From: Niels Möller <nisse@lysator.liu.se>
Date: Sun, 25 Nov 2018 19:10:13 +0000 (+0100)
Subject: cnd_mpn_zero: Use a volatile-declared mask variable.
X-Git-Tag: nettle_3.4.1rc1~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f9e3227f3726a1c39819e29c43af7d4e6d978e44;p=thirdparty%2Fnettle.git

cnd_mpn_zero: Use a volatile-declared mask variable.
---

diff --git a/ChangeLog b/ChangeLog
index a9d0b1e7..11d55ed0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,9 +1,10 @@
 2018-11-25  Niels Möller  <nisse@lysator.liu.se>
 
-	* rsa-sign-tr.c (_rsa_sec_compute_root_tr): Renamed, from...
-	(rsa_sec_compute_root_tr): ... old name. Updated callers.
 	* rsa.h (rsa_sec_compute_root_tr): Deleted declaration, moved to ...
 	* rsa-internal.h (_rsa_sec_compute_root_tr): ... new location.
+	* rsa-sign-tr.c (_rsa_sec_compute_root_tr): Renamed, from...
+	(rsa_sec_compute_root_tr): ... old name. Updated callers.
+	(cnd_mpn_zero): Use a volatile-declared mask variable.
 
 	* testsuite/testutils.c (mpz_urandomb) [NETTLE_USE_MINI_GMP]: Fix
 	masking of most significant bits.
diff --git a/rsa-sign-tr.c b/rsa-sign-tr.c
index be320b23..54bf49fd 100644
--- a/rsa-sign-tr.c
+++ b/rsa-sign-tr.c
@@ -245,6 +245,7 @@ sec_equal(const mp_limb_t *a, const mp_limb_t *b, size_t limbs)
       z |= (a[i] ^ b[i]);
     }
 
+  /* FIXME: Might compile to a branch instruction on some platforms. */
   return z == 0;
 }
 
@@ -278,11 +279,12 @@ static void
 cnd_mpn_zero (int cnd, volatile mp_ptr rp, mp_size_t n)
 {
   volatile mp_limb_t c;
+  volatile mp_limb_t mask = (mp_limb_t) cnd - 1;
 
   while (--n >= 0)
     {
       c = rp[n];
-      c &= ((mp_limb_t)cnd - 1);
+      c &= mask;
       rp[n] = c;
     }
 }