Re: Possible bug of cnd_copy

2023-10-30 Thread Niels Möller 
NIIBE Yutaka  writes:

> In the generated code, we can see the conditional jump with the variable
> CND.
>
>   x86 msvc v19.0 (WINE):
>   https://godbolt.org/z/f88edPe46
>
> IIUC, it is better to use something like NOT_EQUAL (in
> nettle/pkcs1-sec-decrypt.c) to compute the mask, too.
>
> If it is my misunderstanding (like MSVC actually is not supported),
> sorry in advance.  I'm learning important things from Nettle
> implementation.  (Thanks again for that.)

Thanks for the report. I think this deserves fixing (even if 32-bit x86
is not a high priority these days). It's a bit tricky to get the
compiler to do the intended thing.

It might also help if one could review call sites for cnd_copy and
arrange so that they pass always 0 or 1 for cnd argument.

I'll be offline the rest of this week, so I will not be able to fix or
review stuff until I'm back.

Regards,
/Niels



-- 
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list -- nettle-bugs@lists.lysator.liu.se
To unsubscribe send an email to nettle-bugs-le...@lists.lysator.liu.se

Possible bug of cnd_copy

2023-10-30 Thread NIIBE Yutaka 
Hello,

Thank you for your work of Nettle.

I tested the cnd_copy function with the Compiler Explorer.

The input is:
==
#ifndef MINI_GMP_LIMB_TYPE
#define MINI_GMP_LIMB_TYPE long
#endif

typedef unsigned MINI_GMP_LIMB_TYPE mp_limb_t;
typedef long mp_size_t;

void
cnd_copy (int cnd, mp_limb_t *rp, const mp_limb_t *ap, mp_size_t n)
{
  mp_limb_t mask, keep;
  mp_size_t i;

  mask = -(mp_limb_t) (cnd !=0);
  keep = ~mask;

  for (i = 0; i < n; i++)
rp[i] = (rp[i] & keep) + (ap[i] & mask);
}
==

In the generated code, we can see the conditional jump with the variable
CND.

x86 msvc v19.0 (WINE):
https://godbolt.org/z/f88edPe46

IIUC, it is better to use something like NOT_EQUAL (in
nettle/pkcs1-sec-decrypt.c) to compute the mask, too.

If it is my misunderstanding (like MSVC actually is not supported),
sorry in advance.  I'm learning important things from Nettle
implementation.  (Thanks again for that.)
-- 


signature.asc
Description: PGP signature
___
nettle-bugs mailing list -- nettle-bugs@lists.lysator.liu.se
To unsubscribe send an email to nettle-bugs-le...@lists.lysator.liu.se