Merging upstream version 1.71.1+dfsg1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-05-18 02:49:50 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-05-18 02:49:50 +0000
commit: 9835e2ae736235810b4ea1c162ca5e65c547e770 (patch)
tree: 3fcebf40ed70e581d776a8a4c65923e8ec20e026 /vendor/rfc6979
parent: Releasing progress-linux version 1.70.0+dfsg2-1~progress7.99u1. (diff)
download: rustc-9835e2ae736235810b4ea1c162ca5e65c547e770.tar.xz
rustc-9835e2ae736235810b4ea1c162ca5e65c547e770.zip
6 files changed, 145 insertions, 54 deletions
diff --git a/vendor/rfc6979/.cargo-checksum.json b/vendor/rfc6979/.cargo-checksum.json
index 6343ed90f..0a24f6331 100644
--- a/vendor/rfc6979/.cargo-checksum.json
+++ b/vendor/rfc6979/.cargo-checksum.json
@@ -1 +1 @@
-{"files":{"CHANGELOG.md":"f8ea1da44e3db690aeae24569faaca6a63f8a6912555316f8c0a62fdeacae113","Cargo.toml":"b4c943615d8ace03699ef2c142aeeb9da741cd70e867454b06b4a99fb351fed3","LICENSE-APACHE":"78779d420019e6b4630376af8e86b6b335ee8a2f89ede6e0411e0469a326aaa4","LICENSE-MIT":"bdebaf9156a298f8fdab56dd26cb5144673de522d80f4c0d88e0039145f147f9","README.md":"081eb58ccc4eef0e9ee2e614ee1597d9ed399b72d298096ec39a0c34f483dba3","src/lib.rs":"8efb6aadf3750b553e950222b296e287ca6820f7d0ab3f03244e1f17b0ce93c5","tests/lib.rs":"68922b3fb793f7f64a6fdf8aa59b6fb9432d4706d7ad1d82129a8337c5cf6568"},"package":"7743f17af12fa0b03b803ba12cd6a8d9483a587e89c69445e3909655c0b9fabb"}
-\ No newline at end of file
+{"files":{"CHANGELOG.md":"b125a8cdeeec71a6b1ddc137226634b3073b53715eb59ac914a531cb66dfbabc","Cargo.toml":"48f7844dac3a7959ce8ff71ac9cb65073abdcf3940cbb3fe38e36942fe10fbe1","LICENSE-APACHE":"78779d420019e6b4630376af8e86b6b335ee8a2f89ede6e0411e0469a326aaa4","LICENSE-MIT":"bdebaf9156a298f8fdab56dd26cb5144673de522d80f4c0d88e0039145f147f9","README.md":"f60a1275e4f5f04a5ab10611993489395adc32a2072dc75457a183312ff9f6ad","src/ct_cmp.rs":"b10bca722d370ce63f60456f0ff76e2af0a8a021a291a7f03e033ca1f5f9ece8","src/lib.rs":"1d84380071c054531c51a2ccd3b6b9d9e40dfc08b374df9113f964c1c5f00edb","tests/lib.rs":"68922b3fb793f7f64a6fdf8aa59b6fb9432d4706d7ad1d82129a8337c5cf6568"},"package":"f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2"}
+\ No newline at end of file
diff --git a/vendor/rfc6979/CHANGELOG.md b/vendor/rfc6979/CHANGELOG.md
index 06a24c1a8..8cc1a0d83 100644
--- a/vendor/rfc6979/CHANGELOG.md
+++ b/vendor/rfc6979/CHANGELOG.md
@@ -4,6 +4,14 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## 0.4.0 (2023-02-28)
+### Changed
+- MSRV 1.60 ([#628])
+- Decouple from `crypto-bigint` ([#639])
+
+[#628]: https://github.com/RustCrypto/signatures/pull/628
+[#639]: https://github.com/RustCrypto/signatures/pull/639
+
 ## 0.3.1 (2022-11-03)
 ### Added
 - Usage example ([#577])
diff --git a/vendor/rfc6979/Cargo.toml b/vendor/rfc6979/Cargo.toml
index 7ff912e2f..3a81265ee 100644
--- a/vendor/rfc6979/Cargo.toml
+++ b/vendor/rfc6979/Cargo.toml
@@ -11,9 +11,9 @@
 
