wolfSSL
diff --git a/‎.wolfssl_known_macro_extras‎
Lines changed: 7 additions & 0 deletions b/‎.wolfssl_known_macro_extras‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎wolfcrypt/src/coding.c‎
Lines changed: 1 addition & 1 deletion b/‎wolfcrypt/src/coding.c‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎wolfcrypt/src/misc.c‎
Lines changed: 69 additions & 6 deletions b/‎wolfcrypt/src/misc.c‎
Lines changed: 69 additions & 6 deletions
diff --git a/‎wolfcrypt/src/random.c‎
Lines changed: 50 additions & 6 deletions b/‎wolfcrypt/src/random.c‎
Lines changed: 50 additions & 6 deletions
@@ -747,6 +747,7 @@ WOLFSSL_CLANG_TIDY
 WOLFSSL_CLIENT_EXAMPLE
 WOLFSSL_CONTIKI
 WOLFSSL_CRL_ALLOW_MISSING_CDP
+WOLFSSL_DILITHIUM_VERIFY_SMALLEST_MEM
 WOLFSSL_DISABLE_EARLY_SANITY_CHECKS
 WOLFSSL_DRBG_SHA256
 WOLFSSL_DTLS13_ECHO_LEGACY_SESSION_ID
@@ -1115,6 +1116,12 @@ __SUNPRO_CC
 __SVR4
 __TASKING__
 __TI_COMPILER_VERSION__
+__TMS320C2000__
+__TMS320C2800__
+__TMS320C28XX__
+__TMS320C54X__
+__TMS320C5500__
+__TMS320C55X__
 __TURBOC__
 __UNIX__
 __USE_GNU
 
@@ -72,7 +72,7 @@ static WC_INLINE byte Base64_Char2Val_CT(byte c)
     v |= ((slashStart >> 8) ^ (slashEnd >> 8)) & (slashStart + 63 + 1);
     v |= ((plusStart  >> 8) ^ (plusEnd  >> 8)) & (plusStart  + 62 + 1);
 
-    return (byte)(v - 1);
+    return WC_OCTET(v - 1);
 }
 
 #ifndef BASE64_NO_TABLE
 
@@ -108,28 +108,28 @@ masking and clearing memory logic.
 
     WC_MISC_STATIC WC_INLINE word32 rotlFixed(word32 x, word32 y)
     {
-        return (x << y) | (x >> (sizeof(x) * 8 - y));
+        return (x << y) | (x >> (sizeof(x) * CHAR_BIT - y));
     }
 
 /* This routine performs a right circular arithmetic shift of <x> by <y> value. */
     WC_MISC_STATIC WC_INLINE word32 rotrFixed(word32 x, word32 y)
     {
-        return (x >> y) | (x << (sizeof(x) * 8 - y));
+        return (x >> y) | (x << (sizeof(x) * CHAR_BIT - y));
     }
 
 #endif
 
 /* This routine performs a left circular arithmetic shift of <x> by <y> value */
 WC_MISC_STATIC WC_INLINE word16 rotlFixed16(word16 x, word16 y)
 {
-    return (word16)((x << y) | (x >> (sizeof(x) * 8U - y)));
+    return (word16)((x << y) | (x >> (sizeof(x) * CHAR_BIT - y)));
 }
 
 
 /* This routine performs a right circular arithmetic shift of <x> by <y> value */
 WC_MISC_STATIC WC_INLINE word16 rotrFixed16(word16 x, word16 y)
 {
-    return (word16)((x >> y) | (x << (sizeof(x) * 8U - y)));
+    return (word16)((x >> y) | (x << (sizeof(x) * CHAR_BIT - y)));
 }
 
 /* This routine performs a byte swap of 32-bit word value. */
@@ -329,13 +329,13 @@ WC_MISC_STATIC WC_INLINE void writeUnalignedWords64(byte *out, const word64 *in,
 
 WC_MISC_STATIC WC_INLINE word64 rotlFixed64(word64 x, word64 y)
 {
-    return (x << y) | (x >> (sizeof(y) * 8 - y));
+    return (x << y) | (x >> (sizeof(y) * CHAR_BIT - y));
 }
 
