ", " CC_B3 ", " #s "\n\t" \ + VSRL_VI(REG_V9, REG_V9, sr) \ + "srliw " CC_B0 ", " CC_B0 ", " #sr "\n\t" \ + VOR_VV(REG_V1, REG_V1, REG_V20) \ + "srliw " CC_B1 ", " CC_B1 ", " #sr "\n\t" \ + VOR_VV(REG_V5, REG_V5, REG_V21) \ + "srliw " CC_B2 ", " CC_B2 ", " #sr "\n\t" \ + VOR_VV(REG_V9, REG_V9, REG_V22) \ + "srliw " CC_B3 ", " CC_B3 ", " #sr "\n\t" \ + "or " CC_B0 ", " CC_B0 ", " CC_T0 "\n\t" \ + "or " CC_B1 ", " CC_B1 ", " CC_T1 "\n\t" \ + "or " CC_B2 ", " CC_B2 ", " CC_T2 "\n\t" \ + "or " CC_B3 ", " CC_B3 ", " CC_T3 "\n\t" + +#define PART_ROUND_EVEN_ABD(s, sr) \ + "add " CC_A0 ", " CC_A0 ", " CC_B1 "\n\t" \ + VADD_VV(REG_V0, REG_V0, REG_V1) \ + "add " CC_A1 ", " CC_A1 ", " CC_B2 "\n\t" \ + VADD_VV(REG_V4, REG_V4, REG_V5) \ + "add " CC_A2 ", " CC_A2 ", " CC_B3 "\n\t" \ + VADD_VV(REG_V8, REG_V8, REG_V9) \ + "add " CC_A3 ", " CC_A3 ", " CC_B0 "\n\t" \ + VXOR_VV(REG_V3, REG_V3, REG_V0) \ + "xor " CC_D3 ", " CC_D3 ", " CC_A0 "\n\t" \ + VXOR_VV(REG_V7, REG_V7, REG_V4) \ + "xor " CC_D0 ", " CC_D0 ", " CC_A1 "\n\t" \ + VXOR_VV(REG_V11, REG_V11, REG_V8) \ + "xor " CC_D1 ", " CC_D1 ", " CC_A2 "\n\t" \ + VSLL_VI(REG_V20, REG_V3, s) \ + "xor " CC_D2 ", " CC_D2 ", " CC_A3 "\n\t" \ + VSLL_VI(REG_V21, REG_V7, s) \ + "slli " CC_T0 ", " CC_D3 ", " #s "\n\t" \ + VSLL_VI(REG_V22, REG_V11, s) \ + "slli " CC_T1 ", " CC_D0 ", " #s "\n\t" \ + VSRL_VI(REG_V3, REG_V3, sr) \ + "slli " CC_T2 ", " CC_D1 ", " #s "\n\t" \ + VSRL_VI(REG_V7, REG_V7, sr) \ + "slli " CC_T3 ", " CC_D2 ", " #s "\n\t" \ + VSRL_VI(REG_V11, REG_V11, sr) \ + "srliw " CC_D3 ", " CC_D3 ", " #sr "\n\t" \ + VOR_VV(REG_V3, REG_V3, REG_V20) \ + "srliw " CC_D0 ", " CC_D0 ", " #sr "\n\t" \ + VOR_VV(REG_V7, REG_V7, REG_V21) \ + "srliw " CC_D1 ", " CC_D1 ", " #sr "\n\t" \ + VOR_VV(REG_V11, REG_V11, REG_V22) \ + "srliw " CC_D2 ", " CC_D2 ", " #sr "\n\t" \ + "or " CC_D3 ", " CC_D3 ", " CC_T0 "\n\t" \ + "or " CC_D0 ", " CC_D0 ", " CC_T1 "\n\t" \ + "or " CC_D1 ", " CC_D1 ", " CC_T2 "\n\t" \ + "or " CC_D2 ", " CC_D2 ", " CC_T3 "\n\t" + +#define PART_ROUND_EVEN_CDB(s, sr) \ + "add " CC_C2 ", " CC_C2 ", " CC_D3 "\n\t" \ + VADD_VV(REG_V2, REG_V2, REG_V3) \ + "add " CC_C3 ", " CC_C3 ", " CC_D0 "\n\t" \ + VADD_VV(REG_V6, REG_V6, REG_V7) \ + "add " CC_C0 ", " CC_C0 ", " CC_D1 "\n\t" \ + VADD_VV(REG_V10, REG_V10, REG_V11) \ + "add " CC_C1 ", " CC_C1 ", " CC_D2 "\n\t" \ + VXOR_VV(REG_V1, REG_V1, REG_V2) \ + "xor " CC_B1 ", " CC_B1 ", " CC_C2 "\n\t" \ + VXOR_VV(REG_V5, REG_V5, REG_V6) \ + "xor " CC_B2 ", " CC_B2 ", " CC_C3 "\n\t" \ + VXOR_VV(REG_V9, REG_V9, REG_V10) \ + "xor " CC_B3 ", " CC_B3 ", " CC_C0 "\n\t" \ + VSLL_VI(REG_V20, REG_V1, s) \ + "xor " CC_B0 ", " CC_B0 ", " CC_C1 "\n\t" \ + VSLL_VI(REG_V21, REG_V5, s) \ + "slli " CC_T0 ", " CC_B1 ", " #s "\n\t" \ + VSLL_VI(REG_V22, REG_V9, s) \ + "slli " CC_T1 ", " CC_B2 ", " #s "\n\t" \ + VSRL_VI(REG_V1, REG_V1, sr) \ + "slli " CC_T2 ", " CC_B3 ", " #s "\n\t" \ + VSRL_VI(REG_V5, REG_V5, sr) \ + "slli " CC_T3 ", " CC_B0 ", " #s "\n\t" \ + VSRL_VI(REG_V9, REG_V9, sr) \ + "srliw " CC_B1 ", " CC_B1 ", " #sr "\n\t" \ + VOR_VV(REG_V1, REG_V1, REG_V20) \ + "srliw " CC_B2 ", " CC_B2 ", " #sr "\n\t" \ + VOR_VV(REG_V5, REG_V5, REG_V21) \ + "srliw " CC_B3 ", " CC_B3 ", " #sr "\n\t" \ + VOR_VV(REG_V9, REG_V9, REG_V22) \ + "srliw " CC_B0 ", " CC_B0 ", " #sr "\n\t" \ + "or " CC_B1 ", " CC_B1 ", " CC_T0 "\n\t" \ + "or " CC_B2 ", " CC_B2 ", " CC_T1 "\n\t" \ + "or " CC_B3 ", " CC_B3 ", " CC_T2 "\n\t" \ + "or " CC_B0 ", " CC_B0 ", " CC_T3 "\n\t" + +#elif !defined(WOLFSSL_RISCV_BASE_BIT_MANIPULATION ) + +#define PART_ROUND_ODD_ABD(s, sr) \ + "add " CC_A0 ", " CC_A0 ", " CC_B0 "\n\t" \ + VADD_VV(REG_V0, REG_V0, REG_V1) \ + "add " CC_A1 ", " CC_A1 ", " CC_B1 "\n\t" \ + VADD_VV(REG_V4, REG_V4, REG_V5) \ + "add " CC_A2 ", " CC_A2 ", " CC_B2 "\n\t" \ + VADD_VV(REG_V8, REG_V8, REG_V9) \ + "add " CC_A3 ", " CC_A3 ", " CC_B3 "\n\t" \ + VXOR_VV(REG_V3, REG_V3, REG_V0) \ + "xor " CC_D0 ", " CC_D0 ", " CC_A0 "\n\t" \ + VXOR_VV(REG_V7, REG_V7, REG_V4) \ + "xor " CC_D1 ", " CC_D1 ", " CC_A1 "\n\t" \ + VXOR_VV(REG_V11, REG_V11, REG_V8) \ + "xor " CC_D2 ", " CC_D2 ", " CC_A2 "\n\t" \ + VROR_VI(REG_V3, sr, REG_V3) \ + "xor " CC_D3 ", " CC_D3 ", " CC_A3 "\n\t" \ + VROR_VI(REG_V7, sr, REG_V7) \ + "slli " CC_T0 ", " CC_D0 ", " #s "\n\t" \ + VROR_VI(REG_V11, sr, REG_V11) \ + "slli " CC_T1 ", " CC_D1 ", " #s "\n\t" \ + "slli " CC_T2 ", " CC_D2 ", " #s "\n\t" \ + "slli " CC_T3 ", " CC_D3 ", " #s "\n\t" \ + "srliw " CC_D0 ", " CC_D0 ", " #sr "\n\t" \ + "srliw " CC_D1 ", " CC_D1 ", " #sr "\n\t" \ + "srliw " CC_D2 ", " CC_D2 ", " #sr "\n\t" \ + "srliw " CC_D3 ", " CC_D3 ", " #sr "\n\t" \ + "or " CC_D0 ", " CC_D0 ", " CC_T0 "\n\t" \ + "or " CC_D1 ", " CC_D1 ", " CC_T1 "\n\t" \ + "or " CC_D2 ", " CC_D2 ", " CC_T2 "\n\t" \ + "or " CC_D3 ", " CC_D3 ", " CC_T3 "\n\t" + +#define PART_ROUND_ODD_CDB(s, sr) \ + "add " CC_C0 ", " CC_C0 ", " CC_D0 "\n\t" \ + VADD_VV(REG_V2, REG_V2, REG_V3) \ + "add " CC_C1 ", " CC_C1 ", " CC_D1 "\n\t" \ + VADD_VV(REG_V6, REG_V6, REG_V7) \ + "add " CC_C2 ", " CC_C2 ", " CC_D2 "\n\t" \ + VADD_VV(REG_V10, REG_V10, REG_V11) \ + "add " CC_C3 ", " CC_C3 ", " CC_D3 "\n\t" \ + VXOR_VV(REG_V1, REG_V1, REG_V2) \ + "xor " CC_B0 ", " CC_B0 ", " CC_C0 "\n\t" \ + VXOR_VV(REG_V5, REG_V5, REG_V6) \ + "xor " CC_B1 ", " CC_B1 ", " CC_C1 "\n\t" \ + VXOR_VV(REG_V9, REG_V9, REG_V10) \ + "xor " CC_B2 ", " CC_B2 ", " CC_C2 "\n\t" \ + VROR_VI(REG_V1, sr, REG_V1) \ + "xor " CC_B3 ", " CC_B3 ", " CC_C3 "\n\t" \ + VROR_VI(REG_V5, sr, REG_V5) \ + "slli " CC_T0 ", " CC_B0 ", " #s "\n\t" \ + VROR_VI(REG_V9, sr, REG_V9) \ + "slli " CC_T1 ", " CC_B1 ", " #s "\n\t" \ + "slli " CC_T2 ", " CC_B2 ", " #s "\n\t" \ + "slli " CC_T3 ", " CC_B3 ", " #s "\n\t" \ + "srliw " CC_B0 ", " CC_B0 ", " #sr "\n\t" \ + "srliw " CC_B1 ", " CC_B1 ", " #sr "\n\t" \ + "srliw " CC_B2 ", " CC_B2 ", " #sr "\n\t" \ + "srliw " CC_B3 ", " CC_B3 ", " #sr "\n\t" \ + "or " CC_B0 ", " CC_B0 ", " CC_T0 "\n\t" \ + "or " CC_B1 ", " CC_B1 ", " CC_T1 "\n\t" \ + "or " CC_B2 ", " CC_B2 ", " CC_T2 "\n\t" \ + "or " CC_B3 ", " CC_B3 ", " CC_T3 "\n\t" + +#define PART_ROUND_EVEN_ABD(s, sr) \ + "add " CC_A0 ", " CC_A0 ", " CC_B1 "\n\t" \ + VADD_VV(REG_V0, REG_V0, REG_V1) \ + "add " CC_A1 ", " CC_A1 ", " CC_B2 "\n\t" \ + VADD_VV(REG_V4, REG_V4, REG_V5) \ + "add " CC_A2 ", " CC_A2 ", " CC_B3 "\n\t" \ + VADD_VV(REG_V8, REG_V8, REG_V9) \ + "add " CC_A3 ", " CC_A3 ", " CC_B0 "\n\t" \ + VXOR_VV(REG_V3, REG_V3, REG_V0) \ + "xor " CC_D3 ", " CC_D3 ", " CC_A0 "\n\t" \ + VXOR_VV(REG_V7, REG_V7, REG_V4) \ + "xor " CC_D0 ", " CC_D0 ", " CC_A1 "\n\t" \ + VXOR_VV(REG_V11, REG_V11, REG_V8) \ + "xor " CC_D1 ", " CC_D1 ", " CC_A2 "\n\t" \ + VROR_VI(REG_V3, sr, REG_V3) \ + "xor " CC_D2 ", " CC_D2 ", " CC_A3 "\n\t" \ + VROR_VI(REG_V7, sr, REG_V7) \ + "slli " CC_T0 ", " CC_D3 ", " #s "\n\t" \ + VROR_VI(REG_V11, sr, REG_V11) \ + "slli " CC_T1 ", " CC_D0 ", " #s "\n\t" \ + "slli " CC_T2 ", " CC_D1 ", " #s "\n\t" \ + "slli " CC_T3 ", " CC_D2 ", " #s "\n\t" \ + "srliw " CC_D3 ", " CC_D3 ", " #sr "\n\t" \ + "srliw " CC_D0 ", " CC_D0 ", " #sr "\n\t" \ + "srliw " CC_D1 ", " CC_D1 ", " #sr "\n\t" \ + "srliw " CC_D2 ", " CC_D2 ", " #sr "\n\t" \ + "or " CC_D3 ", " CC_D3 ", " CC_T0 "\n\t" \ + "or " CC_D0 ", " CC_D0 ", " CC_T1 "\n\t" \ + "or " CC_D1 ", " CC_D1 ", " CC_T2 "\n\t" \ + "or " CC_D2 ", " CC_D2 ", " CC_T3 "\n\t" + +#define PART_ROUND_EVEN_CDB(s, sr) \ + "add " CC_C2 ", " CC_C2 ", " CC_D3 "\n\t" \ + VADD_VV(REG_V2, REG_V2, REG_V3) \ + "add " CC_C3 ", " CC_C3 ", " CC_D0 "\n\t" \ + VADD_VV(REG_V6, REG_V6, REG_V7) \ + "add " CC_C0 ", " CC_C0 ", " CC_D1 "\n\t" \ + VADD_VV(REG_V10, REG_V10, REG_V11) \ + "add " CC_C1 ", " CC_C1 ", " CC_D2 "\n\t" \ + VXOR_VV(REG_V1, REG_V1, REG_V2) \ + "xor " CC_B1 ", " CC_B1 ", " CC_C2 "\n\t" \ + VXOR_VV(REG_V5, REG_V5, REG_V6) \ + "xor " CC_B2 ", " CC_B2 ", " CC_C3 "\n\t" \ + VXOR_VV(REG_V9, REG_V9, REG_V10) \ + "xor " CC_B3 ", " CC_B3 ", " CC_C0 "\n\t" \ + VROR_VI(REG_V1, sr, REG_V1) \ + "xor " CC_B0 ", " CC_B0 ", " CC_C1 "\n\t" \ + VROR_VI(REG_V5, sr, REG_V5) \ + "slli " CC_T0 ", " CC_B1 ", " #s "\n\t" \ + VROR_VI(REG_V9, sr, REG_V9) \ + "slli " CC_T1 ", " CC_B2 ", " #s "\n\t" \ + "slli " CC_T2 ", " CC_B3 ", " #s "\n\t" \ + "slli " CC_T3 ", " CC_B0 ", " #s "\n\t" \ + "srliw " CC_B1 ", " CC_B1 ", " #sr "\n\t" \ + "srliw " CC_B2 ", " CC_B2 ", " #sr "\n\t" \ + "srliw " CC_B3 ", " CC_B3 ", " #sr "\n\t" \ + "srliw " CC_B0 ", " CC_B0 ", " #sr "\n\t" \ + "or " CC_B1 ", " CC_B1 ", " CC_T0 "\n\t" \ + "or " CC_B2 ", " CC_B2 ", " CC_T1 "\n\t" \ + "or " CC_B3 ", " CC_B3 ", " CC_T2 "\n\t" \ + "or " CC_B0 ", " CC_B0 ", " CC_T3 "\n\t" + +#else + +#define PART_ROUND_ODD_ABD(s, sr) \ + "add " CC_A0 ", " CC_A0 ", " CC_B0 "\n\t" \ + VADD_VV(REG_V0, REG_V0, REG_V1) \ + "add " CC_A1 ", " CC_A1 ", " CC_B1 "\n\t" \ + VADD_VV(REG_V4, REG_V4, REG_V5) \ + "add " CC_A2 ", " CC_A2 ", " CC_B2 "\n\t" \ + VADD_VV(REG_V8, REG_V8, REG_V9) \ + "add " CC_A3 ", " CC_A3 ", " CC_B3 "\n\t" \ + VXOR_VV(REG_V3, REG_V3, REG_V0) \ + "xor " CC_D0 ", " CC_D0 ", " CC_A0 "\n\t" \ + VXOR_VV(REG_V7, REG_V7, REG_V4) \ + "xor " CC_D1 ", " CC_D1 ", " CC_A1 "\n\t" \ + VXOR_VV(REG_V11, REG_V11, REG_V8) \ + "xor " CC_D2 ", " CC_D2 ", " CC_A2 "\n\t" \ + VROR_VI(REG_V3, sr, REG_V3) \ + "xor " CC_D3 ", " CC_D3 ", " CC_A3 "\n\t" \ + VROR_VI(REG_V7, sr, REG_V7) \ + RORIW(REG_S6, REG_S6, sr) \ + VROR_VI(REG_V11, sr, REG_V11) \ + RORIW(REG_S7, REG_S7, sr) \ + RORIW(REG_S8, REG_S8, sr) \ + RORIW(REG_S9, REG_S9, sr) + +#define PART_ROUND_ODD_CDB(s, sr) \ + "add " CC_C0 ", " CC_C0 ", " CC_D0 "\n\t" \ + VADD_VV(REG_V2, REG_V2, REG_V3) \ + "add " CC_C1 ", " CC_C1 ", " CC_D1 "\n\t" \ + VADD_VV(REG_V6, REG_V6, REG_V7) \ + "add " CC_C2 ", " CC_C2 ", " CC_D2 "\n\t" \ + VADD_VV(REG_V10, REG_V10, REG_V11) \ + "add " CC_C3 ", " CC_C3 ", " CC_D3 "\n\t" \ + VXOR_VV(REG_V1, REG_V1, REG_V2) \ + "xor " CC_B0 ", " CC_B0 ", " CC_C0 "\n\t" \ + VXOR_VV(REG_V5, REG_V5, REG_V6) \ + "xor " CC_B1 ", " CC_B1 ", " CC_C1 "\n\t" \ + VXOR_VV(REG_V9, REG_V9, REG_V10) \ + "xor " CC_B2 ", " CC_B2 ", " CC_C2 "\n\t" \ + VROR_VI(REG_V1, sr, REG_V1) \ + "xor " CC_B3 ", " CC_B3 ", " CC_C3 "\n\t" \ + VROR_VI(REG_V5, sr, REG_V5) \ + RORIW(REG_T3, REG_T3, sr) \ + VROR_VI(REG_V9, sr, REG_V9) \ + RORIW(REG_T4, REG_T4, sr) \ + RORIW(REG_T5, REG_T5, sr) \ + RORIW(REG_T6, REG_T6, sr) + +#define PART_ROUND_EVEN_ABD(s, sr) \ + "add " CC_A0 ", " CC_A0 ", " CC_B1 "\n\t" \ + VADD_VV(REG_V0, REG_V0, REG_V1) \ + "add " CC_A1 ", " CC_A1 ", " CC_B2 "\n\t" \ + VADD_VV(REG_V4, REG_V4, REG_V5) \ + "add " CC_A2 ", " CC_A2 ", " CC_B3 "\n\t" \ + VADD_VV(REG_V8, REG_V8, REG_V9) \ + "add " CC_A3 ", " CC_A3 ", " CC_B0 "\n\t" \ + VXOR_VV(REG_V3, REG_V3, REG_V0) \ + "xor " CC_D3 ", " CC_D3 ", " CC_A0 "\n\t" \ + VXOR_VV(REG_V7, REG_V7, REG_V4) \ + "xor " CC_D0 ", " CC_D0 ", " CC_A1 "\n\t" \ + VXOR_VV(REG_V11, REG_V11, REG_V8) \ + "xor " CC_D1 ", " CC_D1 ", " CC_A2 "\n\t" \ + VROR_VI(REG_V3, sr, REG_V3) \ + "xor " CC_D2 ", " CC_D2 ", " CC_A3 "\n\t" \ + VROR_VI(REG_V7, sr, REG_V7) \ + RORIW(REG_S9, REG_S9, sr) \ + VROR_VI(REG_V11, sr, REG_V11) \ + RORIW(REG_S6, REG_S6, sr) \ + RORIW(REG_S7, REG_S7, sr) \ + RORIW(REG_S8, REG_S8, sr) + +#define PART_ROUND_EVEN_CDB(s, sr) \ + "add " CC_C2 ", " CC_C2 ", " CC_D3 "\n\t" \ + VADD_VV(REG_V2, REG_V2, REG_V3) \ + "add " CC_C3 ", " CC_C3 ", " CC_D0 "\n\t" \ + VADD_VV(REG_V6, REG_V6, REG_V7) \ + "add " CC_C0 ", " CC_C0 ", " CC_D1 "\n\t" \ + VADD_VV(REG_V10, REG_V10, REG_V11) \ + "add " CC_C1 ", " CC_C1 ", " CC_D2 "\n\t" \ + VXOR_VV(REG_V1, REG_V1, REG_V2) \ + "xor " CC_B1 ", " CC_B1 ", " CC_C2 "\n\t" \ + VXOR_VV(REG_V5, REG_V5, REG_V6) \ + "xor " CC_B2 ", " CC_B2 ", " CC_C3 "\n\t" \ + VXOR_VV(REG_V9, REG_V9, REG_V10) \ + "xor " CC_B3 ", " CC_B3 ", " CC_C0 "\n\t" \ + VROR_VI(REG_V1, sr, REG_V1) \ + "xor " CC_B0 ", " CC_B0 ", " CC_C1 "\n\t" \ + VROR_VI(REG_V5, sr, REG_V5) \ + "slli " CC_T0 ", " CC_B1 ", " #s "\n\t" \ + RORIW(REG_T4, REG_T4, sr) \ + VROR_VI(REG_V9, sr, REG_V9) \ + RORIW(REG_T5, REG_T5, sr) \ + RORIW(REG_T6, REG_T6, sr) \ + RORIW(REG_T3, REG_T3, sr) + +#endif + +#define QUARTER_ROUND_ODD_4() \ + /* a += b; d ^= a; d <<<= 16; */ \ + PART_ROUND_ODD_ABD(16, 16) \ + /* c += d; b ^= c; b <<<= 12; */ \ + PART_ROUND_ODD_CDB(12, 20) \ + /* a += b; d ^= a; d <<<= 8; */ \ + PART_ROUND_ODD_ABD( 8, 24) \ + /* c += d; b ^= c; b <<<= 7; */ \ + PART_ROUND_ODD_CDB( 7, 25) + +#define QUARTER_ROUND_EVEN_4() \ + /* a += b; d ^= a; d <<<= 16; */ \ + PART_ROUND_EVEN_ABD(16, 16) \ + /* c += d; b ^= c; b <<<= 12; */ \ + PART_ROUND_EVEN_CDB(12, 20) \ + /* a += b; d ^= a; d <<<= 8; */ \ + PART_ROUND_EVEN_ABD( 8, 24) \ + /* c += d; b ^= c; b <<<= 7; */ \ + PART_ROUND_EVEN_CDB( 7, 25) + +#define SHUFFLE_4(r, t, i) \ + VRGATHER_VV(t + 0, i, r + 0) \ + VRGATHER_VV(t + 1, i, r + 4) \ + VRGATHER_VV(t + 2, i, r + 8) \ + VMV_V_V(r + 0, t + 0) \ + VMV_V_V(r + 4, t + 1) \ + VMV_V_V(r + 8, t + 2) + +#define ODD_SHUFFLE_4() \ + /* a=0,1,2,3; b=4,5,6,7; c=8,9,10,11; d=12,13,14,15 \ + * => a=0,1,2,3; b=5,6,7,4; c=10,11,8,9; d=15,12,13,14 */ \ + SHUFFLE_4(REG_V3, REG_V20, REG_V25) \ + SHUFFLE_4(REG_V1, REG_V20, REG_V23) \ + SHUFFLE_4(REG_V2, REG_V20, REG_V24) + +#define EVEN_SHUFFLE_4() \ + /* a=0,1,2,3; b=5,6,7,4; c=10,11,8,9; d=15,12,13,14 \ + * => a=0,1,2,3; b=4,5,6,7; c=8,9,10,11; d=12,13,14,15 */ \ + SHUFFLE_4(REG_V3, REG_V20, REG_V23) \ + SHUFFLE_4(REG_V1, REG_V20, REG_V25) \ + SHUFFLE_4(REG_V2, REG_V20, REG_V24) + +/** + * Converts word into bytes with rotations having been done. + */ +static WC_INLINE int wc_chacha_encrypt_256(const word32* input, const byte* m, + byte* c) +{ + __asm__ __volatile__ ( + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + /* The layout of used vector registers is: + * v0-v3 - first block + * v4-v7 - second block + * v8-v11 - third block + * v12-v15 - message + * v16-v19 - input + * v20-v22 - temp + * v23-v25 - indeces for rotating words in vector + * + * v0 0 1 2 3 + * v1 4 5 6 7 + * v2 8 9 10 11 + * v3 12 13 14 15 + * load CHACHA state with indices placed as shown above + */ + + /* Load state to encrypt */ + "mv t2, %[input]\n\t" + VL4RE32_V(REG_V16, REG_T2) + VID_V(REG_V20) + VSLIDEDOWN_VI(REG_V23, REG_V20, 1) + VSLIDEUP_VI(REG_V23, REG_V20, 3) + VSLIDEDOWN_VI(REG_V24, REG_V20, 2) + VSLIDEUP_VI(REG_V24, REG_V20, 2) + VSLIDEDOWN_VI(REG_V25, REG_V20, 3) + VSLIDEUP_VI(REG_V25, REG_V20, 1) + /* Move state into regular registers */ + "ld a4, 0(%[input])\n\t" + "ld a6, 8(%[input])\n\t" + "ld t3, 16(%[input])\n\t" + "ld t5, 24(%[input])\n\t" + "ld s2, 32(%[input])\n\t" + "ld s4, 40(%[input])\n\t" + "ld s6, 48(%[input])\n\t" + "ld s8, 56(%[input])\n\t" + "srli a5, a4, 32\n\t" + "srli a7, a6, 32\n\t" + "srli t4, t3, 32\n\t" + "srli t6, t5, 32\n\t" + "srli s3, s2, 32\n\t" + "srli s5, s4, 32\n\t" + "srli s7, s6, 32\n\t" + "srli s9, s8, 32\n\t" + /* Move state into vector registers */ + VMVR_V(REG_V0, REG_V16, 4) + "addi t0, s6, 1\n\t" + VMVR_V(REG_V4, REG_V16, 4) + "addi t1, s6, 2\n\t" + VMVR_V(REG_V8, REG_V16, 4) + "addi s6, s6, 3\n\t" + /* Set counter word */ + VMV_S_X(REG_V7, REG_T0) + VMV_S_X(REG_V11, REG_T1) + /* Set number of odd+even rounds to perform */ + "li a3, 10\n\t" + "\n" + "L_chacha20_riscv_256_loop:\n\t" + /* Odd Round */ + QUARTER_ROUND_ODD_4() + ODD_SHUFFLE_4() + /* Even Round */ + QUARTER_ROUND_EVEN_4() + EVEN_SHUFFLE_4() + "addi a3, a3, -1\n\t" + "bnez a3, L_chacha20_riscv_256_loop\n\t" + /* Load message */ + "mv t2, %[m]\n\t" + VL4RE32_V(REG_V12, REG_T2) + "addi %[m], %[m], 64\n\t" + /* Add back state, XOR in message and store (load next block) */ + /* BLOCK 1 */ + VADD_VV(REG_V0, REG_V0, REG_V16) + VADD_VV(REG_V1, REG_V1, REG_V17) + VADD_VV(REG_V2, REG_V2, REG_V18) + VADD_VV(REG_V3, REG_V3, REG_V19) + VXOR_VV(REG_V0, REG_V0, REG_V12) + VXOR_VV(REG_V1, REG_V1, REG_V13) + VXOR_VV(REG_V2, REG_V2, REG_V14) + VXOR_VV(REG_V3, REG_V3, REG_V15) + "mv t2, %[m]\n\t" + VL4RE32_V(REG_V12, REG_T2) + "addi %[m], %[m], 64\n\t" + VMV_X_S(REG_T0, REG_V19) + "mv t2, %[c]\n\t" + VS4R_V(REG_V0, REG_T2) + "addi %[c], %[c], 64\n\t" + /* BLOCK 2 */ + "addi t0, t0, 1\n\t" + VMV_S_X(REG_V19, REG_T0) + VADD_VV(REG_V4, REG_V4, REG_V16) + VADD_VV(REG_V5, REG_V5, REG_V17) + VADD_VV(REG_V6, REG_V6, REG_V18) + VADD_VV(REG_V7, REG_V7, REG_V19) + VXOR_VV(REG_V4, REG_V4, REG_V12) + VXOR_VV(REG_V5, REG_V5, REG_V13) + VXOR_VV(REG_V6, REG_V6, REG_V14) + VXOR_VV(REG_V7, REG_V7, REG_V15) + "mv t2, %[m]\n\t" + VL4RE32_V(REG_V12, REG_T2) + "addi %[m], %[m], 64\n\t" + "mv t2, %[c]\n\t" + VS4R_V(REG_V4, REG_T2) + "addi %[c], %[c], 64\n\t" + /* BLOCK 3 */ + "addi t0, t0, 1\n\t" + VMV_S_X(REG_V19, REG_T0) + VADD_VV(REG_V8, REG_V8, REG_V16) + VADD_VV(REG_V9, REG_V9, REG_V17) + VADD_VV(REG_V10, REG_V10, REG_V18) + VADD_VV(REG_V11, REG_V11, REG_V19) + VXOR_VV(REG_V8, REG_V8, REG_V12) + VXOR_VV(REG_V9, REG_V9, REG_V13) + VXOR_VV(REG_V10, REG_V10, REG_V14) + VXOR_VV(REG_V11, REG_V11, REG_V15) + "mv t2, %[m]\n\t" + VL4RE32_V(REG_V12, REG_T2) + "mv t2, %[c]\n\t" + VS4R_V(REG_V8, REG_T2) + "addi %[c], %[c], 64\n\t" + /* BLOCK 4 */ + /* Move regular registers into vector registers for adding and xor */ + "addi t0, t0, 1\n\t" + VMV_S_X(REG_V0, REG_A4) + VMV_S_X(REG_V1, REG_T3) + VMV_S_X(REG_V2, REG_S2) + VMV_S_X(REG_V3, REG_S6) + VMV_S_X(REG_V4, REG_A5) + VMV_S_X(REG_V5, REG_T4) + VMV_S_X(REG_V6, REG_S3) + VMV_S_X(REG_V7, REG_S7) + VSLIDEUP_VI(REG_V0, REG_V4, 1) + VSLIDEUP_VI(REG_V1, REG_V5, 1) + VSLIDEUP_VI(REG_V2, REG_V6, 1) + VSLIDEUP_VI(REG_V3, REG_V7, 1) + VMV_S_X(REG_V4, REG_A6) + VMV_S_X(REG_V5, REG_T5) + VMV_S_X(REG_V6, REG_S4) + VMV_S_X(REG_V7, REG_S8) + VSLIDEUP_VI(REG_V0, REG_V4, 2) + VSLIDEUP_VI(REG_V1, REG_V5, 2) + VSLIDEUP_VI(REG_V2, REG_V6, 2) + VSLIDEUP_VI(REG_V3, REG_V7, 2) + VMV_S_X(REG_V4, REG_A7) + VMV_S_X(REG_V5, REG_T6) + VMV_S_X(REG_V6, REG_S5) + VMV_S_X(REG_V7, REG_S9) + VSLIDEUP_VI(REG_V0, REG_V4, 3) + VSLIDEUP_VI(REG_V1, REG_V5, 3) + VSLIDEUP_VI(REG_V2, REG_V6, 3) + VSLIDEUP_VI(REG_V3, REG_V7, 3) + VMV_S_X(REG_V19, REG_T0) + /* Add back state, XOR in message and store */ + VADD_VV(REG_V0, REG_V0, REG_V16) + VADD_VV(REG_V1, REG_V1, REG_V17) + VADD_VV(REG_V2, REG_V2, REG_V18) + VADD_VV(REG_V3, REG_V3, REG_V19) + VXOR_VV(REG_V0, REG_V0, REG_V12) + VXOR_VV(REG_V1, REG_V1, REG_V13) + VXOR_VV(REG_V2, REG_V2, REG_V14) + VXOR_VV(REG_V3, REG_V3, REG_V15) + "mv t2, %[c]\n\t" + VS4R_V(REG_V0, REG_T2) + : [m] "+r" (m), [c] "+r" (c) + : [input] "r" (input) + : "memory", "t0", "t1", "t2", "s1", "a3", + "t3", "t4", "t5", "t6", + "a4", "a5", "a6", "a7", + "s2", "s3", "s4", "s5", + "s6", "s7", "s8", "s9" + ); + return CHACHA_CHUNK_BYTES * 4; +} + +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + +#define PART_ROUND_2(a, b, d, t, a2, b2, d2, t2, sl, sr) \ + VADD_VV(a, a, b) \ + VADD_VV(a2, a2, b2) \ + VXOR_VV(d, d, a) \ + VXOR_VV(d2, d2, a2) \ + VSLL_VI(t, d, sl) \ + VSLL_VI(t2, d2, sl) \ + VSRL_VI(d, d, sr) \ + VSRL_VI(d2, d2, sr) \ + VOR_VV(d, d, t) \ + VOR_VV(d2, d2, t2) + +#else + +#define PART_ROUND_2(a, b, d, t, a2, b2, d2, t2, sl, sr) \ + VADD_VV(a, a, b) \ + VADD_VV(a2, a2, b2) \ + VXOR_VV(d, d, a) \ + VXOR_VV(d2, d2, a2) \ + VROR_VI(d, sr, d) \ + VROR_VI(d2, sr, d2) + +#endif + +#define QUARTER_ROUND_2(a, b, c, d, t, a2, b2, c2, d2, t2) \ + /* a += b; d ^= a; d <<<= 16; */ \ + PART_ROUND_2(a, b, d, t, a2, b2, d2, t2, 16, 16) \ + /* c += d; b ^= c; b <<<= 12; */ \ + PART_ROUND_2(c, d, b, t, c2, d2, b2, t2, 12, 20) \ + /* a += b; d ^= a; d <<<= 8; */ \ + PART_ROUND_2(a, b, d, t, a2, b2, d2, t2, 8, 24) \ + /* c += d; b ^= c; b <<<= 7; */ \ + PART_ROUND_2(c, d, b, t, c2, d2, b2, t2, 7, 25) + +#define ODD_SHUFFLE_2(b, c, d, t, b2, c2, d2, t2) \ + /* a=0,1,2,3; b=4,5,6,7; c=8,9,10,11; d=12,13,14,15 \ + * => a=0,1,2,3; b=5,6,7,4; c=10,11,8,9; d=15,12,13,14 */ \ + VRGATHER_VV(t, REG_V25, d) \ + VRGATHER_VV(t2, REG_V25, d2) \ + VMV_V_V(d, t) \ + VMV_V_V(d2, t2) \ + VRGATHER_VV(t, REG_V23, b) \ + VRGATHER_VV(t2, REG_V23, b2) \ + VMV_V_V(b, t) \ + VMV_V_V(b2, t2) \ + VRGATHER_VV(t, REG_V24, c) \ + VRGATHER_VV(t2, REG_V24, c2) \ + VMV_V_V(c, t) \ + VMV_V_V(c2, t2) + +#define EVEN_SHUFFLE_2(b, c, d, t, b2, c2, d2, t2) \ + /* a=0,1,2,3; b=5,6,7,4; c=10,11,8,9; d=15,12,13,14 \ + * => a=0,1,2,3; b=4,5,6,7; c=8,9,10,11; d=12,13,14,15 */ \ + VRGATHER_VV(t, REG_V23, d) \ + VRGATHER_VV(t2, REG_V23, d2) \ + VMV_V_V(d, t) \ + VMV_V_V(d2, t2) \ + VRGATHER_VV(t, REG_V25, b) \ + VRGATHER_VV(t2, REG_V25, b2) \ + VMV_V_V(b, t) \ + VMV_V_V(b2, t2) \ + VRGATHER_VV(t, REG_V24, c) \ + VRGATHER_VV(t2, REG_V24, c2) \ + VMV_V_V(c, t) \ + VMV_V_V(c2, t2) + + +static WC_INLINE int wc_chacha_encrypt_128(const word32* input, const byte* m, + byte* c) +{ + __asm__ __volatile__ ( + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + /* The layout of used vector registers is: + * v0-v3 - first block + * v4-v7 - second block + * v12-v15 - message + * v16-v19 - input + * v20-v22 - temp + * v23-v25 - indeces for rotating words in vector + * + * v0 0 1 2 3 + * v1 4 5 6 7 + * v2 8 9 10 11 + * v3 12 13 14 15 + * load CHACHA state with indices placed as shown above + */ + + /* Load incrementer register to modify counter */ + "mv t2, %[L_chacha20_vec_inc_first_word]\n\t" + VL1RE32_V(REG_V22, REG_T2) + VID_V(REG_V20) + VSLIDEDOWN_VI(REG_V23, REG_V20, 1) + VSLIDEUP_VI(REG_V23, REG_V20, 3) + VSLIDEDOWN_VI(REG_V24, REG_V20, 2) + VSLIDEUP_VI(REG_V24, REG_V20, 2) + VSLIDEDOWN_VI(REG_V25, REG_V20, 3) + VSLIDEUP_VI(REG_V25, REG_V20, 1) + /* Load state to encrypt */ + "mv t2, %[input]\n\t" + VL4RE32_V(REG_V16, REG_T2) + /* Load message */ + "mv t2, %[m]\n\t" + VL4RE32_V(REG_V12, REG_T2) + "addi %[m], %[m], 64\n\t" + /* Move state into vector registers */ + VMVR_V(REG_V0, REG_V16, 4) + VMVR_V(REG_V4, REG_V16, 4) + /* Add counter word */ + VADD_VV(REG_V7, REG_V7, REG_V22) + /* Set number of odd+even rounds to perform */ + "li t0, 10\n\t" + "\n" + "L_chacha20_riscv_128_loop:\n\t" + QUARTER_ROUND_2(REG_V0, REG_V1, REG_V2, REG_V3, REG_V20, + REG_V4, REG_V5, REG_V6, REG_V7, REG_V21) + ODD_SHUFFLE_2(REG_V1, REG_V2, REG_V3, REG_V20, + REG_V5, REG_V6, REG_V7, REG_V21) + QUARTER_ROUND_2(REG_V0, REG_V1, REG_V2, REG_V3, REG_V20, + REG_V4, REG_V5, REG_V6, REG_V7, REG_V21) + EVEN_SHUFFLE_2(REG_V1, REG_V2, REG_V3, REG_V20, + REG_V5, REG_V6, REG_V7, REG_V21) + "addi t0, t0, -1\n\t" + "bnez t0, L_chacha20_riscv_128_loop\n\t" + /* Add back state, XOR in message and store (load next block) */ + VADD_VV(REG_V0, REG_V0, REG_V16) + VADD_VV(REG_V1, REG_V1, REG_V17) + VADD_VV(REG_V2, REG_V2, REG_V18) + VADD_VV(REG_V3, REG_V3, REG_V19) + VXOR_VV(REG_V0, REG_V0, REG_V12) + VXOR_VV(REG_V1, REG_V1, REG_V13) + VXOR_VV(REG_V2, REG_V2, REG_V14) + VXOR_VV(REG_V3, REG_V3, REG_V15) + "mv t2, %[m]\n\t" + VL4RE32_V(REG_V12, REG_T2) + "mv t2, %[c]\n\t" + VS4R_V(REG_V0, REG_T2) + "addi %[c], %[c], 64\n\t" + VADD_VV(REG_V19, REG_V19, REG_V22) + VADD_VV(REG_V4, REG_V4, REG_V16) + VADD_VV(REG_V5, REG_V5, REG_V17) + VADD_VV(REG_V6, REG_V6, REG_V18) + VADD_VV(REG_V7, REG_V7, REG_V19) + VXOR_VV(REG_V4, REG_V4, REG_V12) + VXOR_VV(REG_V5, REG_V5, REG_V13) + VXOR_VV(REG_V6, REG_V6, REG_V14) + VXOR_VV(REG_V7, REG_V7, REG_V15) + "mv t2, %[c]\n\t" + VS4R_V(REG_V4, REG_T2) + : [m] "+r" (m), [c] "+r" (c) + : [input] "r" (input), + [L_chacha20_vec_inc_first_word] "r" (L_chacha20_vec_inc_first_word) + : "memory", "t0", "t1", "t2" + ); + return CHACHA_CHUNK_BYTES * 2; +} + +#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION + +#define PART_ROUND(a, b, d, t, sl, sr) \ + VADD_VV(a, a, b) \ + VXOR_VV(d, d, a) \ + VSLL_VI(t, d, sl) \ + VSRL_VI(d, d, sr) \ + VOR_VV(d, d, t) + +#else + +#define PART_ROUND(a, b, d, t, sl, sr) \ + VADD_VV(a, a, b) \ + VXOR_VV(d, d, a) \ + VROR_VI(d, sr, d) + +#endif + +#define QUARTER_ROUND(a, b, c, d, t) \ + /* a += b; d ^= a; d <<<= 16; */ \ + PART_ROUND(a, b, d, t, 16, 16) \ + /* c += d; b ^= c; b <<<= 12; */ \ + PART_ROUND(c, d, b, t, 12, 20) \ + /* a += b; d ^= a; d <<<= 8; */ \ + PART_ROUND(a, b, d, t, 8, 24) \ + /* c += d; b ^= c; b <<<= 7; */ \ + PART_ROUND(c, d, b, t, 7, 25) + +#define ODD_SHUFFLE(b, c, d, t) \ + /* a=0,1,2,3; b=4,5,6,7; c=8,9,10,11; d=12,13,14,15 \ + * => a=0,1,2,3; b=5,6,7,4; c=10,11,8,9; d=15,12,13,14 */ \ + VSLIDEDOWN_VI(t, d, 3) \ + VSLIDEUP_VI(t, d, 1) \ + VMV_V_V(d, t) \ + VSLIDEDOWN_VI(t, b, 1) \ + VSLIDEUP_VI(t, b, 3) \ + VMV_V_V(b, t) \ + VSLIDEDOWN_VI(t, c, 2) \ + VSLIDEUP_VI(t, c, 2) \ + VMV_V_V(c, t) + +#define EVEN_SHUFFLE(b, c, d, t) \ + /* a=0,1,2,3; b=5,6,7,4; c=10,11,8,9; d=15,12,13,14 \ + * => a=0,1,2,3; b=4,5,6,7; c=8,9,10,11; d=12,13,14,15 */ \ + VSLIDEDOWN_VI(t, d, 1) \ + VSLIDEUP_VI(t, d, 3) \ + VMV_V_V(d, t) \ + VSLIDEDOWN_VI(t, b, 3) \ + VSLIDEUP_VI(t, b, 1) \ + VMV_V_V(b, t) \ + VSLIDEDOWN_VI(t, c, 2) \ + VSLIDEUP_VI(t, c, 2) \ + VMV_V_V(c, t) + +#define EIGHT_QUARTER_ROUNDS(a, b, c, d, t) \ + /* Odd Round */ \ + QUARTER_ROUND(a, b, c, d, t) \ + ODD_SHUFFLE(b, c, d, t) \ + /* Even Round */ \ + QUARTER_ROUND(a, b, c, d, t) \ + EVEN_SHUFFLE(b, c, d, t) + +static WC_INLINE void wc_chacha_encrypt_64(const word32* input, const byte* m, + byte* c, word32 bytes, byte* over) +{ + word64 bytes64 = (word64)bytes; + + __asm__ __volatile__ ( + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + /* The layout of used vector registers is: + * v0-v3 - block + * v4-v7 - message + * v8-v11 - input + * v12 - temp + * + * v0 0 1 2 3 + * v1 4 5 6 7 + * v2 8 9 10 11 + * v3 12 13 14 15 + * load CHACHA state with indices placed as shown above + */ + + /* Load incrementer register to modify counter */ + "mv t2, %[L_chacha20_vec_inc_first_word]\n\t" + VL1RE32_V(REG_V13, REG_T2) + /* Load state to encrypt */ + "mv t2, %[input]\n\t" + VL4RE32_V(REG_V8, REG_T2) + "\n" + "L_chacha20_riscv_64_loop:\n\t" + /* Move state into vector registers */ + VMVR_V(REG_V0, REG_V8, 4) + /* Add counter word */ + /* Odd Round */ + EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12) + EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12) + EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12) + EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12) + EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12) + EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12) + EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12) + EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12) + EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12) + EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12) + /* Add back state */ + VADD_VV(REG_V0, REG_V0, REG_V8) + VADD_VV(REG_V1, REG_V1, REG_V9) + VADD_VV(REG_V2, REG_V2, REG_V10) + VADD_VV(REG_V3, REG_V3, REG_V11) + "addi t2, %[bytes], -64\n\t" + "bltz t2, L_chacha20_riscv_64_lt_64\n\t" + "mv t2, %[m]\n\t" + VL4RE32_V(REG_V4, REG_T2) + VXOR_VV(REG_V4, REG_V4, REG_V0) + VXOR_VV(REG_V5, REG_V5, REG_V1) + VXOR_VV(REG_V6, REG_V6, REG_V2) + VXOR_VV(REG_V7, REG_V7, REG_V3) + "mv t2, %[c]\n\t" + VS4R_V(REG_V4, REG_T2) + "addi %[c], %[c], 64\n\t" + "addi %[m], %[m], 64\n\t" + "addi %[bytes], %[bytes], -64\n\t" + VADD_VV(REG_V11, REG_V11, REG_V13) + "bnez %[bytes], L_chacha20_riscv_64_loop\n\t" + "beqz %[bytes], L_chacha20_riscv_64_done\n\t" + "\n" + "L_chacha20_riscv_64_lt_64:\n\t" + "mv t2, %[over]\n\t" + VS4R_V(REG_V0, REG_T2) + + "addi t2, %[bytes], -32\n\t" + "bltz t2, L_chacha20_riscv_64_lt_32\n\t" + "mv t2, %[m]\n\t" + VL2RE32_V(REG_V4, REG_T2) + VXOR_VV(REG_V4, REG_V4, REG_V0) + VXOR_VV(REG_V5, REG_V5, REG_V1) + "mv t2, %[c]\n\t" + VS2R_V(REG_V4, REG_T2) + "addi %[c], %[c], 32\n\t" + "addi %[m], %[m], 32\n\t" + "addi %[bytes], %[bytes], -32\n\t" + "beqz %[bytes], L_chacha20_riscv_64_done\n\t" + VMVR_V(REG_V0, REG_V2, 2) + "\n" + "L_chacha20_riscv_64_lt_32:\n\t" + "addi t2, %[bytes], -16\n\t" + "bltz t2, L_chacha20_riscv_64_lt_16\n\t" + "mv t2, %[m]\n\t" + VL1RE32_V(REG_V4, REG_T2) + VXOR_VV(REG_V4, REG_V4, REG_V0) + "mv t2, %[c]\n\t" + VS1R_V(REG_V4, REG_T2) + "addi %[c], %[c], 16\n\t" + "addi %[m], %[m], 16\n\t" + "addi %[bytes], %[bytes], -16\n\t" + "beqz %[bytes], L_chacha20_riscv_64_done\n\t" + VMV_V_V(REG_V0, REG_V1) + "\n" + "L_chacha20_riscv_64_lt_16:\n\t" + "addi t2, %[bytes], -8\n\t" + "bltz t2, L_chacha20_riscv_64_lt_8\n\t" + VSETIVLI(REG_X0, 2, 1, 1, 0b011, 0b000) + VMV_X_S(REG_T0, REG_V0) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + "ld t1, (%[m])\n\t" + "xor t1, t1, t0\n\t" + "sd t1, (%[c])\n\t" + "addi %[c], %[c], 8\n\t" + "addi %[m], %[m], 8\n\t" + "addi %[bytes], %[bytes], -8\n\t" + "beqz %[bytes], L_chacha20_riscv_64_done\n\t" + VSLIDEDOWN_VI(REG_V0, REG_V0, 2) + "\n" + "L_chacha20_riscv_64_lt_8:\n\t" + VSETIVLI(REG_X0, 2, 1, 1, 0b011, 0b000) + VMV_X_S(REG_T0, REG_V0) + VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) + "addi %[bytes], %[bytes], -1\n\t" + "\n" + "L_chacha20_riscv_64_loop_lt_8:\n\t" + "lb t1, (%[m])\n\t" + "addi %[m], %[m], 1\n\t" + "xor t1, t1, t0\n\t" + "sb t1, (%[c])\n\t" + "addi %[c], %[c], 1\n\t" + "addi %[bytes], %[bytes], -1\n\t" + "srli t0, t0, 8\n\t" + "bgez %[bytes], L_chacha20_riscv_64_loop_lt_8\n\t" + "\n" + "L_chacha20_riscv_64_done:\n\t" + : [m] "+r" (m), [c] "+r" (c), [bytes] "+r" (bytes64) + : [input] "r" (input), [over] "r" (over), + [L_chacha20_vec_inc_first_word] "r" (L_chacha20_vec_inc_first_word) + : "memory", "t0", "t1", "t2" + ); +} + +/** + * Encrypt a stream of bytes + */ +static void wc_chacha_encrypt_bytes(ChaCha* ctx, const byte* m, byte* c, + word32 bytes) +{ + int processed; + + if (bytes >= CHACHA_CHUNK_BYTES * 6) { + processed = (bytes / (CHACHA_CHUNK_BYTES * 6)) * CHACHA_CHUNK_BYTES * 6; + wc_chacha_encrypt_384(ctx->X, m, c, processed); + + bytes -= processed; + c += processed; + m += processed; + ctx->X[CHACHA_IV_BYTES] = PLUS(ctx->X[CHACHA_IV_BYTES], + processed / CHACHA_CHUNK_BYTES); + } + if (bytes >= CHACHA_CHUNK_BYTES * 4) { + processed = wc_chacha_encrypt_256(ctx->X, m, c); + + bytes -= processed; + c += processed; + m += processed; + ctx->X[CHACHA_IV_BYTES] = PLUS(ctx->X[CHACHA_IV_BYTES], + processed / CHACHA_CHUNK_BYTES); + } + if (bytes >= CHACHA_CHUNK_BYTES * 2) { + processed = wc_chacha_encrypt_128(ctx->X, m, c); + + bytes -= processed; + c += processed; + m += processed; + ctx->X[CHACHA_IV_BYTES] = PLUS(ctx->X[CHACHA_IV_BYTES], + processed / CHACHA_CHUNK_BYTES); + } + if (bytes > 0) { + wc_chacha_encrypt_64(ctx->X, m, c, bytes, (byte*)ctx->over); + if (bytes > CHACHA_CHUNK_BYTES) + ctx->X[CHACHA_IV_BYTES] = PLUSONE(ctx->X[CHACHA_IV_BYTES]); + ctx->left = CHACHA_CHUNK_BYTES - (bytes & (CHACHA_CHUNK_BYTES - 1)); + ctx->left &= CHACHA_CHUNK_BYTES - 1; + ctx->X[CHACHA_IV_BYTES] = PLUSONE(ctx->X[CHACHA_IV_BYTES]); + } +} + +#else + +#if !defined(WOLFSSL_RISCV_BIT_MANIPULATION) + +#define PART_ROUND_ODD_ABD(sl, sr) \ + "add " CC_A0 ", " CC_A0 ", " CC_B0 "\n\t" \ + "add " CC_A1 ", " CC_A1 ", " CC_B1 "\n\t" \ + "add " CC_A2 ", " CC_A2 ", " CC_B2 "\n\t" \ + "add " CC_A3 ", " CC_A3 ", " CC_B3 "\n\t" \ + "xor " CC_D0 ", " CC_D0 ", " CC_A0 "\n\t" \ + "xor " CC_D1 ", " CC_D1 ", " CC_A1 "\n\t" \ + "xor " CC_D2 ", " CC_D2 ", " CC_A2 "\n\t" \ + "xor " CC_D3 ", " CC_D3 ", " CC_A3 "\n\t" \ + "slli " CC_T0 ", " CC_D0 ", " #sl "\n\t" \ + "slli " CC_T1 ", " CC_D1 ", " #sl "\n\t" \ + "slli " CC_T2 ", " CC_D2 ", " #sl "\n\t" \ + "slli " CC_T3 ", " CC_D3 ", " #sl "\n\t" \ + "srliw " CC_D0 ", " CC_D0 ", " #sr "\n\t" \ + "srliw " CC_D1 ", " CC_D1 ", " #sr "\n\t" \ + "srliw " CC_D2 ", " CC_D2 ", " #sr "\n\t" \ + "srliw " CC_D3 ", " CC_D3 ", " #sr "\n\t" \ + "or " CC_D0 ", " CC_D0 ", " CC_T0 "\n\t" \ + "or " CC_D1 ", " CC_D1 ", " CC_T1 "\n\t" \ + "or " CC_D2 ", " CC_D2 ", " CC_T2 "\n\t" \ + "or " CC_D3 ", " CC_D3 ", " CC_T3 "\n\t" + +#define PART_ROUND_ODD_CDB(sl, sr) \ + "add " CC_C0 ", " CC_C0 ", " CC_D0 "\n\t" \ + "add " CC_C1 ", " CC_C1 ", " CC_D1 "\n\t" \ + "add " CC_C2 ", " CC_C2 ", " CC_D2 "\n\t" \ + "add " CC_C3 ", " CC_C3 ", " CC_D3 "\n\t" \ + "xor " CC_B0 ", " CC_B0 ", " CC_C0 "\n\t" \ + "xor " CC_B1 ", " CC_B1 ", " CC_C1 "\n\t" \ + "xor " CC_B2 ", " CC_B2 ", " CC_C2 "\n\t" \ + "xor " CC_B3 ", " CC_B3 ", " CC_C3 "\n\t" \ + "slli " CC_T0 ", " CC_B0 ", " #sl "\n\t" \ + "slli " CC_T1 ", " CC_B1 ", " #sl "\n\t" \ + "slli " CC_T2 ", " CC_B2 ", " #sl "\n\t" \ + "slli " CC_T3 ", " CC_B3 ", " #sl "\n\t" \ + "srliw " CC_B0 ", " CC_B0 ", " #sr "\n\t" \ + "srliw " CC_B1 ", " CC_B1 ", " #sr "\n\t" \ + "srliw " CC_B2 ", " CC_B2 ", " #sr "\n\t" \ + "srliw " CC_B3 ", " CC_B3 ", " #sr "\n\t" \ + "or " CC_B0 ", " CC_B0 ", " CC_T0 "\n\t" \ + "or " CC_B1 ", " CC_B1 ", " CC_T1 "\n\t" \ + "or " CC_B2 ", " CC_B2 ", " CC_T2 "\n\t" \ + "or " CC_B3 ", " CC_B3 ", " CC_T3 "\n\t" + +#define PART_ROUND_EVEN_ABD(sl, sr) \ + "add " CC_A0 ", " CC_A0 ", " CC_B1 "\n\t" \ + "add " CC_A1 ", " CC_A1 ", " CC_B2 "\n\t" \ + "add " CC_A2 ", " CC_A2 ", " CC_B3 "\n\t" \ + "add " CC_A3 ", " CC_A3 ", " CC_B0 "\n\t" \ + "xor " CC_D3 ", " CC_D3 ", " CC_A0 "\n\t" \ + "xor " CC_D0 ", " CC_D0 ", " CC_A1 "\n\t" \ + "xor " CC_D1 ", " CC_D1 ", " CC_A2 "\n\t" \ + "xor " CC_D2 ", " CC_D2 ", " CC_A3 "\n\t" \ + "slli " CC_T0 ", " CC_D3 ", " #sl "\n\t" \ + "slli " CC_T1 ", " CC_D0 ", " #sl "\n\t" \ + "slli " CC_T2 ", " CC_D1 ", " #sl "\n\t" \ + "slli " CC_T3 ", " CC_D2 ", " #sl "\n\t" \ + "srliw " CC_D3 ", " CC_D3 ", " #sr "\n\t" \ + "srliw " CC_D0 ", " CC_D0 ", " #sr "\n\t" \ + "srliw " CC_D1 ", " CC_D1 ", " #sr "\n\t" \ + "srliw " CC_D2 ", " CC_D2 ", " #sr "\n\t" \ + "or " CC_D3 ", " CC_D3 ", " CC_T0 "\n\t" \ + "or " CC_D0 ", " CC_D0 ", " CC_T1 "\n\t" \ + "or " CC_D1 ", " CC_D1 ", " CC_T2 "\n\t" \ + "or " CC_D2 ", " CC_D2 ", " CC_T3 "\n\t" + +#define PART_ROUND_EVEN_CDB(sl, sr) \ + "add " CC_C2 ", " CC_C2 ", " CC_D3 "\n\t" \ + "add " CC_C3 ", " CC_C3 ", " CC_D0 "\n\t" \ + "add " CC_C0 ", " CC_C0 ", " CC_D1 "\n\t" \ + "add " CC_C1 ", " CC_C1 ", " CC_D2 "\n\t" \ + "xor " CC_B1 ", " CC_B1 ", " CC_C2 "\n\t" \ + "xor " CC_B2 ", " CC_B2 ", " CC_C3 "\n\t" \ + "xor " CC_B3 ", " CC_B3 ", " CC_C0 "\n\t" \ + "xor " CC_B0 ", " CC_B0 ", " CC_C1 "\n\t" \ + "slli " CC_T0 ", " CC_B1 ", " #sl "\n\t" \ + "slli " CC_T1 ", " CC_B2 ", " #sl "\n\t" \ + "slli " CC_T2 ", " CC_B3 ", " #sl "\n\t" \ + "slli " CC_T3 ", " CC_B0 ", " #sl "\n\t" \ + "srliw " CC_B1 ", " CC_B1 ", " #sr "\n\t" \ + "srliw " CC_B2 ", " CC_B2 ", " #sr "\n\t" \ + "srliw " CC_B3 ", " CC_B3 ", " #sr "\n\t" \ + "srliw " CC_B0 ", " CC_B0 ", " #sr "\n\t" \ + "or " CC_B1 ", " CC_B1 ", " CC_T0 "\n\t" \ + "or " CC_B2 ", " CC_B2 ", " CC_T1 "\n\t" \ + "or " CC_B3 ", " CC_B3 ", " CC_T2 "\n\t" \ + "or " CC_B0 ", " CC_B0 ", " CC_T3 "\n\t" + +#else + +#define PART_ROUND_ODD_ABD(sl, sr) \ + "add " CC_A0 ", " CC_A0 ", " CC_B0 "\n\t" \ + "add " CC_A1 ", " CC_A1 ", " CC_B1 "\n\t" \ + "add " CC_A2 ", " CC_A2 ", " CC_B2 "\n\t" \ + "add " CC_A3 ", " CC_A3 ", " CC_B3 "\n\t" \ + "xor " CC_D0 ", " CC_D0 ", " CC_A0 "\n\t" \ + "xor " CC_D1 ", " CC_D1 ", " CC_A1 "\n\t" \ + "xor " CC_D2 ", " CC_D2 ", " CC_A2 "\n\t" \ + "xor " CC_D3 ", " CC_D3 ", " CC_A3 "\n\t" \ + RORIW(REG_S6, REG_S6, sr) \ + RORIW(REG_S7, REG_S7, sr) \ + RORIW(REG_S8, REG_S8, sr) \ + RORIW(REG_S9, REG_S9, sr) + +#define PART_ROUND_ODD_CDB(sl, sr) \ + "add " CC_C0 ", " CC_C0 ", " CC_D0 "\n\t" \ + "add " CC_C1 ", " CC_C1 ", " CC_D1 "\n\t" \ + "add " CC_C2 ", " CC_C2 ", " CC_D2 "\n\t" \ + "add " CC_C3 ", " CC_C3 ", " CC_D3 "\n\t" \ + "xor " CC_B0 ", " CC_B0 ", " CC_C0 "\n\t" \ + "xor " CC_B1 ", " CC_B1 ", " CC_C1 "\n\t" \ + "xor " CC_B2 ", " CC_B2 ", " CC_C2 "\n\t" \ + "xor " CC_B3 ", " CC_B3 ", " CC_C3 "\n\t" \ + RORIW(REG_T3, REG_T3, sr) \ + RORIW(REG_T4, REG_T4, sr) \ + RORIW(REG_T5, REG_T5, sr) \ + RORIW(REG_T6, REG_T6, sr) + +#define PART_ROUND_EVEN_ABD(sl, sr) \ + "add " CC_A0 ", " CC_A0 ", " CC_B1 "\n\t" \ + "add " CC_A1 ", " CC_A1 ", " CC_B2 "\n\t" \ + "add " CC_A2 ", " CC_A2 ", " CC_B3 "\n\t" \ + "add " CC_A3 ", " CC_A3 ", " CC_B0 "\n\t" \ + "xor " CC_D3 ", " CC_D3 ", " CC_A0 "\n\t" \ + "xor " CC_D0 ", " CC_D0 ", " CC_A1 "\n\t" \ + "xor " CC_D1 ", " CC_D1 ", " CC_A2 "\n\t" \ + "xor " CC_D2 ", " CC_D2 ", " CC_A3 "\n\t" \ + RORIW(REG_S9, REG_S9, sr) \ + RORIW(REG_S6, REG_S6, sr) \ + RORIW(REG_S7, REG_S7, sr) \ + RORIW(REG_S8, REG_S8, sr) + +#define PART_ROUND_EVEN_CDB(sl, sr) \ + "add " CC_C2 ", " CC_C2 ", " CC_D3 "\n\t" \ + "add " CC_C3 ", " CC_C3 ", " CC_D0 "\n\t" \ + "add " CC_C0 ", " CC_C0 ", " CC_D1 "\n\t" \ + "add " CC_C1 ", " CC_C1 ", " CC_D2 "\n\t" \ + "xor " CC_B1 ", " CC_B1 ", " CC_C2 "\n\t" \ + "xor " CC_B2 ", " CC_B2 ", " CC_C3 "\n\t" \ + "xor " CC_B3 ", " CC_B3 ", " CC_C0 "\n\t" \ + "xor " CC_B0 ", " CC_B0 ", " CC_C1 "\n\t" \ + RORIW(REG_T4, REG_T4, sr) \ + RORIW(REG_T5, REG_T5, sr) \ + RORIW(REG_T6, REG_T6, sr) \ + RORIW(REG_T3, REG_T3, sr) + +#endif + +#define QUARTER_ROUND_ODD() \ + /* a += b; d ^= a; d <<<= 16; */ \ + PART_ROUND_ODD_ABD(16, 16) \ + /* c += d; b ^= c; b <<<= 12; */ \ + PART_ROUND_ODD_CDB(12, 20) \ + /* a += b; d ^= a; d <<<= 8; */ \ + PART_ROUND_ODD_ABD( 8, 24) \ + /* c += d; b ^= c; b <<<= 7; */ \ + PART_ROUND_ODD_CDB( 7, 25) + +#define QUARTER_ROUND_EVEN() \ + /* a += b; d ^= a; d <<<= 16; */ \ + PART_ROUND_EVEN_ABD(16, 16) \ + /* c += d; b ^= c; b <<<= 12; */ \ + PART_ROUND_EVEN_CDB(12, 20) \ + /* a += b; d ^= a; d <<<= 8; */ \ + PART_ROUND_EVEN_ABD( 8, 24) \ + /* c += d; b ^= c; b <<<= 7; */ \ + PART_ROUND_EVEN_CDB( 7, 25) + + +static WC_INLINE void wc_chacha_encrypt(const word32* input, const byte* m, + byte* c, word32 bytes, word32* over) +{ + word64 bytes64 = (word64)bytes; + + __asm__ __volatile__ ( + "L_chacha20_riscv_outer:\n\t" + /* Move state into regular registers */ + "ld a4, 0(%[input])\n\t" + "ld a6, 8(%[input])\n\t" + "ld t3, 16(%[input])\n\t" + "ld t5, 24(%[input])\n\t" + "ld s2, 32(%[input])\n\t" + "ld s4, 40(%[input])\n\t" + "ld s6, 48(%[input])\n\t" + "ld s8, 56(%[input])\n\t" + "srli a5, a4, 32\n\t" + "srli a7, a6, 32\n\t" + "srli t4, t3, 32\n\t" + "srli t6, t5, 32\n\t" + "srli s3, s2, 32\n\t" + "srli s5, s4, 32\n\t" + "srli s7, s6, 32\n\t" + "srli s9, s8, 32\n\t" + + /* Set number of odd+even rounds to perform */ + "li a3, 10\n\t" + "\n" + "L_chacha20_riscv_loop:\n\t" + /* Odd Round */ + QUARTER_ROUND_ODD() + /* Even Round */ + QUARTER_ROUND_EVEN() + "addi a3, a3, -1\n\t" + "bnez a3, L_chacha20_riscv_loop\n\t" + + "ld t0, 0(%[input])\n\t" + "ld t1, 8(%[input])\n\t" + "ld t2, 16(%[input])\n\t" + "ld s1, 24(%[input])\n\t" + "add a4, a4, t0\n\t" + "add a6, a6, t1\n\t" + "add t3, t3, t2\n\t" + "add t5, t5, s1\n\t" + "srli t0, t0, 32\n\t" + "srli t1, t1, 32\n\t" + "srli t2, t2, 32\n\t" + "srli s1, s1, 32\n\t" + "add a5, a5, t0\n\t" + "add a7, a7, t1\n\t" + "add t4, t4, t2\n\t" + "add t6, t6, s1\n\t" + "ld t0, 32(%[input])\n\t" + "ld t1, 40(%[input])\n\t" + "ld t2, 48(%[input])\n\t" + "ld s1, 56(%[input])\n\t" + "add s2, s2, t0\n\t" + "add s4, s4, t1\n\t" + "add s6, s6, t2\n\t" + "add s8, s8, s1\n\t" + "srli t0, t0, 32\n\t" + "srli t1, t1, 32\n\t" + "srli t2, t2, 32\n\t" + "srli s1, s1, 32\n\t" + "add s3, s3, t0\n\t" + "add s5, s5, t1\n\t" + "add s7, s7, t2\n\t" + "add s9, s9, s1\n\t" + + "addi %[bytes], %[bytes], -64\n\t" + "bgez %[bytes], L_chacha20_riscv_xor\n\t" + "addi a3, %[bytes], 64\n\t" + + "sw a4, 0(%[over])\n\t" + "sw a5, 4(%[over])\n\t" + "sw a6, 8(%[over])\n\t" + "sw a7, 12(%[over])\n\t" + "sw t3, 16(%[over])\n\t" + "sw t4, 20(%[over])\n\t" + "sw t5, 24(%[over])\n\t" + "sw t6, 28(%[over])\n\t" + "sw s2, 32(%[over])\n\t" + "sw s3, 36(%[over])\n\t" + "sw s4, 40(%[over])\n\t" + "sw s5, 44(%[over])\n\t" + "sw s6, 48(%[over])\n\t" + "sw s7, 52(%[over])\n\t" + "sw s8, 56(%[over])\n\t" + "sw s9, 60(%[over])\n\t" + + "addi t0, a3, -8\n\t" + "bltz t0, L_chacha20_riscv_32bit\n\t" + "addi a3, a3, -1\n\t" + "L_chacha20_riscv_64bit_loop:\n\t" + "ld t0, (%[m])\n\t" + "ld t1, (%[over])\n\t" + "xor t0, t0, t1\n\t" + "sd t0, (%[c])\n\t" + "addi %[m], %[m], 8\n\t" + "addi %[c], %[c], 8\n\t" + "addi %[over], %[over], 8\n\t" + "addi a3, a3, -8\n\t" + "bgez a3, L_chacha20_riscv_64bit_loop\n\t" + "addi a3, a3, 1\n\t" + + "L_chacha20_riscv_32bit:\n\t" + "addi t0, a3, -4\n\t" + "bltz t0, L_chacha20_riscv_16bit\n\t" + "lw t0, (%[m])\n\t" + "lw t1, (%[over])\n\t" + "xor t0, t0, t1\n\t" + "sw t0, (%[c])\n\t" + "addi %[m], %[m], 4\n\t" + "addi %[c], %[c], 4\n\t" + "addi %[over], %[over], 4\n\t" + + "L_chacha20_riscv_16bit:\n\t" + "addi t0, a3, -2\n\t" + "bltz t0, L_chacha20_riscv_8bit\n\t" + "lh t0, (%[m])\n\t" + "lh t1, (%[over])\n\t" + "xor t0, t0, t1\n\t" + "sh t0, (%[c])\n\t" + "addi %[m], %[m], 2\n\t" + "addi %[c], %[c], 2\n\t" + "addi %[over], %[over], 2\n\t" + + "L_chacha20_riscv_8bit:\n\t" + "addi t0, a3, -1\n\t" + "bltz t0, L_chacha20_riscv_bytes_done\n\t" + "lb t0, (%[m])\n\t" + "lb t1, (%[over])\n\t" + "xor t0, t0, t1\n\t" + "sb t0, (%[c])\n\t" + + "L_chacha20_riscv_bytes_done:\n\t" + "lw t0, 48(%[input])\n\t" + "addi t0, t0, 1\n\t" + "sw t0, 48(%[input])\n\t" + "bltz %[bytes], L_chacha20_riscv_done\n\t" + + "L_chacha20_riscv_xor:\n\t" +#if !defined(WOLFSSL_RISCV_BIT_MANIPULATION) + "ld t0, 0(%[m])\n\t" + "ld t1, 8(%[m])\n\t" + "ld t2, 16(%[m])\n\t" + "ld s1, 24(%[m])\n\t" + "xor a4, a4, t0\n\t" + "xor a6, a6, t1\n\t" + "xor t3, t3, t2\n\t" + "xor t5, t5, s1\n\t" + "srli t0, t0, 32\n\t" + "srli t1, t1, 32\n\t" + "srli t2, t2, 32\n\t" + "srli s1, s1, 32\n\t" + "xor a5, a5, t0\n\t" + "xor a7, a7, t1\n\t" + "xor t4, t4, t2\n\t" + "xor t6, t6, s1\n\t" + "ld t0, 32(%[m])\n\t" + "ld t1, 40(%[m])\n\t" + "ld t2, 48(%[m])\n\t" + "ld s1, 56(%[m])\n\t" + "xor s2, s2, t0\n\t" + "xor s4, s4, t1\n\t" + "xor s6, s6, t2\n\t" + "xor s8, s8, s1\n\t" + "srli t0, t0, 32\n\t" + "srli t1, t1, 32\n\t" + "srli t2, t2, 32\n\t" + "srli s1, s1, 32\n\t" + "xor s3, s3, t0\n\t" + "xor s5, s5, t1\n\t" + "xor s7, s7, t2\n\t" + "xor s9, s9, s1\n\t" + "sw a4, 0(%[c])\n\t" + "sw a5, 4(%[c])\n\t" + "sw a6, 8(%[c])\n\t" + "sw a7, 12(%[c])\n\t" + "sw t3, 16(%[c])\n\t" + "sw t4, 20(%[c])\n\t" + "sw t5, 24(%[c])\n\t" + "sw t6, 28(%[c])\n\t" + "sw s2, 32(%[c])\n\t" + "sw s3, 36(%[c])\n\t" + "sw s4, 40(%[c])\n\t" + "sw s5, 44(%[c])\n\t" + "sw s6, 48(%[c])\n\t" + "sw s7, 52(%[c])\n\t" + "sw s8, 56(%[c])\n\t" + "sw s9, 60(%[c])\n\t" +#else + PACK(REG_A4, REG_A4, REG_A5) + PACK(REG_A6, REG_A6, REG_A7) + PACK(REG_T3, REG_T3, REG_T4) + PACK(REG_T5, REG_T5, REG_T6) + PACK(REG_S2, REG_S2, REG_S3) + PACK(REG_S4, REG_S4, REG_S5) + PACK(REG_S6, REG_S6, REG_S7) + PACK(REG_S8, REG_S8, REG_S9) + "ld a5, 0(%[m])\n\t" + "ld a7, 8(%[m])\n\t" + "ld t4, 16(%[m])\n\t" + "ld t6, 24(%[m])\n\t" + "ld s3, 32(%[m])\n\t" + "ld s5, 40(%[m])\n\t" + "ld s7, 48(%[m])\n\t" + "ld s9, 56(%[m])\n\t" + "xor a4, a4, a5\n\t" + "xor a6, a6, a7\n\t" + "xor t3, t3, t4\n\t" + "xor t5, t5, t6\n\t" + "xor s2, s2, s3\n\t" + "xor s4, s4, s5\n\t" + "xor s6, s6, s7\n\t" + "xor s8, s8, s9\n\t" + "sd a4, 0(%[c])\n\t" + "sd a6, 8(%[c])\n\t" + "sd t3, 16(%[c])\n\t" + "sd t5, 24(%[c])\n\t" + "sd s2, 32(%[c])\n\t" + "sd s4, 40(%[c])\n\t" + "sd s6, 48(%[c])\n\t" + "sd s8, 56(%[c])\n\t" +#endif + + "lw t0, 48(%[input])\n\t" + "addi %[m], %[m], 64\n\t" + "addi t0, t0, 1\n\t" + "addi %[c], %[c], 64\n\t" + "sw t0, 48(%[input])\n\t" + + "bnez %[bytes], L_chacha20_riscv_outer\n\t" + + "L_chacha20_riscv_done:\n\t" + : [m] "+r" (m), [c] "+r" (c), [bytes] "+r" (bytes64), [over] "+r" (over) + : [input] "r" (input) + : "memory", "t0", "t1", "t2", "s1", "a3", + "t3", "t4", "t5", "t6", + "a4", "a5", "a6", "a7", + "s2", "s3", "s4", "s5", + "s6", "s7", "s8", "s9" + ); +} + +/** + * Encrypt a stream of bytes + */ +static void wc_chacha_encrypt_bytes(ChaCha* ctx, const byte* m, byte* c, + word32 bytes) +{ + wc_chacha_encrypt(ctx->X, m, c, bytes, ctx->over); + ctx->left = CHACHA_CHUNK_BYTES - (bytes & (CHACHA_CHUNK_BYTES - 1)); + ctx->left &= CHACHA_CHUNK_BYTES - 1; +} +#endif + +/** + * API to encrypt/decrypt a message of any size. + */ +int wc_Chacha_Process(ChaCha* ctx, byte* output, const byte* input, + word32 msglen) +{ + int ret = 0; + + if ((ctx == NULL) || (output == NULL) || (input == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + /* handle left overs */ + if (msglen > 0 && ctx->left > 0) { + byte* out; + word32 i; + + out = (byte*)ctx->over + CHACHA_CHUNK_BYTES - ctx->left; + for (i = 0; i < msglen && i < ctx->left; i++) { + output[i] = (byte)(input[i] ^ out[i]); + } + ctx->left -= i; + + msglen -= i; + output += i; + input += i; + } + + if (msglen != 0) { + wc_chacha_encrypt_bytes(ctx, input, output, msglen); + } + } + + return ret; +} + +#endif /* HAVE_CHACHA */ +#endif /* WOLFSSL_ARMASM && !WOLFSSL_ARMASM_NO_NEON */ diff --git a/wolfcrypt/src/port/riscv/riscv-64-sha256.c b/wolfcrypt/src/port/riscv/riscv-64-sha256.c index 62d26745e1..3c546b00d7 100644 --- a/wolfcrypt/src/port/riscv/riscv-64-sha256.c +++ b/wolfcrypt/src/port/riscv/riscv-64-sha256.c @@ -846,41 +846,41 @@ static WC_INLINE void Sha256Final(wc_Sha256* sha256, byte* hash) #elif defined(WOLFSSL_RISCV_BASE_BIT_MANIPULATION) "ld t1, 0(%[digest])\n\t" "ld t3, 8(%[digest])\n\t" - "ld s1, 16(%[digest])\n\t" - "ld s3, 24(%[digest])\n\t" + "ld a5, 16(%[digest])\n\t" + "ld a7, 24(%[digest])\n\t" REV8(REG_T1, REG_T1) REV8(REG_T3, REG_T3) - REV8(REG_S1, REG_S1) - REV8(REG_S3, REG_S3) + REV8(REG_A5, REG_A5) + REV8(REG_A7, REG_A7) "srli t0, t1, 32\n\t" "srli t2, t3, 32\n\t" - "srli s0, s1, 32\n\t" - "srli s2, s3, 32\n\t" + "srli a4, a5, 32\n\t" + "srli a6, a7, 32\n\t" "sw t0, 0(%[hash])\n\t" "sw t1, 4(%[hash])\n\t" "sw t2, 8(%[hash])\n\t" "sw t3, 12(%[hash])\n\t" - "sw s0, 16(%[hash])\n\t" - "sw s1, 20(%[hash])\n\t" - "sw s2, 24(%[hash])\n\t" - "sw s3, 28(%[hash])\n\t" + "sw a4, 16(%[hash])\n\t" + "sw a5, 20(%[hash])\n\t" + "sw a6, 24(%[hash])\n\t" + "sw a7, 28(%[hash])\n\t" #else LOAD_WORD_REV(t0, 0, %[digest], t2, t3, t4) LOAD_WORD_REV(t1, 4, %[digest], t2, t3, t4) - LOAD_WORD_REV(s0, 8, %[digest], t2, t3, t4) - LOAD_WORD_REV(s1, 12, %[digest], t2, t3, t4) + LOAD_WORD_REV(a4, 8, %[digest], t2, t3, t4) + LOAD_WORD_REV(a5, 12, %[digest], t2, t3, t4) "sw t0, 0(%[hash])\n\t" "sw t1, 4(%[hash])\n\t" - "sw s0, 8(%[hash])\n\t" - "sw s1, 12(%[hash])\n\t" + "sw a4, 8(%[hash])\n\t" + "sw a5, 12(%[hash])\n\t" LOAD_WORD_REV(t0, 16, %[digest], t2, t3, t4) LOAD_WORD_REV(t1, 20, %[digest], t2, t3, t4) - LOAD_WORD_REV(s0, 24, %[digest], t2, t3, t4) - LOAD_WORD_REV(s1, 28, %[digest], t2, t3, t4) + LOAD_WORD_REV(a4, 24, %[digest], t2, t3, t4) + LOAD_WORD_REV(a5, 28, %[digest], t2, t3, t4) "sw t0, 16(%[hash])\n\t" "sw t1, 20(%[hash])\n\t" - "sw s0, 24(%[hash])\n\t" - "sw s1, 28(%[hash])\n\t" + "sw a4, 24(%[hash])\n\t" + "sw a5, 28(%[hash])\n\t" #endif : : [digest] "r" (sha256->digest), [hash] "r" (hash) @@ -889,7 +889,7 @@ static WC_INLINE void Sha256Final(wc_Sha256* sha256, byte* hash) , [rev_idx] "r" (rev_idx) #endif : "cc", "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6", - "s0", "s1", "s2", "s3" + "a4", "a5", "a6", "a7" ); } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 7c357e6818..a0720ca6c3 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -7789,10 +7789,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha_test(void) return WC_TEST_RET_ENC_EC(ret); if (XMEMCMP(plain_big, input_big, CHACHA_BIG_TEST_SIZE)) - return WC_TEST_RET_ENC_NC; + return WC_TEST_RET_ENC_I(i); if (XMEMCMP(cipher_big, cipher_big_result, CHACHA_BIG_TEST_SIZE)) - return WC_TEST_RET_ENC_NC; + return WC_TEST_RET_ENC_I(i); } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) diff --git a/wolfssl/wolfcrypt/chacha.h b/wolfssl/wolfcrypt/chacha.h index a430224e05..c3af0507af 100644 --- a/wolfssl/wolfcrypt/chacha.h +++ b/wolfssl/wolfcrypt/chacha.h @@ -82,7 +82,8 @@ typedef struct ChaCha { byte extra[12]; #endif word32 left; /* number of bytes leftover */ -#if defined(USE_INTEL_CHACHA_SPEEDUP) || defined(WOLFSSL_ARMASM) +#if defined(USE_INTEL_CHACHA_SPEEDUP) || defined(WOLFSSL_ARMASM) || \ + defined(WOLFSSL_RISCV_ASM) word32 over[CHACHA_CHUNK_WORDS]; #endif } ChaCha; diff --git a/wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h b/wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h index 5407654ee9..e9d200f916 100644 --- a/wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h +++ b/wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h @@ -137,6 +137,12 @@ (0b0010011 << 0) | \ (rs << 15) | (rd << 7)) +#define RORIW(rd, rs, imm) \ + ASM_WORD((0b0110000 << 25) | (0b101 << 12) | \ + (0b0011011 << 0) | \ + (imm << 20) | (rs << 15) | (rd << 7)) + + /* rd = rs1[0..31] | rs2[0..31]. */ #define PACK(rd, rs1, rs2) \ ASM_WORD((0b0000100 << 25) | (0b100 << 12) | 0b0110011 | \ @@ -184,16 +190,36 @@ /* Move from vector register to vector registor. */ #define VMV_V_V(vd, vs1) \ ASM_WORD((0b1010111 << 0) | (0b000 << 12) | (0b1 << 25) | \ - (0b010111 << 26) | (vd << 7) | (vs1 << 15)) + (0b010111 << 26) | ((vd) << 7) | ((vs1) << 15)) /* Splat register to each component of the vector registor. */ #define VMV_V_X(vd, rs1) \ ASM_WORD((0b1010111 << 0) | (0b100 << 12) | (0b1 << 25) | \ - (0b010111 << 26) | (vd << 7) | (rs1 << 15)) + (0b010111 << 26) | ((vd) << 7) | ((rs1) << 15)) +/* Splat immediate to each component of the vector registor. */ +#define VMV_V_I(vd, imm) \ + ASM_WORD((0b1010111 << 0) | (0b011 << 12) | (0b1 << 25) | \ + (0b010111 << 26) | ((vd) << 7) | ((imm) << 15)) /* Move n vector registers to vector registers. */ #define VMVR_V(vd, vs2, n) \ ASM_WORD((0b1010111 << 0) | (0b011 << 12) | (0b1 << 25) | \ - (0b100111 << 26) | (vd << 7) | ((n-1) << 15) | \ - (vs2 << 20)) + (0b100111 << 26) | ((vd) << 7) | ((n-1) << 15) | \ + ((vs2) << 20)) + + +/* + * Logic + */ + +/* vd = vs2 << uimm */ +#define VSLL_VI(vd, vs2, uimm) \ + ASM_WORD((0b100101 << 26) | (0b1 << 25) | \ + (0b011 << 12) | (0b1010111 << 0) | \ + (vd << 7) | (uimm << 15) | (vs2 << 20)) +/* vd = vs2 >> uimm */ +#define VSRL_VI(vd, vs2, uimm) \ + ASM_WORD((0b101000 << 26) | (0b1 << 25) | \ + (0b011 << 12) | (0b1010111 << 0) | \ + (vd << 7) | (uimm << 15) | (vs2 << 20)) /* @@ -235,13 +261,13 @@ #define VMV_X_S(rd, vs2) \ ASM_WORD((0b010000 << 26) | (0b1 << 25) | \ (0b010 << 12) | (0b1010111 << 0) | \ - (rd << 7) | (vs2 << 20)) + ((rd) << 7) | ((vs2) << 20)) /* vd[0] = x[rs1] */ #define VMV_S_X(vd, rs1) \ ASM_WORD((0b010000 << 26) | (0b1 << 25) | \ (0b110 << 12) | (0b1010111 << 0) | \ - (vd << 7) | (rs1 << 15)) + ((vd) << 7) | ((rs1) << 15)) /* vd[shift..max] = vs2[0..max-shift] * Sliding up doesn't change bottom part of destination. @@ -249,7 +275,7 @@ #define VSLIDEUP_VI(vd, vs2, shift) \ ASM_WORD((0b001110 << 26) | (0b1 << 25) | \ (0b011 << 12) | (0b1010111 << 0) | \ - (vd << 7) | (shift << 15) | (vs2 << 20)) + ((vd) << 7) | ((shift) << 15) | ((vs2) << 20)) /* vd[0..max-shift] = vs2[shift..max] * Sliding down change top part of destination. @@ -257,13 +283,18 @@ #define VSLIDEDOWN_VI(vd, vs2, shift) \ ASM_WORD((0b001111 << 26) | (0b1 << 25) | \ (0b011 << 12) | (0b1010111 << 0) | \ - (vd << 7) | (shift << 15) | (vs2 << 20)) + ((vd) << 7) | ((shift) << 15) | ((vs2) << 20)) /* vd[i] = vs1[vs2[i]] */ #define VRGATHER_VV(vd, vs1, vs2) \ ASM_WORD((0b001100 << 26) | (0b1 << 25) | \ (0b000 << 12) | (0b1010111 << 0) | \ - (vd << 7) | (vs1 << 15) | (vs2 << 20)) + ((vd) << 7) | ((vs1) << 15) | ((vs2) << 20)) + +#define VID_V(vd) \ + ASM_WORD((0b010100 << 26) | (0b1 << 25) | (0b00000 << 20) | \ + (0b10001 << 15) | (0b010 << 12) | \ + (0b1010111 << 0) | ((vd) << 7)) /* @@ -281,15 +312,22 @@ defined(WOLFSSL_RISCV_VECTOR_CRYPTO_ASM) /* - * Bit Manipulation + * Vector Bit Manipulation */ /* Reverse order of bytes in words of vector regsiter. */ #define VREV8(vd, vs2) \ ASM_WORD((0b010010 << 26) | (0b1 << 25) | (0b01001<< 15) | \ - (0b010 << 12) | (0b1010111 << 0) | \ + (0b010 << 12) | (0b1010111 << 0) | \ (vs2 << 20) | (vd << 7)) +/* Reverse order of bytes in words of vector regsiter. */ +#define VROR_VI(vd, imm, vs2) \ + ASM_WORD((0b01010 << 27) | (0b1 << 25) | (0b011 << 12) | \ + (0b1010111 << 0) | ((imm >> 5) << 26) | \ + (vs2 << 20) | ((imm & 0x1f) << 15) | (vd << 7)) + + #endif /* WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION || * WOLFSSL_RISCV_VECTOR_CRYPTO_ASM */ From 3943e1324f36fe75bc4d5c289ff3391a0c50c274 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Tue, 25 Jun 2024 17:01:10 +0200 Subject: [PATCH 44/71] Add ntp action --- .github/workflows/ntp.yml | 87 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 .github/workflows/ntp.yml diff --git a/.github/workflows/ntp.yml b/.github/workflows/ntp.yml new file mode 100644 index 0000000000..04eedd8e94 --- /dev/null +++ b/.github/workflows/ntp.yml @@ -0,0 +1,87 @@ +name: ntp Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + build_wolfssl: + name: Build wolfSSL + # Just to keep it the same as the testing target + runs-on: ubuntu-latest + # This should be a safe limit for the tests to run. + timeout-minutes: 4 + steps: + - name: Build wolfSSL + uses: wolfSSL/actions-build-autotools-project@v1 + with: + path: wolfssl + configure: --enable-all + install: true + check: false + + - name: Upload built lib + uses: actions/upload-artifact@v4 + with: + name: wolf-install-ntp + path: build-dir + retention-days: 5 + + ntp_check: + strategy: + fail-fast: false + matrix: + # List of releases to test + ref: [ 4.2.8p15 ] + name: ${{ matrix.ref }} + runs-on: ubuntu-latest + # This should be a safe limit for the tests to run. + timeout-minutes: 10 + needs: build_wolfssl + steps: + - name: Download lib + uses: actions/download-artifact@v4 + with: + name: wolf-install-ntp + path: build-dir + + - name: Checkout OSP + uses: actions/checkout@v4 + with: + repository: wolfssl/osp + path: osp + + # Avoid DoS'ing ntp site so cache the tar.gz + - name: Check if we have ntp + uses: actions/cache@v4 + id: cache + with: + path: ntp-${{ matrix.ref }}.tar.gz + key: ntp-${{ matrix.ref }}.tar.gz + + - name: Download ntp + if: steps.cache.outputs.cache-hit != 'true' + run: | + wget https://downloads.nwtime.org/ntp/4.2.8/ntp-${{ matrix.ref }}.tar.gz + + - name: Extract ntp + run: | + tar -xf ntp-${{ matrix.ref }}.tar.gz + + - name: Build and test ntp + working-directory: ntp-${{ matrix.ref }} + run: | + patch -p1 < $GITHUB_WORKSPACE/osp/ntp/${{ matrix.ref }}/ntp-${{ matrix.ref }}.patch + ./bootstrap + ./configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir + make -j + make -j check + \ No newline at end of file From 90861d9e6d44f13b4c3853c2d585429c3acabc08 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Tue, 18 Jun 2024 20:18:33 +0200 Subject: [PATCH 45/71] Retry sasl tests as they appear to be flaky --- .github/workflows/cyrus-sasl.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cyrus-sasl.yml b/.github/workflows/cyrus-sasl.yml index 9cd572aea0..8938bb0db4 100644 --- a/.github/workflows/cyrus-sasl.yml +++ b/.github/workflows/cyrus-sasl.yml @@ -88,4 +88,11 @@ jobs: working-directory: sasl run: | make -j -C utils testsuite saslpasswd2 - $GITHUB_WORKSPACE/osp/cyrus-sasl/${{ matrix.ref }}/run-tests.sh + # Retry up to five times + for i in {1..5}; do + TEST_RES=0 + $GITHUB_WORKSPACE/osp/cyrus-sasl/${{ matrix.ref }}/run-tests.sh || TEST_RES=$? + if [ "$TEST_RES" -eq "0" ]; then + break + fi + done From edb5d09e6c8e7e3447efde1af479b7cac3ae96c1 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Mon, 17 Jun 2024 11:47:45 +0200 Subject: [PATCH 46/71] Add rng-tools action --- .github/workflows/rng-tools.yml | 109 ++++++++++++++++++++++++++++++++ 1 file changed, 109 insertions(+) create mode 100644 .github/workflows/rng-tools.yml diff --git a/.github/workflows/rng-tools.yml b/.github/workflows/rng-tools.yml new file mode 100644 index 0000000000..a2297bb806 --- /dev/null +++ b/.github/workflows/rng-tools.yml @@ -0,0 +1,109 @@ +name: rng-tools Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + build_wolfssl: + name: Build wolfSSL + # Just to keep it the same as the testing target + runs-on: ubuntu-latest + # This should be a safe limit for the tests to run. + timeout-minutes: 4 + steps: + - name: Build wolfSSL + uses: wolfSSL/actions-build-autotools-project@v1 + with: + path: wolfssl + configure: --enable-all + install: true + check: false + + - name: Upload built lib + uses: actions/upload-artifact@v4 + with: + name: wolf-install-rng-tools + path: build-dir + retention-days: 5 + + rng-tools_check: + strategy: + fail-fast: false + matrix: + # List of releases to test + ref: [ 6.16 ] + name: ${{ matrix.ref }} + runs-on: ubuntu-latest + # This should be a safe limit for the tests to run. + timeout-minutes: 4 + needs: build_wolfssl + steps: + - name: Install dependencies + run: | + # Don't prompt for anything + export DEBIAN_FRONTEND=noninteractive + sudo apt-get update + sudo apt-get install -y libcurl4-openssl-dev libjansson-dev libp11-dev librtlsdr-dev libcap-dev + + - name: Download lib + uses: actions/download-artifact@v4 + with: + name: wolf-install-rng-tools + path: build-dir + + - name: Checkout OSP + uses: actions/checkout@v4 + with: + repository: wolfssl/osp + path: osp + + - name: Checkout jitterentropy-library + uses: actions/checkout@v4 + with: + repository: smuellerDD/jitterentropy-library + path: jitterentropy-library + ref: v3.5.0 + + - name: Build jitterentropy-library + working-directory: jitterentropy-library + run: make -j + + - name: Build rng-tools + uses: wolfSSL/actions-build-autotools-project@v1 + with: + repository: nhorman/rng-tools + ref: v${{ matrix.ref }} + path: rng-tools + patch-file: $GITHUB_WORKSPACE/osp/rng-tools/${{ matrix.ref }}.patch + configure: --without-pkcs11 --enable-jitterentropy=$GITHUB_WORKSPACE/jitterentropy-library --with-wolfssl=$GITHUB_WORKSPACE/build-dir + check: false + + - name: Testing rng-tools + id: testing + working-directory: rng-tools + run: | + # Retry up to five times + for i in {1..5}; do + TEST_RES=0 + LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib make check || TEST_RES=$? + if [ "$TEST_RES" -eq "0" ]; then + break + fi + done + if [ "$TEST_RES" -ne "0" ]; then + exit $TEST_RES + fi + + - name: Print logs + if: ${{ failure() && steps.testing.outcome == 'failure' }} + working-directory: rng-tools/tests + run: cat test-suite.log From 4c86219afaad41e615759533707e54bf484215aa Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Thu, 1 Aug 2024 14:17:19 +0200 Subject: [PATCH 47/71] Retry mosquitto tests as they appear to be flaky --- .github/workflows/mosquitto.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/.github/workflows/mosquitto.yml b/.github/workflows/mosquitto.yml index a960dafbc1..bedd1e4195 100644 --- a/.github/workflows/mosquitto.yml +++ b/.github/workflows/mosquitto.yml @@ -80,4 +80,14 @@ jobs: - name: Run mosquitto tests working-directory: ./mosquitto run: | - make WITH_TLS=wolfssl WITH_CJSON=no WITH_DOCS=no WOLFSSLDIR=$GITHUB_WORKSPACE/build-dir ptest \ No newline at end of file + # Retry up to five times + for i in {1..5}; do + TEST_RES=0 + make WITH_TLS=wolfssl WITH_CJSON=no WITH_DOCS=no WOLFSSLDIR=$GITHUB_WORKSPACE/build-dir ptest || TEST_RES=$? + if [ "$TEST_RES" -eq "0" ]; then + break + fi + done + if [ "$TEST_RES" -ne "0" ]; then + exit $TEST_RES + fi From aee446f3e5589591dff4b181ff670638a2f251eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Frauenschl=C3=A4ger?= Date: Thu, 1 Aug 2024 10:33:09 +0200 Subject: [PATCH 48/71] Build SHA3 assembly with INTEL_SPEEDUP MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Make sure the file `sha3_asm.S` is compiled when `WOLFSSL_INTEL_ASM` is enabled using CMake. Signed-off-by: Tobias Frauenschläger --- cmake/functions.cmake | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/cmake/functions.cmake b/cmake/functions.cmake index 0fa91a6e15..3c8832c2c3 100644 --- a/cmake/functions.cmake +++ b/cmake/functions.cmake @@ -399,6 +399,10 @@ function(generate_lib_src_list LIB_SOURCES) if(BUILD_SHA3) list(APPEND LIB_SOURCES wolfcrypt/src/sha3.c) + + if(BUILD_INTELASM) + list(APPEND LIB_SOURCES wolfcrypt/src/sha3_asm.S) + endif() endif() if(BUILD_DH) @@ -582,6 +586,10 @@ function(generate_lib_src_list LIB_SOURCES) if(NOT BUILD_FIPS_V2 AND BUILD_SHA3) list(APPEND LIB_SOURCES wolfcrypt/src/sha3.c) + + if(BUILD_INTELASM) + list(APPEND LIB_SOURCES wolfcrypt/src/sha3_asm.S) + endif() endif() endif() From 65283fb9bbacc47740a0ec92cd8e415345007007 Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 1 Aug 2024 10:27:22 -0700 Subject: [PATCH 49/71] Improvement for the --enable-asn=nocrypt. Note: This option skips certificate signature checking, so make check TLS expected failures do not pass. Cleanup of the api.c headers / macros. --- tests/api.c | 310 +++++++++++++++++++++++--------------------- tests/unit.c | 8 +- wolfcrypt/src/asn.c | 7 +- 3 files changed, 170 insertions(+), 155 deletions(-) diff --git a/tests/api.c b/tests/api.c index 9bfd9b14aa..b6c39401cf 100644 --- a/tests/api.c +++ b/tests/api.c @@ -36,107 +36,17 @@ #include #undef TEST_OPENSSL_COEXIST /* can't use this option with this example */ -#ifndef FOURK_BUF - #define FOURK_BUF 4096 -#endif -#ifndef TWOK_BUF - #define TWOK_BUF 2048 -#endif -#ifndef ONEK_BUF - #define ONEK_BUF 1024 -#endif +#include +#include + #if defined(WOLFSSL_STATIC_MEMORY) #include - -#if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFCRYPT_ONLY) - #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) || \ - defined(SESSION_CERTS) - #ifdef OPENSSL_EXTRA - #define TEST_TLS_STATIC_MEMSZ (400000) - #else - #define TEST_TLS_STATIC_MEMSZ (320000) - #endif - #else - #define TEST_TLS_STATIC_MEMSZ (80000) - #endif #endif - -#endif /* WOLFSSL_STATIC_MEMORY */ -#ifndef HEAP_HINT - #define HEAP_HINT NULL -#endif /* WOLFSSL_STAIC_MEMORY */ #ifdef WOLFSSL_ASNC_CRYPT #include #endif #ifdef HAVE_ECC #include /* wc_ecc_fp_free */ - #ifndef ECC_ASN963_MAX_BUF_SZ - #define ECC_ASN963_MAX_BUF_SZ 133 - #endif - #ifndef ECC_PRIV_KEY_BUF - #define ECC_PRIV_KEY_BUF 66 /* For non user defined curves. */ - #endif - /* ecc key sizes: 14, 16, 20, 24, 28, 30, 32, 40, 48, 64 */ - /* logic to choose right key ECC size */ - #if (defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 112 - #define KEY14 14 - #else - #define KEY14 32 - #endif - #if (defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 128 - #define KEY16 16 - #else - #define KEY16 32 - #endif - #if (defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 160 - #define KEY20 20 - #else - #define KEY20 32 - #endif - #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192 - #define KEY24 24 - #else - #define KEY24 32 - #endif - #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES) - #define KEY28 28 - #else - #define KEY28 32 - #endif - #if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES) - #define KEY30 30 - #else - #define KEY30 32 - #endif - #define KEY32 32 - #if defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES) - #define KEY40 40 - #else - #define KEY40 32 - #endif - #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES) - #define KEY48 48 - #else - #define KEY48 32 - #endif - #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES) - #define KEY64 64 - #else - #define KEY64 32 - #endif - - #if !defined(HAVE_COMP_KEY) - #if !defined(NOCOMP) - #define NOCOMP 0 - #endif - #else - #if !defined(COMP) - #define COMP 1 - #endif - #endif - #if !defined(DER_SZ) - #define DER_SZ(ks) ((ks) * 2 + 1) - #endif #ifdef WOLFSSL_SM2 #include #endif @@ -144,14 +54,17 @@ #ifndef NO_ASN #include #endif -#include #include #include /* compatibility layer */ +#include + #include #include +#include + +/* for testing compatibility layer callbacks */ #include "examples/server/server.h" - /* for testing compatibility layer callbacks */ #ifndef NO_MD5 #include @@ -168,18 +81,12 @@ #ifdef WOLFSSL_SHA384 #include #endif - #ifdef WOLFSSL_SHA3 #include - #ifndef HEAP_HINT - #define HEAP_HINT NULL - #endif #endif - #ifdef WOLFSSL_SM3 #include #endif - #ifndef NO_AES #include #ifdef HAVE_AES_DECRYPT @@ -228,19 +135,14 @@ #include #endif -#include #ifndef NO_RSA #include - - #define FOURK_BUF 4096 - #define GEN_BUF 294 #endif #ifndef NO_SIG_WRAPPER #include #endif - #ifdef HAVE_AESCCM #include #endif @@ -249,7 +151,7 @@ #include #include #ifdef HAVE_LIBZ - #include + #include #endif #endif @@ -259,21 +161,6 @@ #ifndef NO_DSA #include - #ifndef ONEK_BUF - #define ONEK_BUF 1024 - #endif - #ifndef TWOK_BUF - #define TWOK_BUF 2048 - #endif - #ifndef FOURK_BUF - #define FOURK_BUF 4096 - #endif - #ifndef DSA_SIG_SIZE - #define DSA_SIG_SIZE 40 - #endif - #ifndef MAX_DSA_PARAM_SIZE - #define MAX_DSA_PARAM_SIZE 256 - #endif #endif #ifdef WOLFSSL_CMAC @@ -307,9 +194,8 @@ #include #endif -#include - -#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_ALL)) +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(OPENSSL_ALL) #include #ifndef NO_ASN /* for ASN_COMMON_NAME DN_tags enum */ @@ -372,8 +258,8 @@ #endif #endif /* OPENSSL_EXTRA */ -#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \ - && !defined(NO_SHA256) && !defined(RC_NO_RNG) +#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) && \ + !defined(NO_SHA256) && !defined(RC_NO_RNG) #include #endif @@ -386,7 +272,7 @@ /* for testing SSL_get_peer_cert_chain, or SESSION_TICKET_HINT_DEFAULT, * for setting authKeyIdSrc in WOLFSSL_X509, or testing DTLS sequence * number tracking */ -#include "wolfssl/internal.h" + #include "wolfssl/internal.h" #endif /* force enable test buffers */ @@ -398,8 +284,6 @@ #endif #include -#include "tests/utils.h" - /* include misc.c here regardless of NO_INLINE, because misc.c implementations * have default (hidden) visibility, and in the absence of visibility, it's * benign to mask out the library implementation. @@ -407,12 +291,144 @@ #define WOLFSSL_MISC_INCLUDED #include + + +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ + !defined(NO_RSA) && !defined(SINGLE_THREADED) && \ + !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) + #define HAVE_IO_TESTS_DEPENDENCIES +#endif + +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ + !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \ + !defined(WOLFSSL_TIRTOS) + #define HAVE_SSL_MEMIO_TESTS_DEPENDENCIES +#endif + +#if !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_FILESYSTEM) && \ + !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \ + !defined(WOLFSSL_NO_CLIENT_AUTH)) + #define HAVE_CERT_CHAIN_VALIDATION +#endif + #ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV /* FIPS build has replaced ecc.h. */ #define wc_ecc_key_get_priv(key) (&((key)->k)) #define WOLFSSL_HAVE_ECC_KEY_GET_PRIV #endif +#if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFCRYPT_ONLY) + #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) || defined(SESSION_CERTS) + #ifdef OPENSSL_EXTRA + #define TEST_TLS_STATIC_MEMSZ (400000) + #else + #define TEST_TLS_STATIC_MEMSZ (320000) + #endif + #else + #define TEST_TLS_STATIC_MEMSZ (80000) + #endif +#endif + +#ifdef HAVE_ECC + #ifndef ECC_ASN963_MAX_BUF_SZ + #define ECC_ASN963_MAX_BUF_SZ 133 + #endif + #ifndef ECC_PRIV_KEY_BUF + #define ECC_PRIV_KEY_BUF 66 /* For non user defined curves. */ + #endif + /* ecc key sizes: 14, 16, 20, 24, 28, 30, 32, 40, 48, 64 */ + /* logic to choose right key ECC size */ + #if (defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 112 + #define KEY14 14 + #else + #define KEY14 32 + #endif + #if (defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 128 + #define KEY16 16 + #else + #define KEY16 32 + #endif + #if (defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 160 + #define KEY20 20 + #else + #define KEY20 32 + #endif + #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192 + #define KEY24 24 + #else + #define KEY24 32 + #endif + #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES) + #define KEY28 28 + #else + #define KEY28 32 + #endif + #if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES) + #define KEY30 30 + #else + #define KEY30 32 + #endif + #define KEY32 32 + #if defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES) + #define KEY40 40 + #else + #define KEY40 32 + #endif + #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES) + #define KEY48 48 + #else + #define KEY48 32 + #endif + #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES) + #define KEY64 64 + #else + #define KEY64 32 + #endif + + #if !defined(HAVE_COMP_KEY) + #if !defined(NOCOMP) + #define NOCOMP 0 + #endif + #else + #if !defined(COMP) + #define COMP 1 + #endif + #endif + #if !defined(DER_SZ) + #define DER_SZ(ks) ((ks) * 2 + 1) + #endif +#endif /* HAVE_ECC */ + +#ifndef NO_DSA + #ifndef DSA_SIG_SIZE + #define DSA_SIG_SIZE 40 + #endif + #ifndef MAX_DSA_PARAM_SIZE + #define MAX_DSA_PARAM_SIZE 256 + #endif +#endif + +#ifndef NO_RSA + #define GEN_BUF 294 +#endif + +#ifndef ONEK_BUF + #define ONEK_BUF 1024 +#endif +#ifndef TWOK_BUF + #define TWOK_BUF 2048 +#endif +#ifndef FOURK_BUF + #define FOURK_BUF 4096 +#endif + +#ifndef HEAP_HINT + #define HEAP_HINT NULL +#endif + + + + typedef struct testVector { const char* input; const char* output; @@ -580,17 +596,6 @@ static int testDevId = WOLFSSL_CAAM_DEVID; static int testDevId = INVALID_DEVID; #endif -#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ - !defined(NO_RSA) && !defined(SINGLE_THREADED) && \ - !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) -#define HAVE_IO_TESTS_DEPENDENCIES -#endif - -#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ - !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \ - !defined(WOLFSSL_TIRTOS) -#define HAVE_SSL_MEMIO_TESTS_DEPENDENCIES -#endif /*----------------------------------------------------------------------------* | BIO with fixed read/write size @@ -4508,6 +4513,7 @@ static int test_wolfSSL_OtherName(void) return EXPECT_RESULT(); } +#ifdef HAVE_CERT_CHAIN_VALIDATION static int test_wolfSSL_CertRsaPss(void) { EXPECT_DECLS; @@ -4565,6 +4571,7 @@ static int test_wolfSSL_CertRsaPss(void) return EXPECT_RESULT(); } +#endif static int test_wolfSSL_CTX_load_verify_locations_ex(void) { @@ -64724,7 +64731,8 @@ static int test_wc_CreateEncryptedPKCS8Key(void) { EXPECT_DECLS; #if defined(HAVE_PKCS8) && !defined(NO_PWDBASED) && defined(WOLFSSL_AES_256) \ - && !defined(NO_AES_CBC) && !defined(NO_RSA) && !defined(NO_SHA) + && !defined(NO_AES_CBC) && !defined(NO_RSA) && !defined(NO_SHA) && \ + !defined(NO_ASN_CRYPT) WC_RNG rng; byte* encKey = NULL; word32 encKeySz = 0; @@ -67249,6 +67257,10 @@ static int test_RsaSigFailure_cm(void) #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_RSA), WOLFSSL_FATAL_ERROR); +#elif defined(NO_ASN_CRYPT) + /* RSA verify is not called when ASN crypt support is disabled */ + ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_RSA), + WOLFSSL_SUCCESS); #else ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_RSA), ASN_SIG_CONFIRM_E); @@ -67282,6 +67294,10 @@ static int test_EccSigFailure_cm(void) #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_ECC), WOLFSSL_FATAL_ERROR); +#elif defined(NO_ASN_CRYPT) + /* ECC verify is not called when ASN crypt support is disabled */ + ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_ECC), + WOLFSSL_SUCCESS); #else ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_ECC), ASN_SIG_CONFIRM_E); @@ -76390,9 +76406,7 @@ static int test_wolfSSL_dtls_stateless(void) #endif /* WOLFSSL_DTLS13 && WOLFSSL_SEND_HRR_COOKIE && * HAVE_IO_TESTS_DEPENDENCIES && !SINGLE_THREADED */ -#if !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_FILESYSTEM) && \ - !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \ - !defined(WOLFSSL_NO_CLIENT_AUTH)) +#ifdef HAVE_CERT_CHAIN_VALIDATION static int load_ca_into_cm(WOLFSSL_CERT_MANAGER* cm, char* certA) { int ret; @@ -85358,9 +85372,7 @@ TEST_CASE testCases[] = { TEST_DECL(test_wolfSSL_CertManagerCRL), TEST_DECL(test_wolfSSL_CertManagerCheckOCSPResponse), TEST_DECL(test_wolfSSL_CheckOCSPResponse), -#if !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_FILESYSTEM) && \ - !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \ - !defined(WOLFSSL_NO_CLIENT_AUTH)) +#ifdef HAVE_CERT_CHAIN_VALIDATION TEST_DECL(test_various_pathlen_chains), #endif @@ -85450,7 +85462,9 @@ TEST_CASE testCases[] = { /* Large number of memory allocations. */ TEST_DECL(test_wolfSSL_CTX_load_system_CA_certs), +#ifdef HAVE_CERT_CHAIN_VALIDATION TEST_DECL(test_wolfSSL_CertRsaPss), +#endif TEST_DECL(test_wolfSSL_CTX_load_verify_locations_ex), TEST_DECL(test_wolfSSL_CTX_load_verify_buffer_ex), TEST_DECL(test_wolfSSL_CTX_load_verify_chain_buffer_format), diff --git a/tests/unit.c b/tests/unit.c index d847b7a2fa..870be9875c 100644 --- a/tests/unit.c +++ b/tests/unit.c @@ -251,16 +251,14 @@ int unit_test(int argc, char** argv) SrpTest(); } -#ifndef NO_WOLFSSL_CIPHER_SUITE_TEST -#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) -#ifndef SINGLE_THREADED +#if !defined(NO_WOLFSSL_CIPHER_SUITE_TEST) && \ + !