 [package]
 edition = "2021"
-rust-version = "1.57"
+rust-version = "1.61"
 name = "rfc6979"
-version = "0.3.1"
+version = "0.4.0"
 authors = ["RustCrypto Developers"]
 description = """
 Pure Rust implementation of RFC6979: Deterministic Usage of the
@@ -32,29 +32,17 @@ categories = [
 license = "Apache-2.0 OR MIT"
 repository = "https://github.com/RustCrypto/signatures/tree/master/rfc6979"
 
-[package.metadata.docs.rs]
-all-features = true
-rustdoc-args = [
-    "--cfg",
-    "docsrs",
-]
-
-[dependencies.crypto-bigint]
-version = "0.4"
-features = [
-    "generic-array",
-    "zeroize",
-]
-default-features = false
-
 [dependencies.hmac]
 version = "0.12"
 features = ["reset"]
 default-features = false
 
-[dependencies.zeroize]
-version = "1"
+[dependencies.subtle]
+version = "2"
 default-features = false
 
+[dev-dependencies.hex-literal]
+version = "0.3"
+
 [dev-dependencies.sha2]
 version = "0.10"
diff --git a/vendor/rfc6979/README.md b/vendor/rfc6979/README.md
index e19b54e83..de70e3d57 100644
--- a/vendor/rfc6979/README.md
+++ b/vendor/rfc6979/README.md
@@ -17,7 +17,7 @@ Algorithm described in RFC 6979 § 3.2:
 
 ## Minimum Supported Rust Version
 
-This crate requires **Rust 1.57** at a minimum.
+This crate requires **Rust 1.61** at a minimum.
 
 We may change the MSRV in the future, but it will be accompanied by a minor
 version bump.
@@ -46,7 +46,7 @@ dual licensed as above, without any additional terms or conditions.
 [build-image]: https://github.com/RustCrypto/signatures/actions/workflows/rfc6979.yml/badge.svg
 [build-link]: https://github.com/RustCrypto/signatures/actions/workflows/rfc6979.yml
 [license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg
-[rustc-image]: https://img.shields.io/badge/rustc-1.57+-blue.svg
+[rustc-image]: https://img.shields.io/badge/rustc-1.61+-blue.svg
 [chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg
 [chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260048-signatures
 
