From 2eba0e7561f9b20834bfcca685481ef2ec1d2982 Mon Sep 17 00:00:00 2001
From: "Ganyu (Bruce) Xu" <xuganyu@berkeley.edu>
Date: Mon, 18 Dec 2023 12:32:04 -0500
Subject: [PATCH] Use crate::ConstantTimeSelect as a substitute for
 subtle::ConditionallySelectable in BoxedUint

---
 src/modular/div_by_2.rs | 9 ++++-----
 src/uint/boxed.rs       | 2 +-
 src/uint/boxed/sqrt.rs  | 6 +++---
 3 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/src/modular/div_by_2.rs b/src/modular/div_by_2.rs
index 549248ad..7b0eaac2 100644
--- a/src/modular/div_by_2.rs
+++ b/src/modular/div_by_2.rs
@@ -31,19 +31,18 @@ pub(crate) fn div_by_2<const LIMBS: usize>(a: &Uint<LIMBS>, modulus: &Uint<LIMBS
 
 #[cfg(feature = "alloc")]
 pub(crate) mod boxed {
-    use crate::BoxedUint;
+    use crate::{BoxedUint, ConstantTimeSelect};
 
     pub(crate) fn div_by_2(a: &BoxedUint, modulus: &BoxedUint) -> BoxedUint {
         debug_assert_eq!(a.bits_precision(), modulus.bits_precision());
 
-        let (mut ret, is_odd) = a.shr1_with_carry();
+        let (half, is_odd) = a.shr1_with_carry();
         let half_modulus = modulus.shr1();
 
-        let if_odd = ret
+        let if_odd = half
             .wrapping_add(&half_modulus)
             .wrapping_add(&BoxedUint::one_with_precision(a.bits_precision()));
-        ret.conditional_assign(&if_odd, is_odd);
 
-        ret
+        BoxedUint::ct_select(&half, &if_odd, is_odd)
     }
 }
diff --git a/src/uint/boxed.rs b/src/uint/boxed.rs
index 9d4be119..b515c198 100644
--- a/src/uint/boxed.rs
+++ b/src/uint/boxed.rs
@@ -27,7 +27,7 @@ mod sub_mod;
 #[cfg(feature = "rand_core")]
 mod rand;
 
-use crate::{Integer, Limb, NonZero, Uint, Word, Zero, U128, U64};
+use crate::{Integer, Limb, NonZero, Word, Zero};
 use alloc::{boxed::Box, vec, vec::Vec};
 use core::fmt;
 use subtle::{Choice, ConditionallySelectable, ConstantTimeEq};
diff --git a/src/uint/boxed/sqrt.rs b/src/uint/boxed/sqrt.rs
index 3efcc0fb..4babe371 100644
--- a/src/uint/boxed/sqrt.rs
+++ b/src/uint/boxed/sqrt.rs
@@ -2,7 +2,7 @@
 
 use subtle::{ConstantTimeEq, ConstantTimeGreater, CtOption};
 
-use crate::{BoxedUint, NonZero};
+use crate::{ConstantTimeSelect, BoxedUint, NonZero};
 
 impl BoxedUint {
     /// Computes √(`self`) in constant time.
@@ -35,7 +35,7 @@ impl BoxedUint {
             let (q, _) = self.div_rem(&nz_x);
 
             // A protection in case `self == 0`, which will make `x == 0`
-            let q = Self::conditional_select(
+            let q = Self::ct_select(
                 &Self::zero_with_precision(self.bits_precision()),
                 &q,
                 is_some,
@@ -48,7 +48,7 @@ impl BoxedUint {
         // At this point `x_prev == x_{n}` and `x == x_{n+1}`
         // where `n == i - 1 == LOG2_BITS + 1 == floor(log2(BITS)) + 1`.
         // Thus, according to Hast, `sqrt(self) = min(x_n, x_{n+1})`.
-        Self::conditional_select(&x_prev, &x, Self::ct_gt(&x_prev, &x))
+        Self::ct_select(&x_prev, &x, Self::ct_gt(&x_prev, &x))
     }
 
     /// Computes √(`self`)