Use small Curve25519 for wasm32 & other non-{aarch64,x86_64}.

crypto/curve25519/curve25519.c

@@ -240,9 +240,11 @@ static void fe_mul_ltt(fe_loose *h, const fe *f, const fe *g) {
   fe_mul_impl(h->v, f->v, g->v);
 }
 
-// static void fe_mul_llt(fe_loose *h, const fe_loose *f, const fe *g) was
-// removed. This comment is here to make diffs vs. BoringSSL easier to read.
-
+#if defined(OPENSSL_SMALL)
+static void fe_mul_llt(fe_loose *h, const fe_loose *f, const fe *g) {
+  fe_mul_impl(h->v, f->v, g->v);
+}
+#endif
 
 static void fe_mul_ttt(fe *h, const fe *f, const fe *g) {
   fe_mul_impl(h->v, f->v, g->v);

include/ring-core/target.h

@@ -152,4 +152,8 @@
 #endif
 #endif  // OPENSSL_ASM_INCOMPATIBLE
 
+#if !defined(OPENSSL_X86_64) && !defined(OPENSSL_AARCH64)
+#define OPENSSL_SMALL
+#endif
+
 #endif  // OPENSSL_HEADER_TARGET_H

src/ec.rs

@@ -36,7 +36,6 @@ derive_debug_via_id!(Curve);
 
 #[derive(Clone, Copy, Debug, PartialEq)]
 pub enum CurveID {
-    #[cfg(not(target_arch = "wasm32"))]
     Curve25519,
     P256,
     P384,

src/ec/curve25519.rs

@@ -16,7 +16,6 @@
 
 pub mod ed25519;
 
-#[cfg(not(target_arch = "wasm32"))]
 pub mod x25519;
 
 mod ops;

src/ec/suite_b.rs

@@ -229,7 +229,6 @@ pub(crate) fn key_pair_from_bytes(
 
 pub mod curve;
 
-#[cfg(not(target_arch = "wasm32"))]
 pub mod ecdh;
 
 pub mod ecdsa;

src/lib.rs

@@ -75,7 +75,6 @@ mod polyfill;
 
 pub mod aead;
 
-#[cfg(not(target_arch = "wasm32"))]
 pub mod agreement;
 
 mod bits;

tests/agreement_tests.rs

@@ -12,7 +12,11 @@
 // OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
 // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-#![cfg(not(target_arch = "wasm32"))]
+#[cfg(all(target_arch = "wasm32", target_os = "unknown"))]
+use wasm_bindgen_test::{wasm_bindgen_test as test, wasm_bindgen_test_configure};
+
+#[cfg(all(target_arch = "wasm32", target_os = "unknown"))]
+wasm_bindgen_test_configure!(run_in_browser);
 
 extern crate alloc;