From 36f3001d59f0c4e1d00f3f75431830c3b463e9f6 Mon Sep 17 00:00:00 2001
From: Yawning Angel <yawning@schwanenlied.me>
Date: Wed, 20 Mar 2024 08:02:20 +0900
Subject: [PATCH] core/crypto/_fiat/field_poly1305: Use multiply to calculate
 the mask

---
 core/crypto/_fiat/field_poly1305/field.odin | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/crypto/_fiat/field_poly1305/field.odin b/core/crypto/_fiat/field_poly1305/field.odin
index f5557cf5f..f4eccc476 100644
--- a/core/crypto/_fiat/field_poly1305/field.odin
+++ b/core/crypto/_fiat/field_poly1305/field.odin
@@ -76,7 +76,7 @@ fe_cond_swap :: #force_no_inline proc "contextless" (
 	out1, out2: ^Tight_Field_Element,
 	arg1: bool,
 ) {
-	mask := -u64(arg1)
+	mask := (u64(arg1) * 0xffffffffffffffff)
 	x := (out1[0] ~ out2[0]) & mask
 	x1, y1 := out1[0] ~ x, out2[0] ~ x
 	x = (out1[1] ~ out2[1]) & mask