Auto merge of #51 - ebfull:several-fixups, r=ebfull

Several fixups Closes #50 Closes #48 Closes #46 Also, CI changes this PR will test: Closes #43 Closes #44
2025-11-02 12:27:02 +00:00 · 2017-09-28 20:12:59 +00:00
parent 2540ab30fb 4aa51bd3d4
commit 5bb8e3a841
5 changed files with 27 additions and 5 deletions
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,5 +1,7 @@
 [package]
 name = "pairing"
+
+# Remember to change version string in README.md.
 version = "0.11.0"
 authors = ["Sean Bowe <ewillbefull@gmail.com>"]
 license = "MIT/Apache-2.0"
@@ -17,4 +19,4 @@ clippy = { version = "0.0.151", optional = true }
 [features]
 unstable-features = []
 u128-support = []
-default = ["u128-support"]
+default = []
--- a/README.md
+++ b/README.md
@@ -4,6 +4,20 @@ This is a Rust crate for using pairing-friendly elliptic curves. Currently, only

 ## [Documentation](https://docs.rs/pairing/)

+Bring the `pairing` crate into your project just as you normally would.
+
+If you're using a supported platform and the nightly Rust compiler, you can enable the `u128-support` feature for faster arithmetic.
+
+```toml
+[dependencies.pairing]
+version = "0.11"
+features = ["u128-support"]
+```
+
+## Security Warnings
+
+This library does not make any guarantees about constant-time operations, memory access patterns, or resistance to side-channel attacks.
+
 ## License

 Licensed under either of
--- a/src/bls12_381/fq.rs
+++ b/src/bls12_381/fq.rs
@@ -415,7 +415,10 @@ impl ::rand::Rand for Fq {
    fn rand<R: ::rand::Rng>(rng: &mut R) -> Self {
        loop {
            let mut tmp = Fq(FqRepr::rand(rng));
-            tmp.0.divn(REPR_SHAVE_BITS);
+
+            // Mask away the unused bits at the beginning.
+            tmp.0.as_mut()[5] &= 0xffffffffffffffff >> REPR_SHAVE_BITS;
+
            if tmp.is_valid() {
                return tmp
            }
--- a/src/bls12_381/fr.rs
+++ b/src/bls12_381/fr.rs
@@ -237,7 +237,10 @@ impl ::rand::Rand for Fr {
    fn rand<R: ::rand::Rng>(rng: &mut R) -> Self {
        loop {
            let mut tmp = Fr(FrRepr::rand(rng));
-            tmp.0.divn(REPR_SHAVE_BITS);
+
+            // Mask away the unused bits at the beginning.
+            tmp.0.as_mut()[3] &= 0xffffffffffffffff >> REPR_SHAVE_BITS;
+
            if tmp.is_valid() {
                return tmp
            }
--- a/src/wnaf.rs
+++ b/src/wnaf.rs
@@ -108,7 +108,7 @@ impl<G: CurveProjective> Wnaf<(), Vec<G>, Vec<i64>> {
        // Return a Wnaf object that immutably borrows the computed base storage location,
        // but mutably borrows the scalar storage location.
        Wnaf {
-            base: &self.base,
+            base: &self.base[..],
            scalar: &mut self.scalar,
            window_size: window_size
        }
@@ -131,7 +131,7 @@ impl<G: CurveProjective> Wnaf<(), Vec<G>, Vec<i64>> {
        // immutably borrows the computed wNAF form scalar location.
        Wnaf {
            base: &mut self.base,
-            scalar: &self.scalar,
+            scalar: &self.scalar[..],
            window_size: window_size
        }
    }