 
 WC_MISC_STATIC WC_INLINE word64 rotrFixed64(word64 x, word64 y)
 {
-    return (x >> y) | (x << (sizeof(y) * 8 - y));
+    return (x >> y) | (x << (sizeof(y) * CHAR_BIT - y));
 }
 
 
@@ -410,6 +410,69 @@ WC_MISC_STATIC WC_INLINE void ByteReverseWords64(word64* out, const word64* in,
 
 #endif /* WORD64_AVAILABLE && !WOLFSSL_NO_WORD64_OPS */
 
+#ifdef WOLFSSL_WIDE_BYTE
+/* Big-endian octet <-> word conversion for targets where a C 'byte' (char) is
+ * wider than 8 bits (WOLFSSL_WIDE_BYTE, i.e. CHAR_BIT != 8 - e.g. the TI C2000
+ * C28x).  There a word holds several octets per addressable cell, so it cannot
+ * be aliased as an octet stream (XMEMCPY / ByteReverseWords / (byte) casts all
+ * assume one octet per cell).  These helpers move between an octet stream (one
+ * octet per byte cell) and big-endian words with shifts, correct for any
+ * CHAR_BIT.  Shared by SHA-2 (schedule load + digest store) and the Hash-DRBG.
+ *
+ * Loads accumulate through a word with <<= 8 so each shift is unambiguously
+ * full-word width: a single (word32)octet << 24 is miscompiled as a 16-bit
+ * shift by the TI cl2000 (the top octets are dropped).  A load reads all of a
+ * word's octets before writing the word, so it is safe in place over the
+ * destination word buffer.  Stores take an octet count (not a word count) so a
+ * partial trailing word works - e.g. SHA-512/224's 28-octet digest. */
+WC_MISC_STATIC WC_INLINE void WordsFromBytesBE32(word32* w, const byte* b,
+    word32 wordCnt)
+{
+    word32 i;
+    word32 r;
+    for (i = 0; i < wordCnt; i++) {
+        r  = (word32)(b[(i * 4) + 0] & 0xFF); r <<= 8;
+        r |= (word32)(b[(i * 4) + 1] & 0xFF); r <<= 8;
+        r |= (word32)(b[(i * 4) + 2] & 0xFF); r <<= 8;
+        r |= (word32)(b[(i * 4) + 3] & 0xFF);
+        w[i] = r;
+    }
+}
+WC_MISC_STATIC WC_INLINE void BytesFromWordsBE32(byte* b, const word32* w,
+    word32 byteCnt)
+{
+    word32 i;
+    for (i = 0; i < byteCnt; i++) {
+        b[i] = (byte)((w[i >> 2] >> (24 - ((i & 0x3) * 8))) & 0xFF);
+    }
+}
+#ifdef WORD64_AVAILABLE
+WC_MISC_STATIC WC_INLINE void WordsFromBytesBE64(word64* w, const byte* b,
+    word32 wordCnt)
+{
+    word32 i;
+    int    j;
+    word64 r;
+    for (i = 0; i < wordCnt; i++) {
+        r = 0;
+        for (j = 0; j < 8; j++) {
+            r <<= 8;
+            r |= (word64)(b[(i * 8) + j] & 0xFF);
+        }
+        w[i] = r;
+    }
+}
+WC_MISC_STATIC WC_INLINE void BytesFromWordsBE64(byte* b, const word64* w,
+    word32 byteCnt)
+{
+    word32 i;
+    for (i = 0; i < byteCnt; i++) {
+        b[i] = (byte)((w[i >> 3] >> (56 - ((i & 0x7) * 8))) & 0xFF);
+    }
+}
+#endif /* WORD64_AVAILABLE */
+#endif /* WOLFSSL_WIDE_BYTE */
+
 #ifndef WOLFSSL_NO_XOR_OPS
 
 /* Leave no doubt that WOLFSSL_WORD_SIZE is a power of 2. */
 
@@ -464,7 +464,10 @@ static int Hash_df(DRBG_internal* drbg, byte* out, word32 outSz, byte type,
     byte ctr;
     word32 i;
     word32 len;
-    word32 bits = (outSz * 8); /* reverse byte order */
+    word32 bits = (outSz * 8);
+#ifdef WOLFSSL_WIDE_BYTE
+    byte bitsBuf[4]; /* the 32-bit length as four big-endian octets */
+#endif
 #ifdef WOLFSSL_SMALL_STACK_CACHE
     wc_Sha256* sha = &drbg->sha256;
 #else
@@ -489,7 +492,11 @@ static int Hash_df(DRBG_internal* drbg, byte* out, word32 outSz, byte type,
         return DRBG_FAILURE;
 #endif
 
