Merging upstream version 1.72.1+dfsg1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

17 files changed, 313 insertions, 157 deletions

diff --git a/vendor/crypto-bigint/.cargo-checksum.json b/vendor/crypto-bigint/.cargo-checksum.json
index eed045a58..f3dbb6d66 100644
--- a/vendor/crypto-bigint/.cargo-checksum.json
+++ b/vendor/crypto-bigint/.cargo-checksum.json
@@ -1 +1 @@
-{"files":{"CHANGELOG.md":"814f556bf1cb41818e24952fa2c93c03816b58541512b4dfcc601dc388aa6803","Cargo.toml":"e65884cdbab78ae9fee2a26a34e19e7ae44807cda8c17184ac059f0a1a6587a9","LICENSE-APACHE":"a9040321c3712d8fd0b09cf52b17445de04a23a10165049ae187cd39e5c86be5","LICENSE-MIT":"90c503b61dee04e1449c323ec34c229dfb68d7adcb96c7e140ee55f70fce2d8e","README.md":"156e2a5386e3e58d81fb53755050ae8b68419ccfc7b924339fe2a03f0a891b21","benches/bench.rs":"f98350c5b814c8e81c2a149c0f160e17b214d5d176d0b07c6702ad6c91690ad8","src/array.rs":"9b18991230aa12e88ac358cdb202f4225fcee58788e29c34ab931e29ba5a92aa","src/checked.rs":"7fc5e0f6b3116178f032189c2682b5f911e142705c1b0fa1b6e607b658407111","src/ct_choice.rs":"a70284044099185d21108d7aa4763e53bbd080f722aae3eb111c743fcc10191f","src/lib.rs":"5b7ec21da96948e5616b2ad74e18328b6c628f1fb9879f9d03a04c40c6a099e3","src/limb.rs":"66b217e8eb16ad235141032396bd12c19cd7adbc07fb706131dd1d1286253207","src/limb/add.rs":"c4cfbae55657e8366dfacf2ed26cc6cf4c547f810df26566f3f23d2287697cd2","src/limb/bit_and.rs":"019f888b11e16fafbd0518eb5b583094a5e8490f59f458195db9306d86e1adaa","src/limb/bit_not.rs":"0fa7cdec58e1d3058daee88ef26f07ad0ba9e545505c97a130b47ef3fdf46c5a","src/limb/bit_or.rs":"1b5f85eac6768d460070da05b4a1257cceafff2b612b63a609aff3ff48df8480","src/limb/bit_xor.rs":"06acf291a316aa1fa2311bedd1a7aca5170564735c1f0b1103ed9e2c6f24f096","src/limb/bits.rs":"946eebb652a73809b86d2e804ed52e90bfee54db0bba3f3f10088f778d1fda51","src/limb/cmp.rs":"a59f12dccac4c482a658c9114ea8cb0a20d699cf47e85371b506811e47402cae","src/limb/encoding.rs":"29c9f0d86bfc63c8a5f510ef7f5ced1256697b8f5170ba9b98429241d1191a79","src/limb/from.rs":"7f595d9085730f95d2fe776a81e6f174061c9c4ec89a1fd85ab26feeaae0c2ad","src/limb/mul.rs":"dbfa013061fc5d8cff5bf49814d9acd3d00d386211fbd657091a813bca977820","src/limb/rand.rs":"770463d84aa86d432b294975b62fd4f95b7dbee93a78ec2c2f3e03e23ea21fdb","src/limb/shl.rs":"8d0cd4029375c7a66c0b72e21a8634a805cd5cc8c78320c1466f16ee0b16dbc7","src/limb/shr.rs":"c60b47739213722f7b4e7473d40be2f207484efbf8344cb7920558870aa5169c","src/limb/sub.rs":"2fe52b63f4876beb4d6fb44f2d04ac62231d66b7071097d592c690ceb4944764","src/nlimbs.rs":"aaa691ccb535ccee810c7d477365a0bbb1b84dc4b7d7940f38cdefa5153af160","src/non_zero.rs":"0bb0985b7c61c08a57fcb360d87aa72f14d8f8dcb05910eefde538cc2579d040","src/traits.rs":"a93779d22287a56759a9d5f35c98f9e83f04253dac4821fd0c9127ea3780c818","src/uint.rs":"a1d6dda171688909661fdc3c109aa7a1cbd41c3b19fa44a2d309a3d69930e2c0","src/uint/add.rs":"e898b553ccf6a3736acbd5fe46e81b8650da9dedd93f31afd588c6385f30337b","src/uint/add_mod.rs":"16e9016c6aaf2bf2e6ff70577dda20bdc7f61c94f49a78fe3612fc71e7c75652","src/uint/array.rs":"b67ccdddc41a155603604eff356419924628c99d38ac753e78e151715c2c06b0","src/uint/bit_and.rs":"54ebcac0e1a481d31e26a2acf3abda3de0ad6775225d02d41549aea4d1d5364a","src/uint/bit_not.rs":"b593a48c0e65849ea643f0a3624d2e8d3fc35d8f16a6b2a5e9de2728f0ad2fb4","src/uint/bit_or.rs":"0fd351e1558c7b067be8fa45329e33c0e43111b4dfa7954a0837af88a3f733e8","src/uint/bit_xor.rs":"4975f3df64a114313fd2d02993c6f7ce5ac02144534c15f2be310022261d18b6","src/uint/bits.rs":"e0e7dec077a48c6c34ad053865d249e1c0eb5aad7d259ac7405046a77247a826","src/uint/cmp.rs":"d9076c07a5202327e42a20141bee7d8d794b5c52c9ad85c4945562e87908167d","src/uint/concat.rs":"8380f869177437cec11ac8d1295f17c7f21a507a870fac458c7cfa6b7a24dd40","src/uint/div.rs":"6ad5c3df95a041e0b0a4f4a30f11cebc078fb2e98de13dfae3de68fc7b14be70","src/uint/div_limb.rs":"fd864b5ed500275b81e6e4d7a7899f9a2953dc6ab2b864f3756347f57b9a764f","src/uint/encoding.rs":"7e846d3b6a7a986a43999b19e191110249296a856a3baf492f164af997e24086","src/uint/encoding/der.rs":"0873e5f48616d297402abba5805012f6aa2c240e321bae79eb9493764c6c1494","src/uint/encoding/rlp.rs":"c6fe852dc5a205adf4ad843460ddbf0340338fccbc17bf804f74f65d3b20693b","src/uint/from.rs":"6d4ff78aea799466dcdb52d8f55086a0f4a12a1bf3a07850457971d87792a0ac","src/uint/inv_mod.rs":"42294a2ddd4b7a75760707486e4f9d7259f3c7dffcabe95bc0edafd4f85367f2","src/uint/modular.rs":"4f2e7128c3f96bcb8d974c0b026f9882c8503815c993ae56da7b54f5407d24c0","src/uint/modular/add.rs":"6dd440f71305fcebe970ca51ef4a218574075978ab22ccbea7df03227a4b1dec","src/uint/modular/constant_mod.rs":"b9a041d6d8a82df71a5ba3f5a688f2652640de6bd8de68ef73bd16f5761eda3f","src/uint/modular/constant_mod/const_add.rs":"5e2acd3d079f77d31d947fb5deb0bc6a230b483604292e775381eefff8beeb3e","src/uint/modular/constant_mod/const_inv.rs":"1b102fee00c7842ede1c2daed40191efc23c810b381316b1515257ac858dbe38","src/uint/modular/constant_mod/const_mul.rs":"d5250adbc8dee03840c3cfc44c24253469605bf9e3b397e42dbd036b19b283ac","src/uint/modular/constant_mod/const_neg.rs":"29479fed061c2ba34550d098d8255b50a827c93aa6d39af0138c86e8bb006d69","src/uint/modular/constant_mod/const_pow.rs":"19dcaecdb27f60253ed9600cbc2c65738fbc016f35e95cd2674be87d8f0d9728","src/uint/modular/constant_mod/const_sub.rs":"6cc421643c7ce79a6346c83cf9caaeedcda0f3c61827f1563dad85d4595bf95e","src/uint/modular/constant_mod/macros.rs":"f96334c7f8ba107b69ee8d471422d76ec3be0b38ff61a60b13ddbd483d5347b8","src/uint/modular/inv.rs":"7b529a240694b5ed24dc51a2d7cb780877f2fc36b93e90c140ee5fc44ab8a67d","src/uint/modular/mul.rs":"366e145a5cd5af8af2e5eb831592e8df773244cb43e826863d3ed973b40404a6","src/uint/modular/pow.rs":"2387c001ccb0c395fc4e0bb9ea6bbb531674df0fdafcb92c916fb0fecd5e55ee","src/uint/modular/reduction.rs":"6b38e2434a0230416bf55a6bae6145a56a18b88dbcaef77bb5b98cd71c2a3ff8","src/uint/modular/runtime_mod.rs":"c49d735479feb3a9f804aadc9a0f6c09227c1d