From df3bb7c5e6d47705568e1c0022b820def89dfbc4 Mon Sep 17 00:00:00 2001
From: Mounir IDRASSI <mounir.idrassi@amcrypto.jp>
Date: Fri, 5 Jun 2026 15:20:34 +0900
Subject: [PATCH] Crypto: fix no-SSE2 x86 fallback paths

Guard BLAKE2s x86 SIMD dispatch on compiled SSE2 intrinsic support so NOSSE2 builds do not reference missing compressor symbols.

Make Argon2 AVX2/SSE2 stubs fall back to the next available implementation instead of returning ARGON2_INCORRECT_PARAMETER when runtime CPU flags outpace build capabilities.
---
 src/Crypto/Argon2/src/opt_avx2.c | 8 +++++---
 src/Crypto/Argon2/src/opt_sse2.c | 8 +++++---
 src/Crypto/blake2s.c             | 8 ++++++--
 3 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/src/Crypto/Argon2/src/opt_avx2.c b/src/Crypto/Argon2/src/opt_avx2.c
index 3d788419..81d05695 100644
--- a/src/Crypto/Argon2/src/opt_avx2.c
+++ b/src/Crypto/Argon2/src/opt_avx2.c
@@ -205,10 +205,12 @@ int fill_segment_avx2(const argon2_instance_t *instance,
     return ARGON2_OK;
 }
 #else
+extern int fill_segment_sse2(const argon2_instance_t* instance,
+    argon2_position_t position);
+
 int fill_segment_avx2(const argon2_instance_t* instance,
     argon2_position_t position) {
-    (void)instance;
-    (void)position;
-    return ARGON2_INCORRECT_PARAMETER; /* AVX2 not available */
+    /* AVX2-capable CPUs may reach this symbol when the AVX2 TU was built as a stub. */
+    return fill_segment_sse2(instance, position);
 }
 #endif
diff --git a/src/Crypto/Argon2/src/opt_sse2.c b/src/Crypto/Argon2/src/opt_sse2.c
index ec795409..d401954a 100644
--- a/src/Crypto/Argon2/src/opt_sse2.c
+++ b/src/Crypto/Argon2/src/opt_sse2.c
@@ -206,10 +206,12 @@ int fill_segment_sse2(const argon2_instance_t *instance,
     return ARGON2_OK;
 }
 #else
+extern int fill_segment_ref(const argon2_instance_t* instance,
+    argon2_position_t position);
+
 int fill_segment_sse2(const argon2_instance_t* instance,
     argon2_position_t position) {
-    (void)instance;
-    (void)position;
-    return ARGON2_INCORRECT_PARAMETER; // SSE2 not available
+    /* NOSSE2 builds can still run on SSE2-capable CPUs and reach this symbol. */
+    return fill_segment_ref(instance, position);
 }
 #endif
diff --git a/src/Crypto/blake2s.c b/src/Crypto/blake2s.c
index 371ce6a2..3a9df583 100644
--- a/src/Crypto/blake2s.c
+++ b/src/Crypto/blake2s.c
@@ -21,6 +21,10 @@
 #include "Crypto/cpu.h"
 #include "Crypto/misc.h"
 
+#define BLAKE2S_USE_X86_INTRINSICS \
+	((CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32) \
+		&& CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE)
+
 // load32 is always called in SSE case which implies little endian 
 #define load32(x)	*((uint32*) (x))
 
@@ -105,7 +109,7 @@ void blake2s_init_param( blake2s_state *S, const blake2s_param *P )
 typedef void (*blake2s_compressFn)( blake2s_state *S, const uint8 block[BLAKE2S_BLOCKBYTES] );
 
 blake2s_compressFn blake2s_compress_func = NULL;
-#if CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32
+#if BLAKE2S_USE_X86_INTRINSICS
 extern int blake2s_has_sse2();
 extern int blake2s_has_ssse3();
 extern int blake2s_has_sse41();
@@ -180,7 +184,7 @@ void blake2s_init( blake2s_state *S )
 
   if (!blake2s_compress_func)
   {
-#if CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32
+#if BLAKE2S_USE_X86_INTRINSICS
 	if (HasSSE2() && blake2s_has_sse2())
 	{
 		if (HasSSE41() && blake2s_has_sse41())