On 10/12/2015 18:33, Viktor Dukhovni wrote: > On Thu, Dec 10, 2015 at 04:55:29AM -0700, Jayalakshmi bhat wrote: > >> static inline unsigned int constant_time_msb(unsigned int a) { >> - return 0 - (a >> (sizeof(a) * 8 - 1)); >> + return (((unsigned)((int)(a) >> (sizeof(int) * 8 - 1)))); >> } > The replacement is not right. This function is supposed to return > 0xfffffff for inputs with the high bit set, and 0x0000000 for inputs > with the high bit not set. Could you try: > > static inline unsigned int constant_time_msb(unsigned int a) { > return 0 - (a >> ((int)(sizeof(a) * 8 - 1))); > } > > Just in case the compiler is promoting "a" to the (larger?) size > of sizeof(a), which would cause an unsigned "a" to get a zero MSB, > while a signed "a" would be promoted "correctly". Look again, he is casting a to signed, then doing an arithmetic right shift to extend the msb (sign bit) to the rest of the word. This works on 3 conditions: 1. The platform is actually using twos complement. 2. The signed right shift function invoked by the C compiler is a sign-preserving ("arithmetic") shift. 3. The compiler wasn't written by a fanatic who put the "right shift of negative signed values is undefined" rule above common sense. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151210/6f9aa448/attachment.html>