5cc21c35ba99033cee08da7869","src/uint/modular/runtime_mod/runtime_add.rs":"03458894be7de14f8813a5a458662cde6d62dc24fb289bf1fae2bc87a981e159","src/uint/modular/runtime_mod/runtime_inv.rs":"cf5a3776e94e9edd20934b8a4d8775a1269a69209d591ea492862d102842f841","src/uint/modular/runtime_mod/runtime_mul.rs":"6b695a9be7b766aeb592b9cfcb01f27eae7643a45062e24edf1c209ec19fa9da","src/uint/modular/runtime_mod/runtime_neg.rs":"c5948c91e82f92675357a4c53d3ebd6cda7bf4132bf36921e34ffcea530167b4","src/uint/modular/runtime_mod/runtime_pow.rs":"955d9151ca55859f4592cc9e8daf70056982d021a3ee8821ab863c8adaf07b5a","src/uint/modular/runtime_mod/runtime_sub.rs":"cfc59cacdc1a37827aaf88e0478cf0b7ede8782e2e23c22ab69c02ec0af3d4cf","src/uint/modular/sub.rs":"c50b631f9d0c3309c2e3e445a4f44050f04d9d2632547843204a8797c618cecf","src/uint/mul.rs":"82ddd89051d036e6ac8b3a8ac06728fec8f111b450d37882d6e7eb6f581e9584","src/uint/mul_mod.rs":"fc4a1dcf92a3cfb5d014d92db5c3b2d4eb5739750ec293bd74e9226c524d074e","src/uint/neg.rs":"f4845d5db7e3bc40a3038080fbf1fe44e03ccc2c13c3064c45f816299489d18c","src/uint/neg_mod.rs":"f7f0584e06d8f8838519895b2caba92687953ef4cac2a15cbfc59496378cf899","src/uint/rand.rs":"963fe09cbf41959643e8bec195c327ffc378d39d6d2ccf7848146283c1ad51c0","src/uint/resize.rs":"88990e70756fe211ca874538558a9eed7373176668aa71e81f0b1d3bae8eaf56","src/uint/shl.rs":"8c1fd3bff2b815853891dc661526122c65c8130e94b840f46ac7e62e8d7aa43b","src/uint/shr.rs":"87c02663350e15bc9abecaec1815764d4d81d62094afe89ee08d048ea1c2b5d6","src/uint/split.rs":"a24a45f5cbd5cc5e9288d772a8f7d915f989078d212064e804007b9a25975494","src/uint/sqrt.rs":"25a141df195fec13fec8a1a703600e9d6584840f2d64c7011c6a8e79b642ead1","src/uint/sub.rs":"0bb5334a1af8f33125f009cfa07473994a97ef3132c826aa88afbeac164b1915","src/uint/sub_mod.rs":"1f6ee51cc72d8d204fac27836ec087c72dbf26711ea430f77f50af6477b1088a","src/wrapping.rs":"b0a2ce171c0737bbc92535554886c5050155831dcff1f8dba53c2976bc34d981","tests/const_residue.rs":"d874022d955e065ccbade442679c4046ab47ec495411d24e128e7ea5f1296859","tests/impl_modulus.rs":"ce1d05b4ddfd71b4cb08949db4c87d937efff74b5c6fa7aaae180a5d6bc9dd65","tests/proptests.rs":"f6fb49f5636ebc6958129714756f0a5b913070b3ba81394ad7e5ba85a7f27b70"},"package":"7c2538c4e68e52548bacb3e83ac549f903d44f011ac9d5abb5e132e67d0808f7"}
\ No newline at end of file
+{"files":{"CHANGELOG.md":"8700a8154d741401856c51a0ba3d2aa32ee24e3cfa5c1a231280ac49ee6f8886","Cargo.toml":"406425717a8dbc10595b8bbf0e171b14cec995a43eed8833a06989ed0aa4a567","LICENSE-APACHE":"a9040321c3712d8fd0b09cf52b17445de04a23a10165049ae187cd39e5c86be5","LICENSE-MIT":"90c503b61dee04e1449c323ec34c229dfb68d7adcb96c7e140ee55f70fce2d8e","README.md":"156e2a5386e3e58d81fb53755050ae8b68419ccfc7b924339fe2a03f0a891b21","SECURITY.md":"566027e0957dcbe6245eef1df2d3f2e100f8ec60171a79943ac8c7b5a992dea8","benches/bench.rs":"7abf25e6b0426f102eaae9535f332711858028b7a500d29f66d902562537a299","src/array.rs":"9b18991230aa12e88ac358cdb202f4225fcee58788e29c34ab931e29ba5a92aa","src/checked.rs":"7fc5e0f6b3116178f032189c2682b5f911e142705c1b0fa1b6e607b658407111","src/ct_choice.rs":"14c3f078981ab721859871af1cb28a15a7179d922cdb53d7c0b7b2fc00e588fa","src/lib.rs":"5b7ec21da96948e5616b2ad74e18328b6c628f1fb9879f9d03a04c40c6a099e3","src/limb.rs":"66b217e8eb16ad235141032396bd12c19cd7adbc07fb706131dd1d1286253207","src/limb/add.rs":"c4cfbae55657e8366dfacf2ed26cc6cf4c547f810df26566f3f23d2287697cd2","src/limb/bit_and.rs":"019f888b11e16fafbd0518eb5b583094a5e8490f59f458195db9306d86e1adaa","src/limb/bit_not.rs":"0fa7cdec58e1d3058daee88ef26f07ad0ba9e545505c97a130b47ef3fdf46c5a","src/limb/bit_or.rs":"1b5f85eac6768d460070da05b4a1257cceafff2b612b63a609aff3ff48df8480","src/limb/bit_xor.rs":"06acf291a316aa1fa2311bedd1a7aca5170564735c1f0b1103ed9e2c6f24f096","src/limb/bits.rs":"946eebb652a73809b86d2e804ed52e90bfee54db0bba3f3f10088f778d1fda51","src/limb/cmp.rs":"a59f12dccac4c482a658c9114ea8cb0a20d699cf47e85371b506811e47402cae","src/limb/encoding.rs":"29c9f0d86bfc63c8a5f510ef7f5ced1256697b8f5170ba9b98429241d1191a79","src/limb/from.rs":"7f595d9085730f95d2fe776a81e6f174061c9c4ec89a1fd85ab26feeaae0c2ad","src/limb/mul.rs":"dbfa013061fc5d8cff5bf49814d9acd3d00d386211fbd657091a813bca977820","src/limb/rand.rs":"770463d84aa86d432b294975b62fd4f95b7dbee93a78ec2c2f3e03e23ea21fdb","src/limb/shl.rs":"8d0cd4029375c7a66c0b72e21a8634a805cd5cc8c78320c1466f16ee0b16dbc7","src/limb/shr.rs":"c60b47739213722f7b4e7473d40be2f207484efbf8344cb7920558870aa5169c","src/limb/sub.rs":"2fe52b63f4876beb4d6fb44f2d04ac62231d66b7071097d592c690ceb4944764","src/nlimbs.rs":"aaa691ccb535ccee810c7d477365a0bbb1b84dc4b7d7940f38cdefa5153af160","src/non_zero.rs":"0bb0985b7c61c08a57fcb360d87aa72f14d8f8dcb05910eefde538cc2579d040","src/traits.rs":"c54352bb8c85201dc2935b2749c8bfefd4ccb070e52e7409759448b4dcc0ca03","src/uint.rs":"a1d6dda171688909661fdc3c109aa7a1cbd41c3b19fa44a2d309a3d69930e2c0","src/uint/add.rs":"e898b553ccf6a3736acbd5fe46e81b8650da9dedd93f31afd588c6385f30337b","src/uint/add_mod.rs":"304bbe428121358592249149b8fc3e0daf4cf1411b08ae10be5714a72a4484ae","src/uint/array.rs":"b67ccdddc41a155603604eff356419924628c99d38ac753e78e151715c2c06b0","src/uint/bit_and.rs":"54ebcac0e1a481d31e26a2acf3abda3de0ad6775225d02d41549aea4d1d5364a","src/uint/bit_not.rs":"b593a48c0e65849ea643f0a3624d2e8d3fc35d8f16a6b2a5e9de2728f0ad2fb4","src/uint/bit_or.rs":"0fd351e1558c7b067be8fa45329e33c0e43111b4dfa7954a0837af88a3f733e8","src/uint/bit_xor.rs":"4975f3df64a114313fd2d02993c6f7ce5ac02144534c15f2be310022261d18b6","src/uint/bits.rs":"e0e7dec077a48c6c34ad053865d249e1c0eb5aad7d259ac7405046a77247a826","src/uint/cmp.rs":"d9076c07a5202327e42a20141bee7d8d794b5c52c9ad85c4945562e87908167d","src/uint/concat.rs":"8380f869177437cec11ac8d1295f17c7f21a507a870fac458c7cfa6b7a24dd40","src/uint/div.rs":"6ad5c3df95a041e0b0a4f4a30f11cebc078fb2e98de13dfae3de68fc7b14be70","src/uint/div_limb.rs":"d75011288fb20e5b8d12a9f1d03d72dd90