Merging upstream version 1.71.1+dfsg1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

12 files changed, 139 insertions, 85 deletions

diff --git a/vendor/sec1/.cargo-checksum.json b/vendor/sec1/.cargo-checksum.json
index e0f4309bc..4076cc2c7 100644
--- a/vendor/sec1/.cargo-checksum.json
+++ b/vendor/sec1/.cargo-checksum.json
@@ -1 +1 @@
-{"files":{"CHANGELOG.md":"a40d9937af6d22a98f62bd0dc886d500ba8e528fac9b55511973778855fa4db5","Cargo.toml":"5822f97930715f33bee5dc60cc8cef23150528b50aae82c34e98f2d674ee6d47","LICENSE-APACHE":"a9040321c3712d8fd0b09cf52b17445de04a23a10165049ae187cd39e5c86be5","LICENSE-MIT":"4a883ecc3bb1010faed542bf63d53e530fea5e5e12cf676aed588784298ba929","README.md":"ffc351b05ef6ccdd7096ec354bae24fc1f77e02a2c39d8be2326f5647a4ffe1e","src/error.rs":"5859c63dbaa2f5f49c13cccc7b96d32fb51a0ab90f860709d9dca8db4f52f2f8","src/lib.rs":"d6af003ddc355bc94e0b69a02a46bb8f9ac00684417b4e87e0f8997e8b7d1017","src/parameters.rs":"298600d097c9a8c7e4242f96fc8dffd1700c61d1052e840907f3a3414c1f5289","src/point.rs":"89336127306fb3afb2056cb09d611c8448aa3eb4757fdd22126035a745626810","src/private_key.rs":"1284323862a79b65ba78a3abcf6579b9dc030292fc0845d9c2dd62e0fceb07da","src/traits.rs":"fc6b5fd04f9f9c3670c1cd50624e8d5b9aa4ca2982983e6f0e284e516b87f050","tests/examples/p256-priv.der":"36186d76a14000b87c31162269207a757dc147668219c1adcdcdc25fa6f04a8d","tests/examples/p256-priv.pem":"7f9b6b52c303da1ad081a416e3b159109d158338374de902099877dbd1102dc8","tests/private_key.rs":"218857127a50d8da73a193d0c45a3230b8d9bed38d4832a0a5c4b50d528a9121","tests/traits.rs":"4ec4edc6c15567b381428350914a27e5a0e22537ed1c606115c95ff4abb5d74b"},"package":"3be24c1842290c45df0a7bf069e0c268a747ad05a192f2fd7dcfdbc1cba40928"}
\ No newline at end of file
+{"files":{"CHANGELOG.md":"891e11e2b344c89fbc8248437a7bc68e73b5ac85446ca0d8460f346942523371","Cargo.toml":"cc4365ee90c755c8b71cda0d78a8f4ac0c5da6f897ac49ddce309f460aa4fffd","LICENSE-APACHE":"a9040321c3712d8fd0b09cf52b17445de04a23a10165049ae187cd39e5c86be5","LICENSE-MIT":"4a883ecc3bb1010faed542bf63d53e530fea5e5e12cf676aed588784298ba929","README.md":"f4cb78d53d52f2a44d2336e4c3dc29f10f62f2636f6db0757e0b6edb94d6e52b","src/error.rs":"a59b7e2881f9caf4f932d11eedaedaa9eb34797e652c6d363b11b604848f7d2d","src/lib.rs":"43415382857e83d425069163323a341624ae80a7282ab01c2a43519aee4472db","src/parameters.rs":"f186cde9c122319b4d408b1ad8090cbc9f6bc817ee7c761c0dbf6868131e2259","src/point.rs":"29b77d471d36adfc1760c9fa7061d6c08282c6c8070b30f355ba2485e9335114","src/private_key.rs":"daac1e9b5e87af5f7bcde728b6711cae5b04188ae683aea43478a85e53b76276","src/traits.rs":"b554960b3ceb586871f2febd403288bbc4c104fa1ad3a14b67b3f91a9dfb2f3b","tests/examples/p256-priv.der":"36186d76a14000b87c31162269207a757dc147668219c1adcdcdc25fa6f04a8d","tests/examples/p256-priv.pem":"7f9b6b52c303da1ad081a416e3b159109d158338374de902099877dbd1102dc8","tests/private_key.rs":"9a43eb7673d0acde453c47581eec93463b7b2adca41bf210154695a971966de1","tests/traits.rs":"837859875b3d6cabd6d2e1d16c6bb686be0be838f11b924adbfad0793b54f6fb"},"package":"f0aec48e813d6b90b15f0b8948af3c63483992dee44c03e9930b3eebdabe046e"}
\ No newline at end of file
diff --git a/vendor/sec1/CHANGELOG.md b/vendor/sec1/CHANGELOG.md
index eb96da064..97d91f80d 100644
--- a/vendor/sec1/CHANGELOG.md
+++ b/vendor/sec1/CHANGELOG.md
@@ -4,6 +4,41 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## 0.7.2 (2023-04-09)
+### Added
+- Impl `ModulusSize` for `U24` ([#995])
+
+[#995]: https://github.com/RustCrypto/formats/pull/995
+
+## 0.7.1 (2023-02-27)
+### Fixed
+- Encode `ECPrivateKey` version ([#908])
+
+[#908]: https://github.com/RustCrypto/formats/pull/908
+
+## 0.7.0 (2023-02-26) [YANKED]
+### Changed
+- MSRV 1.65 ([#805])
+- Bump `serdect` to v0.2 ([#893])
+- Bump `der` dependency to v0.7 ([#899])
+- Bump `spki` dependency to v0.7 ([#900])
+- Bump `pkcs8` to v0.10 ([#902])
+
+[#805]: https://github.com/RustCrypto/formats/pull/805
+[#893]: https://github.com/RustCrypto/formats/pull/893
+[#899]: https://github.com/RustCrypto/formats/pull/899
+[#900]: https://github.com/RustCrypto/formats/pull/900
+[#902]: https://github.com/RustCrypto/formats/pull/902
+
+## 0.6.0 (Skipped)
+- Skipped to synchronize version number with `der` and `spki`
+
+## 0.5.0 (Skipped)
+- Skipped to synchronize version number with `der` and `spki`
+
+## 0.4.0 (Skipped)
+- Skipped to synchronize version number with `der` and `spki`
+
 ## 0.3.0 (2022-05-08)
 ### Added
 - Make `der` feature optional but on-by-default ([#497])
diff --git a/vendor/sec1/Cargo.toml b/vendor/sec1/Cargo.toml
index 40cd053a2..db8458d1e 100644
--- a/vendor/sec1/Cargo.toml
+++ b/vendor/sec1/Cargo.toml
@@ -11,9 +11,9 @@
 
