Nicstr

**Name of the Vulnerable Software and Affected Versions** RustCrypto versions prior to 0.4.4 **Description** The RustCrypto CMOV implementation, designed to provide constant-time conditional move operations, exhibits non-constant time behavior when compiled for the thumbv6m-none-eabi target (Cortex M0, M0+, and M1 processors). This occurs due to an LLVM optimization pass interpreting a bitwise operation as a conditional branch, negating the constant-time guarantee. The issue arises during the `mask` computation within the `cmov` crate, specifically related to the `bitnz` function and its subsequent use in a wrapping subtraction. The portable version of `cmovnz` is affected. The impact of this issue is currently unclear, but the `cmov` crate provides a warning to users that the portable version is best-effort. **Recommendations** Update to RustCrypto version 0.4.4 or later.