d4921405281ac3136f83b876d903a7","src/uint/encoding.rs":"7e846d3b6a7a986a43999b19e191110249296a856a3baf492f164af997e24086","src/uint/encoding/der.rs":"0873e5f48616d297402abba5805012f6aa2c240e321bae79eb9493764c6c1494","src/uint/encoding/rlp.rs":"c6fe852dc5a205adf4ad843460ddbf0340338fccbc17bf804f74f65d3b20693b","src/uint/from.rs":"6d4ff78aea799466dcdb52d8f55086a0f4a12a1bf3a07850457971d87792a0ac","src/uint/inv_mod.rs":"42294a2ddd4b7a75760707486e4f9d7259f3c7dffcabe95bc0edafd4f85367f2","src/uint/modular.rs":"8ea4b5129312251a076b95fd84e0a41b8951ce4b443ec7dc33c08eef13721a6a","src/uint/modular/add.rs":"6dd440f71305fcebe970ca51ef4a218574075978ab22ccbea7df03227a4b1dec","src/uint/modular/constant_mod.rs":"b508df488dd880ea63408bc9622fe8de0bbe0532a7b593776257019d358e000f","src/uint/modular/constant_mod/const_add.rs":"5e2acd3d079f77d31d947fb5deb0bc6a230b483604292e775381eefff8beeb3e","src/uint/modular/constant_mod/const_inv.rs":"1b102fee00c7842ede1c2daed40191efc23c810b381316b1515257ac858dbe38","src/uint/modular/constant_mod/const_mul.rs":"d5250adbc8dee03840c3cfc44c24253469605bf9e3b397e42dbd036b19b283ac","src/uint/modular/constant_mod/const_neg.rs":"29479fed061c2ba34550d098d8255b50a827c93aa6d39af0138c86e8bb006d69","src/uint/modular/constant_mod/const_pow.rs":"19dcaecdb27f60253ed9600cbc2c65738fbc016f35e95cd2674be87d8f0d9728","src/uint/modular/constant_mod/const_sub.rs":"6cc421643c7ce79a6346c83cf9caaeedcda0f3c61827f1563dad85d4595bf95e","src/uint/modular/constant_mod/macros.rs":"f96334c7f8ba107b69ee8d471422d76ec3be0b38ff61a60b13ddbd483d5347b8","src/uint/modular/div_by_2.rs":"4ae62b414fe7a571285deda7e71ae96ca41629a463313a964b630e4390ca6fa4","src/uint/modular/inv.rs":"7b529a240694b5ed24dc51a2d7cb780877f2fc36b93e90c140ee5fc44ab8a67d","src/uint/modular/mul.rs":"366e145a5cd5af8af2e5eb831592e8df773244cb43e826863d3ed973b40404a6","src/uint/modular/pow.rs":"2387c001ccb0c395fc4e0bb9ea6bbb531674df0fdafcb92c916fb0fecd5e55ee","src/uint/modular/reduction.rs":"7ad87aa75c4d2ce07853f9cb0308e0ca1b7bb78c7572743991d9e05e5ecfcca1","src/uint/modular/runtime_mod.rs":"54146b704dc245d2d45dec5f8a6b1ee8b9991f25cd117512e27ba168695fa2de","src/uint/modular/runtime_mod/runtime_add.rs":"03458894be7de14f8813a5a458662cde6d62dc24fb289bf1fae2bc87a981e159","src/uint/modular/runtime_mod/runtime_inv.rs":"cf5a3776e94e9edd20934b8a4d8775a1269a69209d591ea492862d102842f841","src/uint/modular/runtime_mod/runtime_mul.rs":"6b695a9be7b766aeb592b9cfcb01f27eae7643a45062e24edf1c209ec19fa9da","src/uint/modular/runtime_mod/runtime_neg.rs":"c5948c91e82f92675357a4c53d3ebd6cda7bf4132bf36921e34ffcea530167b4","src/uint/modular/runtime_mod/runtime_pow.rs":"955d9151ca55859f4592cc9e8daf70056982d021a3ee8821ab863c8adaf07b5a","src/uint/modular/runtime_mod/runtime_sub.rs":"cfc59cacdc1a37827aaf88e0478cf0b7ede8782e2e23c22ab69c02ec0af3d4cf","src/uint/modular/sub.rs":"c50b631f9d0c3309c2e3e445a4f44050f04d9d2632547843204a8797c618cecf","src/uint/mul.rs":"82ddd89051d036e6ac8b3a8ac06728fec8f111b450d37882d6e7eb6f581e9584","src/uint/mul_mod.rs":"fc4a1dcf92a3cfb5d014d92db5c3b2d4eb5739750ec293bd74e9226c524d074e","src/uint/neg.rs":"f4845d5db7e3bc40a3038080fbf1fe44e03ccc2c13c3064c45f816299489d18c","src/uint/neg_mod.rs":"f7f0584e06d8f8838519895b2caba92687953ef4cac2a15cbfc59496378cf899","src/uint/rand.rs":"963fe09cbf41959643e8bec195c327ffc378d39d6d2ccf7848146283c1ad51c0","src/uint/resize.rs":"88990e70756fe211ca874538558a9eed7373176668aa71e81f0b1d3bae8eaf56","src/uint/shl.rs":"8c1fd3bff2b815853891dc661526122c65c8130e94b840f46ac7e62e8d7aa43b","src/uint/shr.rs":"24e11eb24a132475aa961a61fe01c72961dd1cb67f93ce97da449d5ae139a221","src/uint/split.rs":"a24a45f5cbd5cc5e9288d772a8f7d915f989078d212064e804007b9a25975494","src/uint/sqrt.rs":"25a141df195fec13fec8a1a703600e9d6584840f2d64c7011c6a8e79b642ead1","src/uint/sub.rs":"0bb5334a1af8f33125f009cfa07473994a97ef3132c826aa88afbeac164b1915","src/uint/sub_mod.rs":"1460759db90a535d8cb7cbe89f29ccc15b3b390434ff5182fc320a7c9da89339","src/wrapping.rs":"b0a2ce171c0737bbc92535554886c5050155831dcff1f8dba53c2976bc34d981","tests/const_residue.rs":"d874022d955e065ccbade442679c4046ab47ec495411d24e128e7ea5f1296859","tests/impl_modulus.rs":"ce1d05b4ddfd71b4cb08949db4c87d937efff74b5c6fa7aaae180a5d6bc9dd65","tests/proptests.rs":"23a267c404398d80d9f7309a18c7d7be5761b8ba636f7ce2a5c5cd0f1b14b58e"},"package":"cf4c2f4e1afd912bc40bfd6fed5d9dc1f288e0ba01bfcc835cc5bc3eb13efe15"}
\ No newline at end of file
diff --git a/vendor/crypto-bigint/CHANGELOG.md b/vendor/crypto-bigint/CHANGELOG.md
index 73c031bd8..4283f7a9e 100644
--- a/vendor/crypto-bigint/CHANGELOG.md
+++ b/vendor/crypto-bigint/CHANGELOG.md
@@ -4,6 +4,21 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## 0.5.2 (2023-04-26)
+### Added
+- Expose residue params and modulus in `DynResidue` ([#197])
+- Impl `DefaultIsZeroes` for `Residue` ([#210])
+- `div_by_2()` method for integers in Montgomery form ([#211], [#212])
+
+### Changed
+- Montgomery multiplication improvements ([#203])
+
+[#197]: https://github.com/RustCrypto/crypto-bigint/pull/197
+[#203]: https://github.com/RustCrypto/crypto-bigint/pull/203
+[#210]: https://github.com/RustCrypto/crypto-bigint/pull/210
+[#211]: https://github.com/RustCrypto/crypto-bigint/pull/211
+[#212]: https://github.com/RustCrypto/crypto-bigint/pull/212
+
 ## 0.5.1 (2023-03-13)
 ### Changed
 - Improve `Debug` impls on `Limb` and `Uint` ([#195])
diff --git a/vendor/crypto-bigint/Cargo.toml b/vendor/crypto-bigint/Cargo.toml
index 8e9c2b6e5..4657189fa 100644
--- a/vendor/crypto-bigint/Cargo.toml
+++ b/vendor/crypto-bigint/Cargo.toml
@@ -13,7 +13,7 @@
 edition = "2021"
 rust-version = "1.65"
 name = "crypto-bigint"
-version = "0.5.1"
+version = "0.5.2"
 authors = ["RustCrypto Developers"]
 description = """
 Pure Rust implementation of a big integer library which has been designed from
@@ -90,7 +90,7 @@ version = "0.4"
 features = ["html_reports"]
 
