diff --git a/README b/README
index d92793e..ce144e8 100644
--- a/README
+++ b/README
@@ -15,9 +15,7 @@ Utilities
 ---------
 
 - Constant-time operations
-  - [/] compare: returns `0` if match, non-`0` otherwise. The non-`0`
-    case might leak information. Would be better to return `0xffffffff`
-    if match, `0` otherwise.
+  - [x] compare
 
 Hash
 ----
diff --git a/aead_chacha20_poly1305.c b/aead_chacha20_poly1305.c
index c565a1c..c0ba4b6 100644
--- a/aead_chacha20_poly1305.c
+++ b/aead_chacha20_poly1305.c
@@ -162,7 +162,7 @@ chacha20_poly1305_open(const uint8_t *key, size_t keylen, const uint8_t *iv,
 	    !poly1305_final(&pctx, tag, &olen))
 		return 0;
 
-	if (lc_ct_cmp(tag, tagp, LC_POLY1305_TAGLEN) != 0)
+	if (!lc_ct_cmp(tag, tagp, LC_POLY1305_TAGLEN))
 		return 0;
 
 	lc_scrub(buf, sizeof(buf));
diff --git a/ct.c b/ct.c
index 28e2354..7775407 100644
--- a/ct.c
+++ b/ct.c
@@ -25,5 +25,10 @@ lc_ct_cmp(const uint8_t *x, const uint8_t *y, size_t l)
 	for (; l > 0; l--)
 		r |= *x++ ^ *y++;
 
-	return r;
+	/* Ensures that if any bit is set, then bit 7 is set. */
+	r |= r << 4;
+	r |= r << 2;
+	r |= r << 1;
+
+	return 0xffffffff + ((r & 0x80) >> 7);
 }
diff --git a/wycheproof_aead.c b/wycheproof_aead.c
index 2d6f3b6..9ca386b 100644
--- a/wycheproof_aead.c
+++ b/wycheproof_aead.c
@@ -249,7 +249,7 @@ main(int argc, char *argv[])
 	}
 
 	if (ctlen != encoutlen - LC_POLY1305_TAGLEN ||
-	    lc_ct_cmp(encout, ct, ctlen) != 0) {
+	    !lc_ct_cmp(encout, ct, ctlen)) {
 		if (verbose) {
 			fprintf(stderr, "ct (%zu, %zu)\n", ctlen,
 			    encoutlen - LC_POLY1305_TAGLEN);
@@ -265,7 +265,7 @@ main(int argc, char *argv[])
 		return 1;
 	}
 	if (taglenarg != LC_POLY1305_TAGLEN ||
-	    lc_ct_cmp(encout + ctlen, tag, LC_POLY1305_TAGLEN) != 0) {
+	    !lc_ct_cmp(encout + ctlen, tag, LC_POLY1305_TAGLEN)) {
 		if (verbose) {
 			fprintf(stderr, "tag (%zu, %zu)\n", taglenarg,
 			    (size_t)LC_POLY1305_TAGLEN);
@@ -300,7 +300,7 @@ main(int argc, char *argv[])
 		return 1;
 	}
 
-	if (msglen != decoutlen || lc_ct_cmp(decout, msg, msglen) != 0) {
+	if (msglen != decoutlen || !lc_ct_cmp(decout, msg, msglen)) {
 		if (verbose) {
 			fprintf(stderr, "ct (%zu, %zu)\n", msglen, decoutlen);
 			lc_hexdump_fp(stderr, msg, msglen);
diff --git a/wycheproof_mac.c b/wycheproof_mac.c
index 7caab43..d4a0227 100644
--- a/wycheproof_mac.c
+++ b/wycheproof_mac.c
@@ -212,7 +212,7 @@ main(int argc, char *argv[])
 	 * be the full-length hash.
 	 */
 	if (taglen != taglenarg ||
-	    lc_ct_cmp(buf, tag, taglen) != 0) {
+	    !lc_ct_cmp(buf, tag, taglen)) {
 		if (verbose) {
 			fprintf(stderr, "tag (%zu, %zu, %zu)\n", taglen,
 			    taglenarg, olen);