Skip to content

Commit 4ebf79c

Browse files
tarcieritarcieri
authored
Bump crypto-bigint to v0.7.0-rc.13 (#619)
This release bumps `ctutils` to v0.3, which eliminated the `Choice::new` constructor in favor of the more explicit `Choice::from_u8_lsb`. This updates `crypto-bigint` and gets rid of the remaining usages of `Crypto::new`.
1 parent 6d8a069 commit 4ebf79c

File tree

3 files changed

+10
-11
lines changed

3 files changed

+10
-11
lines changed

Cargo.lock

Lines changed: 4 additions & 4 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Cargo.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ exclude = ["marvin_toolkit/", "thirdparty/"]
1515

1616
[dependencies]
1717
const-oid = { version = "0.10", default-features = false }
18-
crypto-bigint = { version = "0.7.0-rc.12", default-features = false, features = ["zeroize", "alloc"] }
18+
crypto-bigint = { version = "0.7.0-rc.13", default-features = false, features = ["zeroize", "alloc"] }
1919
crypto-primes = { version = "0.7.0-dev", default-features = false }
2020
digest = { version = "0.11.0-rc.4", default-features = false, features = ["alloc", "oid"] }
2121
rand_core = { version = "0.10.0-rc-2", default-features = false }

src/algorithms/pkcs1v15.rs

Lines changed: 5 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -94,13 +94,13 @@ fn decrypt_inner(em: Vec<u8>, k: usize) -> Result<(u8, Vec<u8>, u32)> {
9494
// octets, followed by a 0, followed by the message.
9595
// looking_for_index: 1 iff we are still looking for the zero.
9696
// index: the offset of the first zero byte.
97-
let mut looking_for_index = 1u8;
97+
let mut looking_for_index = Choice::TRUE;
9898
let mut index = 0u32;
9999

100100
for (i, el) in em.iter().enumerate().skip(2) {
101101
let equals0 = el.ct_eq(&0u8);
102-
index.ct_assign(&(i as u32), Choice::new(looking_for_index) & equals0);
103-
looking_for_index.ct_assign(&0u8, equals0);
102+
index.ct_assign(&(i as u32), looking_for_index & equals0);
103+
looking_for_index &= !equals0;
104104
}
105105

106106
// The PS padding must be at least 8 bytes long, and it starts two
@@ -109,9 +109,8 @@ fn decrypt_inner(em: Vec<u8>, k: usize) -> Result<(u8, Vec<u8>, u32)> {
109109
// Ref: https://github.com/dalek-cryptography/subtle/issues/20
110110
// This is currently copy & paste from the constant time impl in
111111
// go, but very likely not sufficient.
112-
let valid_ps = Choice::new((((2i32 + 8i32 - index as i32 - 1i32) >> 31) & 1) as u8);
113-
let valid =
114-
first_byte_is_zero & second_byte_is_two & Choice::new(!looking_for_index & 1) & valid_ps;
112+
let valid_ps = Choice::from_u8_lsb((((2i32 + 8i32 - index as i32 - 1i32) >> 31) & 1) as u8);
113+
let valid = first_byte_is_zero & second_byte_is_two & !looking_for_index & valid_ps;
115114
index = u32::ct_select(&0, &(index + 1), valid);
116115

117116
Ok((valid.to_u8(), em, index))

0 commit comments

Comments
 (0)