 [dev-dependencies.hex-literal]
-version = "0.3"
+version = "0.4"
 
 [dev-dependencies.num-bigint]
 version = "0.4"
diff --git a/vendor/crypto-bigint/SECURITY.md b/vendor/crypto-bigint/SECURITY.md
new file mode 100644
index 000000000..09c221b0a
--- /dev/null
+++ b/vendor/crypto-bigint/SECURITY.md
@@ -0,0 +1,17 @@
+# Security Policy
+
+## Supported Versions
+
+Security updates are applied only to the most recent release.
+
+## Reporting a Vulnerability
+
+If you have discovered a security vulnerability in this project, please report
+it privately. **Do not disclose it as a public issue.** This gives us time to
+work with you to fix the issue before public exposure, reducing the chance that
+the exploit will be used before a patch is released.
+
+Please disclose it at [security advisory](https://github.com/RustCrypto/crypto-bigint/security/advisories/new).
+
+This project is maintained by a team of volunteers on a reasonable-effort basis.
+As such, please give us at least 90 days to work on a fix before public exposure.
diff --git a/vendor/crypto-bigint/benches/bench.rs b/vendor/crypto-bigint/benches/bench.rs
index e04778053..8be5f5928 100644
--- a/vendor/crypto-bigint/benches/bench.rs
+++ b/vendor/crypto-bigint/benches/bench.rs
@@ -1,115 +1,148 @@
 use criterion::{
-    criterion_group, criterion_main, measurement::Measurement, BenchmarkGroup, Criterion,
+    criterion_group, criterion_main, measurement::Measurement, BatchSize, BenchmarkGroup, Criterion,
 };
 use crypto_bigint::{
     modular::runtime_mod::{DynResidue, DynResidueParams},
-    NonZero, Random, Reciprocal, Uint, U256,
+    Limb, NonZero, Random, Reciprocal, U128, U256,
 };
 use rand_core::OsRng;
 
-fn bench_division<'a, M: Measurement>(group: &mut BenchmarkGroup<'a, M>) {
-    const TEST_SET: usize = 10;
-    let xs = (0..TEST_SET)
-        .map(|_| Uint::<4>::random(&mut OsRng))
-        .collect::<Vec<_>>();
-    let ys = (0..TEST_SET)
-        .map(|_| NonZero::new(Uint::<2>::ZERO.concat(&Uint::<2>::random(&mut OsRng))).unwrap())
-        .collect::<Vec<_>>();
-    group.bench_function("div/rem, 4/2, full size", |b| {
-        b.iter(|| {
-            xs.iter()
-                .zip(ys.iter())
-                .map(|(x, y)| x.div_rem(y))
-                .for_each(drop)
-        })
+fn bench_division<M: Measurement>(group: &mut BenchmarkGroup<'_, M>) {
+    group.bench_function("div/rem, U256/U128, full size", |b| {
+        b.iter_batched(
+            || {
+                let x = U256::random(&mut OsRng);
+                let y_half = U128::random(&mut OsRng);
+                let y: U256 = (y_half, U128::ZERO).into();
+                (x, NonZero::new(y).unwrap())
+            },
+            |(x, y)| x.div_rem(&y),
+            BatchSize::SmallInput,
+        )
     });
 
