Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix Uint::wrapping_shr(_vartime) and Uint::wrapping_shl(_vartime) #550

Merged
merged 1 commit into from
Jan 10, 2024

Conversation

tarcieri
Copy link
Member

The amount to shift was being miscomputed. It should've been a saturating-like operation, where any shift larger than the precision returns zero, but instead a modulus (which isn't constant time) was being applied instead.

This also adds proptests to ensure correct behavior.

@tarcieri tarcieri requested a review from fjarri January 10, 2024 22:12
@tarcieri tarcieri force-pushed the uint/fix-shr branch 2 times, most recently from e8b1664 to f598041 Compare January 10, 2024 22:17
@tarcieri
Copy link
Member Author

Confirm this fixes the test failures on RustCrypto/elliptic-curves#1011

The amount to shift was being miscomputed. It should've been a
saturating-like operation, where any shift larger than the precision
returns zero, but instead a modulus (which isn't constant time) was
being applied instead.

This also adds proptests to ensure correct behavior.
@tarcieri tarcieri changed the title Fix Uint::shr(_vartime) Fix Uint::shr(_vartime) and Uint::shl(_vartime) Jan 10, 2024
@tarcieri tarcieri merged commit 5909271 into master Jan 10, 2024
16 checks passed
@tarcieri tarcieri deleted the uint/fix-shr branch January 10, 2024 22:34
@tarcieri tarcieri changed the title Fix Uint::shr(_vartime) and Uint::shl(_vartime) Fix Uint::wrapping_shr(_vartime) and Uint::wrapping_shl(_vartime) Jan 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant