Hello, Thank you for your work of Nettle.
I tested the cnd_copy function with the Compiler Explorer.
The input is:
==========================
#ifndef MINI_GMP_LIMB_TYPE
#define MINI_GMP_LIMB_TYPE long
#endif
typedef unsigned MINI_GMP_LIMB_TYPE mp_limb_t;
typedef long mp_size_t;
void
cnd_copy (int cnd, mp_limb_t *rp, const mp_limb_t *ap, mp_size_t n)
{
mp_limb_t mask, keep;
mp_size_t i;
mask = -(mp_limb_t) (cnd !=0);
keep = ~mask;
for (i = 0; i < n; i++)
rp[i] = (rp[i] & keep) + (ap[i] & mask);
}
==========================
In the generated code, we can see the conditional jump with the variable
CND.
x86 msvc v19.0 (WINE):
https://godbolt.org/z/f88edPe46
IIUC, it is better to use something like NOT_EQUAL (in
nettle/pkcs1-sec-decrypt.c) to compute the mask, too.
If it is my misunderstanding (like MSVC actually is not supported),
sorry in advance. I'm learning important things from Nettle
implementation. (Thanks again for that.)
--
signature.asc
Description: PGP signature
_______________________________________________ nettle-bugs mailing list -- nettle-bugs@lists.lysator.liu.se To unsubscribe send an email to nettle-bugs-le...@lists.lysator.liu.se
