From ef1949c064ff9d2714545898553cbeaf2cfddc5f Mon Sep 17 00:00:00 2001
From: Jake Massimo <jakemas@amazon.com>
Date: Thu, 12 Sep 2024 10:11:51 -0700
Subject: [PATCH] more consistency with openssl for ASM

---
 crypto/fipsmodule/sha/asm/keccak1600-armv8.pl | 25 +++++++++----------
 crypto/fipsmodule/sha/sha3.c                  |  2 +-
 .../crypto/fipsmodule/keccak1600-armv8.S      | 25 +++++++++----------
 .../crypto/fipsmodule/keccak1600-armv8.S      | 25 +++++++++----------
 .../crypto/fipsmodule/keccak1600-armv8.S      | 25 +++++++++----------
 5 files changed, 49 insertions(+), 53 deletions(-)

diff --git a/crypto/fipsmodule/sha/asm/keccak1600-armv8.pl b/crypto/fipsmodule/sha/asm/keccak1600-armv8.pl
index 361cf69ea2..00cf595b6f 100755
--- a/crypto/fipsmodule/sha/asm/keccak1600-armv8.pl
+++ b/crypto/fipsmodule/sha/asm/keccak1600-armv8.pl
@@ -458,27 +458,26 @@
 	mov	$out,x1
 	mov	$len,x2
 	mov	$bsz,x3
-	cmp x4, #0
-	bne .Lfirst_squeeze    // if (first != 0) -> first block -> skip first Keccak
-.Loop_squeeze:			   // Squeeze loop (Keccak & Store)
-	mov	x0,$A_flat
-	bl	KeccakF1600
-.Lfirst_squeeze:
-mov	x0,$A_flat
-mov	x3,$bsz
-.L_squeeze:				   // Store loop
+	cmp	x4, #0				// x4 = 'next' argument
+	bne .Lnext_block
+.Loop_squeeze:
 	ldr	x4,[x0],#8
 	cmp	$len,#8
-	blo	.Lsqueeze_tail	   // Store tail only
+	blo	.Lsqueeze_tail
 #ifdef	__AARCH64EB__
 	rev	x4,x4
 #endif
 	str	x4,[$out],#8
 	subs	$len,$len,#8
-	ble	.Lsqueeze_done
+	beq	.Lsqueeze_done
 	subs	x3,x3,#8
-	bhi	.L_squeeze		   // End store loop
-	b	.Loop_squeeze      // End Squeeze loop (Keccak & Store)
+	bhi	.Loop_squeeze
+.Lnext_block:
+	mov	x0,$A_flat
+	bl	KeccakF1600
+	mov	x0,$A_flat
+	mov	x3,$bsz
+	b	.Loop_squeeze
 .align	4
 .Lsqueeze_tail:
 	strb	w4,[$out],#1
diff --git a/crypto/fipsmodule/sha/sha3.c b/crypto/fipsmodule/sha/sha3.c
index 2701a34676..c6cbd7cabc 100644
--- a/crypto/fipsmodule/sha/sha3.c
+++ b/crypto/fipsmodule/sha/sha3.c
@@ -223,7 +223,7 @@ int SHA3_Final(uint8_t *md, KECCAK1600_CTX *ctx) {
     }
   }
 
-  SHA3_Squeeze(ctx->A, md, ctx->md_size, block_size, !(ctx->padded));
+  SHA3_Squeeze(ctx->A, md, ctx->md_size, block_size, ctx->padded);
   ctx->padded = 1;
 
