Patch Kyber to fix ASAN error on ARM64 (#1922)

* Update oldpqclean kyber patches.

Signed-off-by: Pravek Sharma <[email protected]>

* Run copy_from_upstream.py

Signed-off-by: Pravek Sharma <[email protected]>

* Add co-authors. [skip ci]

Co-Authored-By: Kyle Nekritz <[email protected]>
Co-Authored-By: Mingtao Yang <[email protected]>
Signed-off-by: Pravek Sharma <[email protected]>

---------

Signed-off-by: Pravek Sharma <[email protected]>
Co-authored-by: Kyle Nekritz <[email protected]>
Co-authored-by: Mingtao Yang <[email protected]>

scripts/copy_from_upstream/copy_from_upstream.yml

@@ -8,7 +8,8 @@ upstreams:
     sig_meta_path: 'crypto_sign/{pqclean_scheme}/META.yml'
     kem_scheme_path: 'crypto_kem/{pqclean_scheme}'
     sig_scheme_path: 'crypto_sign/{pqclean_scheme}'
-    patches: [pqclean-dilithium-arm-randomized-signing.patch, pqclean-kyber-armneon-shake-fixes.patch, pqclean-kyber-armneon-768-1024-fixes.patch, pqclean-kyber-armneon-variable-timing-fix.patch]
+    patches: [pqclean-dilithium-arm-randomized-signing.patch, pqclean-kyber-armneon-shake-fixes.patch, pqclean-kyber-armneon-768-1024-fixes.patch, pqclean-kyber-armneon-variable-timing-fix.patch,
+    pqclean-kyber-armneon-asan.patch]
     ignore: pqclean_sphincs-shake-256s-simple_aarch64, pqclean_sphincs-shake-256s-simple_aarch64, pqclean_sphincs-shake-256f-simple_aarch64, pqclean_sphincs-shake-192s-simple_aarch64, pqclean_sphincs-shake-192f-simple_aarch64, pqclean_sphincs-shake-128s-simple_aarch64, pqclean_sphincs-shake-128f-simple_aarch64
   -
     name: pqclean

scripts/copy_from_upstream/patches/pqclean-kyber-armneon-asan.patch

@@ -0,0 +1,72 @@
+diff --git a/crypto_kem/kyber1024/aarch64/neon_symmetric-shake.c b/crypto_kem/kyber1024/aarch64/neon_symmetric-shake.c
+index 8aced5e4..364d9fdd 100644
+--- a/crypto_kem/kyber1024/aarch64/neon_symmetric-shake.c
++++ b/crypto_kem/kyber1024/aarch64/neon_symmetric-shake.c
+@@ -56,8 +56,8 @@ void neon_kyber_shake128_absorb(keccakx2_state *state,
+                                 uint8_t y1, uint8_t y2)
+ {
+   unsigned int i;
+-  uint8_t extseed1[KYBER_SYMBYTES+2];
+-  uint8_t extseed2[KYBER_SYMBYTES+2];
++  uint8_t extseed1[KYBER_SYMBYTES+2+6];
++  uint8_t extseed2[KYBER_SYMBYTES+2+6];
+
+   for(i=0;i<KYBER_SYMBYTES;i++){
+     extseed1[i] = seed[i];
+@@ -69,7 +69,7 @@ void neon_kyber_shake128_absorb(keccakx2_state *state,
+   extseed2[KYBER_SYMBYTES  ] = x2;
+   extseed2[KYBER_SYMBYTES+1] = y2;
+
+-  shake128x2_absorb(state, extseed1, extseed2, sizeof(extseed1));
++  shake128x2_absorb(state, extseed1, extseed2, KYBER_SYMBYTES+2);
+ }
+
+ /*************************************************
+diff --git a/crypto_kem/kyber512/aarch64/neon_symmetric-shake.c b/crypto_kem/kyber512/aarch64/neon_symmetric-shake.c
+index 8aced5e4..364d9fdd 100644
+--- a/crypto_kem/kyber512/aarch64/neon_symmetric-shake.c
++++ b/crypto_kem/kyber512/aarch64/neon_symmetric-shake.c
+@@ -56,8 +56,8 @@ void neon_kyber_shake128_absorb(keccakx2_state *state,
+                                 uint8_t y1, uint8_t y2)
+ {
+   unsigned int i;
+-  uint8_t extseed1[KYBER_SYMBYTES+2];
+-  uint8_t extseed2[KYBER_SYMBYTES+2];
++  uint8_t extseed1[KYBER_SYMBYTES+2+6];
++  uint8_t extseed2[KYBER_SYMBYTES+2+6];
+
+   for(i=0;i<KYBER_SYMBYTES;i++){
+     extseed1[i] = seed[i];
+@@ -69,7 +69,7 @@ void neon_kyber_shake128_absorb(keccakx2_state *state,
+   extseed2[KYBER_SYMBYTES  ] = x2;
+   extseed2[KYBER_SYMBYTES+1] = y2;
+
+-  shake128x2_absorb(state, extseed1, extseed2, sizeof(extseed1));
++  shake128x2_absorb(state, extseed1, extseed2, KYBER_SYMBYTES+2);
+ }
+
+ /*************************************************
+diff --git a/crypto_kem/kyber768/aarch64/neon_symmetric-shake.c b/crypto_kem/kyber768/aarch64/neon_symmetric-shake.c
+index 8aced5e4..364d9fdd 100644
+--- a/crypto_kem/kyber768/aarch64/neon_symmetric-shake.c
++++ b/crypto_kem/kyber768/aarch64/neon_symmetric-shake.c
+@@ -56,8 +56,8 @@ void neon_kyber_shake128_absorb(keccakx2_state *state,
+                                 uint8_t y1, uint8_t y2)
+ {
+   unsigned int i;
+-  uint8_t extseed1[KYBER_SYMBYTES+2];
+-  uint8_t extseed2[KYBER_SYMBYTES+2];
++  uint8_t extseed1[KYBER_SYMBYTES+2+6];
++  uint8_t extseed2[KYBER_SYMBYTES+2+6];
+
+   for(i=0;i<KYBER_SYMBYTES;i++){
+     extseed1[i] = seed[i];
+@@ -69,7 +69,7 @@ void neon_kyber_shake128_absorb(keccakx2_state *state,
+   extseed2[KYBER_SYMBYTES  ] = x2;
+   extseed2[KYBER_SYMBYTES+1] = y2;
+
+-  shake128x2_absorb(state, extseed1, extseed2, sizeof(extseed1));
++  shake128x2_absorb(state, extseed1, extseed2, KYBER_SYMBYTES+2);
+ }
+
+ /*************************************************

