commit c2630fac52e2d951994a35ab581334915fcd355d
author Dave Rodgman <dave.rodgman@arm.com> Tue Sep 19 14:13:41 2023 +0100
committer Dave Rodgman <dave.rodgman@arm.com> Tue Sep 19 17:21:50 2023 +0100
tree 218f5133680db7fe2a11a4288e4d3631f3d70510
parent 66d6ac92e633186e16910c6ee3d037cec1fe4b86

Simplify mbedtls_ct_memcmp_partial

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>

library/constant_time.c

diff --git a/library/constant_time.c b/library/constant_time.c
index fffc02f..8b41aed 100644
--- a/library/constant_time.c
+++ b/library/constant_time.c
@@ -158,13 +158,15 @@
 
     for (size_t i = 0; i < n; i++) {
         unsigned char x = A[i], y = B[i];
-        int d = x ^ y;
+        unsigned int d = x ^ y;
         mbedtls_ct_condition_t valid = mbedtls_ct_bool_and(mbedtls_ct_uint_ge(i, skip_head),
                                                            mbedtls_ct_uint_lt(i, valid_end));
         diff |= mbedtls_ct_uint_if_else_0(valid, d);
     }
 
-    return (int) ((diff & 0xffff) | (diff >> 16));
+    /* Since we go byte-by-byte, the only bits set will be in the bottom 8 bits, so the
+     * cast from uint to int is safe. */
+    return (int) diff;
 }
 
 #endif