-    group.bench_function("rem, 4/2, full size", |b| {
-        b.iter(|| {
-            xs.iter()
-                .zip(ys.iter())
-                .map(|(x, y)| x.rem(y))
-                .for_each(drop)
-        })
+    group.bench_function("rem, U256/U128, full size", |b| {
+        b.iter_batched(
+            || {
+                let x = U256::random(&mut OsRng);
+                let y_half = U128::random(&mut OsRng);
+                let y: U256 = (y_half, U128::ZERO).into();
+                (x, NonZero::new(y).unwrap())
+            },
+            |(x, y)| x.rem(&y),
+            BatchSize::SmallInput,
+        )
     });
 
-    let ys = (0..TEST_SET)
-        .map(|_| Uint::<1>::random(&mut OsRng))
-        .collect::<Vec<_>>();
-    let ys_full = ys
-        .iter()
-        .map(|y| NonZero::new(Uint::<4>::from(y.as_limbs()[0])).unwrap())
-        .collect::<Vec<_>>();
-    let ys_limb = ys
-        .iter()
-        .map(|y| NonZero::new(y.as_limbs()[0]).unwrap())
-        .collect::<Vec<_>>();
-    group.bench_function("div/rem, 4/1, full size", |b| {
-        b.iter(|| {
-            xs.iter()
-                .zip(ys_full.iter())
-                .map(|(x, y)| x.div_rem(y))
-                .for_each(drop)
-        })
+    group.bench_function("div/rem, U256/Limb, full size", |b| {
+        b.iter_batched(
+            || {
+                let x = U256::random(&mut OsRng);
+                let y_small = Limb::random(&mut OsRng);
+                let y = U256::from_word(y_small.0);
+                (x, NonZero::new(y).unwrap())
+            },
+            |(x, y)| x.div_rem(&y),
+            BatchSize::SmallInput,
+        )
     });
-    group.bench_function("div/rem, 4/1, single limb", |b| {
-        b.iter(|| {
-            xs.iter()
-                .zip(ys_limb.iter())
-                .map(|(x, y)| x.div_rem_limb(*y))
-                .for_each(drop)
-        })
+
+    group.bench_function("div/rem, U256/Limb, single limb", |b| {
+        b.iter_batched(
+            || {
+                let x = U256::random(&mut OsRng);
+                let y = Limb::random(&mut OsRng);
+                (x, NonZero::new(y).unwrap())
+            },
+            |(x, y)| x.div_rem_limb(y),
+            BatchSize::SmallInput,
+        )
     });
 
-    let reciprocals = ys_limb
-        .iter()
-        .map(|y| Reciprocal::new(**y))
-        .collect::<Vec<_>>();
-    group.bench_function("div/rem, 4/1, single limb with reciprocal", |b| {
-        b.iter(|| {
-            xs.iter()
-                .zip(reciprocals.iter())
-                .map(|(x, r)| x.div_rem_limb_with_reciprocal(r))
-                .for_each(drop)
-        })
+    group.bench_function("div/rem, U256/Limb, single limb with reciprocal", |b| {
+        b.iter_batched(
+            || {
+                let x = U256::random(&mut OsRng);
+                let y = Limb::random(&mut OsRng);
+                let r = Reciprocal::new(y);
+                (x, r)
+            },
+            |(x, r)| x.div_rem_limb_with_reciprocal(&r),
+            BatchSize::SmallInput,
+        )
     });
 }
 
-fn bench_modpow<'a, M: Measurement>(group: &mut BenchmarkGroup<'a, M>) {
-    const TEST_SET: usize = 10;
-    let xs = (0..TEST_SET)
-        .map(|_| U256::random(&mut OsRng))
-        .collect::<Vec<_>>();
-    let moduli = (0..TEST_SET)
-        .map(|_| U256::random(&mut OsRng) | U256::ONE)
-        .collect::<Vec<_>>();
-    let powers = (0..TEST_SET)
-        .map(|_| U256::random(&mut OsRng) | (U256::ONE << (U256::BITS - 1)))
-        .collect::<Vec<_>>();
+fn bench_montgomery_ops<M: Measurement>(group: &mut BenchmarkGroup<'_, M>) {
+    let params = DynResidueParams::new(&(U256::random(&mut OsRng) | U256::ONE));
+    group.bench_function("multiplication, U256*U256", |b| {
+        b.iter_batched(
+            || {
+                let x = DynResidue::new(&U256::random(&mut OsRng), params);
+                let y = DynResidue::new(&U256::random(&mut OsRng), params);
+                (x, y)
+            },
+            |(x, y)| x * y,
+            BatchSize::SmallInput,
+        )
+    });
+
+    let m = U256::random(&mut OsRng) | U256::ONE;
+    let params = DynResidueParams::new(&m);
+    group.bench_function("modpow, U256^U256", |b| {
+        b.iter_batched(
+            || {
+                let x = U256::random(&mut OsRng);
+                let x_m = DynResidue::new(&x, params);
+                let p = U256::random(&mut OsRng) | (U256::ONE << (U256::BITS - 1));
+                (x_m, p)
+            },
+            |(x, p)| x.pow(&p),
+            BatchSize::SmallInput,
+        )
+    });
+}
 
-    let params = moduli.iter().map(DynResidueParams::new).collect::<Vec<_>>();
-    let xs_m = xs
-        .iter()
-        .zip(params.iter())
-        .map(|(x, p)| DynResidue::new(x, *p))
-        .collect::<Vec<_>>();
+fn bench_montgomery_conversion<M: Measurement>(group: &mut BenchmarkGroup<'_, M>) {
+    group.bench_function("DynResidueParams creation", |b| {
+        b.iter_batched(
+            || U256::random(&mut OsRng) | U256::ONE,
+            |modulus| DynResidueParams::new(&modulus),
+            BatchSize::SmallInput,
+        )
+    });
 
-    group.bench_function("modpow, 4^4", |b| {
-        b.iter(|| {
-            xs_m.iter()
-                .zip(powers.iter())
-                .map(|(x, p)| x.pow(p))
-                .for_each(drop)
-        })
+    let params = DynResidueParams::new(&(U256::random(&mut OsRng) | U256::ONE));
+    group.bench_function("DynResidue creation", |b| {
+        b.iter_batched(
+            || U256::random(&mut OsRng),
+            |x| DynResidue::new(&x, params),
+            BatchSize::SmallInput,
+        )
+    });
+
+    let params = DynResidueParams::new(&(U256::random(&mut OsRng) | U256::ONE));
+    group.bench_function("DynResidue retrieve", |b| {
+        b.iter_batched(
+            || DynResidue::new(&U256::random(&mut OsRng), params),
+            |x| x.retrieve(),
+            BatchSize::SmallInput,
+        )
     });
 }
 
 fn bench_wrapping_ops(c: &mut Criterion) {
     let mut group = c.benchmark_group("wrapping ops");
     bench_division(&mut group);
-    bench_modpow(&mut group);
     group.finish();
 }
 