src/kem/kyber/oldpqclean_kyber1024_aarch64/neon_symmetric-shake.c

@@ -56,8 +56,8 @@ void neon_kyber_shake128_absorb(keccakx2_state *state,
                                 uint8_t y1, uint8_t y2)
 {
   unsigned int i;
-  uint8_t extseed1[KYBER_SYMBYTES+2];
-  uint8_t extseed2[KYBER_SYMBYTES+2];
+  uint8_t extseed1[KYBER_SYMBYTES+2+6];
+  uint8_t extseed2[KYBER_SYMBYTES+2+6];
 
   for(i=0;i<KYBER_SYMBYTES;i++){
     extseed1[i] = seed[i];
@@ -69,7 +69,7 @@ void neon_kyber_shake128_absorb(keccakx2_state *state,
   extseed2[KYBER_SYMBYTES  ] = x2;
   extseed2[KYBER_SYMBYTES+1] = y2;
 
-  shake128x2_absorb(state, extseed1, extseed2, sizeof(extseed1));
+  shake128x2_absorb(state, extseed1, extseed2, KYBER_SYMBYTES+2);
 }
 
 /*************************************************

src/kem/kyber/oldpqclean_kyber512_aarch64/neon_symmetric-shake.c

@@ -56,8 +56,8 @@ void neon_kyber_shake128_absorb(keccakx2_state *state,
                                 uint8_t y1, uint8_t y2)
 {
   unsigned int i;
-  uint8_t extseed1[KYBER_SYMBYTES+2];
-  uint8_t extseed2[KYBER_SYMBYTES+2];
+  uint8_t extseed1[KYBER_SYMBYTES+2+6];
+  uint8_t extseed2[KYBER_SYMBYTES+2+6];
 
   for(i=0;i<KYBER_SYMBYTES;i++){
     extseed1[i] = seed[i];
@@ -69,7 +69,7 @@ void neon_kyber_shake128_absorb(keccakx2_state *state,
   extseed2[KYBER_SYMBYTES  ] = x2;
   extseed2[KYBER_SYMBYTES+1] = y2;
 
-  shake128x2_absorb(state, extseed1, extseed2, sizeof(extseed1));
+  shake128x2_absorb(state, extseed1, extseed2, KYBER_SYMBYTES+2);
 }
 
 /*************************************************

src/kem/kyber/oldpqclean_kyber768_aarch64/neon_symmetric-shake.c

@@ -56,8 +56,8 @@ void neon_kyber_shake128_absorb(keccakx2_state *state,
                                 uint8_t y1, uint8_t y2)
 {
   unsigned int i;
-  uint8_t extseed1[KYBER_SYMBYTES+2];
-  uint8_t extseed2[KYBER_SYMBYTES+2];
+  uint8_t extseed1[KYBER_SYMBYTES+2+6];
+  uint8_t extseed2[KYBER_SYMBYTES+2+6];
 
   for(i=0;i<KYBER_SYMBYTES;i++){
     extseed1[i] = seed[i];
@@ -69,7 +69,7 @@ void neon_kyber_shake128_absorb(keccakx2_state *state,
   extseed2[KYBER_SYMBYTES  ] = x2;
   extseed2[KYBER_SYMBYTES+1] = y2;
 
-  shake128x2_absorb(state, extseed1, extseed2, sizeof(extseed1));
+  shake128x2_absorb(state, extseed1, extseed2, KYBER_SYMBYTES+2);
 }
 
 /*************************************************