From bd589442520fee75d844e8e22a1b4fe17276219b Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Tue, 12 Sep 2023 12:38:53 +0100
Subject: [PATCH] Avoid implementation defined behaviour

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 library/constant_time.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/library/constant_time.c b/library/constant_time.c
index d1d06e088a..55e7f9435b 100644
--- a/library/constant_time.c
+++ b/library/constant_time.c
@@ -130,7 +130,14 @@ int mbedtls_ct_memcmp(const void *a,
      * This would have significant security implications, so protect against it. */
 #error "mbedtls_ct_memcmp() requires minimum 32-bit ints"
 #else
-    return (int) diff;
+    /* The bit-twiddling ensures that when we cast uint32_t to int, we are casting
+     * a value that is in the range 0..INT_MAX - a value larger than this would
+     * result in implementation defined behaviour.
+     *
+     * This ensures that the value returned by the function is non-zero iff
+     * diff is non-zero.
+     */
+    return (int) ((diff & 0xffff) | (diff >> 16));
 #endif
 }