[PATCH 11/12] ec-nist: avoid unintentional conditional branch by comparison
Jussi Kivilinna
jussi.kivilinna at iki.fi
Thu Nov 2 19:06:38 CET 2023
* mpi/ec-nist.c (_gcry_mpi_ec_nist521_mod): Use mpih_limb_is_not_zero.
* mpi/mpi-internal.h (mpih_limb_is_not_zero): New.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna at iki.fi>
---
mpi/ec-nist.c | 2 +-
mpi/mpi-internal.h | 9 +++++++++
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/mpi/ec-nist.c b/mpi/ec-nist.c
index a822af76..6dfaa1da 100644
--- a/mpi/ec-nist.c
+++ b/mpi/ec-nist.c
@@ -808,7 +808,7 @@ _gcry_mpi_ec_nist521_mod (gcry_mpi_t w, mpi_ec_t ctx)
/* "mod p" */
cy = _gcry_mpih_sub_n (wp, wp, ctx->p->d, wsize);
_gcry_mpih_add_n (s, wp, ctx->p->d, wsize);
- mpih_set_cond (wp, s, wsize, (cy != 0UL));
+ mpih_set_cond (wp, s, wsize, mpih_limb_is_not_zero (cy));
w->nlimbs = wsize;
MPN_NORMALIZE (wp, w->nlimbs);
diff --git a/mpi/mpi-internal.h b/mpi/mpi-internal.h
index bb12e86c..70045037 100644
--- a/mpi/mpi-internal.h
+++ b/mpi/mpi-internal.h
@@ -276,6 +276,15 @@ mpih_limb_is_zero (mpi_limb_t a)
return a >> (BITS_PER_MPI_LIMB - 1);
}
+static inline int
+mpih_limb_is_not_zero (mpi_limb_t a)
+{
+ /* Sign bit set if A != 0. */
+ a = a | (-a);
+
+ return a >> (BITS_PER_MPI_LIMB - 1);
+}
+
void _gcry_mpih_set_cond (mpi_ptr_t wp, mpi_ptr_t up, mpi_size_t usize,
unsigned long op_enable);
mpi_limb_t _gcry_mpih_add_n_cond (mpi_ptr_t wp, mpi_ptr_t up, mpi_ptr_t vp,
--
2.40.1
More information about the Gcrypt-devel
mailing list