-criterion_group!(benches, bench_wrapping_ops);
+fn bench_montgomery(c: &mut Criterion) {
+    let mut group = c.benchmark_group("Montgomery arithmetic");
+    bench_montgomery_conversion(&mut group);
+    bench_montgomery_ops(&mut group);
+    group.finish();
+}
+
+criterion_group!(benches, bench_wrapping_ops, bench_montgomery);
 criterion_main!(benches);
diff --git a/vendor/crypto-bigint/src/ct_choice.rs b/vendor/crypto-bigint/src/ct_choice.rs
index 1308dd328..56bb79d82 100644
--- a/vendor/crypto-bigint/src/ct_choice.rs
+++ b/vendor/crypto-bigint/src/ct_choice.rs
@@ -9,10 +9,10 @@ use crate::Word;
 pub struct CtChoice(Word);
 
 impl CtChoice {
-    /// The falsy vaue.
+    /// The falsy value.
     pub const FALSE: Self = Self(0);
 
-    /// The truthy vaue.
+    /// The truthy value.
     pub const TRUE: Self = Self(Word::MAX);
 
     /// Returns the truthy value if `value == Word::MAX`, and the falsy value if `value == 0`.
@@ -25,7 +25,7 @@ impl CtChoice {
     /// Returns the truthy value if `value == 1`, and the falsy value if `value == 0`.
     /// Panics for other values.
     pub(crate) const fn from_lsb(value: Word) -> Self {
-        debug_assert!(value == Self::FALSE.0 || value == 1);
+        debug_assert!(value == 0 || value == 1);
         Self(value.wrapping_neg())
     }
 
@@ -37,10 +37,6 @@ impl CtChoice {
         Self(self.0 & other.0)
     }
 
-    pub(crate) const fn or(&self, other: Self) -> Self {
-        Self(self.0 | other.0)
-    }
-
     /// Return `b` if `self` is truthy, otherwise return `a`.
     pub(crate) const fn select(&self, a: Word, b: Word) -> Word {
         a ^ (self.0 & (a ^ b))
diff --git a/vendor/crypto-bigint/src/traits.rs b/vendor/crypto-bigint/src/traits.rs
index 3ace16c4a..da9b9b646 100644
--- a/vendor/crypto-bigint/src/traits.rs
+++ b/vendor/crypto-bigint/src/traits.rs
@@ -177,7 +177,7 @@ pub trait CheckedMul<Rhs = Self>: Sized {
     fn checked_mul(&self, rhs: Rhs) -> CtOption<Self>;
 }
 
-/// Checked substraction.
+/// Checked subtraction.
 pub trait CheckedSub<Rhs = Self>: Sized {
     /// Output type.
     type Output;
diff --git a/vendor/crypto-bigint/src/uint/add_mod.rs b/vendor/crypto-bigint/src/uint/add_mod.rs
index bfdda6ff5..70674f5e8 100644
--- a/vendor/crypto-bigint/src/uint/add_mod.rs
+++ b/vendor/crypto-bigint/src/uint/add_mod.rs
@@ -16,19 +16,9 @@ impl<const LIMBS: usize> Uint<LIMBS> {
         // If underflow occurred on the final limb, borrow = 0xfff...fff, otherwise
         // borrow = 0x000...000. Thus, we use it as a mask to conditionally add the
         // modulus.
-        let mut i = 0;
-        let mut res = Self::ZERO;
-        let mut carry = Limb::ZERO;
-
-        while i < LIMBS {
-            let rhs = p.limbs[i].bitand(borrow);
-            let (limb, c) = w.limbs[i].adc(rhs, carry);
-            res.limbs[i] = limb;
-            carry = c;
-            i += 1;
-        }
-
-        res
+        let mask = Uint::from_words([borrow.0; LIMBS]);
+
+        w.wrapping_add(&p.bitand(&mask))
     }
 
     /// Computes `self + rhs mod p` in constant time for the special modulus
@@ -43,8 +33,7 @@ impl<const LIMBS: usize> Uint<LIMBS> {
         // for the overflow. Otherwise, we need to subtract `c` again, which
         // in that case cannot underflow.
         let l = carry.0.wrapping_sub(1) & c.0;
-        let (out, _) = out.sbb(&Uint::from_word(l), Limb::ZERO);
-        out
+        out.wrapping_sub(&Uint::from_word(l))
     }
 }
 
diff --git a/vendor/crypto-bigint/src/uint/div_limb.rs b/vendor/crypto-bigint/src/uint/div_limb.rs
index 9bbd828e4..c00bc77c9 100644
--- a/vendor/crypto-bigint/src/uint/div_limb.rs
+++ b/vendor/crypto-bigint/src/uint/div_limb.rs
@@ -147,7 +147,7 @@ const fn div2by1(u1: Word, u0: Word, reciprocal: &Reciprocal) -> (Word, Word) {
     let r = Limb::ct_select(Limb(r), Limb(r.wrapping_add(d)), r_gt_q0).0;
 
     // If this was a normal `if`, we wouldn't need wrapping ops, because there would be no overflow.
-    // But since we caluculate both results either way, have to wrap.
+    // But since we calculate both results either way, we have to wrap.
     // Added an assert to still check the lack of overflow in debug mode.
     debug_assert!(r < d || q1 < Word::MAX);
     let r_ge_d = Limb::ct_le(Limb(d), Limb(r));
diff --git a/vendor/crypto-bigint/src/uint/modular.rs b/vendor/crypto-bigint/src/uint/modular.rs
index ff20f443d..cd560aa38 100644
--- a/vendor/crypto-bigint/src/uint/modular.rs
+++ b/vendor/crypto-bigint/src/uint/modular.rs
@@ -6,6 +6,7 @@ pub mod constant_mod;
 pub mod runtime_mod;
 
 mod add;
+mod div_by_2;
 mod inv;
 mod mul;
 mod pow;
diff --git a/vendor/crypto-bigint/src/uint/modular/constant_mod.rs b/vendor/crypto-bigint/src/uint/modular/constant_mod.rs
index f94e4c475..3e9b522ef 100644
--- a/vendor/crypto-bigint/src/uint/modular/constant_mod.rs
+++ b/vendor/crypto-bigint/src/uint/modular/constant_mod.rs
@@ -4,7 +4,7 @@ use subtle::{Choice, ConditionallySelectable, ConstantTimeEq};
 
 use crate::{Limb, Uint, Zero};
 
-use super::{reduction::montgomery_reduction, Retrieve};
+use super::{div_by_2::div_by_2, reduction::montgomery_reduction, Retrieve};
 
 #[cfg(feature = "rand_core")]
 use crate::{rand_core::CryptoRngCore, NonZero, Random, RandomMod};
@@ -67,6 +67,12 @@ where
     phantom: PhantomData<MOD>,
 }
 
