field/Element.SqrtRatio is not alias-safe

FiloSottile / edwards25519

filippo.io/edwards25519 — A safer, faster, and more powerful low-level edwards25519 Go implementation.

https://filippo.io/edwards25519

BSD 3-Clause "New" or "Revised" License

131 stars 30 forks source link

field/Element.SqrtRatio is not alias-safe #19

Closed Yawning closed 3 years ago

Yawning commented 3 years ago

If r aliases either u or v (eg: _, isSquare := foo.SqrtRatio(one, &foo)), output is not what is expected, because r.Multiply(uv3, r.Pow22523(uv7)) happens before the final uses of u or v.

FiloSottile commented 3 years ago

Thank you! We even have comprehensive tests for aliasing, but SqrtRatio wasn't wired into them.