diff --git a/vendor/rfc6979/src/ct_cmp.rs b/vendor/rfc6979/src/ct_cmp.rs
new file mode 100644
index 000000000..8b216e6ff
--- /dev/null
+++ b/vendor/rfc6979/src/ct_cmp.rs
@@ -0,0 +1,87 @@
+//! Constant-time comparison helpers for [`ByteArray`].
+
+use crate::{ArrayLength, ByteArray};
+use subtle::{Choice, ConditionallySelectable, ConstantTimeEq};
+
+/// Constant-time equals.
+pub(crate) fn ct_eq<N: ArrayLength<u8>>(a: &ByteArray<N>, b: &ByteArray<N>) -> Choice {
+    let mut ret = Choice::from(1);
+
+    for (a, b) in a.iter().zip(b.iter()) {
+        ret.conditional_assign(&Choice::from(0), !a.ct_eq(b));
+    }
+
+    ret
+}
+
+/// Constant-time less than.
+///
+/// Inputs are interpreted as big endian integers.
+pub(crate) fn ct_lt<N: ArrayLength<u8>>(a: &ByteArray<N>, b: &ByteArray<N>) -> Choice {
+    let mut borrow = 0;
+
+    // Perform subtraction with borrow a byte-at-a-time, interpreting a
+    // no-borrow condition as the less-than case
+    for (&a, &b) in a.iter().zip(b.iter()).rev() {
+        let c = (b as u16).wrapping_add(borrow >> (u8::BITS - 1));
+        borrow = (a as u16).wrapping_sub(c) >> u8::BITS as u8;
+    }
+
+    !borrow.ct_eq(&0)
+}
+
+#[cfg(test)]
+mod tests {
+    const A: [u8; 4] = [0, 0, 0, 0];
+    const B: [u8; 4] = [0, 0, 0, 1];
+    const C: [u8; 4] = [0xFF, 0, 0, 0];
+    const D: [u8; 4] = [0xFF, 0, 0, 1];
+    const E: [u8; 4] = [0xFF, 0xFF, 0xFF, 0xFE];
+    const F: [u8; 4] = [0xFF, 0xFF, 0xFF, 0xFF];
+
+    #[test]
+    fn ct_eq() {
+        use super::ct_eq;
+
+        assert_eq!(ct_eq(&A.into(), &A.into()).unwrap_u8(), 1);
+        assert_eq!(ct_eq(&B.into(), &B.into()).unwrap_u8(), 1);
+        assert_eq!(ct_eq(&C.into(), &C.into()).unwrap_u8(), 1);
+        assert_eq!(ct_eq(&D.into(), &D.into()).unwrap_u8(), 1);
+        assert_eq!(ct_eq(&E.into(), &E.into()).unwrap_u8(), 1);
+        assert_eq!(ct_eq(&F.into(), &F.into()).unwrap_u8(), 1);
+
+        assert_eq!(ct_eq(&A.into(), &B.into()).unwrap_u8(), 0);
+        assert_eq!(ct_eq(&C.into(), &D.into()).unwrap_u8(), 0);
+        assert_eq!(ct_eq(&E.into(), &F.into()).unwrap_u8(), 0);
+    }
+
+    #[test]
+    fn ct_lt() {
+        use super::ct_lt;
+
+        assert_eq!(ct_lt(&A.into(), &A.into()).unwrap_u8(), 0);
+        assert_eq!(ct_lt(&B.into(), &B.into()).unwrap_u8(), 0);
+        assert_eq!(ct_lt(&C.into(), &C.into()).unwrap_u8(), 0);
+        assert_eq!(ct_lt(&D.into(), &D.into()).unwrap_u8(), 0);
+        assert_eq!(ct_lt(&E.into(), &E.into()).unwrap_u8(), 0);
+        assert_eq!(ct_lt(&F.into(), &F.into()).unwrap_u8(), 0);
+
+        assert_eq!(ct_lt(&A.into(), &B.into()).unwrap_u8(), 1);
+        assert_eq!(ct_lt(&A.into(), &C.into()).unwrap_u8(), 1);
+        assert_eq!(ct_lt(&B.into(), &A.into()).unwrap_u8(), 0);
+        assert_eq!(ct_lt(&C.into(), &A.into()).unwrap_u8(), 0);
+
+        assert_eq!(ct_lt(&B.into(), &C.into()).unwrap_u8(), 1);
+        assert_eq!(ct_lt(&B.into(), &D.into()).unwrap_u8(), 1);
+        assert_eq!(ct_lt(&C.into(), &B.into()).unwrap_u8(), 0);
+        assert_eq!(ct_lt(&D.into(), &B.into()).unwrap_u8(), 0);
+
+        assert_eq!(ct_lt(&C.into(), &D.into()).unwrap_u8(), 1);
+        assert_eq!(ct_lt(&C.into(), &E.into()).unwrap_u8(), 1);
+        assert_eq!(ct_lt(&D.into(), &C.into()).unwrap_u8(), 0);
+        assert_eq!(ct_lt(&E.into(), &C.into()).unwrap_u8(), 0);
+
+        assert_eq!(ct_lt(&E.into(), &F.into()).unwrap_u8(), 1);
+        assert_eq!(ct_lt(&F.into(), &E.into()).unwrap_u8(), 0);
+    }
+}
diff --git a/vendor/rfc6979/src/lib.rs b/vendor/rfc6979/src/lib.rs
index 32df1e652..817dda12d 100644
--- a/vendor/rfc6979/src/lib.rs
+++ b/vendor/rfc6979/src/lib.rs
@@ -1,52 +1,57 @@
+#![no_std]
 #![doc = include_str!("../README.md")]
+#![forbid(unsafe_code, clippy::unwrap_used)]
+#![warn(missing_docs, rust_2018_idioms)]
+#![doc(
+    html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg",
+    html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg"
+)]
 
