ocb: Rewrite trailing-zeros loop to not use __builtin_ctzll.

author: Niels Möller <nisse@lysator.liu.se> 2022-05-14 22:33:28 +0200
committer: Niels Möller <nisse@lysator.liu.se> 2023-02-06 20:20:01 +0100
commit: 175320ed6670ed7a14284a608d5419dae42b3619 (patch)
tree: c454915469e77f87849b03cd606c90fa26baedd1
parent: b8066737e9b1e783860b96ec9617d272eec3898c (diff)
download: nettle-175320ed6670ed7a14284a608d5419dae42b3619.tar.gz
1 files changed, 6 insertions, 5 deletions
diff --git a/ocb.c b/ocb.c
index 404c5b5a..880c11a4 100644
--- a/ocb.c
+++ b/ocb.c
@@ -79,22 +79,23 @@ ocb_set_key (struct ocb_key *key, const void *cipher, nettle_cipher_func *f)
   block16_mulx_be (&key->L[2], &key->L[1]);
 }
 
+/* Add x^k L[2], where k is the number of trailing bits in i. */
 static void
 update_offset(const struct ocb_key *key,
 	      union nettle_block16 *offset, size_t i)
 {
-  unsigned ntz = __builtin_ctzll(i);
-  if (ntz > 0)
+  if (i & 1)
+    block16_xor (offset, &key->L[2]);
+  else
     {
+      assert (i > 0);
       union nettle_block16 diff;
       block16_mulx_be (&diff, &key->L[2]);
-      while (--ntz > 0)
+      for (i >>= 1; !(i&1); i >>= 1)
 	block16_mulx_be (&diff, &diff);
 
       block16_xor (offset, &diff);
     }
-  else
-    block16_xor (offset, &key->L[2]);
 }
 
 static void
author	Niels Möller <nisse@lysator.liu.se>	2022-05-14 22:33:28 +0200
committer	Niels Möller <nisse@lysator.liu.se>	2023-02-06 20:20:01 +0100
commit	175320ed6670ed7a14284a608d5419dae42b3619 (patch)
tree	c454915469e77f87849b03cd606c90fa26baedd1
parent	b8066737e9b1e783860b96ec9617d272eec3898c (diff)
download	nettle-175320ed6670ed7a14284a608d5419dae42b3619.tar.gz