 [package]
 edition = "2021"
-rust-version = "1.57"
+rust-version = "1.65"
 name = "sec1"
-version = "0.3.0"
+version = "0.7.2"
 authors = ["RustCrypto Developers"]
 description = """
 Pure Rust implementation of SEC1: Elliptic Curve Cryptography encoding formats
@@ -36,7 +36,6 @@ categories = [
 ]
 license = "Apache-2.0 OR MIT"
 repository = "https://github.com/RustCrypto/formats/tree/master/sec1"
-resolver = "2"
 
 [package.metadata.docs.rs]
 all-features = true
@@ -46,27 +45,27 @@ rustdoc-args = [
 ]
 
 [dependencies.base16ct]
-version = "0.1.1"
+version = "0.2"
 optional = true
 default-features = false
 
 [dependencies.der]
-version = "0.6"
+version = "0.7"
 features = ["oid"]
 optional = true
 
 [dependencies.generic-array]
-version = "0.14.4"
+version = "0.14.7"
 optional = true
 default-features = false
 
 [dependencies.pkcs8]
-version = "0.9"
+version = "0.10"
 optional = true
 default-features = false
 
 [dependencies.serdect]
-version = "0.1"
+version = "0.2"
 features = ["alloc"]
 optional = true
 default-features = false
@@ -89,25 +88,33 @@ version = "3"
 
