From: Niels Möller <nisse@lysator.liu.se>
Date: Sat, 14 May 2022 20:33:28 +0000 (+0200)
Subject: ocb: Rewrite trailing-zeros loop to not use __builtin_ctzll.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=175320ed6670ed7a14284a608d5419dae42b3619;p=thirdparty%2Fnettle.git

ocb: Rewrite trailing-zeros loop to not use __builtin_ctzll.
---

diff --git a/ocb.c b/ocb.c
index 404c5b5a..880c11a4 100644
--- a/ocb.c
+++ b/ocb.c
@@ -79,22 +79,23 @@ ocb_set_key (struct ocb_key *key, const void *cipher, nettle_cipher_func *f)
   block16_mulx_be (&key->L[2], &key->L[1]);
 }
 
+/* Add x^k L[2], where k is the number of trailing bits in i. */
 static void
 update_offset(const struct ocb_key *key,
 	      union nettle_block16 *offset, size_t i)
 {
-  unsigned ntz = __builtin_ctzll(i);
-  if (ntz > 0)
+  if (i & 1)
+    block16_xor (offset, &key->L[2]);
+  else
     {
+      assert (i > 0);
       union nettle_block16 diff;
       block16_mulx_be (&diff, &key->L[2]);
-      while (--ntz > 0)
+      for (i >>= 1; !(i&1); i >>= 1)
 	block16_mulx_be (&diff, &diff);
 
       block16_xor (offset, &diff);
     }
-  else
-    block16_xor (offset, &key->L[2]);
 }
 
 static void