[PATCH 09/12] ec-nist: use global vone and vzero
Jussi Kivilinna
jussi.kivilinna at iki.fi
Thu Nov 2 19:01:13 CET 2023
* mpi/ec-nist.c (vzero, vone): Remove.
(_gcry_mpi_ec_nist192_mod, _gcry_mpi_ec_nist224_mod)
(_gcry_mpi_ec_nist256_mod, _gcry_mpi_ec_nist384_mod): Use _gcry_ct_vzero
and _gcry_ct_vone.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna at iki.fi>
---
mpi/ec-nist.c | 26 ++++++++++----------------
1 file changed, 10 insertions(+), 16 deletions(-)
diff --git a/mpi/ec-nist.c b/mpi/ec-nist.c
index 14e3c3ab..a822af76 100644
--- a/mpi/ec-nist.c
+++ b/mpi/ec-nist.c
@@ -32,13 +32,7 @@
#include "context.h"
#include "ec-context.h"
#include "ec-inline.h"
-
-
-/* These variables are used to generate masks from conditional operation
- * flag parameters. Use of volatile prevents compiler optimizations from
- * converting AND-masking to conditional branches. */
-static volatile mpi_limb_t vzero = 0;
-static volatile mpi_limb_t vone = 1;
+#include "const-time.h"
static inline
@@ -147,8 +141,8 @@ _gcry_mpi_ec_nist192_mod (gcry_mpi_t w, mpi_ec_t ctx)
s_is_negative = LO32_LIMB64(s[3]) >> 31;
- mask2 = vzero - s_is_negative;
- mask1 = s_is_negative - vone;
+ mask2 = _gcry_ct_vzero - s_is_negative;
+ mask1 = s_is_negative - _gcry_ct_vone;
STORE64_COND(wp, 0, mask2, o[0], mask1, s[0]);
STORE64_COND(wp, 1, mask2, o[1], mask1, s[1]);
@@ -270,8 +264,8 @@ _gcry_mpi_ec_nist224_mod (gcry_mpi_t w, mpi_ec_t ctx)
s_is_negative = (HI32_LIMB64(s[3]) >> 31);
- mask2 = vzero - s_is_negative;
- mask1 = s_is_negative - vone;
+ mask2 = _gcry_ct_vzero - s_is_negative;
+ mask1 = s_is_negative - _gcry_ct_vone;
STORE64_COND(wp, 0, mask2, d[0], mask1, s[0]);
STORE64_COND(wp, 1, mask2, d[1], mask1, s[1]);
@@ -499,9 +493,9 @@ _gcry_mpi_ec_nist256_mod (gcry_mpi_t w, mpi_ec_t ctx)
s_is_negative = LO32_LIMB64(s[4]) >> 31;
d_is_negative = LO32_LIMB64(d[4]) >> 31;
- mask3 = vzero - d_is_negative;
- mask2 = (vzero - s_is_negative) & ~mask3;
- mask1 = (s_is_negative - vone) & ~mask3;
+ mask3 = _gcry_ct_vzero - d_is_negative;
+ mask2 = (_gcry_ct_vzero - s_is_negative) & ~mask3;
+ mask1 = (s_is_negative - _gcry_ct_vone) & ~mask3;
s[0] = LIMB_OR64(MASK_AND64(mask2, d[0]), MASK_AND64(mask1, s[0]));
s[1] = LIMB_OR64(MASK_AND64(mask2, d[1]), MASK_AND64(mask1, s[1]));
@@ -770,8 +764,8 @@ _gcry_mpi_ec_nist384_mod (gcry_mpi_t w, mpi_ec_t ctx)
p_mult[0 + 3][1], p_mult[0 + 3][0]);
s_is_negative = LO32_LIMB64(s[6]) >> 31;
- mask2 = vzero - s_is_negative;
- mask1 = s_is_negative - vone;
+ mask2 = _gcry_ct_vzero - s_is_negative;
+ mask1 = s_is_negative - _gcry_ct_vone;
STORE64_COND(wp, 0, mask2, d[0], mask1, s[0]);
STORE64_COND(wp, 1, mask2, d[1], mask1, s[1]);
--
2.40.1
More information about the Gcrypt-devel
mailing list