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ + !defined(SINGLE_THREADED) if ((ret = SuiteTest(argc, argv)) != 0) { fprintf(stderr, "suite test failed with %d\n", ret); goto exit; } #endif -#endif -#endif /* NO_WOLFSSL_CIPHER_SUITE_TEST */ exit: #ifdef HAVE_WNR diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 7887ee747c..1afe0f069a 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -6278,7 +6278,7 @@ static int RsaPssHashOidToSigOid(word32 oid, word32* sigOid) #endif #ifdef WOLFSSL_ASN_TEMPLATE -/* ASN tag for hashAlgorigthm. */ +/* ASN tag for hashAlgorithm. */ #define ASN_TAG_RSA_PSS_HASH (ASN_CONTEXT_SPECIFIC | 0) /* ASN tag for maskGenAlgorithm. */ #define ASN_TAG_RSA_PSS_MGF (ASN_CONTEXT_SPECIFIC | 1) @@ -6326,7 +6326,7 @@ enum { /* Number of items in ASN.1 template for an algorithm identifier. */ #define rsaPssParamsASN_Length (sizeof(rsaPssParamsASN) / sizeof(ASNItem)) #else -/* ASN tag for hashAlgorigthm. */ +/* ASN tag for hashAlgorithm. */ #define ASN_TAG_RSA_PSS_HASH (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 0) /* ASN tag for maskGenAlgorithm. */ #define ASN_TAG_RSA_PSS_MGF (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1) @@ -17748,6 +17748,9 @@ static int ConfirmSignature(SignatureCtx* sigCtx, exit_cs: +#else + /* Warning: The NO_ASN_CRYPT option skips signature checking! */ + ret = 0; /* allow unchecked signature */ #endif /* !NO_ASN_CRYPT */ (void)keyOID; From 1199d5a5a859639485c6cb58fb8a6675b14212f1 Mon Sep 17 00:00:00 2001 From: Anthony Hu Date: Thu, 1 Aug 2024 16:41:22 -0400 Subject: [PATCH 50/71] If the WOLFSSL_NO_GOOGLE_TEST env var is set, don't run the google test. --- scripts/google.test | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/scripts/google.test b/scripts/google.test index 6eacc4d4fe..c78d20e943 100755 --- a/scripts/google.test +++ b/scripts/google.test @@ -6,6 +6,11 @@ server=www.google.com [ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1 +if test -n "$WOLFSSL_NO_GOOGLE_TEST"; then + echo "WOLFSSL_NO_GOOGLE_TEST set, won't run" + exit 77 +fi + if ! ./examples/client/client -V | grep -q 3; then echo 'skipping google.test because TLS1.2 is not available.' 1>&2 exit 77 From bd8807863995f44f4e61392a1f6a15e479f78997 Mon Sep 17 00:00:00 2001 From: Anthony Hu Date: Thu, 1 Aug 2024 17:10:53 -0400 Subject: [PATCH 51/71] Change to use already existing WOLFSSL_EXTERNAL_TEST --- scripts/google.test | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/google.test b/scripts/google.test index c78d20e943..ab640d3590 100755 --- a/scripts/google.test +++ b/scripts/google.test @@ -6,8 +6,8 @@ server=www.google.com [ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1 -if test -n "$WOLFSSL_NO_GOOGLE_TEST"; then - echo "WOLFSSL_NO_GOOGLE_TEST set, won't run" +if ! test -n "$WOLFSSL_EXTERNAL_TEST"; then + echo "WOLFSSL_EXTERNAL_TEST not set, won't run" exit 77 fi From a18d0161efb0cd4615223da89866945ae9d05e7b Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 1 Aug 2024 15:26:02 -0700 Subject: [PATCH 52/71] Fixes for minor implicit cast warnings and line length. Also fixed benchmark.c error without ChaCha and unused encrypt_only. --- tests/api.c | 8 ++++---- wolfcrypt/benchmark/benchmark.c | 4 ++++ wolfssl/wolfcrypt/settings.h | 5 +++-- 3 files changed, 11 insertions(+), 6 deletions(-) diff --git a/tests/api.c b/tests/api.c index b6c39401cf..3876ae2cd4 100644 --- a/tests/api.c +++ b/tests/api.c @@ -57494,8 +57494,8 @@ static int test_GENERAL_NAME_set0_othername(void) { ExpectIntGT(X509_sign(x509, priv, EVP_sha256()), 0); sk_GENERAL_NAME_pop_free(gns, GENERAL_NAME_free); gns = NULL; - ExpectNotNull(gns = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, - NULL)); + ExpectNotNull(gns = (GENERAL_NAMES*)X509_get_ext_d2i(x509, + NID_subject_alt_name, NULL, NULL)); ExpectIntEQ(sk_GENERAL_NAME_num(gns), 3); @@ -57658,8 +57658,8 @@ static int test_othername_and_SID_ext(void) { 0); /* Cleanup */ - ExpectNotNull(gns = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, - NULL)); + ExpectNotNull(gns = (GENERAL_NAMES*)X509_get_ext_d2i(x509, + NID_subject_alt_name, NULL, NULL)); ExpectIntEQ(sk_GENERAL_NAME_num(gns), 1); ExpectNotNull(gn = sk_GENERAL_NAME_value(gns, 0)); ExpectIntEQ(gn->type, 0); diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index cfd0b71486..7f0e23d5f6 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -1977,7 +1977,9 @@ static int numBlocks = NUM_BLOCKS; static word32 bench_size = BENCH_SIZE; static int base2 = 1; static int digest_stream = 1; +#ifdef HAVE_CHACHA static int encrypt_only = 0; +#endif #ifdef HAVE_AES_CBC static int cipher_same_buffer = 0; #endif @@ -14725,8 +14727,10 @@ int wolfcrypt_benchmark_main(int argc, char** argv) #endif else if (string_matches(argv[1], "-dgst_full")) digest_stream = 0; +#ifdef HAVE_CHACHA else if (string_matches(argv[1], "-enc_only")) encrypt_only = 1; +#endif #ifndef NO_RSA else if (string_matches(argv[1], "-rsa_sign")) rsa_sign_verify = 1; diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index c5971de683..25b961479b 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2940,7 +2940,7 @@ extern void uITRON4_free(void *p) ; #undef WOLFSSL_CERT_NAME_ALL #define WOLFSSL_CERT_NAME_ALL - /* Store pointers to issuer name components and their lengths and encodings. */ + /* Store pointers to issuer name components (lengths and encodings) */ #undef WOLFSSL_HAVE_ISSUER_NAMES #define WOLFSSL_HAVE_ISSUER_NAMES @@ -3030,7 +3030,8 @@ extern void uITRON4_free(void *p) ; #else /* if user supplied build option and not using ASN template, raise error */ #if defined(WC_ASN_UNKNOWN_EXT_CB) && !defined(WOLFSSL_ASN_TEMPLATE) - #error ASN unknown extension callback is only supported with ASN template + #error ASN unknown extension callback is only supported \ + with ASN template #endif #endif From 423c1d3e573da50bc24e9441a8b00b06cd40aa60 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Fri, 2 Aug 2024 11:58:50 +1000 Subject: [PATCH 53/71] fixup --- wolfcrypt/src/port/riscv/riscv-64-chacha.c | 223 ++++++++++----------- 1 file changed, 109 insertions(+), 114 deletions(-) diff --git a/wolfcrypt/src/port/riscv/riscv-64-chacha.c b/wolfcrypt/src/port/riscv/riscv-64-chacha.c index 75c7f50d22..a1195713d1 100644 --- a/wolfcrypt/src/port/riscv/riscv-64-chacha.c +++ b/wolfcrypt/src/port/riscv/riscv-64-chacha.c @@ -1395,10 +1395,10 @@ static WC_INLINE int wc_chacha_encrypt_256(const word32* input, const byte* m, /* Odd Round */ QUARTER_ROUND_ODD_4() ODD_SHUFFLE_4() + "addi a3, a3, -1\n\t" /* Even Round */ QUARTER_ROUND_EVEN_4() EVEN_SHUFFLE_4() - "addi a3, a3, -1\n\t" "bnez a3, L_chacha20_riscv_256_loop\n\t" /* Load message */ "mv t2, %[m]\n\t" @@ -1770,13 +1770,13 @@ static WC_INLINE void wc_chacha_encrypt_64(const word32* input, const byte* m, EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12) EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12) EIGHT_QUARTER_ROUNDS(REG_V0, REG_V1, REG_V2, REG_V3, REG_V12) + "addi t1, %[bytes], -64\n\t" /* Add back state */ VADD_VV(REG_V0, REG_V0, REG_V8) VADD_VV(REG_V1, REG_V1, REG_V9) VADD_VV(REG_V2, REG_V2, REG_V10) VADD_VV(REG_V3, REG_V3, REG_V11) - "addi t2, %[bytes], -64\n\t" - "bltz t2, L_chacha20_riscv_64_lt_64\n\t" + "bltz t1, L_chacha20_riscv_64_lt_64\n\t" "mv t2, %[m]\n\t" VL4RE32_V(REG_V4, REG_T2) VXOR_VV(REG_V4, REG_V4, REG_V0) @@ -1785,73 +1785,73 @@ static WC_INLINE void wc_chacha_encrypt_64(const word32* input, const byte* m, VXOR_VV(REG_V7, REG_V7, REG_V3) "mv t2, %[c]\n\t" VS4R_V(REG_V4, REG_T2) + "addi %[bytes], %[bytes], -64\n\t" "addi %[c], %[c], 64\n\t" "addi %[m], %[m], 64\n\t" - "addi %[bytes], %[bytes], -64\n\t" VADD_VV(REG_V11, REG_V11, REG_V13) "bnez %[bytes], L_chacha20_riscv_64_loop\n\t" "beqz %[bytes], L_chacha20_riscv_64_done\n\t" "\n" "L_chacha20_riscv_64_lt_64:\n\t" "mv t2, %[over]\n\t" + "addi t1, %[bytes], -32\n\t" VS4R_V(REG_V0, REG_T2) - "addi t2, %[bytes], -32\n\t" - "bltz t2, L_chacha20_riscv_64_lt_32\n\t" + "bltz t1, L_chacha20_riscv_64_lt_32\n\t" "mv t2, %[m]\n\t" VL2RE32_V(REG_V4, REG_T2) VXOR_VV(REG_V4, REG_V4, REG_V0) VXOR_VV(REG_V5, REG_V5, REG_V1) "mv t2, %[c]\n\t" VS2R_V(REG_V4, REG_T2) + "addi %[bytes], %[bytes], -32\n\t" "addi %[c], %[c], 32\n\t" "addi %[m], %[m], 32\n\t" - "addi %[bytes], %[bytes], -32\n\t" "beqz %[bytes], L_chacha20_riscv_64_done\n\t" VMVR_V(REG_V0, REG_V2, 2) "\n" "L_chacha20_riscv_64_lt_32:\n\t" - "addi t2, %[bytes], -16\n\t" - "bltz t2, L_chacha20_riscv_64_lt_16\n\t" + "addi t1, %[bytes], -16\n\t" + "bltz t1, L_chacha20_riscv_64_lt_16\n\t" "mv t2, %[m]\n\t" VL1RE32_V(REG_V4, REG_T2) VXOR_VV(REG_V4, REG_V4, REG_V0) "mv t2, %[c]\n\t" VS1R_V(REG_V4, REG_T2) + "addi %[bytes], %[bytes], -16\n\t" "addi %[c], %[c], 16\n\t" "addi %[m], %[m], 16\n\t" - "addi %[bytes], %[bytes], -16\n\t" "beqz %[bytes], L_chacha20_riscv_64_done\n\t" VMV_V_V(REG_V0, REG_V1) "\n" "L_chacha20_riscv_64_lt_16:\n\t" - "addi t2, %[bytes], -8\n\t" - "bltz t2, L_chacha20_riscv_64_lt_8\n\t" + "addi t1, %[bytes], -8\n\t" + "bltz t1, L_chacha20_riscv_64_lt_8\n\t" VSETIVLI(REG_X0, 2, 1, 1, 0b011, 0b000) VMV_X_S(REG_T0, REG_V0) VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) "ld t1, (%[m])\n\t" "xor t1, t1, t0\n\t" "sd t1, (%[c])\n\t" + "addi %[bytes], %[bytes], -8\n\t" "addi %[c], %[c], 8\n\t" "addi %[m], %[m], 8\n\t" - "addi %[bytes], %[bytes], -8\n\t" "beqz %[bytes], L_chacha20_riscv_64_done\n\t" VSLIDEDOWN_VI(REG_V0, REG_V0, 2) "\n" "L_chacha20_riscv_64_lt_8:\n\t" + "addi %[bytes], %[bytes], -1\n\t" VSETIVLI(REG_X0, 2, 1, 1, 0b011, 0b000) VMV_X_S(REG_T0, REG_V0) VSETIVLI(REG_X0, 4, 1, 1, 0b010, 0b000) - "addi %[bytes], %[bytes], -1\n\t" "\n" "L_chacha20_riscv_64_loop_lt_8:\n\t" + "addi %[bytes], %[bytes], -1\n\t" "lb t1, (%[m])\n\t" "addi %[m], %[m], 1\n\t" "xor t1, t1, t0\n\t" "sb t1, (%[c])\n\t" "addi %[c], %[c], 1\n\t" - "addi %[bytes], %[bytes], -1\n\t" "srli t0, t0, 8\n\t" "bgez %[bytes], L_chacha20_riscv_64_loop_lt_8\n\t" "\n" @@ -2085,9 +2085,11 @@ static void wc_chacha_encrypt_bytes(ChaCha* ctx, const byte* m, byte* c, static WC_INLINE void wc_chacha_encrypt(const word32* input, const byte* m, byte* c, word32 bytes, word32* over) { - word64 bytes64 = (word64)bytes; - __asm__ __volatile__ ( + /* Ensure 64-bit bytes has top bits clear. */ + "slli %[bytes], %[bytes], 32\n\t" + "srli %[bytes], %[bytes], 32\n\t" + "L_chacha20_riscv_outer:\n\t" /* Move state into regular registers */ "ld a4, 0(%[input])\n\t" @@ -2113,11 +2115,13 @@ static WC_INLINE void wc_chacha_encrypt(const word32* input, const byte* m, "L_chacha20_riscv_loop:\n\t" /* Odd Round */ QUARTER_ROUND_ODD() + "addi a3, a3, -1\n\t" /* Even Round */ QUARTER_ROUND_EVEN() - "addi a3, a3, -1\n\t" "bnez a3, L_chacha20_riscv_loop\n\t" + "addi %[bytes], %[bytes], -64\n\t" + "ld t0, 0(%[input])\n\t" "ld t1, 8(%[input])\n\t" "ld t2, 16(%[input])\n\t" @@ -2141,9 +2145,11 @@ static WC_INLINE void wc_chacha_encrypt(const word32* input, const byte* m, "add s2, s2, t0\n\t" "add s4, s4, t1\n\t" "add s6, s6, t2\n\t" + "addi t2, t2, 1\n\t" "add s8, s8, s1\n\t" "srli t0, t0, 32\n\t" "srli t1, t1, 32\n\t" + "sw t2, 48(%[input])\n\t" "srli t2, t2, 32\n\t" "srli s1, s1, 32\n\t" "add s3, s3, t0\n\t" @@ -2151,79 +2157,8 @@ static WC_INLINE void wc_chacha_encrypt(const word32* input, const byte* m, "add s7, s7, t2\n\t" "add s9, s9, s1\n\t" - "addi %[bytes], %[bytes], -64\n\t" - "bgez %[bytes], L_chacha20_riscv_xor\n\t" - "addi a3, %[bytes], 64\n\t" - - "sw a4, 0(%[over])\n\t" - "sw a5, 4(%[over])\n\t" - "sw a6, 8(%[over])\n\t" - "sw a7, 12(%[over])\n\t" - "sw t3, 16(%[over])\n\t" - "sw t4, 20(%[over])\n\t" - "sw t5, 24(%[over])\n\t" - "sw t6, 28(%[over])\n\t" - "sw s2, 32(%[over])\n\t" - "sw s3, 36(%[over])\n\t" - "sw s4, 40(%[over])\n\t" - "sw s5, 44(%[over])\n\t" - "sw s6, 48(%[over])\n\t" - "sw s7, 52(%[over])\n\t" - "sw s8, 56(%[over])\n\t" - "sw s9, 60(%[over])\n\t" - - "addi t0, a3, -8\n\t" - "bltz t0, L_chacha20_riscv_32bit\n\t" - "addi a3, a3, -1\n\t" - "L_chacha20_riscv_64bit_loop:\n\t" - "ld t0, (%[m])\n\t" - "ld t1, (%[over])\n\t" - "xor t0, t0, t1\n\t" - "sd t0, (%[c])\n\t" - "addi %[m], %[m], 8\n\t" - "addi %[c], %[c], 8\n\t" - "addi %[over], %[over], 8\n\t" - "addi a3, a3, -8\n\t" - "bgez a3, L_chacha20_riscv_64bit_loop\n\t" - "addi a3, a3, 1\n\t" - - "L_chacha20_riscv_32bit:\n\t" - "addi t0, a3, -4\n\t" - "bltz t0, L_chacha20_riscv_16bit\n\t" - "lw t0, (%[m])\n\t" - "lw t1, (%[over])\n\t" - "xor t0, t0, t1\n\t" - "sw t0, (%[c])\n\t" - "addi %[m], %[m], 4\n\t" - "addi %[c], %[c], 4\n\t" - "addi %[over], %[over], 4\n\t" - - "L_chacha20_riscv_16bit:\n\t" - "addi t0, a3, -2\n\t" - "bltz t0, L_chacha20_riscv_8bit\n\t" - "lh t0, (%[m])\n\t" - "lh t1, (%[over])\n\t" - "xor t0, t0, t1\n\t" - "sh t0, (%[c])\n\t" - "addi %[m], %[m], 2\n\t" - "addi %[c], %[c], 2\n\t" - "addi %[over], %[over], 2\n\t" - - "L_chacha20_riscv_8bit:\n\t" - "addi t0, a3, -1\n\t" - "bltz t0, L_chacha20_riscv_bytes_done\n\t" - "lb t0, (%[m])\n\t" - "lb t1, (%[over])\n\t" - "xor t0, t0, t1\n\t" - "sb t0, (%[c])\n\t" - - "L_chacha20_riscv_bytes_done:\n\t" - "lw t0, 48(%[input])\n\t" - "addi t0, t0, 1\n\t" - "sw t0, 48(%[input])\n\t" - "bltz %[bytes], L_chacha20_riscv_done\n\t" + "bltz %[bytes], L_chacha20_riscv_over\n\t" - "L_chacha20_riscv_xor:\n\t" #if !defined(WOLFSSL_RISCV_BIT_MANIPULATION) "ld t0, 0(%[m])\n\t" "ld t1, 8(%[m])\n\t" @@ -2308,16 +2243,80 @@ static WC_INLINE void wc_chacha_encrypt(const word32* input, const byte* m, "sd s8, 56(%[c])\n\t" #endif - "lw t0, 48(%[input])\n\t" "addi %[m], %[m], 64\n\t" - "addi t0, t0, 1\n\t" "addi %[c], %[c], 64\n\t" - "sw t0, 48(%[input])\n\t" "bnez %[bytes], L_chacha20_riscv_outer\n\t" + "beqz %[bytes], L_chacha20_riscv_done\n\t" + + "L_chacha20_riscv_over:\n\t" + "addi a3, %[bytes], 64\n\t" + + "sw a4, 0(%[over])\n\t" + "sw a5, 4(%[over])\n\t" + "sw a6, 8(%[over])\n\t" + "sw a7, 12(%[over])\n\t" + "sw t3, 16(%[over])\n\t" + "sw t4, 20(%[over])\n\t" + "sw t5, 24(%[over])\n\t" + "sw t6, 28(%[over])\n\t" + "sw s2, 32(%[over])\n\t" + "sw s3, 36(%[over])\n\t" + "sw s4, 40(%[over])\n\t" + "sw s5, 44(%[over])\n\t" + "sw s6, 48(%[over])\n\t" + "sw s7, 52(%[over])\n\t" + "sw s8, 56(%[over])\n\t" + "sw s9, 60(%[over])\n\t" + + "addi t0, a3, -8\n\t" + "bltz t0, L_chacha20_riscv_32bit\n\t" + "addi a3, a3, -1\n\t" + "L_chacha20_riscv_64bit_loop:\n\t" + "ld t0, (%[m])\n\t" + "ld t1, (%[over])\n\t" + "xor t0, t0, t1\n\t" + "sd t0, (%[c])\n\t" + "addi %[m], %[m], 8\n\t" + "addi %[c], %[c], 8\n\t" + "addi %[over], %[over], 8\n\t" + "addi a3, a3, -8\n\t" + "bgez a3, L_chacha20_riscv_64bit_loop\n\t" + "addi a3, a3, 1\n\t" + + "L_chacha20_riscv_32bit:\n\t" + "addi t0, a3, -4\n\t" + "bltz t0, L_chacha20_riscv_16bit\n\t" + "lw t0, (%[m])\n\t" + "lw t1, (%[over])\n\t" + "xor t0, t0, t1\n\t" + "sw t0, (%[c])\n\t" + "addi %[m], %[m], 4\n\t" + "addi %[c], %[c], 4\n\t" + "addi %[over], %[over], 4\n\t" + + "L_chacha20_riscv_16bit:\n\t" + "addi t0, a3, -2\n\t" + "bltz t0, L_chacha20_riscv_8bit\n\t" + "lh t0, (%[m])\n\t" + "lh t1, (%[over])\n\t" + "xor t0, t0, t1\n\t" + "sh t0, (%[c])\n\t" + "addi %[m], %[m], 2\n\t" + "addi %[c], %[c], 2\n\t" + "addi %[over], %[over], 2\n\t" + + "L_chacha20_riscv_8bit:\n\t" + "addi t0, a3, -1\n\t" + "bltz t0, L_chacha20_riscv_done\n\t\n\t" + "lb t0, (%[m])\n\t" + "lb t1, (%[over])\n\t" + "xor t0, t0, t1\n\t" + "sb t0, (%[c])\n\t" + "bltz %[bytes], L_chacha20_riscv_done\n\t" "L_chacha20_riscv_done:\n\t" - : [m] "+r" (m), [c] "+r" (c), [bytes] "+r" (bytes64), [over] "+r" (over) + : [m] "+r" (m), [c] "+r" (c), [bytes] "+r" (bytes), [over] "+r" (over) : [input] "r" (input) : "memory", "t0", "t1", "t2", "s1", "a3", "t3", "t4", "t5", "t6", @@ -2330,12 +2329,12 @@ static WC_INLINE void wc_chacha_encrypt(const word32* input, const byte* m, /** * Encrypt a stream of bytes */ -static void wc_chacha_encrypt_bytes(ChaCha* ctx, const byte* m, byte* c, - word32 bytes) +static WC_INLINE void wc_chacha_encrypt_bytes(ChaCha* ctx, const byte* m, + byte* c, word32 bytes) { wc_chacha_encrypt(ctx->X, m, c, bytes, ctx->over); - ctx->left = CHACHA_CHUNK_BYTES - (bytes & (CHACHA_CHUNK_BYTES - 1)); - ctx->left &= CHACHA_CHUNK_BYTES - 1; + ctx->left = (CHACHA_CHUNK_BYTES - (bytes & (CHACHA_CHUNK_BYTES - 1))) & + (CHACHA_CHUNK_BYTES - 1); } #endif @@ -2350,24 +2349,20 @@ int wc_Chacha_Process(ChaCha* ctx, byte* output, const byte* input, if ((ctx == NULL) || (output == NULL) || (input == NULL)) { ret = BAD_FUNC_ARG; } - else { - /* handle left overs */ - if (msglen > 0 && ctx->left > 0) { - byte* out; - word32 i; - - out = (byte*)ctx->over + CHACHA_CHUNK_BYTES - ctx->left; - for (i = 0; i < msglen && i < ctx->left; i++) { - output[i] = (byte)(input[i] ^ out[i]); - } - ctx->left -= i; - - msglen -= i; - output += i; - input += i; + else if (msglen > 0) { + if (ctx->left > 0) { + word32 processed = min(msglen, ctx->left); + byte* out = (byte*)ctx->over + CHACHA_CHUNK_BYTES - ctx->left; + + xorbufout(output, input, out, processed); + + ctx->left -= processed; + msglen -= processed; + output += processed; + input += processed; } - if (msglen != 0) { + if (msglen > 0) { wc_chacha_encrypt_bytes(ctx, input, output, msglen); } } From 19ea0b22d06c56b939ee1f74673010d7f0e3262b Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Fri, 2 Aug 2024 10:16:19 -0500 Subject: [PATCH 54/71] linuxkm: update for kernel 6.11 (__kvmalloc_node_noprof and __kmalloc_cache_noprof). --- linuxkm/linuxkm_wc_port.h | 17 +++++++++++++++-- linuxkm/module_hooks.c | 8 +++++++- 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/linuxkm/linuxkm_wc_port.h b/linuxkm/linuxkm_wc_port.h index c00931239b..189a26e348 100644 --- a/linuxkm/linuxkm_wc_port.h +++ b/linuxkm/linuxkm_wc_port.h @@ -533,7 +533,13 @@ const unsigned char *_ctype; -#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 10, 0) +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 11, 0) + typeof(kmalloc_noprof) *kmalloc_noprof; + typeof(krealloc_noprof) *krealloc_noprof; + typeof(kzalloc_noprof) *kzalloc_noprof; + typeof(__kvmalloc_node_noprof) *__kvmalloc_node_noprof; + typeof(__kmalloc_cache_noprof) *__kmalloc_cache_noprof; +#elif LINUX_VERSION_CODE >= KERNEL_VERSION(6, 10, 0) typeof(kmalloc_noprof) *kmalloc_noprof; typeof(krealloc_noprof) *krealloc_noprof; typeof(kzalloc_noprof) *kzalloc_noprof; @@ -685,7 +691,14 @@ #define _ctype (wolfssl_linuxkm_get_pie_redirect_table()->_ctype) -#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 10, 0) +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 11, 0) + /* see include/linux/alloc_tag.h and include/linux/slab.h */ + #define kmalloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc_noprof) + #define krealloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->krealloc_noprof) + #define kzalloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kzalloc_noprof) + #define __kvmalloc_node_noprof (wolfssl_linuxkm_get_pie_redirect_table()->__kvmalloc_node_noprof) + #define __kmalloc_cache_noprof (wolfssl_linuxkm_get_pie_redirect_table()->__kmalloc_cache_noprof) +#elif LINUX_VERSION_CODE >= KERNEL_VERSION(6, 10, 0) /* see include/linux/alloc_tag.h and include/linux/slab.h */ #define kmalloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc_noprof) #define krealloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->krealloc_noprof) diff --git a/linuxkm/module_hooks.c b/linuxkm/module_hooks.c index ce4f6ca750..574e2ad6f8 100644 --- a/linuxkm/module_hooks.c +++ b/linuxkm/module_hooks.c @@ -459,7 +459,13 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) { wolfssl_linuxkm_pie_redirect_table._ctype = _ctype; -#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 10, 0) +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 11, 0) + wolfssl_linuxkm_pie_redirect_table.kmalloc_noprof = kmalloc_noprof; + wolfssl_linuxkm_pie_redirect_table.krealloc_noprof = krealloc_noprof; + wolfssl_linuxkm_pie_redirect_table.kzalloc_noprof = kzalloc_noprof; + wolfssl_linuxkm_pie_redirect_table.__kvmalloc_node_noprof = __kvmalloc_node_noprof; + wolfssl_linuxkm_pie_redirect_table.__kmalloc_cache_noprof = __kmalloc_cache_noprof; +#elif LINUX_VERSION_CODE >= KERNEL_VERSION(6, 10, 0) wolfssl_linuxkm_pie_redirect_table.kmalloc_noprof = kmalloc_noprof; wolfssl_linuxkm_pie_redirect_table.krealloc_noprof = krealloc_noprof; wolfssl_linuxkm_pie_redirect_table.kzalloc_noprof = kzalloc_noprof; From 25d14f19371f94c2d6a5d92e78db46a1273523ac Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 2 Aug 2024 08:05:22 -0700 Subject: [PATCH 55/71] Fail with NOT_COMPILED_IN if someone tries to use ConfirmSignature with NO_ASN_CRYPT. Also default to signature failed. --- wolfcrypt/src/asn.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 1afe0f069a..c791c0a1eb 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -16612,7 +16612,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx, const byte* sigParams, word32 sigParamsSz, byte* rsaKeyIdx) { - int ret = 0; + int ret = ASN_SIG_CONFIRM_E; /* default to failure */ #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS) CertAttribute* certatt = NULL; #endif @@ -17749,8 +17749,8 @@ static int ConfirmSignature(SignatureCtx* sigCtx, exit_cs: #else - /* Warning: The NO_ASN_CRYPT option skips signature checking! */ - ret = 0; /* allow unchecked signature */ + /* For NO_ASN_CRYPT return "not compiled in" */ + ret = NOT_COMPILED_IN; #endif /* !NO_ASN_CRYPT */ (void)keyOID; From d65be7af217daf378e3d3d7386c669427701f229 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sun, 4 Aug 2024 15:41:52 -0500 Subject: [PATCH 56/71] wolfcrypt/src/asn.c and wolfssl/wolfcrypt/asn.h: in SetDNSEntry(), defer XFREE(dnsEntry, ...) until end (fixes double free); add PBE_NONE to enum PBESTypes; in EncryptContent(), initialize id to PBE_NONE to fix a -Wmaybe-uninitialized (CheckAlgo() can leave it unchanged even when returning success). --- wolfcrypt/src/asn.c | 3 +-- wolfssl/wolfcrypt/asn.h | 4 +++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index c791c0a1eb..de916c5150 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -9177,7 +9177,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, word32 seqSz; word32 innerSz; int ret; - int version, id, blockSz = 0; + int version, id = PBE_NONE, blockSz = 0; #ifdef WOLFSSL_SMALL_STACK byte* saltTmp = NULL; byte* cbcIv = NULL; @@ -13550,7 +13550,6 @@ static int SetDNSEntry(DecodedCert* cert, const char* str, int strLen, dnsEntry->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap, DYNAMIC_TYPE_ALTNAME); if (dnsEntry->name == NULL) { - XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); ret = MEMORY_E; } } diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 8cab879ebd..acee9e4276 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -2760,7 +2760,9 @@ enum PBESTypes { PBES2 = 13, /* algo ID */ PBES1_MD5_DES = 3, - PBES1_SHA1_DES = 10 + PBES1_SHA1_DES = 10, + + PBE_NONE = 999 }; enum PKCSTypes { From 8368a32e7eeadca751d88d35a051ba2c79c3787e Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Mon, 5 Aug 2024 05:59:36 +0900 Subject: [PATCH 57/71] clarify description --- doc/dox_comments/header_files-ja/hmac.h | 8 ++++---- doc/dox_comments/header_files/hmac.h | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/doc/dox_comments/header_files-ja/hmac.h b/doc/dox_comments/header_files-ja/hmac.h index 7202e3c07f..7a60f4eb2d 100644 --- a/doc/dox_comments/header_files-ja/hmac.h +++ b/doc/dox_comments/header_files-ja/hmac.h @@ -3,8 +3,8 @@ \brief この関数はHMACオブジェクトを初期化し、その暗号化タイプ、キー、およびHMACの長さを設定します。 \return 0 HMACオブジェクトの初期化に成功しました \return BAD_FUNC_ARG 入力タイプが無効な場合は返されます。有効なオプションは次のとおりです.MD5、SHA、SHA256、SHA384、SHA3-224、SHA3-256、SHA3-384、SHA3-512 - \return MEMORY_E ハッシュに使用する構造体の割り当てメモリの割り当てがある場合 - \return HMAC_MIN_KEYLEN_E FIPS実装を使用するときに返されることがあり、指定されたキー長は最小許容FIPS規格よりも短いです。 + \return MEMORY_E ハッシュに使用する構造体の割り当てメモリの割り当てエラーがある場合 + \return HMAC_MIN_KEYLEN_E FIPS実装を使用するときに、指定されたキーがFIPS規格の最小許容(14バイト)よりも短い \param hmac 初期化するHMACオブジェクトへのポインタ \param type HMACオブジェクトを使用する暗号化方式を指定します。有効なオプションは次のとおりです.MD5、SHA、SHA256、SHA384、SHA3-224、SHA3-256、SHA3-384、SHA3-512 \param key HMACオブジェクトを初期化するキーを含むバッファへのポインタ @@ -13,7 +13,7 @@ Hmac hmac; byte key[] = { // initialize with key to use for encryption }; if (wc_HmacSetKey(&hmac, MD5, key, sizeof(key)) != 0) { - // error initializing Hmac object + // error initializing Hmac object } \endcode \sa wc_HmacUpdate @@ -25,7 +25,7 @@ int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 keySz); \ingroup HMAC \brief この関数は、HMACを使用して認証するメッセージを更新します。HMACオブジェクトがWC_HMACSETKEYで初期化された後に呼び出されるべきです。この関数は、ハッシュへのメッセージを更新するために複数回呼び出されることがあります。必要に応じてwc_hmacupdateを呼び出した後、最終認証済みメッセージタグを取得するためにwc_hmacfinalを呼び出す必要があります。 \return 0 認証するメッセージの更新に成功しました - \return MEMORY_E ハッシュアルゴリズムで使用するためにメモリを割り当てるエラーがある場合 + \return MEMORY_E ハッシュアルゴリズムで使用するためのメモリ割り当てエラーがある場合 \param hmac メッセージを更新するHMACオブジェクトへのポインタ \param msg 追加するメッセージを含むバッファへのポインタ _Example_ diff --git a/doc/dox_comments/header_files/hmac.h b/doc/dox_comments/header_files/hmac.h index a7c416828e..1db707a8b6 100644 --- a/doc/dox_comments/header_files/hmac.h +++ b/doc/dox_comments/header_files/hmac.h @@ -8,9 +8,9 @@ \return BAD_FUNC_ARG Returned if the input type is invalid (see type param) \return MEMORY_E Returned if there is an error allocating memory for the structure to use for hashing - \return HMAC_MIN_KEYLEN_E May be returned when using a FIPS implementation + \return HMAC_MIN_KEYLEN_E Returned when using a FIPS implementation and the key length specified is shorter than the minimum acceptable - FIPS standard + FIPS standard of 14 bytes \param hmac pointer to the Hmac object to initialize \param type type specifying which encryption method the Hmac object From 573ade31785d9398ea9d588a8de7274d4077addf Mon Sep 17 00:00:00 2001 From: Brett Nicholas <7547222+bigbrett@users.noreply.github.com> Date: Mon, 5 Aug 2024 10:15:53 -0600 Subject: [PATCH 58/71] added curl instructions to apple-universal README --- IDE/apple-universal/README.md | 45 ++++++++++++++++++++++++++++++++--- 1 file changed, 42 insertions(+), 3 deletions(-) diff --git a/IDE/apple-universal/README.md b/IDE/apple-universal/README.md index 7a4d38dac6..a13f349244 100644 --- a/IDE/apple-universal/README.md +++ b/IDE/apple-universal/README.md @@ -4,7 +4,7 @@ This example shows how to build a wolfSSL static library for Apple targets on al The example was created using Xcode version 14.3.1. # Why? -Configuring and building wolfSSL through the `configure` interface can be simpler and more user friendly than manually adding the wolfSSL source files to your project and customizing through `user_settings.h`. Building via `configure` also streamlines integration with other open-source projects that expect an installation directory, such as `cURL`'s `--with-wolfssl` option. Finally, some developer teams might prefer to build wolfSSL once with the desired settings and then distribute it as a library framework for app developers to use. Packaging wolfSSL as a framework makes it highly portable and allows for drag-and-drop integration into Xcode projects without needing to worry about compiling the library every time they build their app. +Configuring and building wolfSSL through the `configure` interface can be simpler and more user friendly than manually adding the wolfSSL source files to your project and customizing through `user_settings.h`. Building via `configure` also streamlines integration with other open-source projects that expect an installation directory, such as `curl`'s `--with-wolfssl` option. Finally, some developer teams might prefer to build wolfSSL once with the desired settings and then distribute it as a library framework for app developers to use. Packaging wolfSSL as a framework makes it highly portable and allows for drag-and-drop integration into Xcode projects without needing to worry about compiling the library every time they build their app. However, if you do want to compile wolfSSL from source manually in your Xcode project using `user_settings.h`, see the example in [IDE/XCODE](https://github.com/wolfSSL/wolfssl/tree/master/IDE/XCODE). @@ -16,7 +16,7 @@ This example consists of a build script and an Xcode example project. The build To use the build script, you can run it without arguments to build a default configuration, or you can use the `-c` option to pass in a quoted string containing any additional flags to `configure` that you need. Note that `--enable-static --disable-shared` is always passed to `configure` by default. Consider the following usage example, with descriptions in the comments: -``` +```sh # default configuration ./build-wolfssl-framework.sh @@ -60,7 +60,7 @@ If you are developing on a macOS machine and want to compile wolfSSL to run on m The generic `configure` invocation required to cross compile a static library for an Apple device is as follows: -``` +```sh ./configure --disable-shared --enable-static \ --prefix=${INSTALL_DIR} \ --host=${HOST} \ @@ -89,4 +89,43 @@ Low-level programming in the Apple ecosystem is sparsely documented, and certain 2. Cross compiling for the **iOS simulator** with a min version specifier present (`-miphoneos-version-min`) requires the `-target ${ARCH}-apple-ios-simulator` compiler flag in order to build . It is unclear why this is required, as The GNU documentation claims that the `target` option is only required if cross-compiling a compiler to run on architecture X but emit code for architecture Y (known as a canadian cross-compilation scenario). Regardless, if you do not include a `-target` option, the build will generate a large number of warnings when linking against system libraries with messages like: `ld: warning: building for iOS, but linking in .tbd file (/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator16.4.sdk/usr/lib/libnetwork.tbd) built for iOS Simulator`. It was thought that perhaps the host option should instead be `--host=${ARCH}-apple-ios-simulator` but this is not a valid option, and `configure` will fail with a different error: `checking host system type... Invalid configuration 'arm64-apple-ios-simulator': Kernel 'ios' not known to work with OS 'simulator`. If you do not specify a min iOS version, this is not required. Mysteriously, the other simulators (tvOS, watchOS) do not have this issue.... +## Building wolfSSL and curl + +Building curl with wolfSSL for Apple targets using configure/autotools can be accomplished with the following procedure: + +1. Build wolfSSL as described in the above steps with curl compatibility enabled, either as a framework using the helper script, or as a cross-compiled library for your desired platform + +```sh +cd /path/to/wolfssl/IDE/apple-universal + +# build wolfSSL as a framework using the helper script +./build-wolfssl-framework.sh -c "--enable-curl" + +# or build as a static library for one platform (using iOS as an example) +ARCH=arm64 +WOLFSSL_INSTALL=/path/to/output/install/wolfssl-iphoneos-${ARCH} +./configure --host=${ARCH}-apple-darwin \ + --enable-curl \ + --enable-static --disable-shared \ + --prefix=${WOLFSSL_INSTALL} \ + CFLAGS="-arch ${ARCH} -isysroot $(xcrun --sdk iphoneos --show-sdk-path)" + +make +``` + +2. Configure and build curl to use the wolfSSL library for your platform that was built in step 1. Note that you must use `--with-wolfssl` to point curl to the wolfSSL *library install* for your specific platform, not to the xcframework. + +```sh +cd /path/to/curl + +# Note that it is necessary to manually link curl against the Apple CoreFoundation and Security frameworks, +# as they are required by wolfSSL on Apple platforms. Using iOS as an example: +./configure --host=${ARCH}-apple-darwin \ + --with-wolfssl=${WOLFSSL_INSTALL} \ + CFLAGS="-arch ${ARCH} -isysroot $(xcrun -sdk iphoneos --show-sdk-path)" \ + LDFLAGS="-framework CoreFoundation -framework Security" + +make +``` + From 5320b425e77cf70d4d3c985273d76195aaa7073b Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Mon, 5 Aug 2024 14:32:37 +0200 Subject: [PATCH 59/71] Use tar to preserve links Something broke in the actions/download-artifact action and it is not preserving symbolic links. It didn't get a new release so my guess is that something was updated in the node environment or in npm. This is a future proof solution to preserve the fs structure between upload and download. --- .github/workflows/curl.yml | 9 +++++++-- .github/workflows/cyrus-sasl.yml | 9 +++++++-- .github/workflows/grpc.yml | 9 +++++++-- .github/workflows/hitch.yml | 9 +++++++-- .github/workflows/hostap-vm.yml | 9 +++++++-- .github/workflows/ipmitool.yml | 9 +++++++-- .github/workflows/jwt-cpp.yml | 9 +++++++-- .github/workflows/krb5.yml | 9 +++++++-- .github/workflows/libssh2.yml | 9 +++++++-- .github/workflows/libvncserver.yml | 9 +++++++-- .github/workflows/memcached.yml | 9 +++++++-- .github/workflows/mosquitto.yml | 9 +++++++-- .github/workflows/net-snmp.yml | 9 +++++++-- .github/workflows/nginx.yml | 9 +++++++-- .github/workflows/ntp.yml | 9 +++++++-- .github/workflows/openssh.yml | 9 +++++++-- .github/workflows/openvpn.yml | 9 +++++++-- .github/workflows/pam-ipmi.yml | 9 +++++++-- .github/workflows/rng-tools.yml | 9 +++++++-- .github/workflows/socat.yml | 11 ++++++++--- .github/workflows/stunnel.yml | 9 +++++++-- 21 files changed, 148 insertions(+), 43 deletions(-) diff --git a/.github/workflows/curl.yml b/.github/workflows/curl.yml index d1ffb6f666..a89ef94d5f 100644 --- a/.github/workflows/curl.yml +++ b/.github/workflows/curl.yml @@ -26,11 +26,14 @@ jobs: configure: --enable-curl install: true + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + - name: Upload built lib uses: actions/upload-artifact@v4 with: name: wolf-install-curl - path: build-dir + path: build-dir.tgz retention-days: 5 test_curl: @@ -54,7 +57,9 @@ jobs: uses: actions/download-artifact@v4 with: name: wolf-install-curl - path: build-dir + + - name: untar build-dir + run: tar -xf build-dir.tgz - name: Build curl uses: wolfSSL/actions-build-autotools-project@v1 diff --git a/.github/workflows/cyrus-sasl.yml b/.github/workflows/cyrus-sasl.yml index 8938bb0db4..9f2aab72c2 100644 --- a/.github/workflows/cyrus-sasl.yml +++ b/.github/workflows/cyrus-sasl.yml @@ -29,11 +29,14 @@ jobs: # Don't run tests as this config is tested in many other places check: false + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + - name: Upload built lib uses: actions/upload-artifact@v4 with: name: wolf-install-sasl - path: build-dir + path: build-dir.tgz retention-days: 5 sasl_check: @@ -60,7 +63,9 @@ jobs: uses: actions/download-artifact@v4 with: name: wolf-install-sasl - path: build-dir + + - name: untar build-dir + run: tar -xf build-dir.tgz - name: Checkout OSP uses: actions/checkout@v4 diff --git a/.github/workflows/grpc.yml b/.github/workflows/grpc.yml index d2f0a8317c..4e145cc6c8 100644 --- a/.github/workflows/grpc.yml +++ b/.github/workflows/grpc.yml @@ -27,11 +27,14 @@ jobs: configure: --enable-all 'CPPFLAGS=-DWOLFSSL_RSA_KEY_CHECK -DHAVE_EX_DATA_CLEANUP_HOOKS' install: true + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + - name: Upload built lib uses: actions/upload-artifact@v4 with: name: wolf-install-grpc - path: build-dir + path: build-dir.tgz retention-days: 5 grpc_check: @@ -65,7 +68,9 @@ jobs: uses: actions/download-artifact@v4 with: name: wolf-install-grpc - path: build-dir + + - name: untar build-dir + run: tar -xf build-dir.tgz - name: Checkout OSP uses: actions/checkout@v4 diff --git a/.github/workflows/hitch.yml b/.github/workflows/hitch.yml index 4f11a79f04..c11accd58d 100644 --- a/.github/workflows/hitch.yml +++ b/.github/workflows/hitch.yml @@ -27,11 +27,14 @@ jobs: configure: --enable-hitch install: true + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + - name: Upload built lib uses: actions/upload-artifact@v4 with: name: wolf-install-hitch - path: build-dir + path: build-dir.tgz retention-days: 5 hitch_check: @@ -53,7 +56,9 @@ jobs: uses: actions/download-artifact@v4 with: name: wolf-install-hitch - path: build-dir + + - name: untar build-dir + run: tar -xf build-dir.tgz - name: Checkout OSP uses: actions/checkout@v4 diff --git a/.github/workflows/hostap-vm.yml b/.github/workflows/hostap-vm.yml index aa983ac03e..b24680dfe1 100644 --- a/.github/workflows/hostap-vm.yml +++ b/.github/workflows/hostap-vm.yml @@ -52,11 +52,14 @@ jobs: ${{ env.wolf_debug_flags }} ${{ matrix.wolf_extra_config }} install: true + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + - name: Upload built lib uses: actions/upload-artifact@v4 with: name: ${{ matrix.build_id }} - path: build-dir + path: build-dir.tgz retention-days: 5 build_uml_linux: @@ -178,7 +181,9 @@ jobs: uses: actions/download-artifact@v4 with: name: ${{ matrix.config.build_id }} - path: build-dir + + - name: untar build-dir + run: tar -xf build-dir.tgz - name: Install dependencies run: | diff --git a/.github/workflows/ipmitool.yml b/.github/workflows/ipmitool.yml index 83117a9001..ef7d072e7b 100644 --- a/.github/workflows/ipmitool.yml +++ b/.github/workflows/ipmitool.yml @@ -30,11 +30,14 @@ jobs: # Don't run tests as this config is tested in many other places check: false + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + - name: Upload built lib uses: actions/upload-artifact@v4 with: name: wolf-install-ipmitool - path: build-dir + path: build-dir.tgz retention-days: 5 build_ipmitool: @@ -50,7 +53,9 @@ jobs: uses: actions/download-artifact@v4 with: name: wolf-install-ipmitool - path: build-dir + + - name: untar build-dir + run: tar -xf build-dir.tgz - name: Checkout OSP uses: actions/checkout@v4 diff --git a/.github/workflows/jwt-cpp.yml b/.github/workflows/jwt-cpp.yml index a76d8a1050..13569574fa 100644 --- a/.github/workflows/jwt-cpp.yml +++ b/.github/workflows/jwt-cpp.yml @@ -29,11 +29,14 @@ jobs: # Don't run tests as this config is tested in many other places check: false + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + - name: Upload built lib uses: actions/upload-artifact@v4 with: name: wolf-install-jwt-cpp - path: build-dir + path: build-dir.tgz retention-days: 5 build_pam-ipmi: @@ -56,7 +59,9 @@ jobs: uses: actions/download-artifact@v4 with: name: wolf-install-jwt-cpp - path: build-dir + + - name: untar build-dir + run: tar -xf build-dir.tgz - name: Checkout OSP uses: actions/checkout@v4 diff --git a/.github/workflows/krb5.yml b/.github/workflows/krb5.yml index 87f89dba1c..ce96479ce0 100644 --- a/.github/workflows/krb5.yml +++ b/.github/workflows/krb5.yml @@ -31,11 +31,14 @@ jobs: configure: --enable-krb CC='gcc -fsanitize=address' install: true + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + - name: Upload built lib uses: actions/upload-artifact@v4 with: name: wolf-install-krb5 - path: build-dir + path: build-dir.tgz retention-days: 5 krb5_check: @@ -54,7 +57,9 @@ jobs: uses: actions/download-artifact@v4 with: name: wolf-install-krb5 - path: build-dir + + - name: untar build-dir + run: tar -xf build-dir.tgz - name: Checkout OSP uses: actions/checkout@v4 diff --git a/.github/workflows/libssh2.yml b/.github/workflows/libssh2.yml index a66d1c5697..0f5f241008 100644 --- a/.github/workflows/libssh2.yml +++ b/.github/workflows/libssh2.yml @@ -28,11 +28,14 @@ jobs: check: false # config is already tested in many other PRB's install: true + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + - name: Upload built lib uses: actions/upload-artifact@v4 with: name: wolf-install-libssh2 - path: build-dir + path: build-dir.tgz retention-days: 5 libssh2_check: @@ -51,7 +54,9 @@ jobs: uses: actions/download-artifact@v4 with: name: wolf-install-libssh2 - path: build-dir + + - name: untar build-dir + run: tar -xf build-dir.tgz - name: Build and test libssh2 uses: wolfSSL/actions-build-autotools-project@v1 diff --git a/.github/workflows/libvncserver.yml b/.github/workflows/libvncserver.yml index 348eb56eb6..cdef79dde5 100644 --- a/.github/workflows/libvncserver.yml +++ b/.github/workflows/libvncserver.yml @@ -29,11 +29,14 @@ jobs: # Don't run tests as this config is tested in many other places check: false + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + - name: Upload built lib uses: actions/upload-artifact@v4 with: name: wolf-install-libvncserver - path: build-dir + path: build-dir.tgz retention-days: 5 build_libvncserver: @@ -49,7 +52,9 @@ jobs: uses: actions/download-artifact@v4 with: name: wolf-install-libvncserver - path: build-dir + + - name: untar build-dir + run: tar -xf build-dir.tgz - name: Checkout OSP uses: actions/checkout@v4 diff --git a/.github/workflows/memcached.yml b/.github/workflows/memcached.yml index 9bcedc149e..e1cbb37847 100644 --- a/.github/workflows/memcached.yml +++ b/.github/workflows/memcached.yml @@ -28,11 +28,14 @@ jobs: - name: Bundle Docker entry point run: cp wolfssl/.github/workflows/memcached.sh build-dir/bin + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + - name: Upload built lib uses: actions/upload-artifact@v4 with: name: wolf-install-memcached - path: build-dir + path: build-dir.tgz retention-days: 5 memcached_check: @@ -50,7 +53,9 @@ jobs: uses: actions/download-artifact@v4 with: name: wolf-install-memcached - path: build-dir + + - name: untar build-dir + run: tar -xf build-dir.tgz - name: Checkout OSP uses: actions/checkout@v4 diff --git a/.github/workflows/mosquitto.yml b/.github/workflows/mosquitto.yml index bedd1e4195..aa96938589 100644 --- a/.github/workflows/mosquitto.yml +++ b/.github/workflows/mosquitto.yml @@ -27,11 +27,14 @@ jobs: configure: --enable-mosquitto CFLAGS="-DALLOW_INVALID_CERTSIGN" install: true + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + - name: Upload built lib uses: actions/upload-artifact@v4 with: name: wolf-install-mosquitto - path: build-dir + path: build-dir.tgz retention-days: 5 mosquitto_check: @@ -49,7 +52,9 @@ jobs: uses: actions/download-artifact@v4 with: name: wolf-install-mosquitto - path: build-dir + + - name: untar build-dir + run: tar -xf build-dir.tgz - name: Checkout OSP uses: actions/checkout@v4 diff --git a/.github/workflows/net-snmp.yml b/.github/workflows/net-snmp.yml index c121709f39..e175f487b0 100644 --- a/.github/workflows/net-snmp.yml +++ b/.github/workflows/net-snmp.yml @@ -27,11 +27,14 @@ jobs: configure: --enable-net-snmp install: true + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + - name: Upload built lib uses: actions/upload-artifact@v4 with: name: wolf-install-net-snmp - path: build-dir + path: build-dir.tgz retention-days: 5 net-snmp_check: @@ -52,7 +55,9 @@ jobs: uses: actions/download-artifact@v4 with: name: wolf-install-net-snmp - path: build-dir + + - name: untar build-dir + run: tar -xf build-dir.tgz - name: Checkout OSP uses: actions/checkout@v4 diff --git a/.github/workflows/nginx.yml b/.github/workflows/nginx.yml index 97e57a1eea..6622e0d2a8 100644 --- a/.github/workflows/nginx.yml +++ b/.github/workflows/nginx.yml @@ -33,11 +33,14 @@ jobs: configure: --enable-nginx ${{ env.wolf_debug_flags }} install: true + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + - name: Upload built lib uses: actions/upload-artifact@v4 with: name: wolf-install-nginx - path: build-dir + path: build-dir.tgz retention-days: 5 nginx_check: @@ -111,7 +114,9 @@ jobs: uses: actions/download-artifact@v4 with: name: wolf-install-nginx - path: build-dir + + - name: untar build-dir + run: tar -xf build-dir.tgz - name: Install dependencies run: | diff --git a/.github/workflows/ntp.yml b/.github/workflows/ntp.yml index 04eedd8e94..f4f06bef17 100644 --- a/.github/workflows/ntp.yml +++ b/.github/workflows/ntp.yml @@ -28,11 +28,14 @@ jobs: install: true check: false + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + - name: Upload built lib uses: actions/upload-artifact@v4 with: name: wolf-install-ntp - path: build-dir + path: build-dir.tgz retention-days: 5 ntp_check: @@ -51,7 +54,9 @@ jobs: uses: actions/download-artifact@v4 with: name: wolf-install-ntp - path: build-dir + + - name: untar build-dir + run: tar -xf build-dir.tgz - name: Checkout OSP uses: actions/checkout@v4 diff --git a/.github/workflows/openssh.yml b/.github/workflows/openssh.yml index 040ae74648..456ca842cd 100644 --- a/.github/workflows/openssh.yml +++ b/.github/workflows/openssh.yml @@ -29,11 +29,14 @@ jobs: --enable-intelasm --enable-sp-asm install: true + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + - name: Upload built lib uses: actions/upload-artifact@v4 with: name: wolf-install-openssh - path: build-dir + path: build-dir.tgz retention-days: 5 openssh_check: @@ -51,7 +54,9 @@ jobs: uses: actions/download-artifact@v4 with: name: wolf-install-openssh - path: build-dir + + - name: untar build-dir + run: tar -xf build-dir.tgz - name: Checkout OSP uses: actions/checkout@v4 diff --git a/.github/workflows/openvpn.yml b/.github/workflows/openvpn.yml index 97243cb9ea..a547e8d8f4 100644 --- a/.github/workflows/openvpn.yml +++ b/.github/workflows/openvpn.yml @@ -27,11 +27,14 @@ jobs: configure: --enable-openvpn install: true + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + - name: Upload built lib uses: actions/upload-artifact@v4 with: name: wolf-install-openvpn - path: build-dir + path: build-dir.tgz retention-days: 5 openvpn_check: @@ -50,7 +53,9 @@ jobs: uses: actions/download-artifact@v4 with: name: wolf-install-openvpn - path: build-dir + + - name: untar build-dir + run: tar -xf build-dir.tgz - name: Install dependencies run: | diff --git a/.github/workflows/pam-ipmi.yml b/.github/workflows/pam-ipmi.yml index e6a2a4ae55..dda3200644 100644 --- a/.github/workflows/pam-ipmi.yml +++ b/.github/workflows/pam-ipmi.yml @@ -30,11 +30,14 @@ jobs: # Don't run tests as this config is tested in many other places check: false + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + - name: Upload built lib uses: actions/upload-artifact@v4 with: name: wolf-install-pam-ipmi - path: build-dir + path: build-dir.tgz retention-days: 5 build_pam-ipmi: @@ -58,7 +61,9 @@ jobs: uses: actions/download-artifact@v4 with: name: wolf-install-pam-ipmi - path: build-dir + + - name: untar build-dir + run: tar -xf build-dir.tgz - name: Checkout OSP uses: actions/checkout@v4 diff --git a/.github/workflows/rng-tools.yml b/.github/workflows/rng-tools.yml index a2297bb806..47b7827e27 100644 --- a/.github/workflows/rng-tools.yml +++ b/.github/workflows/rng-tools.yml @@ -28,11 +28,14 @@ jobs: install: true check: false + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + - name: Upload built lib uses: actions/upload-artifact@v4 with: name: wolf-install-rng-tools - path: build-dir + path: build-dir.tgz retention-days: 5 rng-tools_check: @@ -58,7 +61,9 @@ jobs: uses: actions/download-artifact@v4 with: name: wolf-install-rng-tools - path: build-dir + + - name: untar build-dir + run: tar -xf build-dir.tgz - name: Checkout OSP uses: actions/checkout@v4 diff --git a/.github/workflows/socat.yml b/.github/workflows/socat.yml index 98c612d840..fe2c8252ac 100644 --- a/.github/workflows/socat.yml +++ b/.github/workflows/socat.yml @@ -25,12 +25,15 @@ jobs: configure: --enable-maxfragment --enable-opensslall --enable-opensslextra --enable-dtls --enable-oldtls --enable-tlsv10 --enable-ipv6 'CPPFLAGS=-DWOLFSSL_NO_DTLS_SIZE_CHECK -DOPENSSL_COMPATIBLE_DEFAULTS' install: true + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + - name: Upload built lib uses: actions/upload-artifact@v4 with: name: wolf-install-socat - path: build-dir - retention-days: 3 + path: build-dir.tgz + retention-days: 5 socat_check: @@ -49,7 +52,9 @@ jobs: uses: actions/download-artifact@v4 with: name: wolf-install-socat - path: build-dir + + - name: untar build-dir + run: tar -xf build-dir.tgz - name: Download socat run: curl -O http://www.dest-unreach.org/socat/download/socat-1.8.0.0.tar.gz && tar xvf socat-1.8.0.0.tar.gz diff --git a/.github/workflows/stunnel.yml b/.github/workflows/stunnel.yml index 5e1b6b325f..7b7b094526 100644 --- a/.github/workflows/stunnel.yml +++ b/.github/workflows/stunnel.yml @@ -27,11 +27,14 @@ jobs: configure: --enable-stunnel install: true + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + - name: Upload built lib uses: actions/upload-artifact@v4 with: name: wolf-install-stunnel - path: build-dir + path: build-dir.tgz retention-days: 5 stunnel_check: @@ -50,7 +53,9 @@ jobs: uses: actions/download-artifact@v4 with: name: wolf-install-stunnel - path: build-dir + + - name: untar build-dir + run: tar -xf build-dir.tgz - name: Checkout OSP uses: actions/checkout@v4 From 332c64a77ca29f85d14be46eda8e837bfc662db5 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Mon, 5 Aug 2024 18:23:56 +0200 Subject: [PATCH 60/71] docker-OpenWRT.yml: Follow links --- .github/workflows/docker-OpenWrt.