Merge pull request #207 from expressvpn/apply-wolfssl-poly1305-pr

Apply WolfSSL Poly1305 Aarch64 PR fix

wolfssl-sys/build.rs

@@ -44,7 +44,7 @@ fn copy_wolfssl(dest: &Path) -> std::io::Result<PathBuf> {
 
 const PATCH_DIR: &str = "patches";
 const PATCHES: &[&str] = &[
-    "revert-aarch64-poly1305-asm-improve-performance.patch",
+    "fix-poly1305-aarch64-corner-case.patch",
     "include-private-key-fields-for-kyber.patch",
     "make-kyber-mlkem-available.patch",
     "fix-kyber-mlkem-benchmark.patch",

wolfssl-sys/patches/fix-poly1305-aarch64-corner-case.patch

@@ -0,0 +1,23 @@
+From c0f3b433b29ec21feb1a292990c1657d2dfab8f5 Mon Sep 17 00:00:00 2001
+From: Sean Parkinson <[email protected]>
+Date: Wed, 11 Dec 2024 12:49:21 +1000
+Subject: [PATCH] Aarch64 Poly1305: fix corner case
+
+Don't mask top 26 bits as it may have next bit set as reduction step was
+only approximate.
+---
+ wolfcrypt/src/port/arm/armv8-poly1305.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/wolfcrypt/src/port/arm/armv8-poly1305.c b/wolfcrypt/src/port/arm/armv8-poly1305.c
+index a258f3607b..fc0c39e638 100644
+--- a/wolfcrypt/src/port/arm/armv8-poly1305.c
++++ b/wolfcrypt/src/port/arm/armv8-poly1305.c
+@@ -146,7 +146,6 @@ static WC_INLINE void poly1305_blocks_aarch64_16(Poly1305* ctx,
+         "AND        x5, x10, x4, LSR #26\n\t"
+         "AND        x4, x4, x10\n\t"
+         "AND        x6, x6, x10\n\t"
+-        "AND        x8, x8, x10\n\t"
+         "STP        w4, w5, [%[ctx_h], #0]   \n\t"
+         "STP        w6, w7, [%[ctx_h], #8]   \n\t"
+         "STR        w8, [%[ctx_h], #16]   \n\t"