[PATCH 2/3] mpih-const-time: avoid branches in _gcry_mpih_cmp_ui
Jussi Kivilinna
jussi.kivilinna at iki.fi
Thu Feb 13 20:01:02 CET 2025
Hello,
On 13.2.2025 8.20, NIIBE Yutaka wrote:
> Hello, again for _gcry_mpih_cmp_ui,
>
> Jussi Kivilinna <jussi.kivilinna at iki.fi> wrote:
>> * mpi/mpih-const-time.c (_gcry_mpih_cmp_ui): Avoid conditional
>> branches for return value selection.
>
> After the commit of this, I realize that there is a thinko.
>
> When IS_ALL_ZERO (meaning all the limbs sans the least one are zero)
> is false, the function should return 1 (instead of 0).
Ah, that's right. Here's patch attach with new tests to catch this. I'll push this to master soon.
-Jussi
>
> Something like this:
>
> diff --git a/mpi/mpih-const-time.c b/mpi/mpih-const-time.c
> index d8b66c46..a6314932 100644
> --- a/mpi/mpih-const-time.c
> +++ b/mpi/mpih-const-time.c
> @@ -232,5 +232,5 @@ _gcry_mpih_cmp_ui (mpi_ptr_t up, mpi_size_t usize, unsigned long v)
> for (i = 1; i < usize; i++)
> is_all_zero &= ct_ulong_gen_mask(mpih_limb_is_zero (up[i]));
>
> - return cmp0 & (int)is_all_zero;
> + return (cmp0 & (int)is_all_zero) | (~is_all_zero & 1);
> }
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-mpih-const-time-fix-return-value-for-_gcry_mpih_cmp_.patch
Type: text/x-patch
Size: 3793 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20250213/fa45e1ff/attachment.bin>
More information about the Gcrypt-devel
mailing list