Skip to content

The ct_eq_bytes method produces an invalid Choice#261

Open
rot256 wants to merge 1 commit intoRustCrypto:masterfrom
rot256:fix/frodo-kem-ct-eq-bytes
Open

The ct_eq_bytes method produces an invalid Choice#261
rot256 wants to merge 1 commit intoRustCrypto:masterfrom
rot256:fix/frodo-kem-ct-eq-bytes

Conversation

@rot256
Copy link
Contributor

@rot256 rot256 commented Feb 12, 2026

Feel free to just pick the fix commit, in case you don't want the regression test.

The test fails with:

---- tests::ct_eq_bytes_produces_valid_choice stdout ----

thread 'tests::ct_eq_bytes_produces_valid_choice' panicked at /Users/rot256/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/subtle-2.6.1/src/lib.rs:239:9:
assertion failed: (input == 0u8) | (input == 1u8)
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

@rot256 rot256 force-pushed the fix/frodo-kem-ct-eq-bytes branch from ee92617 to 0b2a5b4 Compare February 12, 2026 11:26
@tarcieri
Copy link
Member

tarcieri commented Feb 12, 2026

That entire function looks like it could be replace with the ConstantTimeEq impl for [T]

@rot256
Copy link
Contributor Author

rot256 commented Feb 12, 2026

Yea, that's the better idea.

@rot256 rot256 force-pushed the fix/frodo-kem-ct-eq-bytes branch from 0b2a5b4 to c7f7f2f Compare February 13, 2026 10:43
@rot256 rot256 force-pushed the fix/frodo-kem-ct-eq-bytes branch from c7f7f2f to 60753ab Compare February 13, 2026 10:45
@rot256
Copy link
Contributor Author

rot256 commented Feb 13, 2026

Got rid of fn ct_verify(&self, a: &[u16], b: &[u16]) -> Choice { as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rot256 @tarcieri