   FIPS_service_indicator_update_state();
diff --git a/generated-src/ios-aarch64/crypto/fipsmodule/keccak1600-armv8.S b/generated-src/ios-aarch64/crypto/fipsmodule/keccak1600-armv8.S
index 5e7f1ee12d..c8c753db2b 100644
--- a/generated-src/ios-aarch64/crypto/fipsmodule/keccak1600-armv8.S
+++ b/generated-src/ios-aarch64/crypto/fipsmodule/keccak1600-armv8.S
@@ -489,27 +489,26 @@ _SHA3_Squeeze_hw:
 	mov	x20,x1
 	mov	x21,x2
 	mov	x22,x3
-	cmp	x4, #0
-	bne	Lfirst_squeeze    // if (first != 0) -> first block -> skip first Keccak
-Loop_squeeze:	//	Squeeze loop (Keccak & Store)
-	mov	x0,x19
-	bl	KeccakF1600
-Lfirst_squeeze:
-	mov	x0,x19
-	mov	x3,x22
-L_squeeze:	//	Store loop
+	cmp	x4, #0				// x4 = 'next' argument
+	bne	Lnext_block
+Loop_squeeze:
 	ldr	x4,[x0],#8
 	cmp	x21,#8
-	blo	Lsqueeze_tail	   // Store tail only
+	blo	Lsqueeze_tail
 #ifdef	__AARCH64EB__
 	rev	x4,x4
 #endif
 	str	x4,[x20],#8
 	subs	x21,x21,#8
-	ble	Lsqueeze_done
+	beq	Lsqueeze_done
 	subs	x3,x3,#8
-	bhi	L_squeeze		   // End store loop
-	b	Loop_squeeze      // End Squeeze loop (Keccak & Store)
+	bhi	Loop_squeeze
+Lnext_block:
+	mov	x0,x19
+	bl	KeccakF1600
+	mov	x0,x19
+	mov	x3,x22
+	b	Loop_squeeze
 .align	4
 Lsqueeze_tail:
 	strb	w4,[x20],#1
diff --git a/generated-src/linux-aarch64/crypto/fipsmodule/keccak1600-armv8.S b/generated-src/linux-aarch64/crypto/fipsmodule/keccak1600-armv8.S
index 78db0868bf..f2922815f4 100644
--- a/generated-src/linux-aarch64/crypto/fipsmodule/keccak1600-armv8.S
+++ b/generated-src/linux-aarch64/crypto/fipsmodule/keccak1600-armv8.S
@@ -489,27 +489,26 @@ SHA3_Squeeze_hw:
 	mov	x20,x1
 	mov	x21,x2
 	mov	x22,x3
-	cmp	x4, #0
-	bne	.Lfirst_squeeze    // if (first != 0) -> first block -> skip first Keccak
-.Loop_squeeze:	//	Squeeze loop (Keccak & Store)
-	mov	x0,x19
-	bl	KeccakF1600
-.Lfirst_squeeze:
-	mov	x0,x19
-	mov	x3,x22
-.L_squeeze:	//	Store loop
+	cmp	x4, #0				// x4 = 'next' argument
+	bne	.Lnext_block
+.Loop_squeeze:
 	ldr	x4,[x0],#8
 	cmp	x21,#8
-	blo	.Lsqueeze_tail	   // Store tail only
+	blo	.Lsqueeze_tail
 #ifdef	__AARCH64EB__
 	rev	x4,x4
 #endif
 	str	x4,[x20],#8
 	subs	x21,x21,#8
-	ble	.Lsqueeze_done
+	beq	.Lsqueeze_done
 	subs	x3,x3,#8
-	bhi	.L_squeeze		   // End store loop
-	b	.Loop_squeeze      // End Squeeze loop (Keccak & Store)
+	bhi	.Loop_squeeze
+.Lnext_block:
+	mov	x0,x19
+	bl	KeccakF1600
+	mov	x0,x19
+	mov	x3,x22
+	b	.Loop_squeeze
 .align	4
 .Lsqueeze_tail:
 	strb	w4,[x20],#1
diff --git a/generated-src/win-aarch64/crypto/fipsmodule/keccak1600-armv8.S b/generated-src/win-aarch64/crypto/fipsmodule/keccak1600-armv8.S
index 1af239953b..7244c46fd8 100644
--- a/generated-src/win-aarch64/crypto/fipsmodule/keccak1600-armv8.S
+++ b/generated-src/win-aarch64/crypto/fipsmodule/keccak1600-armv8.S
@@ -497,27 +497,26 @@ SHA3_Squeeze_hw:
 	mov	x20,x1
 	mov	x21,x2
 	mov	x22,x3
-	cmp	x4, #0
-	bne	Lfirst_squeeze    // if (first != 0) -> first block -> skip first Keccak
-Loop_squeeze:	//	Squeeze loop (Keccak & Store)
-	mov	x0,x19
-	bl	KeccakF1600
-Lfirst_squeeze:
-	mov	x0,x19
-	mov	x3,x22
-L_squeeze:	//	Store loop
+	cmp	x4, #0				// x4 = 'next' argument
+	bne	Lnext_block
+Loop_squeeze:
 	ldr	x4,[x0],#8
 	cmp	x21,#8
-	blo	Lsqueeze_tail	   // Store tail only
+	blo	Lsqueeze_tail
 #ifdef	__AARCH64EB__
 	rev	x4,x4
 #endif
 	str	x4,[x20],#8
 	subs	x21,x21,#8
-	ble	Lsqueeze_done
+	beq	Lsqueeze_done
 	subs	x3,x3,#8
-	bhi	L_squeeze		   // End store loop
-	b	Loop_squeeze      // End Squeeze loop (Keccak & Store)
+	bhi	Loop_squeeze
+Lnext_block:
+	mov	x0,x19
+	bl	KeccakF1600
+	mov	x0,x19
+	mov	x3,x22
+	b	Loop_squeeze
 .align	4
 Lsqueeze_tail:
 	strb	w4,[x20],#1