 [features]
 alloc = [
-    "der/alloc",
-    "pkcs8/alloc",
-    "zeroize/alloc",
+    "der?/alloc",
+    "pkcs8?/alloc",
+    "zeroize?/alloc",
 ]
 default = [
     "der",
     "point",
 ]
+der = [
+    "dep:der",
+    "zeroize",
+]
 pem = [
     "alloc",
     "der/pem",
     "pkcs8/pem",
 ]
 point = [
-    "base16ct",
-    "generic-array",
+    "dep:base16ct",
+    "dep:generic-array",
 ]
-serde = ["serdect"]
+serde = ["dep:serdect"]
 std = [
-    "der/std",
     "alloc",
+    "der?/std",
+]
+zeroize = [
+    "dep:zeroize",
+    "der?/zeroize",
 ]
diff --git a/vendor/sec1/README.md b/vendor/sec1/README.md
index fe1d9b6f0..5678de673 100644
--- a/vendor/sec1/README.md
+++ b/vendor/sec1/README.md
@@ -18,7 +18,7 @@ formats including ASN.1 DER-serialized private keys (also described in
 
 ## Minimum Supported Rust Version
 
-This crate requires **Rust 1.57** at a minimum.
+This crate requires **Rust 1.65** at a minimum.
 
 We may change the MSRV in the future, but it will be accompanied by a minor
 version bump.
@@ -45,7 +45,7 @@ dual licensed as above, without any additional terms or conditions.
 [docs-image]: https://docs.rs/sec1/badge.svg
 [docs-link]: https://docs.rs/sec1/
 [license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg
-[rustc-image]: https://img.shields.io/badge/rustc-1.57+-blue.svg
+[rustc-image]: https://img.shields.io/badge/rustc-1.65+-blue.svg
 [chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg
 [chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/300570-formats
 [build-image]: https://github.com/RustCrypto/formats/workflows/sec1/badge.svg?branch=master&event=push
diff --git a/vendor/sec1/src/error.rs b/vendor/sec1/src/error.rs
index 3700ac5f2..0d8bc8b70 100644
--- a/vendor/sec1/src/error.rs
+++ b/vendor/sec1/src/error.rs
@@ -14,7 +14,6 @@ pub type Result<T> = core::result::Result<T, Error>;
 pub enum Error {
     /// ASN.1 DER-related errors.
     #[cfg(feature = "der")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "der")))]
     Asn1(der::Error),
 
     /// Cryptographic errors.
@@ -52,7 +51,6 @@ impl fmt::Display for Error {
 }
 
 #[cfg(feature = "der")]
-#[cfg_attr(docsrs, doc(cfg(feature = "der")))]
 impl From<der::Error> for Error {
     fn from(err: der::Error) -> Error {
         Error::Asn1(err)
diff --git a/vendor/sec1/src/lib.rs b/vendor/sec1/src/lib.rs
index 8e01b1fa2..f6b419081 100644
--- a/vendor/sec1/src/lib.rs
+++ b/vendor/sec1/src/lib.rs
@@ -1,12 +1,18 @@
 #![no_std]
-#![cfg_attr(docsrs, feature(doc_cfg))]
+#![cfg_attr(docsrs, feature(doc_auto_cfg))]
 #![doc = include_str!("../README.md")]
 #![doc(
-    html_logo_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg",
-    html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg"
+    html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg",
+    html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg"
+)]
+#![forbid(unsafe_code)]
+#![warn(
+    clippy::mod_module_files,
+    clippy::unwrap_used,
+    missing_docs,
+    rust_2018_idioms,
+    unused_qualifications
 )]
-#![forbid(unsafe_code, clippy::unwrap_used)]
-#![warn(missing_docs, rust_2018_idioms, unused_qualifications)]
 
 //! ## `serde` support
 //!
@@ -48,15 +54,13 @@ pub use generic_array::typenum::consts;
 #[cfg(feature = "der")]
 pub use crate::{parameters::EcParameters, private_key::EcPrivateKey, traits::DecodeEcPrivateKey};
 
-#[cfg(feature = "alloc")]
+#[cfg(all(feature = "alloc", feature = "der"))]
 pub use crate::traits::EncodeEcPrivateKey;
 
 #[cfg(feature = "pem")]
-#[cfg_attr(docsrs, doc(cfg(feature = "pem")))]
 pub use der::pem::{self, LineEnding};
 
 #[cfg(feature = "pkcs8")]
-#[cfg_attr(docsrs, doc(cfg(feature = "pkcs8")))]
 pub use pkcs8;
 