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker-OpenWrt.yml b/.github/workflows/docker-OpenWrt.yml index c71b500a67..283e3b92e2 100644 --- a/.github/workflows/docker-OpenWrt.yml +++ b/.github/workflows/docker-OpenWrt.yml @@ -28,11 +28,15 @@ jobs: - uses: actions/checkout@v4 - name: Compile libwolfssl.so run: ./autogen.sh && ./configure --enable-all && make + # 2024-08-05 - Something broke in the actions. They are no longer following links. + - name: tar libwolfssl.so + working-directory: src/.libs + run: tar -zcf libwolfssl.tgz libwolfssl.so* - name: Upload libwolfssl.so uses: actions/upload-artifact@v4 with: name: openwrt-libwolfssl.so - path: src/.libs/libwolfssl.so + path: src/.libs/libwolfssl.tgz retention-days: 5 compile_container: name: Compile container @@ -50,7 +54,9 @@ jobs: - uses: actions/download-artifact@v4 with: name: openwrt-libwolfssl.so - path: Docker/OpenWrt/. + path: . + - name: untar libwolfssl.so + run: tar -xf libwolfssl.tgz -C Docker/OpenWrt - name: Build but dont push uses: docker/build-push-action@v5 with: From 0e0c3634ecf59ecb88bff2c36947414c9cf9563a Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Wed, 31 Jul 2024 09:52:53 +1000 Subject: [PATCH 61/71] Don't attempt to include system headers when not required Some builds don't require system headers: no filesystem and single threaded. --- wolfssl/wolfcrypt/wc_port.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index 0cf0eea656..9824d19f3c 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -59,7 +59,9 @@ #endif /* WOLFSSL_LINUXKM */ /* THREADING/MUTEX SECTION */ -#ifdef USE_WINDOWS_API +#if defined(SINGLE_THREADED) && defined(NO_FILESYSTEM) + /* No system headers required for build. */ +#elif defined(USE_WINDOWS_API) #if defined(WOLFSSL_PTHREADS) #include #endif From df0663b70e0b8dee2e3decb6d625154737e1e58c Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Mon, 5 Aug 2024 14:45:35 -0400 Subject: [PATCH 62/71] Fix memory leak CC="gcc -fsanitize=address" ./configure --enable-dtls --enable-opensslextra --enable-debug CFLAGS="-DNO_WOLFSSL_SERVER" && make && tests/unit.test --- tests/api.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/tests/api.c b/tests/api.c index e59c8c2bed..a69033a263 100644 --- a/tests/api.c +++ b/tests/api.c @@ -47267,25 +47267,21 @@ static int test_wolfSSL_tmp_dh(void) #ifndef NO_WOLFSSL_SERVER ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); -#endif -#ifndef NO_WOLFSSL_CLIENT - ExpectNotNull(ctx_c = SSL_CTX_new(wolfSSLv23_client_method())); -#ifdef NO_WOLFSSL_SERVER - ctx = ctx_c; -#endif -#endif ExpectTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); ExpectNotNull(ssl = SSL_new(ctx)); +#endif #ifndef NO_WOLFSSL_CLIENT + ExpectNotNull(ctx_c = SSL_CTX_new(wolfSSLv23_client_method())); ExpectTrue(SSL_CTX_use_certificate_file(ctx_c, svrCertFile, WOLFSSL_FILETYPE_PEM)); ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx_c, svrKeyFile, WOLFSSL_FILETYPE_PEM)); ExpectNotNull(ssl_c = SSL_new(ctx_c)); #ifdef NO_WOLFSSL_SERVER + ctx = ctx_c; ssl = ssl_c; #endif #endif From fc19c36bf801330b2393e3edaf1546e1dcd9e6df Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Mon, 29 Jul 2024 10:48:08 +1000 Subject: [PATCH 63/71] Dilithium: fix check hint When all indeces are 0, then don't check hints against indeces. --- tests/api.c | 6 ++++++ wolfcrypt/src/dilithium.c | 4 ++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/tests/api.c b/tests/api.c index e59c8c2bed..cae0de7320 100644 --- a/tests/api.c +++ b/tests/api.c @@ -32389,6 +32389,12 @@ static int test_wc_dilithium_verify(void) 0); ExpectIntEQ(res, 0); sig[100] ^= 0x80; + + /* Set all indeces to 0. */ + XMEMSET(sig + sigLen - 4, 0, 4); + ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, key), + SIG_VERIFY_E); + ExpectIntEQ(res, 0); } #endif diff --git a/wolfcrypt/src/dilithium.c b/wolfcrypt/src/dilithium.c index 521353c608..a40265fa07 100644 --- a/wolfcrypt/src/dilithium.c +++ b/wolfcrypt/src/dilithium.c @@ -3183,11 +3183,11 @@ static int dilithium_check_hint(const byte* h, byte k, byte omega) unsigned int i; /* Skip polynomial index while count is 0. */ - while ((h[omega + o] == 0) && (o < k)) { + while ((o < k) && (h[omega + o] == 0)) { o++; } /* Check all possible hints. */ - for (i = 1; i < omega; i++) { + for (i = 1; (o < k) && (i < omega); i++) { /* Done with polynomial if index equals count of hints. */ if (i == h[omega + o]) { /* Next polynomial index while count is index. */ From cc2ed4a75b4b0db5cfbc0f7896afea94a3c7bf24 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Mon, 5 Aug 2024 16:47:35 -0600 Subject: [PATCH 64/71] add w64Add for build with word64 --- wolfcrypt/src/misc.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c index 7f8f3f7d70..a87909080d 100644 --- a/wolfcrypt/src/misc.c +++ b/wolfcrypt/src/misc.c @@ -716,6 +716,16 @@ WC_MISC_STATIC WC_INLINE w64wrapper w64Add32(w64wrapper a, word32 b, byte *wrap) return a; } +WC_MISC_STATIC WC_INLINE w64wrapper w64Add(w64wrapper a, w64wrapper b, + byte *wrap) +{ + a.n = a.n + b.n; + if (a.n < b.n && wrap != NULL) + *wrap = 1; + + return a; +} + WC_MISC_STATIC WC_INLINE w64wrapper w64Sub32(w64wrapper a, word32 b, byte *wrap) { if (a.n < b && wrap != NULL) @@ -919,7 +929,7 @@ WC_MISC_STATIC WC_INLINE byte w64IsZero(w64wrapper a) return a.n[0] == 0 && a.n[1] == 0; } -WC_MISC_STATIC WC_INLINE void c64toa(w64wrapper *a, byte *out) +WC_MISC_STATIC WC_INLINE void c64toa(const w64wrapper *a, byte *out) { #ifdef BIG_ENDIAN_ORDER word32 *_out = (word32*)(out); From 50834891742893cdabb88cdde3b7668234e48727 Mon Sep 17 00:00:00 2001 From: S-P Chan Date: Mon, 5 Aug 2024 09:58:46 +0800 Subject: [PATCH 65/71] wolfssl/wolfcrypt/pkcs11.sh: add full data RSA PSS mechs --- wolfssl/wolfcrypt/pkcs11.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/wolfssl/wolfcrypt/pkcs11.h b/wolfssl/wolfcrypt/pkcs11.h index 27758c062f..7a53710b6f 100644 --- a/wolfssl/wolfcrypt/pkcs11.h +++ b/wolfssl/wolfcrypt/pkcs11.h @@ -164,6 +164,13 @@ extern "C" { #define CKM_AES_CBC 0x00001082UL #define CKM_AES_GCM 0x00001087UL +/* full data RSA PK callbacks */ +#define CKM_SHA1_RSA_PKCS_PSS 0x0000000EUL +#define CKM_SHA256_RSA_PKCS_PSS 0x00000043UL +#define CKM_SHA384_RSA_PKCS_PSS 0x00000044UL +#define CKM_SHA512_RSA_PKCS_PSS 0x00000045UL +#define CKM_SHA224_RSA_PKCS_PSS 0x00000047UL + #define CKG_MGF1_SHA1 0x00000001UL #define CKG_MGF1_SHA224 0x00000005UL #define CKG_MGF1_SHA256 0x00000002UL From 4062b94fb3d7c6d1a7767f8fee105f7ced71e869 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Mon, 5 Aug 2024 21:18:15 +1000 Subject: [PATCH 66/71] RISC-V 64: Add assembly code for SHA-512 Cleanup RISC-V 64 SHA-256 by removing unused rev_idx. --- src/include.am | 12 + wolfcrypt/src/port/riscv/riscv-64-sha256.c | 14 - wolfcrypt/src/port/riscv/riscv-64-sha512.c | 1724 +++++++++++++++++++ wolfcrypt/src/sha512.c | 2 +- wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h | 6 + 5 files changed, 1743 insertions(+), 15 deletions(-) create mode 100644 wolfcrypt/src/port/riscv/riscv-64-sha512.c diff --git a/src/include.am b/src/include.am index 4d96fd2ebe..544ad3ea8e 100644 --- a/src/include.am +++ b/src/include.am @@ -234,6 +234,9 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-sha256 endif BUILD_RISCV_ASM if BUILD_SHA512 +if BUILD_RISCV_ASM +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-sha512.c +else if BUILD_ARMASM_NEON src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha512.c if BUILD_ARMASM_INLINE @@ -262,6 +265,7 @@ endif BUILD_INTELASM endif !BUILD_X86_ASM endif !BUILD_ARMASM endif !BUILD_ARMASM_NEON +endif !BUILD_RISCV_ASM endif BUILD_SHA512 if BUILD_SHA3 @@ -393,6 +397,9 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-sha256 endif BUILD_RISCV_ASM if BUILD_SHA512 +if BUILD_RISCV_ASM +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-sha512.c +else if BUILD_ARMASM_NEON src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha512.c if BUILD_ARMASM_INLINE @@ -419,6 +426,7 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/sha512_asm.S endif BUILD_INTELASM endif !BUILD_ARMASM endif !BUILD_ARMASM_NEON +endif !BUILD_RISCV_ASM endif BUILD_SHA512 if BUILD_SHA3 @@ -738,6 +746,9 @@ endif !BUILD_FIPS_CURRENT if !BUILD_FIPS_CURRENT if BUILD_SHA512 +if BUILD_RISCV_ASM +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/riscv/riscv-64-sha512.c +else if BUILD_ARMASM_NEON src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/arm/armv8-sha512.c if BUILD_ARMASM_INLINE @@ -766,6 +777,7 @@ endif BUILD_INTELASM endif !BUILD_X86_ASM endif !BUILD_ARMASM endif !BUILD_ARMASM_NEON +endif !BUILD_RISCV_ASM endif BUILD_SHA512 endif !BUILD_FIPS_CURRENT diff --git a/wolfcrypt/src/port/riscv/riscv-64-sha256.c b/wolfcrypt/src/port/riscv/riscv-64-sha256.c index 3c546b00d7..00fbc1ee5b 100644 --- a/wolfcrypt/src/port/riscv/riscv-64-sha256.c +++ b/wolfcrypt/src/port/riscv/riscv-64-sha256.c @@ -600,13 +600,6 @@ static WC_INLINE void Sha256Transform(wc_Sha256* sha256, const byte* data, (0b010 << 12) | (0b1110111 << 0) | \ (vd << 7) | (vs1 << 15) | (vs2 << 20)) -#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION -/* Indecies to use with gather vector instruction to reverse bytes. */ -static const word32 rev_idx[4] = { - 0x00010203, 0x04050607, 0x08090a0b, 0x0c0d0e0f -}; -#endif /* !WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION */ - #define RND4(w0, w1, w2, w3, k) \ /* Four rounds of compression. */ \ VADD_VV(REG_V7, w0, k) \ @@ -690,9 +683,6 @@ static void Sha256Transform(wc_Sha256* sha256, const byte* data, : [blocks] "+r" (blocks), [data] "+r" (data), [k] "+r" (k) : [digest] "r" (sha256->digest) -#ifndef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION - , [rev_idx] "r" (rev_idx) -#endif : "cc", "memory", "t0", "t1" ); } @@ -884,10 +874,6 @@ static WC_INLINE void Sha256Final(wc_Sha256* sha256, byte* hash) #endif : : [digest] "r" (sha256->digest), [hash] "r" (hash) -#if defined(WOLFSSL_RISCV_VECTOR_CRYPTO_ASM) && \ - !defined(WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION) - , [rev_idx] "r" (rev_idx) -#endif : "cc", "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6", "a4", "a5", "a6", "a7" ); diff --git a/wolfcrypt/src/port/riscv/riscv-64-sha512.c b/wolfcrypt/src/port/riscv/riscv-64-sha512.c new file mode 100644 index 0000000000..b5b7f213d5 --- /dev/null +++ b/wolfcrypt/src/port/riscv/riscv-64-sha512.c @@ -0,0 +1,1724 @@ +/* riscv-sha512.c + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include + +#ifdef WOLFSSL_RISCV_ASM +#if !defined(NO_SHA512) || defined(WOLFSSL_SHA384) + +#if FIPS_VERSION3_LT(6,0,0) && defined(HAVE_FIPS) + #undef HAVE_FIPS +#else + #if defined(HAVE_FIPS) && FIPS_VERSION3_GE(6,0,0) + /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ + #define FIPS_NO_WRAPPERS + #endif +#endif + +#include +#if FIPS_VERSION3_GE(6,0,0) + const unsigned int wolfCrypt_FIPS_sha512_ro_sanity[2] = + { 0x1a2b3c4d, 0x00000014 }; + int wolfCrypt_FIPS_SHA512_sanity(void) + { + return 0; + } +#endif +#include +#include + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +/* Constants to add in each round. */ +static const word64 K512[80] = { + W64LIT(0x428a2f98d728ae22), W64LIT(0x7137449123ef65cd), + W64LIT(0xb5c0fbcfec4d3b2f), W64LIT(0xe9b5dba58189dbbc), + W64LIT(0x3956c25bf348b538), W64LIT(0x59f111f1b605d019), + W64LIT(0x923f82a4af194f9b), W64LIT(0xab1c5ed5da6d8118), + W64LIT(0xd807aa98a3030242), W64LIT(0x12835b0145706fbe), + W64LIT(0x243185be4ee4b28c), W64LIT(0x550c7dc3d5ffb4e2), + W64LIT(0x72be5d74f27b896f), W64LIT(0x80deb1fe3b1696b1), + W64LIT(0x9bdc06a725c71235), W64LIT(0xc19bf174cf692694), + W64LIT(0xe49b69c19ef14ad2), W64LIT(0xefbe4786384f25e3), + W64LIT(0x0fc19dc68b8cd5b5), W64LIT(0x240ca1cc77ac9c65), + W64LIT(0x2de92c6f592b0275), W64LIT(0x4a7484aa6ea6e483), + W64LIT(0x5cb0a9dcbd41fbd4), W64LIT(0x76f988da831153b5), + W64LIT(0x983e5152ee66dfab), W64LIT(0xa831c66d2db43210), + W64LIT(0xb00327c898fb213f), W64LIT(0xbf597fc7beef0ee4), + W64LIT(0xc6e00bf33da88fc2), W64LIT(0xd5a79147930aa725), + W64LIT(0x06ca6351e003826f), W64LIT(0x142929670a0e6e70), + W64LIT(0x27b70a8546d22ffc), W64LIT(0x2e1b21385c26c926), + W64LIT(0x4d2c6dfc5ac42aed), W64LIT(0x53380d139d95b3df), + W64LIT(0x650a73548baf63de), W64LIT(0x766a0abb3c77b2a8), + W64LIT(0x81c2c92e47edaee6), W64LIT(0x92722c851482353b), + W64LIT(0xa2bfe8a14cf10364), W64LIT(0xa81a664bbc423001), + W64LIT(0xc24b8b70d0f89791), W64LIT(0xc76c51a30654be30), + W64LIT(0xd192e819d6ef5218), W64LIT(0xd69906245565a910), + W64LIT(0xf40e35855771202a), W64LIT(0x106aa07032bbd1b8), + W64LIT(0x19a4c116b8d2d0c8), W64LIT(0x1e376c085141ab53), + W64LIT(0x2748774cdf8eeb99), W64LIT(0x34b0bcb5e19b48a8), + W64LIT(0x391c0cb3c5c95a63), W64LIT(0x4ed8aa4ae3418acb), + W64LIT(0x5b9cca4f7763e373), W64LIT(0x682e6ff3d6b2b8a3), + W64LIT(0x748f82ee5defb2fc), W64LIT(0x78a5636f43172f60), + W64LIT(0x84c87814a1f0ab72), W64LIT(0x8cc702081a6439ec), + W64LIT(0x90befffa23631e28), W64LIT(0xa4506cebde82bde9), + W64LIT(0xbef9a3f7b2c67915), W64LIT(0xc67178f2e372532b), + W64LIT(0xca273eceea26619c), W64LIT(0xd186b8c721c0c207), + W64LIT(0xeada7dd6cde0eb1e), W64LIT(0xf57d4f7fee6ed178), + W64LIT(0x06f067aa72176fba), W64LIT(0x0a637dc5a2c898a6), + W64LIT(0x113f9804bef90dae), W64LIT(0x1b710b35131c471b), + W64LIT(0x28db77f523047d84), W64LIT(0x32caab7b40c72493), + W64LIT(0x3c9ebe0a15c9bebc), W64LIT(0x431d67c49c100d4c), + W64LIT(0x4cc5d4becb3e42b6), W64LIT(0x597f299cfc657e2a), + W64LIT(0x5fcb6fab3ad6faec), W64LIT(0x6c44198c4a475817) +}; + +static int InitSha512(wc_Sha512* sha512, void* heap, int devId) +{ + int ret = 0; + + if (sha512 == NULL) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + sha512->heap = heap; + #ifdef WOLF_CRYPTO_CB + sha512->devId = devId; + #endif + (void)devId; + #ifdef WOLFSSL_SMALL_STACK_CACHE + sha512->W = NULL; + #endif + + #ifdef WOLFSSL_HASH_FLAGS + sha512->flags = 0; + #endif + } + + return ret; +} + +/* Initialze SHA-512 object for hashing. + * + * @param [in, out] sha512 SHA-512 object. + */ +static void InitSha512_State(wc_Sha512* sha512) +{ + /* Set initial hash values. */ +#ifndef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM + sha512->digest[0] = W64LIT(0x6a09e667f3bcc908); + sha512->digest[1] = W64LIT(0xbb67ae8584caa73b); + sha512->digest[2] = W64LIT(0x3c6ef372fe94f82b); + sha512->digest[3] = W64LIT(0xa54ff53a5f1d36f1); + sha512->digest[4] = W64LIT(0x510e527fade682d1); + sha512->digest[5] = W64LIT(0x9b05688c2b3e6c1f); + sha512->digest[6] = W64LIT(0x1f83d9abfb41bd6b); + sha512->digest[7] = W64LIT(0x5be0cd19137e2179); +#else + /* f, e, b, a, h, g, d, c */ + sha512->digest[0] = W64LIT(0x9b05688c2b3e6c1f); + sha512->digest[1] = W64LIT(0x510e527fade682d1); + sha512->digest[2] = W64LIT(0xbb67ae8584caa73b); + sha512->digest[3] = W64LIT(0x6a09e667f3bcc908); + sha512->digest[4] = W64LIT(0x5be0cd19137e2179); + sha512->digest[5] = W64LIT(0x1f83d9abfb41bd6b); + sha512->digest[6] = W64LIT(0xa54ff53a5f1d36f1); + sha512->digest[7] = W64LIT(0x3c6ef372fe94f82b); +#endif + + /* No hashed data. */ + sha512->buffLen = 0; + /* No data hashed. */ + sha512->loLen = 0; + sha512->hiLen = 0; +} + +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) +#if !defined(WOLFSSL_NOSHA512_224) +/** + * Initialize given wc_Sha512 structure with value specific to sha512/224. + * Note that sha512/224 has different initial hash value from sha512. + * The initial hash value consists of eight 64bit words. They are given + * in FIPS180-4. + */ +static void InitSha512_224_State(wc_Sha512* sha512) +{ +#ifndef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM + sha512->digest[0] = W64LIT(0x8c3d37c819544da2); + sha512->digest[1] = W64LIT(0x73e1996689dcd4d6); + sha512->digest[2] = W64LIT(0x1dfab7ae32ff9c82); + sha512->digest[3] = W64LIT(0x679dd514582f9fcf); + sha512->digest[4] = W64LIT(0x0f6d2b697bd44da8); + sha512->digest[5] = W64LIT(0x77e36f7304c48942); + sha512->digest[6] = W64LIT(0x3f9d85a86a1d36c8); + sha512->digest[7] = W64LIT(0x1112e6ad91d692a1); +#else + /* f, e, b, a, h, g, d, c */ + sha512->digest[0] = W64LIT(0x77e36f7304c48942); + sha512->digest[1] = W64LIT(0x0f6d2b697bd44da8); + sha512->digest[2] = W64LIT(0x73e1996689dcd4d6); + sha512->digest[3] = W64LIT(0x8c3d37c819544da2); + sha512->digest[4] = W64LIT(0x1112e6ad91d692a1); + sha512->digest[5] = W64LIT(0x3f9d85a86a1d36c8); + sha512->digest[6] = W64LIT(0x679dd514582f9fcf); + sha512->digest[7] = W64LIT(0x1dfab7ae32ff9c82); +#endif + + /* No hashed data. */ + sha512->buffLen = 0; + /* No data hashed. */ + sha512->loLen = 0; + sha512->hiLen = 0; +} +#endif /* !WOLFSSL_NOSHA512_224 */ +#endif /* !HAVE_FIPS && !HAVE_SELFTEST */ + +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) +#if !defined(WOLFSSL_NOSHA512_256) +/** + * Initialize given wc_Sha512 structure with value specific to sha512/256. + * Note that sha512/256 has different initial hash value from sha512. + * The initial hash value consists of eight 64bit words. They are given + * in FIPS180-4. + */ +static void InitSha512_256_State(wc_Sha512* sha512) +{ +#ifndef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM + sha512->digest[0] = W64LIT(0x22312194fc2bf72c); + sha512->digest[1] = W64LIT(0x9f555fa3c84c64c2); + sha512->digest[2] = W64LIT(0x2393b86b6f53b151); + sha512->digest[3] = W64LIT(0x963877195940eabd); + sha512->digest[4] = W64LIT(0x96283ee2a88effe3); + sha512->digest[5] = W64LIT(0xbe5e1e2553863992); + sha512->digest[6] = W64LIT(0x2b0199fc2c85b8aa); + sha512->digest[7] = W64LIT(0x0eb72ddc81c52ca2); +#else + /* f, e, b, a, h, g, d, c */ + sha512->digest[0] = W64LIT(0xbe5e1e2553863992); + sha512->digest[1] = W64LIT(0x96283ee2a88effe3); + sha512->digest[2] = W64LIT(0x9f555fa3c84c64c2); + sha512->digest[3] = W64LIT(0x22312194fc2bf72c); + sha512->digest[4] = W64LIT(0x0eb72ddc81c52ca2); + sha512->digest[5] = W64LIT(0x2b0199fc2c85b8aa); + sha512->digest[6] = W64LIT(0x963877195940eabd); + sha512->digest[7] = W64LIT(0x2393b86b6f53b151); +#endif + + /* No hashed data. */ + sha512->buffLen = 0; + /* No data hashed. */ + sha512->loLen = 0; + sha512->hiLen = 0; +} +#endif /* !WOLFSSL_NOSHA512_256 */ +#endif /* !HAVE_FIPS && !HAVE_SELFTEST */ + +/* More data hashed, add length to 64-bit cumulative total. + * + * @param [in, out] sha512 SHA-512 object. Assumed not NULL. + * @param [in] len Length to add. + */ +static WC_INLINE void AddLength(wc_Sha512* sha512, word32 len) +{ + word32 tmp = sha512->loLen; + if ((sha512->loLen += len) < tmp) + sha512->hiLen++; /* carry low to high */ +} + +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + +/* Load a word with bytes reversed. */ +#define LOAD_DWORD_REV(r, o, p, t0, t1, t2, t3) \ + "lbu " #t0 ", " #o "+4(" #p ")\n\t" \ + "lbu " #t1 ", " #o "+5(" #p ")\n\t" \ + "lbu " #t2 ", " #o "+6(" #p ")\n\t" \ + "lbu " #r ", " #o "+7(" #p ")\n\t" \ + "slli " #t0 ", " #t0 ", 24\n\t" \ + "slli " #t1 ", " #t1 ", 16\n\t" \ + "slli " #t2 ", " #t2 ", 8\n\t" \ + "or " #r ", " #r ", " #t0 "\n\t" \ + "or " #r ", " #r ", " #t1 "\n\t" \ + "or " #r ", " #r ", " #t2 "\n\t" \ + "lbu " #t0 ", " #o "+0(" #p ")\n\t" \ + "lbu " #t1 ", " #o "+1(" #p ")\n\t" \ + "lbu " #t2 ", " #o "+2(" #p ")\n\t" \ + "lbu " #t3 ", " #o "+3(" #p ")\n\t" \ + "slli " #t0 ", " #t0 ", 56\n\t" \ + "slli " #t1 ", " #t1 ", 48\n\t" \ + "slli " #t2 ", " #t2 ", 40\n\t" \ + "slli " #t3 ", " #t3 ", 32\n\t" \ + "or " #r ", " #r ", " #t0 "\n\t" \ + "or " #r ", " #r ", " #t1 "\n\t" \ + "or " #r ", " #r ", " #t2 "\n\t" \ + "or " #r ", " #r ", " #t3 "\n\t" + +#endif + +#ifndef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM + +#ifdef WOLFSSL_RISCV_SCALAR_CRYPTO_ASM + +/* SHA-512 SUM0 operation. */ +#define SHA512SUM0(rd, rs1) \ + ASM_WORD((0b000100000100 << 20) | (0b001 << 12) | 0b0010011 | \ + (rs1 << 15) | (rd << 7)) +/* SHA-512 SUM1 operation. */ +#define SHA512SUM1(rd, rs1) \ + ASM_WORD((0b000100000101 << 20) | (0b001 << 12) | 0b0010011 | \ + (rs1 << 15) | (rd << 7)) +/* SHA-512 SIGMA0 operation. */ +#define SHA512SIG0(rd, rs1) \ + ASM_WORD((0b000100000110 << 20) | (0b001 << 12) | 0b0010011 | \ + (rs1 << 15) | (rd << 7)) +/* SHA-512 SIGMA1 operation. */ +#define SHA512SIG1(rd, rs1) \ + ASM_WORD((0b000100000111 << 20) | (0b001 << 12) | 0b0010011 | \ + (rs1 << 15) | (rd << 7)) + +/* One round of compression. */ +#define RND(a, b, c, d, e, f, g, h, w, k) \ + /* Get e and a */ \ + "mv a4, " #e "\n\t" \ + "mv a5, " #a "\n\t" \ + /* Sigma1(e) */ \ + SHA512SUM1(REG_A4, REG_A4) \ + /* Sigma0(a) */ \ + SHA512SUM0(REG_A5, REG_A5) \ + /* Maj(a, b, c) = t5 */ \ + /* Ch(e, f, g) = t6 */ \ + /* a ^ b */ \ + "xor t4, " #a ", " #b "\n\t" \ + /* f ^ g */ \ + "xor t6, " #f ", " #g "\n\t" \ + /* b ^ c */ \ + "xor t5, " #b ", " #c "\n\t" \ + /* (f ^ g) & e */ \ + "and t6, t6, " #e "\n\t" \ + /* (a^b) & (b^c) */ \ + "and t5, t5, t4\n\t" \ + /* ((f ^ g) & e) ^ g */ \ + "xor t6, t6, " #g "\n\t" \ + /* ((a^b) & (b^c)) ^ b */ \ + "xor t5, t5, " #b "\n\t" \ + /* sigma1 + Ch */ \ + "add t4, a4, t6\n\t" \ + /* K + W */ \ + "add t6, " #k ", " #w "\n\t" \ + /* sigma1 + Ch + K + W = 't0'-h */ \ + "add t4, t4, t6\n\t" \ + /* h + sigma1 + Ch + K + W = 't0' = h */ \ + "add " #h ", " #h ", t4\n\t" \ + /* Sigma0(a) + Maj = 't1' */ \ + "add t5, a5, t5\n\t" \ + /* d += 't0' */ \ + "add " #d ", " #d ", " #h "\n\t" \ + /* h += 't1' */ \ + "add " #h ", " #h ", t5\n\t" + +#define W_UPDATE(w0, w1, w9, w14, reg_w0, reg_w1, reg_w9, reg_w14) \ + /* Gamma0(W[1]) */ \ + SHA512SIG0(REG_A4, reg_w1) \ + /* Gamma1(W[i-2]) = Gamma1(W[14]) */ \ + SHA512SIG1(REG_A5, reg_w14) \ + /* Gamma1(W[14]) + W[9] */ \ + "add a5, a5, " #w9 "\n\t" \ + /* Gamma0(W[1]) + W[i-16] = Gamma0(W[1]) + W[0] */ \ + "add " #w0 ", " #w0 ", a4\n\t" \ + /* W[0] = Gamma1(W[14]) + W[9] + Gamma0(W[1]) + W[0] */ \ + "add " #w0 ", a5, " #w0 "\n\t" + +#else + +/* SHA-512 SUM0 operation. */ +#define SHA512SUM0(rd, rs1) \ + "slli t5, " #rs1 ", 36\n\t" \ + "srli t4, " #rs1 ", 28\n\t" \ + "slli t6, " #rs1 ", 30\n\t" \ + "or t4, t4, t5\n\t" \ + "srli t5, " #rs1 ", 34\n\t" \ + "xor t4, t4, t6\n\t" \ + "slli t6, " #rs1 ", 25\n\t" \ + "xor t4, t4, t5\n\t" \ + "srli " #rd ", " #rs1 ", 39\n\t" \ + "xor t4, t4, t6\n\t" \ + "xor " #rd ", " #rd ", t4\n\t" + +/* SHA-512 SUM1 operation. */ +#define SHA512SUM1(rd, rs1) \ + "slli t5, " #rs1 ", 50\n\t" \ + "srli t4, " #rs1 ", 14\n\t" \ + "slli t6, " #rs1 ", 46\n\t" \ + "or t4, t4, t5\n\t" \ + "srli t5, " #rs1 ", 18\n\t" \ + "xor t4, t4, t6\n\t" \ + "slli t6, " #rs1 ", 23\n\t" \ + "xor t4, t4, t5\n\t" \ + "srli " #rd ", " #rs1 ", 41\n\t" \ + "xor t4, t4, t6\n\t" \ + "xor " #rd ", " #rd ", t4\n\t" + +/* SHA-512 SIGMA0 operation. */ +#define SHA512SIG0(rd, rs1) \ + "slli t5, " #rs1 ", 63\n\t" \ + "srli t6, " #rs1 ", 1\n\t" \ + "slli t4, " #rs1 ", 56\n\t" \ + "or t6, t6, t5\n\t" \ + "srli t5, " #rs1 ", 8\n\t" \ + "xor t6, t6, t4\n\t" \ + "srli " #rd ", " #rs1 ", 7\n\t" \ + "xor t6, t6, t5\n\t" \ + "xor " #rd ", " #rd ", t6\n\t" + +/* SHA-512 SIGMA1 operation. */ +#define SHA512SIG1(rd, rs1) \ + "slli t5, " #rs1 ", 45\n\t" \ + "srli t6, " #rs1 ", 19\n\t" \ + "slli t4, " #rs1 ", 3\n\t" \ + "or t6, t6, t5\n\t" \ + "srli t5, " #rs1 ", 61\n\t" \ + "xor t6, t6, t4\n\t" \ + "srli " #rd ", " #rs1 ", 6\n\t" \ + "xor t6, t6, t5\n\t" \ + "xor " #rd ", " #rd ", t6\n\t" + +/* One