+#[cfg(feature = "zeroize")]
+impl<MOD: ResidueParams<LIMBS>, const LIMBS: usize> zeroize::DefaultIsZeroes
+    for Residue<MOD, LIMBS>
+{
+}
+
 impl<MOD: ResidueParams<LIMBS>, const LIMBS: usize> Residue<MOD, LIMBS> {
     /// The representation of 0 mod `MOD`.
     pub const ZERO: Self = Self {
@@ -100,6 +106,18 @@ impl<MOD: ResidueParams<LIMBS>, const LIMBS: usize> Residue<MOD, LIMBS> {
             MOD::MOD_NEG_INV,
         )
     }
+
+    /// Performs the modular division by 2, that is for given `x` returns `y`
+    /// such that `y * 2 = x mod p`. This means:
+    /// - if `x` is even, returns `x / 2`,
+    /// - if `x` is odd, returns `(x + p) / 2`
+    ///   (since the modulus `p` in Montgomery form is always odd, this divides entirely).
+    pub fn div_by_2(&self) -> Self {
+        Self {
+            montgomery_form: div_by_2(&self.montgomery_form, &MOD::MODULUS),
+            phantom: PhantomData,
+        }
+    }
 }
 
 impl<MOD: ResidueParams<LIMBS> + Copy, const LIMBS: usize> ConditionallySelectable
diff --git a/vendor/crypto-bigint/src/uint/modular/div_by_2.rs b/vendor/crypto-bigint/src/uint/modular/div_by_2.rs
new file mode 100644
index 000000000..20c0a5d86
--- /dev/null
+++ b/vendor/crypto-bigint/src/uint/modular/div_by_2.rs
@@ -0,0 +1,30 @@
+use crate::Uint;
+
+pub(crate) fn div_by_2<const LIMBS: usize>(a: &Uint<LIMBS>, modulus: &Uint<LIMBS>) -> Uint<LIMBS> {
+    // We are looking for such `x` that `x * 2 = y mod modulus`,
+    // where the given `a = M(y)` is the Montgomery representation of some `y`.
+    // This means that in Montgomery representation it would still apply:
+    // `M(x) + M(x) = a mod modulus`.
+    // So we can just forget about Montgomery representation, and return whatever is
+    // `a` divided by 2, and this will be the Montgomery representation of `x`.
+    // (Which means that this function works regardless of whether `a`
+    // is in Montgomery representation or not, but the algorithm below
+    // does need `modulus` to be odd)
+
+    // Two possibilities:
+    // - if `a` is even, we can just divide by 2;
+    // - if `a` is odd, we divide `(a + modulus)` by 2.
+    // To stay within the modulus we open the parentheses turning it into `a / 2 + modulus / 2 + 1`
+    // ("+1" because both `a` and `modulus` are odd, we lose 0.5 in each integer division).
+    // This will not overflow, so we can just use wrapping operations.
+
+    let (half, is_odd) = a.shr_1();
+    let half_modulus = modulus.shr_vartime(1);
+
+    let if_even = half;
+    let if_odd = half
+        .wrapping_add(&half_modulus)
+        .wrapping_add(&Uint::<LIMBS>::ONE);
+
+    Uint::<LIMBS>::ct_select(&if_even, &if_odd, is_odd)
+}
diff --git a/vendor/crypto-bigint/src/uint/modular/reduction.rs b/vendor/crypto-bigint/src/uint/modular/reduction.rs
index d3543bf97..b206ae32f 100644
--- a/vendor/crypto-bigint/src/uint/modular/reduction.rs
+++ b/vendor/crypto-bigint/src/uint/modular/reduction.rs
@@ -1,4 +1,14 @@
-use crate::{CtChoice, Limb, Uint, WideWord, Word};
+use crate::{Limb, Uint, WideWord, Word};
+
+/// Returns `(hi, lo)` such that `hi * R + lo = x * y + z + w`.
+#[inline(always)]
+const fn muladdcarry(x: Word, y: Word, z: Word, w: Word) -> (Word, Word) {
+    let res = (x as WideWord)
+        .wrapping_mul(y as WideWord)
+        .wrapping_add(z as WideWord)
+        .wrapping_add(w as WideWord);
+    ((res >> Word::BITS) as Word, res as Word)
+}
 
 /// Algorithm 14.32 in Handbook of Applied Cryptography <https://cacr.uwaterloo.ca/hac/about/chap14.pdf>
 pub const fn montgomery_reduction<const LIMBS: usize>(
@@ -8,49 +18,38 @@ pub const fn montgomery_reduction<const LIMBS: usize>(
 ) -> Uint<LIMBS> {
     let (mut lower, mut upper) = *lower_upper;
 
-    let mut meta_carry: WideWord = 0;
+    let mut meta_carry = Limb(0);
+    let mut new_sum;
 
     let mut i = 0;
     while i < LIMBS {
-        let u = (lower.limbs[i].0.wrapping_mul(mod_neg_inv.0)) as WideWord;
+        let u = lower.limbs[i].0.wrapping_mul(mod_neg_inv.0);
 
-        let new_limb =
-            (u * modulus.limbs[0].0 as WideWord).wrapping_add(lower.limbs[i].0 as WideWord);
-        let mut carry = new_limb >> Word::BITS;
+        let (mut carry, _) = muladdcarry(u, modulus.limbs[0].0, lower.limbs[i].0, 0);
+        let mut new_limb;
 
         let mut j = 1;
         while j < (LIMBS - i) {
-            let new_limb = (u * modulus.limbs[j].0 as WideWord)
-                .wrapping_add(lower.limbs[i + j].0 as WideWord)
-                .wrapping_add(carry);
-            carry = new_limb >> Word::BITS;
-            lower.limbs[i + j] = Limb(new_limb as Word);
-
+            (carry, new_limb) = muladdcarry(u, modulus.limbs[j].0, lower.limbs[i + j].0, carry);
+            lower.limbs[i + j] = Limb(new_limb);
             j += 1;
         }
         while j < LIMBS {
-            let new_limb = (u * modulus.limbs[j].0 as WideWord)
-                .wrapping_add(upper.limbs[i + j - LIMBS].0 as WideWord)
-                .wrapping_add(carry);
-            carry = new_limb >> Word::BITS;
-            upper.limbs[i + j - LIMBS] = Limb(new_limb as Word);
-
+            (carry, new_limb) =
+                muladdcarry(u, modulus.limbs[j].0, upper.limbs[i + j - LIMBS].0, carry);
+            upper.limbs[i + j - LIMBS] = Limb(new_limb);
             j += 1;
         }
 
-        let new_sum = (upper.limbs[i].0 as WideWord)
-            .wrapping_add(carry)
-            .wrapping_add(meta_carry);
-        meta_carry = new_sum >> Word::BITS;
-        upper.limbs[i] = Limb(new_sum as Word);
+        (new_sum, meta_carry) = upper.limbs[i].adc(Limb(carry), meta_carry);
+        upper.limbs[i] = new_sum;
 
         i += 1;
     }
 
     // Division is simply taking the upper half of the limbs
-    // Final reduction (at this point, the value is at most 2 * modulus)
-    let must_reduce = CtChoice::from_lsb(meta_carry as Word).or(Uint::ct_gt(modulus, &upper).not());
-    upper = upper.wrapping_sub(&Uint::ct_select(&Uint::ZERO, modulus, must_reduce));
+    // Final reduction (at this point, the value is at most 2 * modulus,
+    // so `meta_carry` is either 0 or 1)
 
-    upper
+    upper.sub_mod_with_carry(meta_carry, modulus, modulus)
 }
diff --git a/vendor/crypto-bigint/src/uint/modular/runtime_mod.rs b/vendor/crypto-bigint/src/uint/modular/runtime_mod.rs
index 72f1094cf..84622d167 100644
--- a/vendor/crypto-bigint/src/uint/modular/runtime_mod.rs
+++ b/vendor/crypto-bigint/src/uint/modular/runtime_mod.rs
@@ -1,6 +1,6 @@
 use crate::{Limb, Uint, Word};
 
-use super::{reduction::montgomery_reduction, Retrieve};
+use super::{div_by_2::div_by_2, reduction::montgomery_reduction, Retrieve};
 
