fix: correct m > r constraint for zero mod

crates/boojum/src/gadgets/u256/mod.rs

@@ -394,19 +394,21 @@ impl<F: SmallField> UInt256<F> {
         let q = UInt256::allocate(cs, q);
         let r = UInt256::allocate(cs, r);
 
-        let (_, m_greater_than_r) = r.overflowing_sub(cs, &modulo);
+        let mod_is_zero = Boolean::allocate(cs, m.is_zero());
         let bool_true = Boolean::allocated_constant(cs, true);
-        Boolean::enforce_equal(cs, &m_greater_than_r, &bool_true);
+        let bool_false = Boolean::allocated_constant(cs, false);
+
+        let (_, m_ge_than_r) = r.overflowing_sub(cs, &modulo);
+        let m_ge_than_r = Boolean::conditionally_select(cs, mod_is_zero, &bool_true, &m_ge_than_r);
+        Boolean::enforce_equal(cs, &m_ge_than_r, &bool_true);
 
-        let mod_is_zero = Boolean::allocate(cs, m.is_zero());
         let lhs = self.widening_mul(cs, other, 8, 8);
         let zero = UInt512::zero(cs);
         let lhs = UInt512::conditionally_select(cs, mod_is_zero, &zero, &lhs);
 
         let rhs = q.widening_mul(cs, &modulo, 8, 8);
         let r_u512 = r.to_u512(cs);
         let (rhs, overflow) = rhs.overflowing_add(cs, &r_u512);
-        let bool_false = Boolean::allocated_constant(cs, false);
         Boolean::enforce_equal(cs, &overflow, &bool_false);
 
         let are_equal = UInt512::equals(cs, &lhs, &rhs);