mpi: Fix mpi_set_cond and mpi_swap_cond .

* mpi/mpiutil.c (_gcry_mpi_set_cond, _gcry_mpi_swap_cond): Don't use
the operator of !!, but assume SET/SWAP is 0 or 1.

--

If the code for !! would include a branch, it spoils the purpose of
mpi_set_cond/mpi_swap_cond at all.  It's better to make sure the use
of this function to be called with 0 or 1 for SET/SWAP.  Note that it
conforms when SET/SWAP is the result of conditional expression of
mpi_test_bit.

Reported-by: Taylor R Campbell.

1 files changed, 12 insertions, 2 deletions

diff --git a/mpi/mpiutil.c b/mpi/mpiutil.c
index 71b3f1c3..d3264c72 100644
--- a/mpi/mpiutil.c
+++ b/mpi/mpiutil.c
@@ -483,12 +483,17 @@ _gcry_mpi_set (gcry_mpi_t w, gcry_mpi_t u)
   return w;
 }
 
+/****************
+ * Set the value of W by the one of U, when SET is 1.
+ * Leave the value when SET is 0.
+ * This implementation should be constant-time regardless of SET.
+ */
 gcry_mpi_t
 _gcry_mpi_set_cond (gcry_mpi_t w, const gcry_mpi_t u, unsigned long set)
 {
   mpi_size_t i;
   mpi_size_t nlimbs = u->alloced;
-  mpi_limb_t mask = ((mpi_limb_t)0) - !!set;
+  mpi_limb_t mask = ((mpi_limb_t)0) - set;
   mpi_limb_t x;
 
   if (w->alloced != u->alloced)
@@ -568,12 +573,17 @@ _gcry_mpi_swap (gcry_mpi_t a, gcry_mpi_t b)
 }
 
 
+/****************
+ * Swap the value of A and B, when SWAP is 1.
+ * Leave the value when SWAP is 0.
+ * This implementation should be constant-time regardless of SWAP.
+ */
 void
 _gcry_mpi_swap_cond (gcry_mpi_t a, gcry_mpi_t b, unsigned long swap)
 {
   mpi_size_t i;
   mpi_size_t nlimbs = a->alloced;
-  mpi_limb_t mask = ((mpi_limb_t)0) - !!swap;
+  mpi_limb_t mask = ((mpi_limb_t)0) - swap;
   mpi_limb_t x;
 
   if (a->alloced != b->alloced)