 /// Additions between residues with a modulus set at runtime
 mod runtime_add;
@@ -33,11 +33,16 @@ pub struct DynResidueParams<const LIMBS: usize> {
 
 impl<const LIMBS: usize> DynResidueParams<LIMBS> {
     /// Instantiates a new set of `ResidueParams` representing the given `modulus`.
-    pub fn new(modulus: &Uint<LIMBS>) -> Self {
+    pub const fn new(modulus: &Uint<LIMBS>) -> Self {
         let r = Uint::MAX.const_rem(modulus).0.wrapping_add(&Uint::ONE);
         let r2 = Uint::const_rem_wide(r.square_wide(), modulus).0;
+
+        // Since we are calculating the inverse modulo (Word::MAX+1),
+        // we can take the modulo right away and calculate the inverse of the first limb only.
+        let modulus_lo = Uint::<1>::from_words([modulus.limbs[0].0]);
         let mod_neg_inv =
-            Limb(Word::MIN.wrapping_sub(modulus.inv_mod2k(Word::BITS as usize).limbs[0].0));
+            Limb(Word::MIN.wrapping_sub(modulus_lo.inv_mod2k(Word::BITS as usize).limbs[0].0));
+
         let r3 = montgomery_reduction(&r2.square_wide(), modulus, mod_neg_inv);
 
         Self {
@@ -48,6 +53,11 @@ impl<const LIMBS: usize> DynResidueParams<LIMBS> {
             mod_neg_inv,
         }
     }
+
+    /// Returns the modulus which was used to initialize these parameters.
+    pub const fn modulus(&self) -> &Uint<LIMBS> {
+        &self.modulus
+    }
 }
 
 /// A residue represented using `LIMBS` limbs. The odd modulus of this residue is set at runtime.
@@ -97,6 +107,23 @@ impl<const LIMBS: usize> DynResidue<LIMBS> {
             residue_params,
         }
     }
+
+    /// Returns the parameter struct used to initialize this residue.
+    pub const fn params(&self) -> &DynResidueParams<LIMBS> {
+        &self.residue_params
+    }
+
+    /// Performs the modular division by 2, that is for given `x` returns `y`
+    /// such that `y * 2 = x mod p`. This means:
+    /// - if `x` is even, returns `x / 2`,
+    /// - if `x` is odd, returns `(x + p) / 2`
+    ///   (since the modulus `p` in Montgomery form is always odd, this divides entirely).
+    pub fn div_by_2(&self) -> Self {
+        Self {
+            montgomery_form: div_by_2(&self.montgomery_form, &self.residue_params.modulus),
+            residue_params: self.residue_params,
+        }
+    }
 }
 
 impl<const LIMBS: usize> Retrieve for DynResidue<LIMBS> {
diff --git a/vendor/crypto-bigint/src/uint/shr.rs b/vendor/crypto-bigint/src/uint/shr.rs
index 071788fb4..3698b970b 100644
--- a/vendor/crypto-bigint/src/uint/shr.rs
+++ b/vendor/crypto-bigint/src/uint/shr.rs
@@ -5,7 +5,8 @@ use crate::{limb::HI_BIT, CtChoice, Limb};
 use core::ops::{Shr, ShrAssign};
 
 impl<const LIMBS: usize> Uint<LIMBS> {
-    /// Computes `self >> 1` in constant-time, returning the overflowing bit as a `Word` that is either 0...0 or 1...1.
+    /// Computes `self >> 1` in constant-time, returning [`CtChoice::TRUE`] if the overflowing bit
+    /// was set, and [`CtChoice::FALSE`] otherwise.
     pub(crate) const fn shr_1(&self) -> (Self, CtChoice) {
         let mut shifted_bits = [0; LIMBS];
         let mut i = 0;
diff --git a/vendor/crypto-bigint/src/uint/sub_mod.rs b/vendor/crypto-bigint/src/uint/sub_mod.rs
index 728a92760..b32babb89 100644
--- a/vendor/crypto-bigint/src/uint/sub_mod.rs
+++ b/vendor/crypto-bigint/src/uint/sub_mod.rs
@@ -7,21 +7,31 @@ impl<const LIMBS: usize> Uint<LIMBS> {
     ///
     /// Assumes `self - rhs` as unbounded signed integer is in `[-p, p)`.
     pub const fn sub_mod(&self, rhs: &Uint<LIMBS>, p: &Uint<LIMBS>) -> Uint<LIMBS> {
-        let (mut out, borrow) = self.sbb(rhs, Limb::ZERO);
+        let (out, borrow) = self.sbb(rhs, Limb::ZERO);
 
         // If underflow occurred on the final limb, borrow = 0xfff...fff, otherwise
         // borrow = 0x000...000. Thus, we use it as a mask to conditionally add the modulus.
-        let mut carry = Limb::ZERO;
-        let mut i = 0;
+        let mask = Uint::from_words([borrow.0; LIMBS]);
+
+        out.wrapping_add(&p.bitand(&mask))
+    }
 
-        while i < LIMBS {
-            let (l, c) = out.limbs[i].adc(p.limbs[i].bitand(borrow), carry);
-            out.limbs[i] = l;
-            carry = c;
-            i += 1;
-        }
+    /// Returns `(self..., carry) - (rhs...) mod (p...)`, where `carry <= 1`.
+    /// Assumes `-(p...) <= (self..., carry) - (rhs...) < (p...)`.
+    #[inline(always)]
+    pub(crate) const fn sub_mod_with_carry(&self, carry: Limb, rhs: &Self, p: &Self) -> Self {
+        debug_assert!(carry.0 <= 1);
+
+        let (out, borrow) = self.sbb(rhs, Limb::ZERO);
+
+        // The new `borrow = Word::MAX` iff `carry == 0` and `borrow == Word::MAX`.
+        let borrow = (!carry.0.wrapping_neg()) & borrow.0;
+
+        // If underflow occurred on the final limb, borrow = 0xfff...fff, otherwise
+        // borrow = 0x000...000. Thus, we use it as a mask to conditionally add the modulus.
+        let mask = Uint::from_words([borrow; LIMBS]);
 
-        out
+        out.wrapping_add(&p.bitand(&mask))
     }
 
     /// Computes `self - rhs mod p` in constant time for the special modulus
@@ -35,8 +45,7 @@ impl<const LIMBS: usize> Uint<LIMBS> {
         // the underflow. This cannot underflow due to the assumption
         // `self - rhs >= -p`.
         let l = borrow.0 & c.0;
-        let (out, _) = out.sbb(&Uint::from_word(l), Limb::ZERO);
-        out
+        out.wrapping_sub(&Uint::from_word(l))
     }
 }
 
diff --git a/vendor/crypto-bigint/tests/proptests.rs b/vendor/crypto-bigint/tests/proptests.rs
index 9f489f0a8..572d990d1 100644
--- a/vendor/crypto-bigint/tests/proptests.rs
+++ b/vendor/crypto-bigint/tests/proptests.rs
@@ -282,4 +282,25 @@ proptest! {
 
         assert_eq!(expected, actual);
     }
+
+    #[test]
+    fn residue_div_by_2(a in uint_mod_p(P)) {
+        let a_bi = to_biguint(&a);
+        let p_bi = to_biguint(&P);
+        let two = BigUint::from(2u32);
+
+        let expected = if a_bi.is_even() {
+            &a_bi / two
+        }
+        else {
+            (&a_bi + &p_bi) / two
+        };
+        let expected = to_uint(expected);
+
+        let params = DynResidueParams::new(&P);
+        let a_m = DynResidue::new(&a, params);
+        let actual = a_m.div_by_2().retrieve();
+
+        assert_eq!(expected, actual);
+    }
 }