Constant-time: Use value barriers in poly_chknorm

mkannwischer · mkannwischer · commit 316f4baa18f2 · 2025-07-28T13:29:21.000+08:00
Signed-off-by: Matthias J. Kannwischer &lt;matthias@kannwischer.eu&gt;
diff --git a/mldsa/poly.c b/mldsa/poly.c
@@ -6,6 +6,7 @@
 #include <stdint.h>
 #include <string.h>
 
+#include "ct.h"
 #include "debug.h"
 #include "fips202/fips202x4.h"
 #include "ntt.h"
@@ -253,8 +254,7 @@ int mld_poly_chknorm(const mld_poly *a, int32_t B)
   )
   {
     /* Absolute value */
-    t = a->coeffs[i] >> 31;
-    t = a->coeffs[i] - (t & 2 * a->coeffs[i]);
+    t = mld_ct_abs_i32(a->coeffs[i]);
 
     if (t >= B)
     {

Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,7 @@`
`6`	`6`	`#include <stdint.h>`
`7`	`7`	`#include <string.h>`
`8`	`8`
	`9`	`+#include "ct.h"`
`9`	`10`	`#include "debug.h"`
`10`	`11`	`#include "fips202/fips202x4.h"`
`11`	`12`	`#include "ntt.h"`
`@@ -253,8 +254,7 @@ int mld_poly_chknorm(const mld_poly *a, int32_t B)`
`253`	`254`	`)`
`254`	`255`	`{`
`255`	`256`	`/* Absolute value */`
`256`		`- t = a->coeffs[i] >> 31;`
`257`		`- t = a->coeffs[i] - (t & 2 * a->coeffs[i]);`
	`257`	`+ t = mld_ct_abs_i32(a->coeffs[i]);`
`258`	`258`
`259`	`259`	`if (t >= B)`
`260`	`260`	`{`