 #[cfg(feature = "pkcs8")]
@@ -70,5 +74,4 @@ use serdect::serde;
 ///
 /// <http://oid-info.com/get/1.2.840.10045.2.1>
 #[cfg(feature = "pkcs8")]
-#[cfg_attr(docsrs, doc(cfg(feature = "pkcs8")))]
 pub const ALGORITHM_OID: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.840.10045.2.1");
diff --git a/vendor/sec1/src/parameters.rs b/vendor/sec1/src/parameters.rs
index ed9d1524f..20458e6e9 100644
--- a/vendor/sec1/src/parameters.rs
+++ b/vendor/sec1/src/parameters.rs
@@ -18,7 +18,6 @@ use der::{
 ///   -- with ANSI X9.
 /// ```
 #[derive(Copy, Clone, Debug, Eq, PartialEq)]
-#[cfg_attr(docsrs, doc(cfg(feature = "der")))]
 pub enum EcParameters {
     /// Elliptic curve named by a particular OID.
     ///
@@ -41,7 +40,7 @@ impl EncodeValue for EcParameters {
         }
     }
 
-    fn encode_value(&self, writer: &mut dyn Writer) -> der::Result<()> {
+    fn encode_value(&self, writer: &mut impl Writer) -> der::Result<()> {
         match self {
             Self::NamedCurve(oid) => oid.encode_value(writer),
         }
diff --git a/vendor/sec1/src/point.rs b/vendor/sec1/src/point.rs
index eb0d2ca62..fb0e04564 100644
--- a/vendor/sec1/src/point.rs
+++ b/vendor/sec1/src/point.rs
@@ -14,7 +14,7 @@ use core::{
     str,
 };
 use generic_array::{
-    typenum::{U1, U28, U32, U48, U66},
+    typenum::{U1, U24, U28, U32, U48, U66},
     ArrayLength, GenericArray,
 };
 
@@ -59,7 +59,7 @@ macro_rules! impl_modulus_size {
     }
 }
 
-impl_modulus_size!(U28, U32, U48, U66);
+impl_modulus_size!(U24, U28, U32, U48, U66);
 
 /// SEC1 encoded curve point.
 ///
@@ -157,7 +157,6 @@ where
 
     /// Get boxed byte slice containing the serialized [`EncodedPoint`]
     #[cfg(feature = "alloc")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "alloc")))]
     pub fn to_bytes(&self) -> Box<[u8]> {
         self.as_bytes().to_vec().into_boxed_slice()
     }
@@ -381,7 +380,6 @@ where
 }
 
 #[cfg(feature = "serde")]
-#[cfg_attr(docsrs, doc(cfg(feature = "serde")))]
 impl<Size> Serialize for EncodedPoint<Size>
 where
     Size: ModulusSize,
@@ -395,7 +393,6 @@ where
 }
 
 #[cfg(feature = "serde")]
-#[cfg_attr(docsrs, doc(cfg(feature = "serde")))]
 impl<'de, Size> Deserialize<'de> for EncodedPoint<Size>
 where
     Size: ModulusSize,
@@ -405,7 +402,7 @@ where
         D: de::Deserializer<'de>,
     {
         let bytes = serdect::slice::deserialize_hex_or_bin_vec(deserializer)?;
-        Self::from_bytes(&bytes).map_err(de::Error::custom)
+        Self::from_bytes(bytes).map_err(de::Error::custom)
     }
 }
 
@@ -663,8 +660,8 @@ mod tests {
 
     #[test]
     fn decode_invalid_tag() {
-        let mut compressed_bytes = COMPRESSED_BYTES.clone();
-        let mut uncompressed_bytes = UNCOMPRESSED_BYTES.clone();
+        let mut compressed_bytes = COMPRESSED_BYTES;
+        let mut uncompressed_bytes = UNCOMPRESSED_BYTES;
 
         for bytes in &mut [&mut compressed_bytes[..], &mut uncompressed_bytes[..]] {
             for tag in 0..=0xFF {
diff --git a/vendor/sec1/src/private_key.rs b/vendor/sec1/src/private_key.rs
index 236243231..531579936 100644
--- a/vendor/sec1/src/private_key.rs
+++ b/vendor/sec1/src/private_key.rs
@@ -8,11 +8,12 @@
 use crate::{EcParameters, Error, Result};
 use core::fmt;
 use der::{
-    asn1::{BitStringRef, ContextSpecific, OctetStringRef},
-    Decode, DecodeValue, Encode, Header, Reader, Sequence, Tag, TagMode, TagNumber,
+    asn1::{BitStringRef, ContextSpecific, ContextSpecificRef, OctetStringRef},
+    Decode, DecodeValue, Encode, EncodeValue, Header, Length, Reader, Sequence, Tag, TagMode,
+    TagNumber, Writer,
 };
 
