Use an optblocker in crypto_verify_n()

jedisct1 · Oct 23, 2024 · 42f4e42 · 42f4e42
1 parent c1fc74e
commit 42f4e42
Showing 1 changed file with 11 additions and 3 deletions.
diff --git a/src/libsodium/crypto_verify/verify.c b/src/libsodium/crypto_verify/verify.c
@@ -57,6 +57,8 @@ crypto_verify_n(const unsigned char *x_, const unsigned char *y_,
 
 #else
 
+static volatile uint16_t optblocker_u16;
+
 static inline int
 crypto_verify_n(const unsigned char *x_, const unsigned char *y_,
                 const int n)
@@ -65,13 +67,19 @@ crypto_verify_n(const unsigned char *x_, const unsigned char *y_,
         (const volatile unsigned char *volatile) x_;
     const volatile unsigned char *volatile y =
         (const volatile unsigned char *volatile) y_;
-    volatile uint_fast16_t d = 0U;
-    int i;
+    volatile uint16_t d = 0U;
+    int               i;
 
     for (i = 0; i < n; i++) {
         d |= x[i] ^ y[i];
     }
-    return (1 & ((d - 1) >> 8)) - 1;
+# ifdef HAVE_INLINE_ASM
+    __asm__ __volatile__("" : "+r"(d) :);
+# endif
+    d--;
+    d = ((d >> 13) ^ optblocker_u16) >> 2;
+
+    return (int) d - 1;
 }
 
 #endif