From 10193b37e384cd1c99a6fbc50f8cb8597517cc3a Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Wed, 28 Jan 2026 00:00:33 +0100
Subject: [PATCH 1/5] tests: scripts: add new component to test alignment with
 GCC O3 optizations

This is meant to test a bug found on:
- Little endian platforms other than x86 or ARM (these have specific
  optimizations available);
- GCC versions from 10 to 14.2 (below and above are fine);
- Optimization level "-O3" (lower levels are fine).

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 tests/scripts/components-compiler.sh | 44 ++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh
index 1eac64f54d..ed89d818ca 100644
--- a/tests/scripts/components-compiler.sh
+++ b/tests/scripts/components-compiler.sh
@@ -172,3 +172,47 @@ component_test_zeroize () {
         done
     done
 }
+
+# This originated from an issue (https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/665) found
+# in GCM when the library is built with GCC "10.0 <= version <= 14.2" on platforms other than
+# x86 and ARM64.
+component_test_tf_psa_crypto_optimized_alignment() {
+    msg "build: verify alignment with O3 optimizations in GCC"
+
+    # Disable optimizations for x86 (and ARM64) so that alignment related problems in
+    # "alignment.h" can be tested also on standard PC.
+    scripts/config.py unset MBEDTLS_AESNI_C
+    scripts/config.py unset MBEDTLS_AESCE_C
+
+    # "-O3" is the optimization level that causes issues: the compiler tries to
+    # optimize operations order and if memory dependencies are not respected
+    # (as it happens in issue tf-psa-crypto#665) this completely messes up results.
+    EXTRA_C_FLAGS="-O3"
+    # Forcedly ignore "MBEDTLS_EFFICIENT_UNALIGNED_ACCESS" on x86 so that we
+    # can test the problematic case, i.e. the case where uint64 integers are
+    # accessed through "mbedtls_uint64_unaligned_t" structs.
+    EXTRA_C_FLAGS="$EXTRA_C_FLAGS -DMBEDTLS_ALIGNMENT_DISABLE_EFFICENT_UNALIGNED_ACCESS"
+    # Adding '-g3' flag doesn't affect testing, BUT it allows to dump the generated
+    # assembly code for "gcm.o" module for inspection. To do this use the
+    # following command:
+    # > objdump -S --disassemble out_of_source_build/drivers/builtin/CMakeFiles/builtin.dir/src/gcm.c.o > gcm.s
+    # A file named "gcm.s" will be generated containing a mix of C and corresponding
+    # assembly code.
+    EXTRA_C_FLAGS="$EXTRA_C_FLAGS -g3"
+
+    cd $OUT_OF_SOURCE_DIR
+    cmake -DCMAKE_C_COMPILER=gcc -DCMAKE_C_FLAGS=" $EXTRA_C_FLAGS " "$TF_PSA_CRYPTO_ROOT_DIR"
+    make
+
+    msg "test: verify alignment with O3 optimizations in GCC"
+    make test
+}
+
+support_test_tf_psa_crypto_optimized_alignment() {
+    case $(gcc -dumpfullversion 2>/dev/null) in
+        ""|?.*) false;; # too old
+        10.*|11.*|12.*|13.*) true;;
+        14.[012].*) true;;
+        *) false;; # too recent
+    esac
+}

From be0c788105f53add88f1034edac06e0097c7c794 Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Wed, 28 Jan 2026 00:02:06 +0100
Subject: [PATCH 2/5] library: alignment.h: add internal symbol to disable
 optimizations on x86

MBEDTLS_ALIGNMENT_DISABLE_EFFICENT_UNALIGNED_ACCESS is used to forcedly
prevent MBEDTLS_EFFICIENT_UNALIGNED_ACCESS from being set. This prevents
optimizations from being used on x86 which is useful for testing
purposes.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 library/alignment.h | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/library/alignment.h b/library/alignment.h
index a17001dd91..bbe459ed54 100644
--- a/library/alignment.h
+++ b/library/alignment.h
@@ -15,6 +15,7 @@
 #include <string.h>
 #include <stdlib.h>
 
