commit 2894d007d32ac793ccabb998eb1cd05459a45f95
author Dave Rodgman <dave.rodgman@arm.com> Thu Jun 08 17:52:21 2023 +0100
committer Dave Rodgman <dave.rodgman@arm.com> Thu Jun 08 18:07:39 2023 +0100
tree 5e354c705a479014b7bf5cda4fd632e7b7c402de
parent ec85b8546816cbbf73e171dcd370f51b3bb4010d

Strengthen fall-back for mbedtls_ct_compiler_opaque

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>

library/constant_time_impl.h

diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h
index 44682c0..c490d82 100644
--- a/library/constant_time_impl.h
+++ b/library/constant_time_impl.h
@@ -65,20 +65,29 @@
  * Core const-time primitives
  */
 
-/** Ensure that the compiler cannot know the value of x (i.e., cannot optimise
+/* Ensure that the compiler cannot know the value of x (i.e., cannot optimise
  * based on its value) after this function is called.
  *
  * If we are not using assembly, this will be fairly inefficient, so its use
  * should be minimised.
  */
+
+#if !defined(MBEDTLS_CT_ASM)
+/*
+* Define an object with the value zero, such that the compiler cannot prove that it
+* has the value zero (because it is volatile, it "may be modified in ways unknown to
+* the implementation").
+*/
+static volatile mbedtls_ct_uint_t mbedtls_ct_zero = 0;
+#endif
+
 static inline mbedtls_ct_uint_t mbedtls_ct_compiler_opaque(mbedtls_ct_uint_t x)
 {
 #if defined(MBEDTLS_CT_ASM)
     asm volatile ("" : [x] "+r" (x) :);
     return x;
 #else
-    volatile mbedtls_ct_uint_t result = x;
-    return result;
+    return x ^ mbedtls_ct_zero;
 #endif
 }