From f9e3227f3726a1c39819e29c43af7d4e6d978e44 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se>
Date: Sun, 25 Nov 2018 20:10:13 +0100
Subject: cnd_mpn_zero: Use a volatile-declared mask variable.

---
 rsa-sign-tr.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'rsa-sign-tr.c')

diff --git a/rsa-sign-tr.c b/rsa-sign-tr.c
index be320b23..54bf49fd 100644
--- a/rsa-sign-tr.c
+++ b/rsa-sign-tr.c
@@ -245,6 +245,7 @@ sec_equal(const mp_limb_t *a, const mp_limb_t *b, size_t limbs)
       z |= (a[i] ^ b[i]);
     }
 
+  /* FIXME: Might compile to a branch instruction on some platforms. */
   return z == 0;
 }
 
@@ -278,11 +279,12 @@ static void
 cnd_mpn_zero (int cnd, volatile mp_ptr rp, mp_size_t n)
 {
   volatile mp_limb_t c;
+  volatile mp_limb_t mask = (mp_limb_t) cnd - 1;
 
   while (--n >= 0)
     {
       c = rp[n];
-      c &= ((mp_limb_t)cnd - 1);
+      c &= mask;
       rp[n] = c;
     }
 }
-- 
cgit v1.2.1