-#ifdef LITTLE_ENDIAN_ORDER
+#ifdef WOLFSSL_WIDE_BYTE
+    /* A word32 cannot be aliased as an octet stream where a C byte is wider
+     * than 8 bits; emit the length as four big-endian octets (shared helper). */
+    BytesFromWordsBE32(bitsBuf, &bits, 4);
+#elif defined(LITTLE_ENDIAN_ORDER)
     bits = ByteReverseWord32(bits);
 #endif
     len = (outSz / OUTPUT_BLOCK_LEN)
@@ -509,7 +516,11 @@ static int Hash_df(DRBG_internal* drbg, byte* out, word32 outSz, byte type,
         ret = wc_Sha256Update(sha, &ctr, sizeof(ctr));
         if (ret == 0) {
             ctr++;
+#ifdef WOLFSSL_WIDE_BYTE
+            ret = wc_Sha256Update(sha, bitsBuf, sizeof(bitsBuf));
+#else
             ret = wc_Sha256Update(sha, (byte*)&bits, sizeof(bits));
+#endif
         }
 
         if (ret == 0) {
@@ -666,7 +677,7 @@ static WC_INLINE void array_add_one(byte* data, word32 dataSz)
 {
     int i;
     for (i = (int)dataSz - 1; i >= 0; i--) {
-        data[i]++;
+        data[i] = WC_OCTET(data[i] + 1);
         if (data[i] != 0) break;
     }
 }
@@ -789,14 +800,14 @@ static WC_INLINE void array_add(byte* d, word32 dLen, const byte* s, word32 sLen
         dIdx = (int)dLen - 1;
         for (sIdx = (int)sLen - 1; sIdx >= 0; sIdx--) {
             carry = (word16)(carry + d[dIdx] + s[sIdx]);
-            d[dIdx] = (byte)carry;
+            d[dIdx] = WC_OCTET(carry);
             carry >>= 8;
             dIdx--;
         }
 
         for (; dIdx >= 0; dIdx--) {
             carry = (word16)(carry + d[dIdx]);
-            d[dIdx] = (byte)carry;
+            d[dIdx] = WC_OCTET(carry);
             carry >>= 8;
         }
     }
@@ -820,6 +831,9 @@ static int Hash_DRBG_Generate(DRBG_internal* drbg, byte* out, word32 outSz,
 #else
     word32 reseedCtr;
 #endif
+#ifdef WOLFSSL_WIDE_BYTE
+    byte ctrBuf[8]; /* reseed counter as big-endian octets */
+#endif
 
     if (drbg == NULL) {
         return DRBG_FAILURE;
@@ -914,6 +928,17 @@ static int Hash_DRBG_Generate(DRBG_internal* drbg, byte* out, word32 outSz,
             if (ret == 0) {
                 array_add(drbg->V, sizeof(drbg->V), digest, WC_SHA256_DIGEST_SIZE);
                 array_add(drbg->V, sizeof(drbg->V), drbg->C, sizeof(drbg->C));
+#ifdef WOLFSSL_WIDE_BYTE
+                /* A word cannot be aliased as an octet stream where a C byte is
+                 * wider than 8 bits; add the counter as big-endian octets. */
+            #ifdef WORD64_AVAILABLE
+                BytesFromWordsBE64(ctrBuf, &reseedCtr, 8);
+                array_add(drbg->V, sizeof(drbg->V), ctrBuf, 8);
+            #else
+                BytesFromWordsBE32(ctrBuf, &reseedCtr, 4);
+                array_add(drbg->V, sizeof(drbg->V), ctrBuf, 4);
+            #endif
+#else
             #ifdef LITTLE_ENDIAN_ORDER
                 #ifdef WORD64_AVAILABLE
                 reseedCtr = ByteReverseWord64(reseedCtr);
@@ -923,6 +948,7 @@ static int Hash_DRBG_Generate(DRBG_internal* drbg, byte* out, word32 outSz,
             #endif
                 array_add(drbg->V, sizeof(drbg->V),
                                           (byte*)&reseedCtr, sizeof(reseedCtr));
+#endif
                 ret = DRBG_SUCCESS;
             }
             drbg->reseedCtr++;
@@ -1050,6 +1076,9 @@ static int Hash512_df(DRBG_SHA512_internal* drbg, byte* out, word32 outSz,
     word32 i;
     word32 len;
     word32 bits = (outSz * 8);
+#ifdef WOLFSSL_WIDE_BYTE
+    byte bitsBuf[4]; /* the 32-bit length as four big-endian octets */
+#endif
 #ifdef WOLFSSL_SMALL_STACK_CACHE
     wc_Sha512* sha = &drbg->sha512;
 #else
@@ -1082,7 +1111,9 @@ static int Hash512_df(DRBG_SHA512_internal* drbg, byte* out, word32 outSz,
         return DRBG_FAILURE;
 #endif
 
