NIIBE Yutaka writes:
> Niels Möller wrote:
>> 1. Do the changes on branch
>>https://git.lysator.liu.se/nettle/nettle/-/tree/sc-is_zero?ref_type=heads
>>help?
>
> Yes. It helps. I confirmed the function cnd_copy has no problem
> with the change (removing != 0, and require callers to
Hello,
NIIBE Yutaka wrote:
> I can test with Clang 17. I'll test.
The particular tests (using valgrind) do not fail with Clang 17. I
checked the assembler output, and confirmed no issues.
With artifically modified source (so that it can replicate cnd_copy problem):
==
Hello,
Niels Möller wrote:
> 1. Do the changes on branch
>https://git.lysator.liu.se/nettle/nettle/-/tree/sc-is_zero?ref_type=heads
>help?
Yes. It helps. I confirmed the function cnd_copy has no problem
with the change (removing != 0, and require callers to use 0/1),
for the cases I
NIIBE Yutaka writes:
> I checked other compilers today.
Thanks for investigating! Questions:
1. Do the changes on branch
https://git.lysator.liu.se/nettle/nettle/-/tree/sc-is_zero?ref_type=heads
help?
2. If you install valgrind (including header files), do the recently
added tests
Hello, again,
Today, I found that it would be a bit serious with Clang 17.
Niels Möller wrote:
> even if 32-bit x86 is not a high priority these days
I was not clear enough. It's not only for 32-bit Intel with MSVC, but
also for 64-bit Intel with MSVC, as well as ARM and ARM64 with MSVC.
NIIBE Yutaka writes:
> In the generated code, we can see the conditional jump with the variable
> CND.
>
> x86 msvc v19.0 (WINE):
> https://godbolt.org/z/f88edPe46
>
> IIUC, it is better to use something like NOT_EQUAL (in
> nettle/pkcs1-sec-decrypt.c) to compute the mask, too.
>
>
Hello,
Thank you for your work of Nettle.
I tested the cnd_copy function with the Compiler Explorer.
The input is:
==
#ifndef MINI_GMP_LIMB_TYPE
#define MINI_GMP_LIMB_TYPE long
#endif
typedef unsigned MINI_GMP_LIMB_TYPE mp_limb_t;
typedef long mp_size_t;
void
cnd_copy