+#if !defined(MBEDTLS_ALIGNMENT_DISABLE_EFFICENT_UNALIGNED_ACCESS)  //no-check-names
 /*
  * Define MBEDTLS_EFFICIENT_UNALIGNED_ACCESS for architectures where unaligned memory
  * accesses are known to be efficient.
@@ -35,7 +36,9 @@
  * device memory).
  */
 #define MBEDTLS_EFFICIENT_UNALIGNED_ACCESS
-#endif
+#endif /* __ARM_FEATURE_UNALIGNED || MBEDTLS_ARCH_IS_X86 || MBEDTLS_ARCH_IS_X64 ||
+        * MBEDTLS_PLATFORM_IS_WINDOWS_ON_ARM64 */
+#endif /* MBEDTLS_ALIGNMENT_DISABLE_EFFICENT_UNALIGNED_ACCESS */ //no-check-names
 
 #if defined(__IAR_SYSTEMS_ICC__) && \
     (defined(MBEDTLS_ARCH_IS_ARM64) || defined(MBEDTLS_ARCH_IS_ARM32) \

From 32ef7050244d61a51d2b794fd3bf8c7cbef4b41e Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Wed, 28 Jan 2026 00:02:41 +0100
Subject: [PATCH 3/5] library: alignment: add "may_alias" attribute to
 mbedtls_uintXX_unaligned_t structs

Tell the GCC compiler that pointers to types "mbedtls_uintXX_unaligned_t"
(where XX is 16, 32 or 64) might alias with other types. This helps at
high optimizations level (i.e. "-O3") so that the compiler does not mess
up with instruction reordering and memory accesses.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 library/alignment.h | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/library/alignment.h b/library/alignment.h
index bbe459ed54..3c107d8695 100644
--- a/library/alignment.h
+++ b/library/alignment.h
@@ -88,13 +88,13 @@ typedef uint64_t __packed mbedtls_uint64_unaligned_t;
  #define UINT_UNALIGNED_STRUCT
 typedef struct {
     uint16_t x;
-} __attribute__((packed)) mbedtls_uint16_unaligned_t;
+} __attribute__((packed, may_alias)) mbedtls_uint16_unaligned_t;
 typedef struct {
     uint32_t x;
-} __attribute__((packed)) mbedtls_uint32_unaligned_t;
+} __attribute__((packed, may_alias)) mbedtls_uint32_unaligned_t;
 typedef struct {
     uint64_t x;
-} __attribute__((packed)) mbedtls_uint64_unaligned_t;
+} __attribute__((packed, may_alias)) mbedtls_uint64_unaligned_t;
  #endif
 
 /*

From f79c548ad099e102f54a4e8e60cbfd84cea187db Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Wed, 28 Jan 2026 00:03:19 +0100
Subject: [PATCH 4/5] changelog: add changelog about fixing issue #665 in
 tf-psa-crypto

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 ChangeLog.d/issue665.txt | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 ChangeLog.d/issue665.txt

diff --git a/ChangeLog.d/issue665.txt b/ChangeLog.d/issue665.txt
new file mode 100644
index 0000000000..7d3da9ebce
--- /dev/null
+++ b/ChangeLog.d/issue665.txt
@@ -0,0 +1,6 @@
+Bugfix
+   * Fix a bug that caused GCM tag calculations to fail, so that data was
+     correctly encrypted but could not be authenticated. The bug was only
+     observed with GCC 10.0 to 14.2 inclusive, when compiling with -O3, and
+     running without AESNI or AESCE.
+     Fixes #665.

From 2b2f430fcd8548ed8c71d685151812964aa4fc58 Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Wed, 28 Jan 2026 00:18:09 +0100
Subject: [PATCH 5/5] tests: scripts: adapt
 test_tf_psa_crypto_optimized_alignment to 3.6

Move from CMake to Make

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 tests/scripts/components-compiler.sh | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh
index ed89d818ca..b764247380 100644
--- a/tests/scripts/components-compiler.sh
+++ b/tests/scripts/components-compiler.sh
@@ -200,9 +200,7 @@ component_test_tf_psa_crypto_optimized_alignment() {
     # assembly code.
     EXTRA_C_FLAGS="$EXTRA_C_FLAGS -g3"
 
-    cd $OUT_OF_SOURCE_DIR
-    cmake -DCMAKE_C_COMPILER=gcc -DCMAKE_C_FLAGS=" $EXTRA_C_FLAGS " "$TF_PSA_CRYPTO_ROOT_DIR"
-    make
+    make CC=gcc CFLAGS="$EXTRA_C_FLAGS"
 
     msg "test: verify alignment with O3 optimizations in GCC"
     make test