diff options
Diffstat (limited to 'src/third_party/fiat/curve25519_64.h')
| -rw-r--r-- | src/third_party/fiat/curve25519_64.h | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/third_party/fiat/curve25519_64.h b/src/third_party/fiat/curve25519_64.h index 23bf361d..7c31ff99 100644 --- a/src/third_party/fiat/curve25519_64.h +++ b/src/third_party/fiat/curve25519_64.h @@ -58,7 +58,13 @@ static void fiat_25519_subborrowx_u51(uint64_t* out1, fiat_25519_uint1* out2, fi static void fiat_25519_cmovznz_u64(uint64_t* out1, fiat_25519_uint1 arg1, uint64_t arg2, uint64_t arg3) { fiat_25519_uint1 x1 = (!(!arg1)); uint64_t x2 = ((fiat_25519_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff)); - uint64_t x3 = ((x2 & arg3) | ((~x2) & arg2)); + // Note this line has been patched from the synthesized code to add value + // barriers. + // + // Clang recognizes this pattern as a select. While it usually transforms it + // to a cmov, it sometimes further transforms it into a branch, which we do + // not want. + uint64_t x3 = ((value_barrier_u64(x2) & arg3) | (value_barrier_u64(~x2) & arg2)); *out1 = x3; } |