-#[cfg(feature = "alloc")]
+#[cfg(all(feature = "alloc", feature = "zeroize"))]
 use der::SecretDocument;
 
 #[cfg(feature = "pem")]
@@ -58,7 +59,6 @@ const PUBLIC_KEY_TAG: TagNumber = TagNumber::new(1);
 /// [SEC1: Elliptic Curve Cryptography (Version 2.0)]: https://www.secg.org/sec1-v2.pdf
 /// [RFC5915 Section 3]: https://datatracker.ietf.org/doc/html/rfc5915#section-3
 #[derive(Clone)]
-#[cfg_attr(docsrs, doc(cfg(feature = "der")))]
 pub struct EcPrivateKey<'a> {
     /// Private key data.
     pub private_key: &'a [u8],
@@ -70,6 +70,30 @@ pub struct EcPrivateKey<'a> {
     pub public_key: Option<&'a [u8]>,
 }
 
+impl<'a> EcPrivateKey<'a> {
+    fn context_specific_parameters(&self) -> Option<ContextSpecificRef<'_, EcParameters>> {
+        self.parameters.as_ref().map(|params| ContextSpecificRef {
+            tag_number: EC_PARAMETERS_TAG,
+            tag_mode: TagMode::Explicit,
+            value: params,
+        })
+    }
+
+    fn context_specific_public_key(
+        &self,
+    ) -> der::Result<Option<ContextSpecific<BitStringRef<'a>>>> {
+        self.public_key
+            .map(|pk| {
+                BitStringRef::from_bytes(pk).map(|value| ContextSpecific {
+                    tag_number: PUBLIC_KEY_TAG,
+                    tag_mode: TagMode::Explicit,
+                    value,
+                })
+            })
+            .transpose()
+    }
+}
+
 impl<'a> DecodeValue<'a> for EcPrivateKey<'a> {
     fn decode_value<R: Reader<'a>>(reader: &mut R, header: Header) -> der::Result<Self> {
         reader.read_nested(header.length, |reader| {
@@ -93,33 +117,25 @@ impl<'a> DecodeValue<'a> for EcPrivateKey<'a> {
     }
 }
 
-impl<'a> Sequence<'a> for EcPrivateKey<'a> {
-    fn fields<F, T>(&self, f: F) -> der::Result<T>
-    where
-        F: FnOnce(&[&dyn Encode]) -> der::Result<T>,
-    {
-        f(&[
-            &VERSION,
-            &OctetStringRef::new(self.private_key)?,
-            &self.parameters.as_ref().map(|params| ContextSpecific {
-                tag_number: EC_PARAMETERS_TAG,
-                tag_mode: TagMode::Explicit,
-                value: *params,
-            }),
-            &self
-                .public_key
-                .map(|pk| {
-                    BitStringRef::from_bytes(pk).map(|value| ContextSpecific {
-                        tag_number: PUBLIC_KEY_TAG,
-                        tag_mode: TagMode::Explicit,
-                        value,
-                    })
-                })
-                .transpose()?,
-        ])
+impl EncodeValue for EcPrivateKey<'_> {
+    fn value_len(&self) -> der::Result<Length> {
+        VERSION.encoded_len()?
+            + OctetStringRef::new(self.private_key)?.encoded_len()?
+            + self.context_specific_parameters().encoded_len()?
+            + self.context_specific_public_key()?.encoded_len()?
+    }
+
+    fn encode_value(&self, writer: &mut impl Writer) -> der::Result<()> {
+        VERSION.encode(writer)?;
+        OctetStringRef::new(self.private_key)?.encode(writer)?;
+        self.context_specific_parameters().encode(writer)?;
+        self.context_specific_public_key()?.encode(writer)?;
+        Ok(())
     }
 }
 
+impl<'a> Sequence<'a> for EcPrivateKey<'a> {}
+
 impl<'a> TryFrom<&'a [u8]> for EcPrivateKey<'a> {
     type Error = Error;
 
