cnd_mpn_zero: Use a volatile-declared mask variable.

diff --git a/ChangeLog b/ChangeLog
index a9d0b1e79cfb2aa12fe183d6e8adc22347d71deb..11d55ed0e7fa3c55e71ded82b859db068c4e890a 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,9 +1,10 @@
 2018-11-25  Niels Möller  <nisse@lysator.liu.se>
 
-       * rsa-sign-tr.c (_rsa_sec_compute_root_tr): Renamed, from...
-       (rsa_sec_compute_root_tr): ... old name. Updated callers.
        * rsa.h (rsa_sec_compute_root_tr): Deleted declaration, moved to ...
        * rsa-internal.h (_rsa_sec_compute_root_tr): ... new location.
+       * rsa-sign-tr.c (_rsa_sec_compute_root_tr): Renamed, from...
+       (rsa_sec_compute_root_tr): ... old name. Updated callers.
+       (cnd_mpn_zero): Use a volatile-declared mask variable.
 
        * testsuite/testutils.c (mpz_urandomb) [NETTLE_USE_MINI_GMP]: Fix
        masking of most significant bits.

diff --git a/rsa-sign-tr.c b/rsa-sign-tr.c
index be320b23669e5fa81ea1792dc60e0809c483a7df..54bf49fd1478e2cb375cea513454be36898d389f 100644 (file)
--- a/rsa-sign-tr.c
+++ b/rsa-sign-tr.c
@@ -245,6 +245,7 @@ sec_equal(const mp_limb_t *a, const mp_limb_t *b, size_t limbs)
       z |= (a[i] ^ b[i]);
     }
 
+  /* FIXME: Might compile to a branch instruction on some platforms. */
   return z == 0;
 }
 
@@ -278,11 +279,12 @@ static void
 cnd_mpn_zero (int cnd, volatile mp_ptr rp, mp_size_t n)
 {
   volatile mp_limb_t c;
+  volatile mp_limb_t mask = (mp_limb_t) cnd - 1;
 
   while (--n >= 0)
     {
       c = rp[n];
-      c &= ((mp_limb_t)cnd - 1);
+      c &= mask;
       rp[n] = c;
     }
 }