From 4bed3f57ad2505962869e722a23fc70a46ad7c2f Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Mon, 29 Dec 2025 09:37:22 -0700 Subject: [PATCH] ctutils: impl `From` for `Choice` This is the main way `subtle` constructs `Choice` so it's important for backwards compatibility. It seems like if we had `from_u8_lsb`, we could avoid the panic condition by always masking the input `u8`. We don't yet, but this commit also leaves a comment to consider deprecating both this `From` impl and `Choice::new` in the future. --- ctutils/src/choice.rs | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/ctutils/src/choice.rs b/ctutils/src/choice.rs index d6fed7cc..7a1f31ec 100644 --- a/ctutils/src/choice.rs +++ b/ctutils/src/choice.rs @@ -49,6 +49,7 @@ impl Choice { /// /// # Panics /// - in `debug` builds, panics if the value is anything other than `0` or `1`. + // TODO(tarcieri): deprecate this in favor of non-panicking constructors? #[inline] pub const fn new(value: u8) -> Self { // Compare to what should be the non-secret upper bits of the value, which should always be @@ -388,6 +389,17 @@ impl CtSelect for Choice { } } +/// Create a new [`Choice`] from the given `u8` value, which MUST be either `0` or `1`. +/// +/// # Panics +/// - in `debug` builds, panics if the value is anything other than `0` or `1`. +// TODO(tarcieri): deprecate this in favor of non-panicking constructors? +impl From for Choice { + fn from(value: u8) -> Self { + Choice::new(value) + } +} + impl From for u8 { fn from(choice: Choice) -> u8 { choice.to_u8()