@@ -138,7 +154,6 @@ impl<'a> fmt::Debug for EcPrivateKey<'a> {
 }
 
 #[cfg(feature = "alloc")]
-#[cfg_attr(docsrs, doc(cfg(feature = "alloc")))]
 impl TryFrom<EcPrivateKey<'_>> for SecretDocument {
     type Error = Error;
 
@@ -148,7 +163,6 @@ impl TryFrom<EcPrivateKey<'_>> for SecretDocument {
 }
 
 #[cfg(feature = "alloc")]
-#[cfg_attr(docsrs, doc(cfg(feature = "alloc")))]
 impl TryFrom<&EcPrivateKey<'_>> for SecretDocument {
     type Error = Error;
 
@@ -158,7 +172,6 @@ impl TryFrom<&EcPrivateKey<'_>> for SecretDocument {
 }
 
 #[cfg(feature = "pem")]
-#[cfg_attr(docsrs, doc(cfg(feature = "pem")))]
 impl PemLabel for EcPrivateKey<'_> {
     const PEM_LABEL: &'static str = "EC PRIVATE KEY";
 }
diff --git a/vendor/sec1/src/traits.rs b/vendor/sec1/src/traits.rs
index cf0d9711e..304019e3c 100644
--- a/vendor/sec1/src/traits.rs
+++ b/vendor/sec1/src/traits.rs
@@ -21,7 +21,6 @@ use std::path::Path;
 use zeroize::Zeroizing;
 
 /// Parse an [`EcPrivateKey`] from a SEC1-encoded document.
-#[cfg_attr(docsrs, doc(cfg(feature = "der")))]
 pub trait DecodeEcPrivateKey: Sized {
     /// Deserialize SEC1 private key from ASN.1 DER-encoded data
     /// (binary format).
@@ -35,7 +34,6 @@ pub trait DecodeEcPrivateKey: Sized {
     /// -----BEGIN EC PRIVATE KEY-----
     /// ```
     #[cfg(feature = "pem")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "pem")))]
     fn from_sec1_pem(s: &str) -> Result<Self> {
         let (label, doc) = SecretDocument::from_pem(s)?;
         EcPrivateKey::validate_pem_label(label)?;
@@ -45,15 +43,12 @@ pub trait DecodeEcPrivateKey: Sized {
     /// Load SEC1 private key from an ASN.1 DER-encoded file on the local
     /// filesystem (binary format).
     #[cfg(feature = "std")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "std")))]
     fn read_sec1_der_file(path: impl AsRef<Path>) -> Result<Self> {
         Self::from_sec1_der(SecretDocument::read_der_file(path)?.as_bytes())
     }
 
     /// Load SEC1 private key from a PEM-encoded file on the local filesystem.
     #[cfg(all(feature = "pem", feature = "std"))]
-    #[cfg_attr(docsrs, doc(cfg(feature = "pem")))]
-    #[cfg_attr(docsrs, doc(cfg(feature = "std")))]
     fn read_sec1_pem_file(path: impl AsRef<Path>) -> Result<Self> {
         let (label, doc) = SecretDocument::read_pem_file(path)?;
         EcPrivateKey::validate_pem_label(&label)?;
@@ -63,7 +58,6 @@ pub trait DecodeEcPrivateKey: Sized {
 
 /// Serialize a [`EcPrivateKey`] to a SEC1 encoded document.
 #[cfg(feature = "alloc")]
-#[cfg_attr(docsrs, doc(cfg(all(feature = "alloc", feature = "der"))))]
 pub trait EncodeEcPrivateKey {
     /// Serialize a [`SecretDocument`] containing a SEC1-encoded private key.
     fn to_sec1_der(&self) -> Result<SecretDocument>;
@@ -72,7 +66,6 @@ pub trait EncodeEcPrivateKey {
     ///
     /// To use the OS's native line endings, pass `Default::default()`.
     #[cfg(feature = "pem")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "pem")))]
     fn to_sec1_pem(&self, line_ending: LineEnding) -> Result<Zeroizing<String>> {
         let doc = self.to_sec1_der()?;
         Ok(doc.to_pem(EcPrivateKey::PEM_LABEL, line_ending)?)
@@ -80,15 +73,12 @@ pub trait EncodeEcPrivateKey {
 