-#ifdef LITTLE_ENDIAN_ORDER
+#ifdef WOLFSSL_WIDE_BYTE
+    BytesFromWordsBE32(bitsBuf, &bits, 4);   /* see Hash_df */
+#elif defined(LITTLE_ENDIAN_ORDER)
     bits = ByteReverseWord32(bits);
 #endif
     len = (outSz / OUTPUT_BLOCK_LEN_SHA512)
@@ -1102,7 +1133,11 @@ static int Hash512_df(DRBG_SHA512_internal* drbg, byte* out, word32 outSz,
         ret = wc_Sha512Update(sha, &ctr, sizeof(ctr));
         if (ret == 0) {
             ctr++;
+#ifdef WOLFSSL_WIDE_BYTE
+            ret = wc_Sha512Update(sha, bitsBuf, sizeof(bitsBuf));
+#else
             ret = wc_Sha512Update(sha, (byte*)&bits, sizeof(bits));
+#endif
         }
 
         if (ret == 0) {
@@ -1300,6 +1335,9 @@ static int Hash512_DRBG_Generate(DRBG_SHA512_internal* drbg, byte* out,
 #endif
     byte type;
     word64 reseedCtr;
+#ifdef WOLFSSL_WIDE_BYTE
+    byte ctrBuf[8]; /* reseed counter as big-endian octets */
+#endif
 
     if (drbg == NULL) {
         return DRBG_FAILURE;
@@ -1377,11 +1415,17 @@ static int Hash512_DRBG_Generate(DRBG_SHA512_internal* drbg, byte* out,
                 array_add(drbg->V, sizeof(drbg->V), digest,
                           WC_SHA512_DIGEST_SIZE);
                 array_add(drbg->V, sizeof(drbg->V), drbg->C, sizeof(drbg->C));
+#ifdef WOLFSSL_WIDE_BYTE
+                /* See Hash_DRBG_Generate. */
+                BytesFromWordsBE64(ctrBuf, &reseedCtr, 8);
+                array_add(drbg->V, sizeof(drbg->V), ctrBuf, 8);
+#else
             #ifdef LITTLE_ENDIAN_ORDER
                 reseedCtr = ByteReverseWord64(reseedCtr);
             #endif
                 array_add(drbg->V, sizeof(drbg->V),
                                           (byte*)&reseedCtr, sizeof(reseedCtr));
+#endif
                 ret = DRBG_SUCCESS;
             }
             drbg->reseedCtr++;
Original file line number	Diff line number	Diff line change
`@@ -72,7 +72,7 @@ static WC_INLINE byte Base64_Char2Val_CT(byte c)`
`72`	`72`	`v \|= ((slashStart >> 8) ^ (slashEnd >> 8)) & (slashStart + 63 + 1);`
`73`	`73`	`v \|= ((plusStart >> 8) ^ (plusEnd >> 8)) & (plusStart + 62 + 1);`
`74`	`74`
`75`		`- return (byte)(v - 1);`
	`75`	`+ return WC_OCTET(v - 1);`
`76`	`76`	`}`
`77`	`77`
`78`	`78`	`#ifndef BASE64_NO_TABLE`