round of compression. */ +#define RND(a, b, c, d, e, f, g, h, w, k) \ + /* Sigma1(e) */ \ + SHA512SUM1(a4, e) \ + /* Sigma0(a) */ \ + SHA512SUM0(a5, a) \ + /* Maj(a, b, c) = t5 */ \ + /* Ch(e, f, g) = t6 */ \ + /* a ^ b */ \ + "xor t4, " #a ", " #b "\n\t" \ + /* f ^ g */ \ + "xor t6, " #f ", " #g "\n\t" \ + /* b ^ c */ \ + "xor t5, " #b ", " #c "\n\t" \ + /* (f ^ g) & e */ \ + "and t6, t6, " #e "\n\t" \ + /* (a^b) & (b^c) */ \ + "and t5, t5, t4\n\t" \ + /* ((f ^ g) & e) ^ g */ \ + "xor t6, t6, " #g "\n\t" \ + /* ((a^b) & (b^c)) ^ b */ \ + "xor t5, t5, " #b "\n\t" \ + /* sigma1 + Ch */ \ + "add t4, a4, t6\n\t" \ + /* K + W */ \ + "add t6, " #k ", " #w "\n\t" \ + /* sigma1 + Ch + K + W = 't0'-h */ \ + "add t4, t4, t6\n\t" \ + /* h + sigma1 + Ch + K + W = 't0' = h */ \ + "add " #h ", " #h ", t4\n\t" \ + /* Sigma0(a) + Maj = 't1' */ \ + "add t5, a5, t5\n\t" \ + /* d += 't0' */ \ + "add " #d ", " #d ", " #h "\n\t" \ + /* h += 't1' */ \ + "add " #h ", " #h ", t5\n\t" + +/* Two message schedule updates. */ +#define W_UPDATE(w0, w1, w9, w14, reg_w0, reg_w1, reg_w9, reg_14) \ + /* Gamma0(W[1]) */ \ + SHA512SIG0(a4, w1) \ + /* Gamma1(W[i-2]) = Gamma1(W[14]) */ \ + SHA512SIG1(a5, w14) \ + /* Gamma1(W[14]) + W[9] */ \ + "add a5, a5, " #w9 "\n\t" \ + /* Gamma0(W[1]) + W[i-16] = Gamma0(W[1]) + W[0] */ \ + "add " #w0 ", " #w0 ", a4\n\t" \ + /* W[0] = Gamma1(W[14]) + W[9] + Gamma0(W[1]) + W[0] */ \ + "add " #w0 ", a5, " #w0 "\n\t" + + +#endif /* WOLFSSL_RISCV_SCALAR_CRYPTO_ASM */ + +#define RND2_W(a, b, c, d, e, f, g, h, o, w2o, w9o, w10o) \ + /* Get k[i] */ \ + "ld a6, " #o "(%[k])\n\t" \ + /* Get k[i+1] */ \ + "ld a7, " #o "+8(%[k])\n\t" \ + RND(a, b, c, d, e, f, g, h, s1, a6) \ + /* Get W[1] */ \ + "ld s2, " #o "+8(sp)\n\t" \ + /* Get W[9] */ \ + "ld s3, " #w9o "(sp)\n\t" \ + W_UPDATE(s1, s2, s3, s4, REG_S1, REG_S2, REG_S3, REG_S4) \ + RND(h, a, b, c, d, e, f, g, s2, a7) \ + "mv s4, s1\n\t" \ + /* Get W[2] */ \ + "ld s1, " #w2o "(sp)\n\t" \ + /* Get W[10] */ \ + "ld s3, " #w10o "(sp)\n\t" \ + W_UPDATE(s2, s1, s3, s5, REG_S2, REG_S1, REG_S3, REG_S5) \ + "sd s4, " #o "(sp)\n\t" \ + "mv s5, s2\n\t" \ + "sd s2, " #o "+8(sp)\n\t" + +/* Sixteen rounds of compression with message scheduling. */ +#define RND16() \ + RND2_W(t0, t1, t2, t3, s8, s9, s10, s11, 0, 16, 72, 80) \ + RND2_W(s10, s11, t0, t1, t2, t3, s8, s9, 16, 32, 88, 96) \ + RND2_W(s8, s9, s10, s11, t0, t1, t2, t3, 32, 48, 104, 112) \ + RND2_W(t2, t3, s8, s9, s10, s11, t0, t1, 48, 64, 120, 0) \ + RND2_W(t0, t1, t2, t3, s8, s9, s10, s11, 64, 80, 8, 16) \ + RND2_W(s10, s11, t0, t1, t2, t3, s8, s9, 80, 96, 24, 32) \ + RND2_W(s8, s9, s10, s11, t0, t1, t2, t3, 96, 112, 40, 48) \ + RND2_W(t2, t3, s8, s9, s10, s11, t0, t1, 112, 0, 56, 64) + +#define RND2(a, b, c, d, e, f, g, h, o) \ + /* Get k[i] */ \ + "ld a6, " #o "(%[k])\n\t" \ + /* Get W[0] */ \ + "ld s1, " #o "(sp)\n\t" \ + RND(a, b, c, d, e, f, g, h, s1, a6) \ + /* Get k[i] */ \ + "ld a6, " #o "+8(%[k])\n\t" \ + /* Get W[1] */ \ + "ld s1, " #o "+8(sp)\n\t" \ + RND(h, a, b, c, d, e, f, g, s1, a6) + +/* Sixteen rounds of compression only. */ +#define RND16_LAST() \ + RND2(t0, t1, t2, t3, s8, s9, s10, s11, 0) \ + RND2(s10, s11, t0, t1, t2, t3, s8, s9, 16) \ + RND2(s8, s9, s10, s11, t0, t1, t2, t3, 32) \ + RND2(t2, t3, s8, s9, s10, s11, t0, t1, 48) \ + RND2(t0, t1, t2, t3, s8, s9, s10, s11, 64) \ + RND2(s10, s11, t0, t1, t2, t3, s8, s9, 80) \ + RND2(s8, s9, s10, s11, t0, t1, t2, t3, 96) \ + RND2(t2, t3, s8, s9, s10, s11, t0, t1, 112) + +/* Transform the message data. + * + * @param [in, out] sha512 SHA-512 object. + * @param [in] data Buffer of data to hash. + * @param [in] blocks Number of blocks of data to hash. + */ +static WC_INLINE void Sha512Transform(wc_Sha512* sha512, const byte* data, + word32 blocks) +{ + word64* k = (word64*)K512; + + __asm__ __volatile__ ( + "addi sp, sp, -128\n\t" + + /* Load digest. */ + "ld t0, 0(%[digest])\n\t" + "ld t1, 8(%[digest])\n\t" + "ld t2, 16(%[digest])\n\t" + "ld t3, 24(%[digest])\n\t" + "ld s8, 32(%[digest])\n\t" + "ld s9, 40(%[digest])\n\t" + "ld s10, 48(%[digest])\n\t" + "ld s11, 56(%[digest])\n\t" + + /* 5 rounds of 16 per block - 4 loops of 16 and 1 final 16. */ + "slli %[blocks], %[blocks], 2\n\t" + + "\n1:\n\t" + /* beginning of SHA512 block operation */ + /* Load W */ +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + LOAD_DWORD_REV(t4, 0, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s1, 8, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s2, 16, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s3, 24, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s4, 32, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s5, 40, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s6, 48, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s7, 56, %[data], a4, a5, a6, a7) +#else + "ld t4, 0(%[data])\n\t" + "ld s1, 8(%[data])\n\t" + "ld s2, 16(%[data])\n\t" + "ld s3, 24(%[data])\n\t" + "ld s4, 32(%[data])\n\t" + "ld s5, 40(%[data])\n\t" + "ld s6, 48(%[data])\n\t" + "ld s7, 56(%[data])\n\t" + REV8(REG_T4, REG_T4) + REV8(REG_S1, REG_S1) + REV8(REG_S2, REG_S2) + REV8(REG_S3, REG_S3) + REV8(REG_S4, REG_S4) + REV8(REG_S5, REG_S5) + REV8(REG_S6, REG_S6) + REV8(REG_S7, REG_S7) +#endif + "sd t4, 0(sp)\n\t" + "sd s1, 8(sp)\n\t" + "sd s2, 16(sp)\n\t" + "sd s3, 24(sp)\n\t" + "sd s4, 32(sp)\n\t" + "sd s5, 40(sp)\n\t" + "sd s6, 48(sp)\n\t" + "sd s7, 56(sp)\n\t" +#ifndef WOLFSSL_RISCV_BASE_BIT_MANIPULATION + LOAD_DWORD_REV(t4, 64, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s1, 72, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s2, 80, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s3, 88, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s4, 96, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s5, 104, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s6, 112, %[data], a4, a5, a6, a7) + LOAD_DWORD_REV(s7, 120, %[data], a4, a5, a6, a7) +#else + "ld t4, 64(%[data])\n\t" + "ld s1, 72(%[data])\n\t" + "ld s2, 80(%[data])\n\t" + "ld s3, 88(%[data])\n\t" + "ld s4, 96(%[data])\n\t" + "ld s5, 104(%[data])\n\t" + "ld s6, 112(%[data])\n\t" + "ld s7, 120(%[data])\n\t" + REV8(REG_T4, REG_T4) + REV8(REG_S1, REG_S1) + REV8(REG_S2, REG_S2) + REV8(REG_S3, REG_S3) + REV8(REG_S4, REG_S4) + REV8(REG_S5, REG_S5) + REV8(REG_S6, REG_S6) + REV8(REG_S7, REG_S7) +#endif + "sd t4, 64(sp)\n\t" + "sd s1, 72(sp)\n\t" + "sd s2, 80(sp)\n\t" + "sd s3, 88(sp)\n\t" + "sd s4, 96(sp)\n\t" + "sd s5, 104(sp)\n\t" + "sd s6, 112(sp)\n\t" + "sd s7, 120(sp)\n\t" + + "\n2:\n\t" + /* Get W[0] */ + "ld s1, 0(sp)\n\t" + /* Get W[14] */ + "ld s4, 112(sp)\n\t" + /* Get W[15] */ + "ld s5, 120(sp)\n\t" + "addi %[blocks], %[blocks], -1\n\t" + RND16() + "andi a4, %[blocks], 3\n\t" + "add %[k], %[k], 128\n\t" + "bnez a4, 2b \n\t" + RND16_LAST() + "addi %[k], %[k], -512\n\t" + + "# Add working vars back into digest state.\n\t" + "ld t4, 0(%[digest])\n\t" + "ld s1, 8(%[digest])\n\t" + "ld s2, 16(%[digest])\n\t" + "ld s3, 24(%[digest])\n\t" + "ld s4, 32(%[digest])\n\t" + "ld s5, 40(%[digest])\n\t" + "ld s6, 48(%[digest])\n\t" + "ld s7, 56(%[digest])\n\t" + "add t0, t0, t4\n\t" + "add t1, t1, s1\n\t" + "add t2, t2, s2\n\t" + "add t3, t3, s3\n\t" + "add s8, s8, s4\n\t" + "add s9, s9, s5\n\t" + "add s10, s10, s6\n\t" + "add s11, s11, s7\n\t" + + /* Store digest. */ + "sd t0, 0(%[digest])\n\t" + "sd t1, 8(%[digest])\n\t" + "sd t2, 16(%[digest])\n\t" + "sd t3, 24(%[digest])\n\t" + "sd s8, 32(%[digest])\n\t" + "sd s9, 40(%[digest])\n\t" + "sd s10, 48(%[digest])\n\t" + "sd s11, 56(%[digest])\n\t" + + "add %[data], %[data], 128\n\t" + "bnez %[blocks], 1b \n\t" + + "addi sp, sp, 128\n\t" + + : [blocks] "+r" (blocks), [data] "+r" (data), [k] "+r" (k) + : [digest] "r" (sha512->digest) + : "cc", "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6", + "a4", "a5", "a6", "a7", + "s1", "s2", "s3", "s4", "s5", "s6", "s7", "s8", "s9", "s10", + "s11" + ); +} + +#else + +/* Two rounds of compression using low two W values. + * Assumes K has been added into W values. + */ +#define VSHA2CL_VV(vd, vs1, vs2) \ + ASM_WORD((0b101111 << 26) | (0b1 << 25) | \ + (0b010 << 12) | (0b1110111 << 0) | \ + (vd << 7) | (vs1 << 15) | (vs2 << 20)) + +/* Two rounds of compression using upper two W values. + * Assumes K has been added into W values. + */ +#define VSHA2CH_VV(vd, vs1, vs2) \ + ASM_WORD((0b101110 << 26) | (0b1 << 25) | \ + (0b010 << 12) | (0b1110111 << 0) | \ + (vd << 7) | (vs1 << 15) | (vs2 << 20)) + +/* Update 4 W values - message scheduling. */ +#define VSHA2MS_VV(vd, vs1, vs2) \ + ASM_WORD((0b101101 << 26) | (0b1 << 25) | \ + (0b010 << 12) | (0b1110111 << 0) | \ + (vd << 7) | (vs1 << 15) | (vs2 << 20)) + +#define RND4(w0, w2, w4, w6, k) \ + /* Four rounds of compression. */ \ + VADD_VV(REG_V14, w0, k) \ + VMV_X_S(REG_T1, w2) \ + VSHA2CL_VV(REG_V10, REG_V14, REG_V8) \ + VMV_V_V(REG_V12, w4) \ + VSHA2CH_VV(REG_V8, REG_V14, REG_V10) \ + /* Update 4 W values - message schedule. */ \ + VMV_S_X(REG_V12, REG_T1) \ + VSHA2MS_VV(w0, w6, REG_V12) + +#define RND4_LAST(w, k) \ + /* Four rounds of compression. */ \ + VADD_VV(REG_V14, w, k) \ + VSHA2CL_VV(REG_V10, REG_V14, REG_V8) \ + VSHA2CH_VV(REG_V8, REG_V14, REG_V10) + +#define RND16(k) \ + RND4(REG_V0, REG_V2, REG_V4, REG_V6, (k + 0)) \ + RND4(REG_V2, REG_V4, REG_V6, REG_V0, (k + 2)) \ + RND4(REG_V4, REG_V6, REG_V0, REG_V2, (k + 4)) \ + RND4(REG_V6, REG_V0, REG_V2, REG_V4, (k + 6)) + +#define RND16_LAST(k) \ + RND4_LAST(REG_V0, (k + 0)) \ + RND4_LAST(REG_V2, (k + 2)) \ + RND4_LAST(REG_V4, (k + 4)) \ + RND4_LAST(REG_V6, (k + 6)) + +/* Transform the message data. + * + * @param [in, out] sha512 SHA-512 object. + * @param [in] data Buffer of data to hash. + * @param [in] blocks Number of blocks of data to hash. + */ +static void Sha512Transform(wc_Sha512* sha512, const byte* data, + word32 blocks) +{ + word64* k = (word64*)K512; + + __asm__ __volatile__ ( + VSETIVLI(REG_ZERO, 4, 1, 1, 0b011, 0b001) + + /* Load: a|b|e|f, c|d|g|h + * 3 2 1 0 3 2 1 0 + */ + "mv t0, %[digest]\n\t" + VL4RE64_V(REG_V8, REG_T0) + + "\n1:\n\t" + VMVR_V(REG_V28, REG_V8, 4) + + /* Load 16 W into 8 vectors of 2 64-bit words. */ + "mv t0, %[data]\n\t" + VL8RE64_V(REG_V0, REG_T0) + VREV8(REG_V0, REG_V0) + VREV8(REG_V2, REG_V2) + VREV8(REG_V4, REG_V4) + VREV8(REG_V6, REG_V6) + + "mv t0, %[k]\n\t" + VL8RE64_V(REG_V16, REG_T0) + RND16(REG_V16) + "addi t0, %[k], 128\n\t" + VL8RE64_V(REG_V16, REG_T0) + RND16(REG_V16) + "addi t0, %[k], 256\n\t" + VL8RE64_V(REG_V16, REG_T0) + RND16(REG_V16) + "addi t0, %[k], 384\n\t" + VL8RE64_V(REG_V16, REG_T0) + RND16(REG_V16) + "addi t0, %[k], 512\n\t" + VL8RE64_V(REG_V16, REG_T0) + RND16_LAST(REG_V16) + + VADD_VV(REG_V8, REG_V8, REG_V28) + VADD_VV(REG_V10, REG_V10, REG_V30) + + "addi %[blocks], %[blocks], -1\n\t" + "add %[data], %[data], 128\n\t" + "bnez %[blocks], 1b \n\t" + + "mv t0, %[digest]\n\t" + VS4R_V(REG_V8, REG_T0) + + : [blocks] "+r" (blocks), [data] "+r" (data), [k] "+r" (k) + : [digest] "r" (sha512->digest) + : "cc", "memory", "t0", "t1" + ); +} + +#endif /* WOLFSSL_RISCV_VECTOR_CRYPTO_ASM */ + +/* Update the hash with data. + * + * @param [in, out] sha512 SHA-512 object. + * @param [in] data Buffer of data to hash. + * @param [in] len Number of bytes in buffer to hash. + * @return 0 on success. + */ +static WC_INLINE int Sha512Update(wc_Sha512* sha512, const byte* data, + word32 len) +{ + word32 add; + word32 blocks; + + /* only perform actions if a buffer is passed in */ + if (len > 0) { + AddLength(sha512, len); + + if (sha512->buffLen > 0) { + /* fill leftover buffer with data */ + add = min(len, WC_SHA512_BLOCK_SIZE - sha512->buffLen); + XMEMCPY((byte*)(sha512->buffer) + sha512->buffLen, data, add); + sha512->buffLen += add; + data += add; + len -= add; + if (sha512->buffLen == WC_SHA512_BLOCK_SIZE) { + Sha512Transform(sha512, (byte*)sha512->buffer, 1); + sha512->buffLen = 0; + } + } + + /* number of blocks in a row to complete */ + blocks = len / WC_SHA512_BLOCK_SIZE; + + if (blocks > 0) { + Sha512Transform(sha512, data, blocks); + data += blocks * WC_SHA512_BLOCK_SIZE; + len -= blocks * WC_SHA512_BLOCK_SIZE; + } + + if (len > 0) { + /* copy over any remaining data leftover */ + XMEMCPY(sha512->buffer, data, len); + sha512->buffLen = len; + } + } + + /* account for possibility of not used if len = 0 */ + (void)add; + (void)blocks; + + return 0; +} + +/* Finalize the hash and put into buffer. + * + * @param [in, out] sha512 SHA-512 object. + * @param [out] hash Buffer to hold hash result. + * @param [in] hashLen Length of hash to write out. + */ +static WC_INLINE void Sha512Final(wc_Sha512* sha512, byte* hash, int hashLen) +{ + byte* local; + byte hashBuf[WC_SHA512_DIGEST_SIZE]; + byte* hashRes = hash; + + if (hashLen < WC_SHA512_DIGEST_SIZE) { + hashRes = hashBuf; + } + + local = (byte*)sha512->buffer; + local[sha512->buffLen++] = 0x80; /* add 1 */ + + /* pad with zeros */ + if (sha512->buffLen > WC_SHA512_PAD_SIZE) { + XMEMSET(&local[sha512->buffLen], 0, + WC_SHA512_BLOCK_SIZE - sha512->buffLen); + Sha512Transform(sha512, (byte*)sha512->buffer, 1); + sha512->buffLen = 0; + } + XMEMSET(&local[sha512->buffLen], 0, WC_SHA512_PAD_SIZE - sha512->buffLen); + + /* put lengths in bits */ + sha512->hiLen = (sha512->loLen >> (8*sizeof(sha512->loLen) - 3)) + + (sha512->hiLen << 3); + sha512->loLen = sha512->loLen << 3; + + sha512->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 2] = sha512->hiLen; + sha512->buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64) - 1] = sha512->loLen; + + /* store lengths */ + __asm__ __volatile__ ( + /* Reverse byte order of 64-bit words. */ +#if defined(WOLFSSL_RISCV_BASE_BIT_MANIPULATION) + "ld t0, 112(%[buff])\n\t" + "ld t1, 120(%[buff])\n\t" + REV8(REG_T0, REG_T0) + REV8(REG_T1, REG_T1) +#else + LOAD_DWORD_REV(t0, 112, %[buff], t2, t3, t4, t5) + LOAD_DWORD_REV(t1, 120, %[buff], t2, t3, t4, t5) +#endif + "sd t0, 112(%[buff])\n\t" + "sd t1, 120(%[buff])\n\t" + : + : [buff] "r" (sha512->buffer) + : "cc", "memory", "t0", "t1", "t2", "t3", "t4", "t5" + ); + + Sha512Transform(sha512, (byte*)sha512->buffer, 1); + + __asm__ __volatile__ ( + /* Reverse byte order of 64-bit words. */ +#if defined(WOLFSSL_RISCV_VECTOR_CRYPTO_ASM) + VSETIVLI(REG_ZERO, 4, 1, 1, 0b011, 0b001) + "mv t0, %[digest]\n\t" + VL4RE64_V(REG_V4, REG_T0) + VREV8(REG_V4, REG_V4) + VREV8(REG_V6, REG_V6) + VSETIVLI(REG_ZERO, 2, 1, 1, 0b011, 0b000) + /* e|f, a|b, g|h, c|d + * 1 0 1 0 1 0 1 0 */ + VSLIDEDOWN_VI(REG_V0, REG_V5, 1) /* a */ + VSLIDEDOWN_VI(REG_V1, REG_V7, 1) /* c */ + VSLIDEDOWN_VI(REG_V2, REG_V4, 1) /* e */ + VSLIDEDOWN_VI(REG_V3, REG_V6, 1) /* g */ + VSLIDEUP_VI(REG_V0, REG_V5, 1) + VSLIDEUP_VI(REG_V1, REG_V7, 1) + VSLIDEUP_VI(REG_V2, REG_V4, 1) + VSLIDEUP_VI(REG_V3, REG_V6, 1) + "mv t0, %[hash]\n\t" + VS4R_V(REG_V0, REG_T0) +#elif defined(WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION) + VSETIVLI(REG_ZERO, 4, 1, 1, 0b011, 0b001) + "mv t0, %[digest]\n\t" + VL4RE64_V(REG_V0, REG_T0) + VREV8(REG_V0, REG_V0) + VREV8(REG_V2, REG_V2) + "mv t0, %[hash]\n\t" + VS4R_V(REG_V0, REG_T0) +#elif defined(WOLFSSL_RISCV_BASE_BIT_MANIPULATION) + "ld t0, 0(%[digest])\n\t" + "ld t1, 8(%[digest])\n\t" + "ld t2, 16(%[digest])\n\t" + "ld t3, 24(%[digest])\n\t" + "ld s8, 32(%[digest])\n\t" + "ld s9, 40(%[digest])\n\t" + "ld s10, 48(%[digest])\n\t" + "ld s11, 56(%[digest])\n\t" + REV8(REG_T0, REG_T0) + REV8(REG_T1, REG_T1) + REV8(REG_T2, REG_T2) + REV8(REG_T3, REG_T3) + REV8(REG_S8, REG_S8) + REV8(REG_S9, REG_S9) + REV8(REG_S10, REG_S10) + REV8(REG_S11, REG_S11) + "sd t0, 0(%[hash])\n\t" + "sd t1, 8(%[hash])\n\t" + "sd t2, 16(%[hash])\n\t" + "sd t3, 24(%[hash])\n\t" + "sd s8, 32(%[hash])\n\t" + "sd s9, 40(%[hash])\n\t" + "sd s10, 48(%[hash])\n\t" + "sd s11, 56(%[hash])\n\t" +#else + LOAD_DWORD_REV(t0, 0, %[digest], a4, a5, a6, a7) + LOAD_DWORD_REV(t1, 8, %[digest], a4, a5, a6, a7) + LOAD_DWORD_REV(t2, 16, %[digest], a4, a5, a6, a7) + LOAD_DWORD_REV(t3, 24, %[digest], a4, a5, a6, a7) + LOAD_DWORD_REV(s8, 32, %[digest], a4, a5, a6, a7) + LOAD_DWORD_REV(s9, 40, %[digest], a4, a5, a6, a7) + LOAD_DWORD_REV(s10, 48, %[digest], a4, a5, a6, a7) + LOAD_DWORD_REV(s11, 56, %[digest], a4, a5, a6, a7) + "sd t0, 0(%[hash])\n\t" + "sd t1, 8(%[hash])\n\t" + "sd t2, 16(%[hash])\n\t" + "sd t3, 24(%[hash])\n\t" + "sd s8, 32(%[hash])\n\t" + "sd s9, 40(%[hash])\n\t" + "sd s10, 48(%[hash])\n\t" + "sd s11, 56(%[hash])\n\t" +#endif + : + : [digest] "r" (sha512->digest), [hash] "r" (hashRes) + : "cc", "memory", "t0", "t1", "t2", "t3", "t4", "t5", "t6", + "s8", "s9", "s10", "s11", "a4", "a5", "a6", "a7" + ); + + if (hashRes == hashBuf) { + XMEMCPY(hash, hashBuf, hashLen); + } +} + + +#ifndef NO_SHA512 + +/* Initialize SHA-512 object for hashing. + * + * @param [in, out] sha512 SHA-512 object. + * @param [in] heap Dynamic memory hint. + * @param [in] devId Device Id. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha512 is NULL. + */ +int wc_InitSha512_ex(wc_Sha512* sha512, void* heap, int devId) +{ + int ret = InitSha512(sha512, heap, devId); + if (ret == 0) { + InitSha512_State(sha512); + } + return ret; +} + +/* Initialize SHA-512 object for hashing. + * + * @param [in, out] sha512 SHA-512 object. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha512 is NULL. + */ +int wc_InitSha512(wc_Sha512* sha512) +{ + return wc_InitSha512_ex(sha512, NULL, INVALID_DEVID); +} + +/* Free the SHA-512 hash. + * + * @param [in] sha512 SHA-512 object. + */ +void wc_Sha512Free(wc_Sha512* sha512) +{ + /* No dynamic memory allocated. */ + (void)sha512; +} + +/* Update the hash with data. + * + * @param [in, out] sha512 SHA-512 object. + * @param [in] data Buffer of data to hash. + * @param [in] len Number of bytes in buffer to hash. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha512 is NULL. + * @return BAD_FUNC_ARG when data is NULL but len is not 0. + */ +int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len) +{ + int ret; + + /* Validate parameters. */ + if ((sha512 == NULL) || ((data == NULL) && (len != 0))) { + ret = BAD_FUNC_ARG; + } + else { + ret = Sha512Update(sha512, data, len); + } + + return ret; +} + +/* Put the current hash into buffer. + * + * @param [in, out] sha512 SHA-512 object. + * @param [out] hash Buffer to hold hash result. + * @param [in] hashLen Length of hash to write out. + */ +static void Sha512FinalRaw(wc_Sha512* sha512, byte* hash, int hashLen) +{ + word32 digest[WC_SHA512_DIGEST_SIZE / sizeof(word32)]; + + ByteReverseWords64((word64*)digest, (word64*)sha512->digest, + WC_SHA512_DIGEST_SIZE); + XMEMCPY(hash, digest, hashLen); +} + +/* Put the current hash into buffer. + * + * @param [in, out] sha512 SHA-512 object. + * @param [out] hash Buffer to hold hash result. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha512 or hash is NULL. + */ +int wc_Sha512FinalRaw(wc_Sha512* sha512, byte* hash) +{ + int ret = 0; + + /* Validate parameters. */ + if ((sha512 == NULL) || (hash == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + Sha512FinalRaw(sha512, hash, WC_SHA512_DIGEST_SIZE); + } + + return ret; +} + +/* Finalize the hash and put into buffer. + * + * @param [in, out] sha512 SHA-512 object. + * @param [out] hash Buffer to hold hash result. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha512 or hash is NULL. + */ +int wc_Sha512Final(wc_Sha512* sha512, byte* hash) +{ + int ret = 0; + + /* Validate parameters. */ + if ((sha512 == NULL) || (hash == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + /* Finalize hash. */ + Sha512Final(sha512, hash, WC_SHA512_DIGEST_SIZE); + /* Restart SHA-512 object for next hash. */ + InitSha512_State(sha512); + } + + return ret; +} + +/* Finalize the hash and put into buffer but don't modify state. + * + * @param [in, out] sha512 SHA-512 object. + * @param [out] hash Buffer to hold hash result. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha512 or hash is NULL. + */ +int wc_Sha512GetHash(wc_Sha512* sha512, byte* hash) +{ + int ret; + + /* Validate parameters. */ + if ((sha512 == NULL) || (hash == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + wc_Sha512 tmpSha512; + /* Create a copy of the hash to finalize. */ + ret = wc_Sha512Copy(sha512, &tmpSha512); + if (ret == 0) { + /* Finalize copy. */ + Sha512Final(&tmpSha512, hash, WC_SHA512_DIGEST_SIZE); + wc_Sha512Free(&tmpSha512); + } + } + + return ret; +} + +#ifdef WOLFSSL_HASH_FLAGS +/* Set flags of SHA-512 object. + * + * @param [in, out] sha512 SHA-512 object. + * @param [in] flags Flags to set. + * @return 0 on success. + */ +int wc_Sha512SetFlags(wc_Sha512* sha512, word32 flags) +{ + /* Check we have an object to use. */ + if (sha512 != NULL) { + sha512->flags = flags; + } + return 0; +} +/* Get flags of SHA-512 object. + * + * @param [in] sha512 SHA-512 object. + * @param [out] flags Flags from SHA-512 object. + * @return 0 on success. + */ +int wc_Sha512GetFlags(wc_Sha512* sha512, word32* flags) +{ + /* Check we have an object and return parameter to use. */ + if ((sha512 != NULL) && (flags != NULL)) { + *flags = sha512->flags; + } + return 0; +} +#endif + +/* Deep copy the SHA-512 object. + * + * @param [in] src SHA-512 object to copy. + * @param [out] dst SHA-512 object to fill. + * @return 0 on success. + * @return BAD_FUNC_ARG when src or dst is NULL. + */ +int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst) +{ + int ret = 0; + + /* Validate parameters. */ + if ((src == NULL) || (dst == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + XMEMCPY(dst, src, sizeof(wc_Sha512)); + } + + return ret; +} + +#ifdef OPENSSL_EXTRA +/* Update the hash with one block of data. + * + * @param [in, out] sha512 SHA-512 object. + * @param [in] data Buffer of data to hash. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha512 or data is NULL. + */ +int wc_Sha512Transform(wc_Sha512* sha512, const unsigned char* data) +{ + int ret = 0; + + /* Validate parameters. */ + if ((sha512 == NULL) || (data == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + ByteReverseWords(sha512->buffer, (word32*)data, WC_SHA512_BLOCK_SIZE); + Sha512Transform(sha512, (byte*)sha512->buffer, 1); + } + + return ret; +} +#endif + +#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_FULL_HASH) +/* Update the hash with one block of data and optionally get hash. + * + * @param [in, out] sha512 SHA-512 object. + * @param [in] data Buffer of data to hash. + * @param [out] hash Buffer to hold hash. May be NULL. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha512 or data is NULL. + */ +int wc_Sha512HashBlock(wc_Sha512* sha512, const unsigned char* data, + unsigned char* hash) +{ + int ret = 0; + + /* Validate parameters. */ + if ((sha512 == NULL) || (data == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + /* Hash block. */ + Sha512Transform(sha512, data, 1); + + if (hash != NULL) { + /* Reverse bytes in digest. */ + word32* hash32 = (word32*)hash; + word32* digest = (word32*)sha512->digest; + hash32[0] = ByteReverseWord32(digest[0]); + hash32[1] = ByteReverseWord32(digest[1]); + hash32[2] = ByteReverseWord32(digest[2]); + hash32[3] = ByteReverseWord32(digest[3]); + hash32[4] = ByteReverseWord32(digest[4]); + hash32[5] = ByteReverseWord32(digest[5]); + hash32[6] = ByteReverseWord32(digest[6]); + hash32[7] = ByteReverseWord32(digest[7]); + /* Reset state. */ + #ifndef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM + sha512->digest[0] = 0x6A09E667L; + sha512->digest[1] = 0xBB67AE85L; + sha512->digest[2] = 0x3C6EF372L; + sha512->digest[3] = 0xA54FF53AL; + sha512->digest[4] = 0x510E527FL; + sha512->digest[5] = 0x9B05688CL; + sha512->digest[6] = 0x1F83D9ABL; + sha512->digest[7] = 0x5BE0CD19L; + #else + /* f, e, b, a, h, g, d, c */ + sha512->digest[0] = 0x9B05688CL; + sha512->digest[1] = 0x510E527FL; + sha512->digest[2] = 0xBB67AE85L; + sha512->digest[3] = 0x6A09E667L; + sha512->digest[4] = 0x5BE0CD19L; + sha512->digest[5] = 0x1F83D9ABL; + sha512->digest[6] = 0xA54FF53AL; + sha512->digest[7] = 0x3C6EF372L; + #endif + } + } + + return ret; +} +#endif /* WOLFSSL_HAVE_LMS && !WOLFSSL_LMS_FULL_HASH */ + +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + +#if !defined(WOLFSSL_NOSHA512_224) + +int wc_InitSha512_224_ex(wc_Sha512* sha512, void* heap, int devId) +{ + int ret = InitSha512(sha512, heap, devId); + if (ret == 0) { + InitSha512_224_State(sha512); + } + return ret; +} +int wc_InitSha512_224(wc_Sha512* sha512) +{ + return wc_InitSha512_224_ex(sha512, NULL, INVALID_DEVID); +} +int wc_Sha512_224Update(wc_Sha512* sha512, const byte* data, word32 len) +{ + return wc_Sha512Update(sha512, data, len); +} +int wc_Sha512_224FinalRaw(wc_Sha512* sha512, byte* hash) +{ + int ret = 0; + + /* Validate parameters. */ + if ((sha512 == NULL) || (hash == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + Sha512FinalRaw(sha512, hash, WC_SHA512_224_DIGEST_SIZE); + } + + return ret; +} +int wc_Sha512_224Final(wc_Sha512* sha512, byte* hash) +{ + int ret = 0; + + /* Validate parameters. */ + if ((sha512 == NULL) || (hash == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + /* Finalize hash. */ + Sha512Final(sha512, hash, WC_SHA512_224_DIGEST_SIZE); + /* Restart SHA-512 object for next hash. */ + InitSha512_224_State(sha512); + } + + return ret; +} +void wc_Sha512_224Free(wc_Sha512* sha512) +{ + wc_Sha512Free(sha512); +} +int wc_Sha512_224GetHash(wc_Sha512* sha512, byte* hash) +{ + int ret; + + /* Validate parameters. */ + if ((sha512 == NULL) || (hash == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + wc_Sha512 tmpSha512; + /* Create a copy of the hash to finalize. */ + ret = wc_Sha512Copy(sha512, &tmpSha512); + if (ret == 0) { + /* Finalize copy. */ + Sha512Final(&tmpSha512, hash, WC_SHA512_224_DIGEST_SIZE); + wc_Sha512Free(&tmpSha512); + } + } + + return ret; +} +int wc_Sha512_224Copy(wc_Sha512* src, wc_Sha512* dst) +{ + return wc_Sha512Copy(src, dst); +} + +#ifdef WOLFSSL_HASH_FLAGS +int wc_Sha512_224SetFlags(wc_Sha512* sha512, word32 flags) +{ + return wc_Sha512SetFlags(sha512, flags); +} +int wc_Sha512_224GetFlags(wc_Sha512* sha512, word32* flags) +{ + return wc_Sha512GetFlags(sha512, flags); +} +#endif /* WOLFSSL_HASH_FLAGS */ + +#if defined(OPENSSL_EXTRA) +int wc_Sha512_224Transform(wc_Sha512* sha512, const unsigned char* data) +{ + return wc_Sha512Transform(sha512, data); +} +#endif /* OPENSSL_EXTRA */ + +#endif /* !WOLFSSL_NOSHA512_224 */ + +#if !defined(WOLFSSL_NOSHA512_256) + +int wc_InitSha512_256_ex(wc_Sha512* sha512, void* heap, int devId) +{ + int ret = InitSha512(sha512, heap, devId); + if (ret == 0) { + InitSha512_256_State(sha512); + } + return ret; +} +int wc_InitSha512_256(wc_Sha512* sha512) +{ + return wc_InitSha512_256_ex(sha512, NULL, INVALID_DEVID); +} +int wc_Sha512_256Update(wc_Sha512* sha512, const byte* data, word32 len) +{ + return wc_Sha512Update(sha512, data, len); +} +int wc_Sha512_256FinalRaw(wc_Sha512* sha512, byte* hash) +{ + int ret = 0; + + /* Validate parameters. */ + if ((sha512 == NULL) || (hash == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + Sha512FinalRaw(sha512, hash, WC_SHA512_256_DIGEST_SIZE); + } + + return ret; +} +int wc_Sha512_256Final(wc_Sha512* sha512, byte* hash) +{ + int ret = 0; + + /* Validate parameters. */ + if ((sha512 == NULL) || (hash == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + /* Finalize hash. */ + Sha512Final(sha512, hash, WC_SHA512_256_DIGEST_SIZE); + /* Restart SHA-512 object for next hash. */ + InitSha512_256_State(sha512); + } + + return ret; +} +void wc_Sha512_256Free(wc_Sha512* sha512) +{ + wc_Sha512Free(sha512); +} +int wc_Sha512_256GetHash(wc_Sha512* sha512, byte* hash) +{ + int ret; + + /* Validate parameters. */ + if ((sha512 == NULL) || (hash == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + wc_Sha512 tmpSha512; + /* Create a copy of the hash to finalize. */ + ret = wc_Sha512Copy(sha512, &tmpSha512); + if (ret == 0) { + /* Finalize copy. */ + Sha512Final(&tmpSha512, hash, WC_SHA512_256_DIGEST_SIZE); + wc_Sha512Free(&tmpSha512); + } + } + + return ret; +} +int wc_Sha512_256Copy(wc_Sha512* src, wc_Sha512* dst) +{ + return wc_Sha512Copy(src, dst); +} + +#ifdef WOLFSSL_HASH_FLAGS +int wc_Sha512_256SetFlags(wc_Sha512* sha512, word32 flags) +{ + return wc_Sha512SetFlags(sha512, flags); +} +int wc_Sha512_256GetFlags(wc_Sha512* sha512, word32* flags) +{ + return wc_Sha512GetFlags(sha512, flags); +} +#endif /* WOLFSSL_HASH_FLAGS */ + +#if defined(OPENSSL_EXTRA) +int wc_Sha512_256Transform(wc_Sha512* sha512, const unsigned char* data) +{ + return wc_Sha512Transform(sha512, data); +} +#endif /* OPENSSL_EXTRA */ + +#endif /* !WOLFSSL_NOSHA512_224 */ + +#endif /* !HAVE_FIPS && !HAVE_SELFTEST */ + +#endif /* !NO_SHA512 */ + + +#ifdef WOLFSSL_SHA384 + +/* Initialze SHA-384 object for hashing. + * + * @param [in, out] sha384 SHA-384 object. + */ +static void InitSha384(wc_Sha384* sha384) +{ + /* Set initial hash values. */ +#ifndef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM + sha384->digest[0] = W64LIT(0xcbbb9d5dc1059ed8); + sha384->digest[1] = W64LIT(0x629a292a367cd507); + sha384->digest[2] = W64LIT(0x9159015a3070dd17); + sha384->digest[3] = W64LIT(0x152fecd8f70e5939); + sha384->digest[4] = W64LIT(0x67332667ffc00b31); + sha384->digest[5] = W64LIT(0x8eb44a8768581511); + sha384->digest[6] = W64LIT(0xdb0c2e0d64f98fa7); + sha384->digest[7] = W64LIT(0x47b5481dbefa4fa4); +#else + /* f, e, b, a, h, g, d, c */ + sha384->digest[0] = W64LIT(0x8eb44a8768581511); + sha384->digest[1] = W64LIT(0x67332667ffc00b31); + sha384->digest[2] = W64LIT(0x629a292a367cd507); + sha384->digest[3] = W64LIT(0xcbbb9d5dc1059ed8); + sha384->digest[4] = W64LIT(0x47b5481dbefa4fa4); + sha384->digest[5] = W64LIT(0xdb0c2e0d64f98fa7); + sha384->digest[6] = W64LIT(0x152fecd8f70e5939); + sha384->digest[7] = W64LIT(0x9159015a3070dd17); +#endif + + /* No hashed data. */ + sha384->buffLen = 0; + /* No data hashed. */ + sha384->loLen = 0; + sha384->hiLen = 0; +} + +/* Initialize SHA-384 object for hashing. + * + * @param [in, out] sha384 SHA-384 object. + * @param [in] heap Dynamic memory hint. + * @param [in] devId Device Id. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha384 is NULL. + */ +int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId) +{ + int ret = InitSha512(sha384, heap, devId); + if (ret == 0) { + InitSha384(sha384); + } + return ret; +} + +/* Initialize SHA-384 object for hashing. + * + * @param [in, out] sha384 SHA-384 object. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha384 is NULL. + */ +int wc_InitSha384(wc_Sha384* sha384) +{ + return wc_InitSha384_ex(sha384, NULL, INVALID_DEVID); +} + +/* Update the hash with data. + * + * @param [in, out] sha384 SHA-384 object. + * @param [in] data Buffer of data to hash. + * @param [in] len Number of bytes in buffer to hash. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha384 is NULL. + * @return BAD_FUNC_ARG when data is NULL but len is not 0. + */ +int wc_Sha384Update(wc_Sha384* sha384, const byte* data, word32 len) +{ + int ret; + + /* Validate parameters. */ + if ((sha384 == NULL) || ((data == NULL) && (len > 0))) { + ret = BAD_FUNC_ARG; + } + else { + ret = Sha512Update((wc_Sha512 *)sha384, data, len); + } + + return ret; +} + +/* Put the current hash into buffer. + * + * @param [in, out] sha384 SHA-384 object. + * @param [out] hash Buffer to hold hash result. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha384 or hash is NULL. + */ +int wc_Sha384FinalRaw(wc_Sha384* sha384, byte* hash) +{ + word64 digest[WC_SHA384_DIGEST_SIZE / sizeof(word64)]; + + if (sha384 == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + + ByteReverseWords64((word64*)digest, (word64*)sha384->digest, + WC_SHA384_DIGEST_SIZE); + XMEMCPY(hash, digest, WC_SHA384_DIGEST_SIZE); + + return 0; +} + +/* Finalize the hash and put into buffer. + * + * @param [in, out] sha384 SHA-384 object. + * @param [out] hash Buffer to hold hash result. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha384 or hash is NULL. + */ +int wc_Sha384Final(wc_Sha384* sha384, byte* hash) +{ + int ret = 0; + + /* Validate parameters. */ + if ((sha384 == NULL) || (hash == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + /* Finalize hash. */ + Sha512Final((wc_Sha512*)sha384, hash, WC_SHA384_DIGEST_SIZE); + /* Restart SHA-384 object for next hash. */ + InitSha384(sha384); + } + + return ret; +} + +/* Free the SHA-384 hash. + * + * @param [in] sha384 SHA-384 object. + */ +void wc_Sha384Free(wc_Sha384* sha384) +{ + /* No dynamic memory allocated. */ + (void)sha384; +} + +/* Finalize the hash and put into buffer but don't modify state. + * + * @param [in, out] sha384 SHA-384 object. + * @param [out] hash Buffer to hold hash result. + * @return 0 on success. + * @return BAD_FUNC_ARG when sha384 or hash is NULL. + */ +int wc_Sha384GetHash(wc_Sha384* sha384, byte* hash) +{ + int ret; + + /* Validate parameters. */ + if ((sha384 == NULL) || (hash == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + wc_Sha384 tmpSha384; + /* Create a copy of the hash to finalize. */ + ret = wc_Sha384Copy(sha384, &tmpSha384); + if (ret == 0) { + /* Finalize copy. */ + ret = wc_Sha384Final(&tmpSha384, hash); + } + } + + return ret; +} + +#ifdef WOLFSSL_HASH_FLAGS +/* Set flags of SHA-384 object. + * + * @param [in, out] sha384 SHA-384 object. + * @param [in] flags Flags to set. + * @return 0 on success. + */ +int wc_Sha384SetFlags(wc_Sha384* sha384, word32 flags) +{ + /* Check we have an object to use. */ + if (sha384 != NULL) { + sha384->flags = flags; + } + return 0; +} +/* Get flags of SHA-384 object. + * + * @param [in] sha384 SHA-384 object. + * @param [out] flags Flags from SHA-384 object. + * @return 0 on success. + */ +int wc_Sha384GetFlags(wc_Sha384* sha384, word32* flags) +{ + /* Check we have an object and return parameter to use. */ + if ((sha384 != NULL) && (flags != NULL)) { + *flags = sha384->flags; + } + return 0; +} +#endif + +/* Deep copy the SHA-384 object. + * + * @param [in] src SHA-384 object to copy. + * @param [out] dst SHA-384 object to fill. + * @return 0 on success. + * @return BAD_FUNC_ARG when src or dst is NULL. + */ +int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst) +{ + int ret = 0; + + /* Validate parameters. */ + if ((src == NULL) || (dst == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + XMEMCPY(dst, src, sizeof(wc_Sha384)); + } + + return ret; +} + +#endif /* WOLFSSL_SHA384 */ + +#endif /* !NO_SHA512 || WOLFSSL_SHA384 */ +#endif /* WOLFSSL_RISCV_ASM */ diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c index 938798707b..203267163a 100644 --- a/wolfcrypt/src/sha512.c +++ b/wolfcrypt/src/sha512.c @@ -28,7 +28,7 @@ #if (defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)) && \ (!defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_ARMASM_NO_NEON)) && \ - !defined(WOLFSSL_PSOC6_CRYPTO) + !defined(WOLFSSL_PSOC6_CRYPTO) && !defined(WOLFSSL_RISCV_ASM) /* determine if we are using Espressif SHA hardware acceleration */ #undef WOLFSSL_USE_ESP32_CRYPT_HASH_HW diff --git a/wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h b/wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h index e9d200f916..7ca7291d46 100644 --- a/wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h +++ b/wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h @@ -165,6 +165,12 @@ (0 << 28) | ((cnt - 1) << 29) | (vd << 7) | (rs1 << 15)) /* Load 1 Vector register with 64-bit components. */ #define VL1RE64_V(vd, rs1) VLRE_V(vd, rs1, 1, WIDTH_64) +/* Load 2 Vector register with 64-bit components. */ +#define VL2RE64_V(vd, rs1) VLRE_V(vd, rs1, 2, WIDTH_64) +/* Load 4 Vector register with 64-bit components. */ +#define VL4RE64_V(vd, rs1) VLRE_V(vd, rs1, 4, WIDTH_64) +/* Load 8 Vector register with 64-bit components. */ +#define VL8RE64_V(vd, rs1) VLRE_V(vd, rs1, 8, WIDTH_64) /* Load 1 Vector register with 32-bit components. */ #define VL1RE32_V(vd, rs1) VLRE_V(vd, rs1, 1, WIDTH_32) /* Load 2 Vector register with 32-bit components. */ From f1ace6236391c3fbbc384512efd61bf558aac1f6 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Tue, 6 Aug 2024 09:12:17 -0600 Subject: [PATCH 67/71] add null sanity check and adjust add --- wolfcrypt/src/misc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c index a87909080d..163ec11543 100644 --- a/wolfcrypt/src/misc.c +++ b/wolfcrypt/src/misc.c @@ -709,7 +709,7 @@ WC_MISC_STATIC WC_INLINE void w64SetLow32(w64wrapper *n, word32 low) { WC_MISC_STATIC WC_INLINE w64wrapper w64Add32(w64wrapper a, word32 b, byte *wrap) { - a.n = a.n + b; + a.n += b; if (a.n < b && wrap != NULL) *wrap = 1; @@ -719,7 +719,7 @@ WC_MISC_STATIC WC_INLINE w64wrapper w64Add32(w64wrapper a, word32 b, byte *wrap) WC_MISC_STATIC WC_INLINE w64wrapper w64Add(w64wrapper a, w64wrapper b, byte *wrap) { - a.n = a.n + b.n; + a.n += b.n; if (a.n < b.n && wrap != NULL) *wrap = 1; @@ -869,7 +869,7 @@ WC_MISC_STATIC WC_INLINE w64wrapper w64Add(w64wrapper a, w64wrapper b, } a.n[0] += b.n[0]; - if (a.n[0] < b.n[0]) { + if (wrap != NULL && a.n[0] < b.n[0]) { *wrap = 1; } From 1c2b47d8adca6e8d1e0679539d28cfa37f29110b Mon Sep 17 00:00:00 2001 From: Eric Blankenhorn Date: Tue, 6 Aug 2024 11:34:14 -0500 Subject: [PATCH 68/71] Fix template DecodeSubjDirAttr to set extSubjDirAttr data --- wolfcrypt/src/asn.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index de916c5150..814d571b86 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -20804,6 +20804,11 @@ static int DecodeSubjDirAttr(const byte* input, word32 sz, DecodedCert* cert) WOLFSSL_ENTER("DecodeSubjDirAttr"); +#ifdef OPENSSL_ALL + cert->extSubjDirAttrSrc = input; + cert->extSubjDirAttrSz = sz; +#endif /* OPENSSL_ALL */ + CALLOC_ASNGETDATA(dataASN, subjDirAttrASN_Length, ret, cert->heap); /* Strip outer SEQUENCE. */ From 3cf3f297bab29352644e52f191c703a26cf19882 Mon Sep 17 00:00:00 2001 From: Anthony Hu Date: Fri, 2 Aug 2024 09:45:04 -0400 Subject: [PATCH 69/71] Update to the maxq10xx support --- wolfcrypt/src/dh.c | 2 +- wolfcrypt/src/port/maxim/maxq10xx.c | 34 ++++++++++++++++++------- wolfcrypt/src/random.c | 11 ++++++++ wolfssl/wolfcrypt/port/maxim/maxq10xx.h | 1 + 4 files changed, 38 insertions(+), 10 deletions(-) diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index 1a76ca6dec..c2f1fc0b2d 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -1028,7 +1028,7 @@ static int _ffc_pairwise_consistency_test(DhKey* key, if (n < 5) return 0; else - return (word32)(2.4 * XPOW((double)n, 1.0/3.0) * + return (word32)((double)2.4 * XPOW((double)n, 1.0/3.0) * XPOW(XLOG((double)n), 2.0/3.0) - 5); } #endif /* WOLFSSL_DH_CONST*/ diff --git a/wolfcrypt/src/port/maxim/maxq10xx.c b/wolfcrypt/src/port/maxim/maxq10xx.c index 7d69a72331..370a170a8d 100644 --- a/wolfcrypt/src/port/maxim/maxq10xx.c +++ b/wolfcrypt/src/port/maxim/maxq10xx.c @@ -41,7 +41,11 @@ #include #include #include +#ifdef USS_API +#include +#else #include +#endif #ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV /* FIPS build has replaced ecc.h. */ @@ -72,9 +76,17 @@ void dbg_dumphex(const char *identifier, const uint8_t* pdata, uint32_t plen); #endif #define PUBKEY_IMPORT_OBJID 0x1000 + +#if defined (TEST_SETUP) +#define ROOT_CA_CERT_OBJ_ID 0x1006 +#define DEVICE_CERT_OBJ_ID 0x1005 +#define DEVICE_KEY_PAIR_OBJ_ID 0x1007 +#else #define ROOT_CA_CERT_OBJ_ID 0x1003 #define DEVICE_CERT_OBJ_ID 0x1002 #define DEVICE_KEY_PAIR_OBJ_ID 0x1004 +#endif + #define PSK_OBJ_ID 0x1236 #define K_CHUNKSIZE 2032 #define K_CIPHER_BLOCKSIZE 16 @@ -120,7 +132,7 @@ static int tls13_server_key_len = -1; /* Please define MAXQ10XX_PRODUCTION_KEY in your build scripts once you have a * production key. */ -#if defined(MAXQ10XX_PRODUCTION_KEY) || !defined(DEBUG_WOLFSSL) +#if defined(MAXQ10XX_PRODUCTION_KEY) #include "maxq10xx_key.h" #else /* TEST KEY. This must be changed for production environments!! */ @@ -568,12 +580,14 @@ static int aes_set_key(Aes* aes, const byte* userKey, word32 keylen) return BAD_FUNC_ARG; } + #if defined(MAXQ10XX_MUTEX) rc = maxq_CryptHwMutexTryLock(); if (rc != 0) { WOLFSSL_ERROR_MSG("MAXQ: aes_set_key() lock could not be acquired"); rc = NOT_COMPILED_IN; return rc; } + #endif if (aes->maxq_ctx.key_obj_id) { wc_MAXQ10XX_AesFree(aes); @@ -694,12 +708,14 @@ static int ecc_set_key(ecc_key* key, const byte* userKey, word32 keycomplen) objtype = MXQ_OBJTYPE_KEYPAIR; } + #if defined(MAXQ10XX_MUTEX) rc = maxq_CryptHwMutexTryLock(); if (rc != 0) { WOLFSSL_ERROR_MSG("MAXQ: ecc_set_key() lock could not be acquired"); rc = NOT_COMPILED_IN; return rc; } + #endif if (key->maxq_ctx.key_obj_id) { wc_MAXQ10XX_EccFree(key); @@ -1074,24 +1090,20 @@ static int maxq10xx_ecc_verify_local( #endif /* MAXQ_ECC */ #ifdef MAXQ_RNG -static int maxq10xx_random(byte* output, unsigned short sz) +int maxq10xx_random(byte* output, unsigned short sz) { -#if defined(WOLFSSL_MAXQ108X) - if (!tls13active) { - return NOT_COMPILED_IN; - } -#endif - if (output == NULL) { return BUFFER_E; } + #if defined(MAXQ10XX_MUTEX) int ret = maxq_CryptHwMutexTryLock(); if (ret != 0) { WOLFSSL_ERROR_MSG("MAXQ: maxq10xx_random() lock could not be acquired"); ret = NOT_COMPILED_IN; return ret; } + #endif if (MXQ_Get_Random_Ext(output, sz, 0)) { WOLFSSL_ERROR_MSG("MAXQ: MXQ_Get_Random_Ext() failed"); @@ -1222,6 +1234,7 @@ static int do_sha256(wc_CryptoInfo* info) return WC_HW_E; } + #if defined(MAXQ10XX_MUTEX) if (info->hash.sha256->maxq_ctx.hash_running == 0) { rc = maxq_CryptHwMutexTryLock(); if (rc != 0) { @@ -1229,6 +1242,7 @@ static int do_sha256(wc_CryptoInfo* info) return CRYPTOCB_UNAVAILABLE; } } + #endif if (info->hash.in != NULL) { /* wc_Sha256Update */ @@ -1981,12 +1995,14 @@ int maxq10xx_port_init(void) } #endif + #if defined(MAXQ10XX_MUTEX) ret = maxq_CryptHwMutexTryLock(); if (ret) { WOLFSSL_ERROR_MSG("MAXQ: maxq10xx_port_init() -> device is busy " "(switching to soft mode)"); return 0; } + #endif mxq_rc = MXQ_Module_Init(); if (mxq_rc) { @@ -3290,7 +3306,7 @@ static int maxq10xx_perform_tls13_record_processing(WOLFSSL* ssl, { int rc; mxq_err_t mxq_rc; - mxq_u2 key_id; + mxq_u2 key_id = 0xFFFF; if (!tls13active) { return NOT_COMPILED_IN; diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 822f069f7f..e4518646b1 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -3913,6 +3913,17 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) #define USE_TEST_GENSEED +#elif defined(WOLFSSL_MAXQ108X) || defined(WOLFSSL_MAXQ1065) + + /* getrandom() was added to the Linux kernel in version 3.17. + * Added to glibc in version 2.25. */ + int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) + { + (void)os; + + return maxq10xx_random(output, sz); + } + #elif defined(NO_DEV_RANDOM) /* Allow bare-metal targets to use cryptoCb as seed provider */ diff --git a/wolfssl/wolfcrypt/port/maxim/maxq10xx.h b/wolfssl/wolfcrypt/port/maxim/maxq10xx.h index b50e029784..ecfc56c9c7 100644 --- a/wolfssl/wolfcrypt/port/maxim/maxq10xx.h +++ b/wolfssl/wolfcrypt/port/maxim/maxq10xx.h @@ -96,6 +96,7 @@ WOLFSSL_LOCAL void wc_MAXQ10XX_Sha256Copy(wc_Sha256* sha256); WOLFSSL_LOCAL void wc_MAXQ10XX_Sha256Free(wc_Sha256* sha256); WOLFSSL_LOCAL int wc_MAXQ10XX_EccSetKey(ecc_key* key, word32 keysize); WOLFSSL_LOCAL void wc_MAXQ10XX_EccFree(ecc_key* key); +WOLFSSL_LOCAL int maxq10xx_random(byte* output, unsigned short sz); #endif /* WOLFSSL_MAXQ10XX_CRYPTO */ #ifdef HAVE_PK_CALLBACKS From 29a5cc39f2180b1bfc552fbf5e51b87330109659 Mon Sep 17 00:00:00 2001 From: Anthony Hu Date: Fri, 2 Aug 2024 12:26:51 -0400 Subject: [PATCH 70/71] Duplicate code removed --- wolfcrypt/src/random.c | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index e4518646b1..822f069f7f 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -3913,17 +3913,6 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) #define USE_TEST_GENSEED -#elif defined(WOLFSSL_MAXQ108X) || defined(WOLFSSL_MAXQ1065) - - /* getrandom() was added to the Linux kernel in version 3.17. - * Added to glibc in version 2.25. */ - int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) - { - (void)os; - - return maxq10xx_random(output, sz); - } - #elif defined(NO_DEV_RANDOM) /* Allow bare-metal targets to use cryptoCb as seed provider */ From 91ea7ab20603b5acd2ab3d783b05f4646e72c67f Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 6 Aug 2024 11:05:40 -0700 Subject: [PATCH 71/71] Fix for SP small calling label with GCC (broken in PR #7753). --- wolfcrypt/src/sp_cortexm.c | 36 +++++++++++++++++++++++++++++++++ wolfcrypt/src/sp_x86_64_asm.asm | 2 +- 2 files changed, 37 insertions(+), 1 deletion(-) diff --git a/wolfcrypt/src/sp_cortexm.c b/wolfcrypt/src/sp_cortexm.c index a9151f483f..be5def3ea1 100644 --- a/wolfcrypt/src/sp_cortexm.c +++ b/wolfcrypt/src/sp_cortexm.c @@ -4780,7 +4780,11 @@ static sp_int32 sp_2048_cmp_32(const sp_digit* a, const sp_digit* b) "IT ne\n\t" "movne r3, r7\n\t" "SUBS r6, r6, #0x4\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "bcs L_sp_2048_cmp_32_words\n\t" +#else + "bcs L_sp_2048_cmp_32_words_%=\n\t" +#endif "EOR r2, r2, r3\n\t" #else "LDR r4, [%[a], #124]\n\t" @@ -7549,7 +7553,11 @@ static sp_int32 sp_2048_cmp_64(const sp_digit* a, const sp_digit* b) "IT ne\n\t" "movne r3, r7\n\t" "SUBS r6, r6, #0x4\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "bcs L_sp_2048_cmp_64_words\n\t" +#else + "bcs L_sp_2048_cmp_64_words_%=\n\t" +#endif "EOR r2, r2, r3\n\t" #else "LDR r4, [%[a], #252]\n\t" @@ -16277,7 +16285,11 @@ static sp_int32 sp_3072_cmp_48(const sp_digit* a, const sp_digit* b) "IT ne\n\t" "movne r3, r7\n\t" "SUBS r6, r6, #0x4\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "bcs L_sp_3072_cmp_48_words\n\t" +#else + "bcs L_sp_3072_cmp_48_words_%=\n\t" +#endif "EOR r2, r2, r3\n\t" #else "LDR r4, [%[a], #188]\n\t" @@ -19806,7 +19818,11 @@ static sp_int32 sp_3072_cmp_96(const sp_digit* a, const sp_digit* b) "IT ne\n\t" "movne r3, r7\n\t" "SUBS r6, r6, #0x4\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "bcs L_sp_3072_cmp_96_words\n\t" +#else + "bcs L_sp_3072_cmp_96_words_%=\n\t" +#endif "EOR r2, r2, r3\n\t" #else "LDR r4, [%[a], #380]\n\t" @@ -27837,7 +27853,11 @@ static sp_int32 sp_4096_cmp_128(const sp_digit* a, const sp_digit* b) "IT ne\n\t" "movne r3, r7\n\t" "SUBS r6, r6, #0x4\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "bcs L_sp_4096_cmp_128_words\n\t" +#else + "bcs L_sp_4096_cmp_128_words_%=\n\t" +#endif "EOR r2, r2, r3\n\t" #else "LDR r4, [%[a], #508]\n\t" @@ -34655,7 +34675,11 @@ static sp_int32 sp_256_cmp_8(const sp_digit* a, const sp_digit* b) "IT ne\n\t" "movne r3, r7\n\t" "SUBS r6, r6, #0x4\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "bcs L_sp_256_cmp_8_words\n\t" +#else + "bcs L_sp_256_cmp_8_words_%=\n\t" +#endif "EOR r2, r2, r3\n\t" #else "LDR r4, [%[a], #28]\n\t" @@ -45288,7 +45312,11 @@ static sp_int32 sp_384_cmp_12(const sp_digit* a, const sp_digit* b) "IT ne\n\t" "movne r3, r7\n\t" "SUBS r6, r6, #0x4\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "bcs L_sp_384_cmp_12_words\n\t" +#else + "bcs L_sp_384_cmp_12_words_%=\n\t" +#endif "EOR r2, r2, r3\n\t" #else "LDR r4, [%[a], #44]\n\t" @@ -57343,7 +57371,11 @@ static sp_int32 sp_521_cmp_17(const sp_digit* a, const sp_digit* b) "IT ne\n\t" "movne r3, r7\n\t" "SUBS r6, r6, #0x4\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "bcs L_sp_521_cmp_17_words\n\t" +#else + "bcs L_sp_521_cmp_17_words_%=\n\t" +#endif "EOR r2, r2, r3\n\t" #else "LDR r4, [%[a], #64]\n\t" @@ -70364,7 +70396,11 @@ static sp_int32 sp_1024_cmp_32(const sp_digit* a, const sp_digit* b) "IT ne\n\t" "movne r3, r7\n\t" "SUBS r6, r6, #0x4\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) "bcs L_sp_1024_cmp_32_words\n\t" +#else + "bcs L_sp_1024_cmp_32_words_%=\n\t" +#endif "EOR r2, r2, r3\n\t" #else "LDR r4, [%[a], #124]\n\t" diff --git a/wolfcrypt/src/sp_x86_64_asm.asm b/wolfcrypt/src/sp_x86_64_asm.asm index 3eabea3f1a..784bf9c5f5 100644 --- a/wolfcrypt/src/sp_x86_64_asm.asm +++ b/wolfcrypt/src/sp_x86_64_asm.asm @@ -1,6 +1,6 @@ ; /* sp_x86_64_asm.asm */ ; /* -; * Copyright (C) 2006-2024 wolfSSL Inc. +; * Copyright (C) 2006-2024 wolfSSL Inc. ; * ; * This file is part of wolfSSL. ; *