     /// Write ASN.1 DER-encoded SEC1 private key to the given path.
     #[cfg(feature = "std")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "std")))]
     fn write_sec1_der_file(&self, path: impl AsRef<Path>) -> Result<()> {
         Ok(self.to_sec1_der()?.write_der_file(path)?)
     }
 
     /// Write ASN.1 DER-encoded SEC1 private key to the given path.
     #[cfg(all(feature = "pem", feature = "std"))]
-    #[cfg_attr(docsrs, doc(cfg(feature = "pem")))]
-    #[cfg_attr(docsrs, doc(cfg(feature = "std")))]
     fn write_sec1_pem_file(&self, path: impl AsRef<Path>, line_ending: LineEnding) -> Result<()> {
         let doc = self.to_sec1_der()?;
         Ok(doc.write_pem_file(path, EcPrivateKey::PEM_LABEL, line_ending)?)
@@ -96,14 +86,16 @@ pub trait EncodeEcPrivateKey {
 }
 
 #[cfg(feature = "pkcs8")]
-#[cfg_attr(docsrs, doc(cfg(feature = "pkcs8")))]
-impl<T: pkcs8::DecodePrivateKey> DecodeEcPrivateKey for T {
+impl<T> DecodeEcPrivateKey for T
+where
+    T: for<'a> TryFrom<pkcs8::PrivateKeyInfo<'a>, Error = pkcs8::Error>,
+{
     fn from_sec1_der(private_key: &[u8]) -> Result<Self> {
         let params_oid = EcPrivateKey::from_der(private_key)?
             .parameters
             .and_then(|params| params.named_curve());
 
-        let algorithm = pkcs8::AlgorithmIdentifier {
+        let algorithm = pkcs8::AlgorithmIdentifierRef {
             oid: ALGORITHM_OID,
             parameters: params_oid.as_ref().map(Into::into),
         };
@@ -117,7 +109,6 @@ impl<T: pkcs8::DecodePrivateKey> DecodeEcPrivateKey for T {
 }
 
 #[cfg(all(feature = "alloc", feature = "pkcs8"))]
-#[cfg_attr(docsrs, doc(cfg(all(feature = "alloc", feature = "pkcs8"))))]
 impl<T: pkcs8::EncodePrivateKey> EncodeEcPrivateKey for T {
     fn to_sec1_der(&self) -> Result<SecretDocument> {
         let doc = self.to_pkcs8_der()?;
diff --git a/vendor/sec1/tests/private_key.rs b/vendor/sec1/tests/private_key.rs
index 5b985da84..224a947e7 100644
--- a/vendor/sec1/tests/private_key.rs
+++ b/vendor/sec1/tests/private_key.rs
@@ -6,6 +6,9 @@ use der::asn1::ObjectIdentifier;
 use hex_literal::hex;
 use sec1::{EcParameters, EcPrivateKey};
 
+#[cfg(feature = "alloc")]
+use der::Encode;
+
 /// NIST P-256 SEC1 private key encoded as ASN.1 DER.
 ///
 /// Note: this key is extracted from the corresponding `p256-priv.der`
@@ -30,3 +33,11 @@ fn decode_p256_der() {
     );
     assert_eq!(key.public_key, Some(hex!("041CACFFB55F2F2CEFD89D89EB374B2681152452802DEEA09916068137D839CF7FC481A44492304D7EF66AC117BEFE83A8D08F155F2B52F9F618DD447029048E0F").as_ref()));
 }
+
+#[cfg(feature = "alloc")]
+#[test]
+fn encode_p256_der() {
+    let key = EcPrivateKey::try_from(P256_DER_EXAMPLE).unwrap();
+    let key_encoded = key.to_der().unwrap();
+    assert_eq!(P256_DER_EXAMPLE, key_encoded);
+}
diff --git a/vendor/sec1/tests/traits.rs b/vendor/sec1/tests/traits.rs
index 4bcd679b9..ab6e09a20 100644
--- a/vendor/sec1/tests/traits.rs
+++ b/vendor/sec1/tests/traits.rs
@@ -1,6 +1,6 @@
 //! Tests for SEC1 encoding/decoding traits.
 
-#![cfg(any(feature = "pem", feature = "std"))]
+#![cfg(any(feature = "pem", all(feature = "der", feature = "std")))]
 
 use der::SecretDocument;
 use sec1::{DecodeEcPrivateKey, EncodeEcPrivateKey, Result};