[PATCH 08/12] mpiutil: use global vone and vzero

Thu Nov 2 19:01:12 CET 2023

* mpi/mpiutil.c (_gcry_mpi_set_cond, _gcry_mpi_swap_cond): Use
_gcry_ct_vzero and _gcry_ct_vone.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna at iki.fi>
---
 mpi/mpiutil.c | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/mpi/mpiutil.c b/mpi/mpiutil.c
index d5a1b8a8..f7506718 100644
--- a/mpi/mpiutil.c
+++ b/mpi/mpiutil.c
@@ -27,6 +27,7 @@
 #include "g10lib.h"
 #include "mpi-internal.h"
 #include "mod-source-info.h"
+#include "const-time.h"
 
 
 #if SIZEOF_UNSIGNED_INT == 2
@@ -46,12 +47,6 @@
 /* Constants allocated right away at startup.  */
 static gcry_mpi_t constants[MPI_NUMBER_OF_CONSTANTS];
 
-/* These variables are used to generate masks from conditional operation
- * flag parameters.  Use of volatile prevents compiler optimizations from
- * converting AND-masking to conditional branches.  */
-static volatile mpi_limb_t vzero = 0;
-static volatile mpi_limb_t vone = 1;
-
 
 const char *
 _gcry_mpi_get_hw_config (void)
@@ -513,10 +508,11 @@ _gcry_mpi_set (gcry_mpi_t w, gcry_mpi_t u)
 gcry_mpi_t
 _gcry_mpi_set_cond (gcry_mpi_t w, const gcry_mpi_t u, unsigned long set)
 {
+  /* Note: dual mask with AND/OR used for EM leakage mitigation */
+  mpi_limb_t mask1 = _gcry_ct_vzero - set;
+  mpi_limb_t mask2 = set - _gcry_ct_vone;
   mpi_size_t i;
   mpi_size_t nlimbs = u->alloced;
-  mpi_limb_t mask1 = vzero - set;
-  mpi_limb_t mask2 = set - vone;
   mpi_limb_t xu;
   mpi_limb_t xw;
   mpi_limb_t *uu = u->d;
@@ -614,10 +610,11 @@ _gcry_mpi_swap (gcry_mpi_t a, gcry_mpi_t b)
 void
 _gcry_mpi_swap_cond (gcry_mpi_t a, gcry_mpi_t b, unsigned long swap)
 {
+  /* Note: dual mask with AND/OR used for EM leakage mitigation */
+  mpi_limb_t mask1 = _gcry_ct_vzero - swap;
+  mpi_limb_t mask2 = swap - _gcry_ct_vone;
   mpi_size_t i;
   mpi_size_t nlimbs;
-  mpi_limb_t mask1 = vzero - swap;
-  mpi_limb_t mask2 = swap - vone;
   mpi_limb_t *ua = a->d;
   mpi_limb_t *ub = b->d;
   mpi_limb_t xa;
-- 
2.40.1


