Remove volatile from diff; add explanatory comment Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>

commit: 7658b633901112c5e2d9a1ae7112d69779d6fef1 [log] [tgz]
author: Dave Rodgman <dave.rodgman@arm.com> Wed Jan 11 17:39:33 2023 +0000
committer: Dave Rodgman <dave.rodgman@arm.com> Fri Jan 20 14:04:48 2023 +0000
tree: 7b08a9baddafb0d5e5114e73d0791bddbae0f278
parent: fa96026a0e760fab0149b2adb08a34d3b7d51438 [diff]
diff --git a/library/constant_time.c b/library/constant_time.c
index 89778d5..7f4d509 100644
--- a/library/constant_time.c
+++ b/library/constant_time.c

@@ -85,9 +85,15 @@
                       size_t n)
 {
     size_t i = 0;
+    /*
+     * `A` and `B` are cast to volatile to ensure that the compiler
+     * generates code that always fully reads both buffers.
+     * Otherwise it could generate a test to exit early if `diff` has all
+     * bits set early in the loop.
+     */
     volatile const unsigned char *A = (volatile const unsigned char *) a;
     volatile const unsigned char *B = (volatile const unsigned char *) b;
-    volatile uint32_t diff = 0;
+    uint32_t diff = 0;
 
 #if defined(MBEDTLS_EFFICIENT_UNALIGNED_VOLATILE_ACCESS)
     for (; (i + 4) <= n; i += 4) {
commit	7658b633901112c5e2d9a1ae7112d69779d6fef1	[log] [tgz]
author	Dave Rodgman <dave.rodgman@arm.com>	Wed Jan 11 17:39:33 2023 +0000
committer	Dave Rodgman <dave.rodgman@arm.com>	Fri Jan 20 14:04:48 2023 +0000
tree	7b08a9baddafb0d5e5114e73d0791bddbae0f278
parent	fa96026a0e760fab0149b2adb08a34d3b7d51438 [diff]