 //! ## Usage
 //!
 //! See also: the documentation for the [`generate_k`] function.
 //!
 //! ```
-//! use crypto_bigint::{ArrayEncoding, U256};
+//! use hex_literal::hex;
+//! use rfc6979::consts::U32;
 //! use sha2::{Digest, Sha256};
 //!
 //! // NIST P-256 field modulus
-//! const NIST_P256_MODULUS: U256 =
-//!     U256::from_be_hex("FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551");
+//! const NIST_P256_MODULUS: [u8; 32] =
+//!     hex!("FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551");
 //!
 //! // Public key for RFC6979 NIST P256/SHA256 test case
-//! const RFC6979_KEY: U256 =
-//!     U256::from_be_hex("C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721");
+//! const RFC6979_KEY: [u8; 32] =
+//!     hex!("C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721");
 //!
 //! // Test message for RFC6979 NIST P256/SHA256 test case
 //! const RFC6979_MSG: &[u8; 6] = b"sample";
 //!
 //! // Expected K for RFC6979 NIST P256/SHA256 test case
-//! const RFC6979_EXPECTED_K: U256 =
-//!     U256::from_be_hex("A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60");
+//! const RFC6979_EXPECTED_K: [u8; 32] =
+//!     hex!("A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60");
 //!
 //! let h = Sha256::digest(RFC6979_MSG);
 //! let aad = b"";
-//! let k = rfc6979::generate_k::<Sha256, U256>(&RFC6979_KEY, &NIST_P256_MODULUS, &h, aad);
-//! assert_eq!(&k.to_be_byte_array(), &RFC6979_EXPECTED_K.to_be_byte_array());
+//! let k = rfc6979::generate_k::<Sha256, U32>(&RFC6979_KEY.into(), &NIST_P256_MODULUS.into(), &h, aad);
+//! assert_eq!(k.as_slice(), &RFC6979_EXPECTED_K);
 //! ```
 
-#![no_std]
-#![cfg_attr(docsrs, feature(doc_cfg))]
-#![forbid(unsafe_code, clippy::unwrap_used)]
-#![warn(missing_docs, rust_2018_idioms)]
-#![doc(
-    html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg",
-    html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg"
-)]
+mod ct_cmp;
+
+pub use hmac::digest::generic_array::typenum::consts;
 
-use crypto_bigint::{ArrayEncoding, ByteArray, Integer};
 use hmac::{
     digest::{
-        core_api::BlockSizeUser, generic_array::GenericArray, Digest, FixedOutput,
-        FixedOutputReset, Mac,
+        core_api::BlockSizeUser,
+        generic_array::{ArrayLength, GenericArray},
+        Digest, FixedOutput, FixedOutputReset, Mac,
     },
     SimpleHmac,
 };
-use zeroize::{Zeroize, Zeroizing};
+
+/// Array of bytes representing a scalar serialized as a big endian integer.
+pub type ByteArray<Size> = GenericArray<u8, Size>;
 
 /// Deterministically generate ephemeral scalar `k`.
 ///
@@ -57,22 +62,25 @@ use zeroize::{Zeroize, Zeroizing};
 /// - `h`: hash/digest of input message: must be reduced modulo `n` in advance
 /// - `data`: additional associated data, e.g. CSRNG output used as added entropy
 #[inline]
-pub fn generate_k<D, I>(x: &I, n: &I, h: &ByteArray<I>, data: &[u8]) -> Zeroizing<I>
+pub fn generate_k<D, N>(
+    x: &ByteArray<N>,
+    n: &ByteArray<N>,
+    h: &ByteArray<N>,
+    data: &[u8],
+) -> ByteArray<N>
 where
-    D: Digest + BlockSizeUser + FixedOutput<OutputSize = I::ByteSize> + FixedOutputReset,
-    I: ArrayEncoding + Integer + Zeroize,
+    D: Digest + BlockSizeUser + FixedOutput<OutputSize = N> + FixedOutputReset,
+    N: ArrayLength<u8>,
 {
-    let mut x = x.to_be_byte_array();
-    let mut hmac_drbg = HmacDrbg::<D>::new(&x, h, data);
-    x.zeroize();
+    let mut hmac_drbg = HmacDrbg::<D>::new(x, h, data);
 
     loop {
-        let mut bytes = ByteArray::<I>::default();
-        hmac_drbg.fill_bytes(&mut bytes);
-        let k = I::from_be_byte_array(bytes);
+        let mut k = ByteArray::<N>::default();
+        hmac_drbg.fill_bytes(&mut k);
 
-        if (!k.is_zero() & k.ct_lt(n)).into() {
-            return Zeroizing::new(k);
+        let k_is_zero = ct_cmp::ct_eq(&k, &ByteArray::default());
+        if (!k_is_zero & ct_cmp::ct_lt(&k, n)).into() {
+            return k;
         }
     }
 }
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-05-18 02:49:50 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-05-18 02:49:50 +0000
commit	9835e2ae736235810b4ea1c162ca5e65c547e770 (patch)
tree	3fcebf40ed70e581d776a8a4c65923e8ec20e026 /vendor/rfc6979
parent	Releasing progress-linux version 1.70.0+dfsg2-1~progress7.99u1. (diff)
download	rustc-9835e2ae736235810b4ea1c162ca5e65c547e770.tar.xz rustc-9835e2ae736235810b4ea1c162ca5e65c547e770.zip