[PATCH 11/12] ec-nist: avoid unintentional conditional branch by comparison

Jussi Kivilinna jussi.kivilinna at iki.fi
Thu Nov 2 19:06:38 CET 2023


* mpi/ec-nist.c (_gcry_mpi_ec_nist521_mod): Use mpih_limb_is_not_zero.
* mpi/mpi-internal.h (mpih_limb_is_not_zero): New.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna at iki.fi>
---
 mpi/ec-nist.c      | 2 +-
 mpi/mpi-internal.h | 9 +++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/mpi/ec-nist.c b/mpi/ec-nist.c
index a822af76..6dfaa1da 100644
--- a/mpi/ec-nist.c
+++ b/mpi/ec-nist.c
@@ -808,7 +808,7 @@ _gcry_mpi_ec_nist521_mod (gcry_mpi_t w, mpi_ec_t ctx)
   /* "mod p" */
   cy = _gcry_mpih_sub_n (wp, wp, ctx->p->d, wsize);
   _gcry_mpih_add_n (s, wp, ctx->p->d, wsize);
-  mpih_set_cond (wp, s, wsize, (cy != 0UL));
+  mpih_set_cond (wp, s, wsize, mpih_limb_is_not_zero (cy));
 
   w->nlimbs = wsize;
   MPN_NORMALIZE (wp, w->nlimbs);
diff --git a/mpi/mpi-internal.h b/mpi/mpi-internal.h
index bb12e86c..70045037 100644
--- a/mpi/mpi-internal.h
+++ b/mpi/mpi-internal.h
@@ -276,6 +276,15 @@ mpih_limb_is_zero (mpi_limb_t a)
   return a >> (BITS_PER_MPI_LIMB - 1);
 }
 
+static inline int
+mpih_limb_is_not_zero (mpi_limb_t a)
+{
+  /* Sign bit set if A != 0. */
+  a = a | (-a);
+
+  return a >> (BITS_PER_MPI_LIMB - 1);
+}
+
 void _gcry_mpih_set_cond (mpi_ptr_t wp, mpi_ptr_t up, mpi_size_t usize,
                           unsigned long op_enable);
 mpi_limb_t _gcry_mpih_add_n_cond (mpi_ptr_t wp, mpi_ptr_t up, mpi_ptr_t vp,
-- 
2.40.1




More information about the Gcrypt-devel mailing list