Merging upstream version 1.71.1+dfsg1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

15 files changed, 239 insertions, 262 deletions

diff --git a/vendor/signature/.cargo-checksum.json b/vendor/signature/.cargo-checksum.json
index f3fca0f74..9d2d453d0 100644
--- a/vendor/signature/.cargo-checksum.json
+++ b/vendor/signature/.cargo-checksum.json
@@ -1 +1 @@
-{"files":{"CHANGELOG.md":"ffea692939624650fdc658b1f4475983ed992dd0448bd0470afb10d3c59fd37a","Cargo.toml":"f8c47b3e2cdd8bf029f036e4725210ac8f5eae78045a59c3a8f07a3571a8221e","LICENSE-APACHE":"a9040321c3712d8fd0b09cf52b17445de04a23a10165049ae187cd39e5c86be5","LICENSE-MIT":"bdebaf9156a298f8fdab56dd26cb5144673de522d80f4c0d88e0039145f147f9","README.md":"61dd7de22512e5ee5a5479c7757be89dc9f136ac810eb25bdea598e4f6600352","src/error.rs":"8e17929b47998ea3b3704adf70e1d501754ffc5910e6b074144ac91cbd811e89","src/hazmat.rs":"dbaa6b9f30626d0e68869d315640ed18e1c3ac665c0227e1de1e401952767b36","src/keypair.rs":"ec3166f3983e5bd781b429603fcfa4fd15546398ba372a32be007bdee36a6020","src/lib.rs":"64c6788856aaba3e31c8b6d91e653590190e802c4ddf327e81c0c32701f19b57","src/signature.rs":"1364b4d70d531eab5e9954044ea7ff3cda5b5a635141f4b25d3f40a5c5d1303f","src/signer.rs":"02e147e922957e53a70d8ab02d504c91ab7f43617abfdb5781e18558ededf7a9","src/verifier.rs":"0c7dc6d48f8bf1960b5e06032548eaa441ecdfa4cdb7a3d38ad2c7486c992635","tests/derive.rs":"619bd7185f7f66376b8c2a61dd896c316af47363a66ab1e949f4146a4e988fa2"},"package":"74233d3b3b2f6d4b006dc19dee745e73e2a6bfb6f93607cd3b02bd5b00797d7c"}
\ No newline at end of file
+{"files":{"CHANGELOG.md":"e1dc1a42d89c604d5bfcdd31f0ecda5442fde141fbdaed5ec27741f799a08684","Cargo.toml":"86b4f84f3ef286ed13cf6b2880192db068ae80eadff89955331946c8a253c2d9","LICENSE-APACHE":"a9040321c3712d8fd0b09cf52b17445de04a23a10165049ae187cd39e5c86be5","LICENSE-MIT":"b3470648aff02beb36d7a53240fc9260ed80ed93bd43bace6b67d7ef7336ee33","README.md":"98b8d705baaeb9df4925fd4c5726637f99aaa5cd52183c18c05440647739c146","src/encoding.rs":"872ae940d329d523335d1e28379de898f25ccf98c3366a6773a6728a9e0e1992","src/error.rs":"8673e5193b0571ef7b1212f5e3d3005b2929d1186c38a7911a676db466929a20","src/hazmat.rs":"c662aeb812a9ce24d0e2c7dedeca7d9ae7002bd527cbd484557b04a41bab1817","src/keypair.rs":"9b2f6cda46e3fe8c29b571b912745f4dfb7c6a1186c56790f0e3fd080ab3bdf7","src/lib.rs":"0c00057818e179cc12090292aa7244ab1a60fe3151a1464acfc5dad5b9ea1fe8","src/prehash_signature.rs":"74b7641cfcf5692625adec58b550ac3a12125983e12076c4e811be7f28462a0c","src/signer.rs":"20a50c3c2fc0ef678e1ca87aca9c75527794bd66cf52583aa941b13b3f1ee1da","src/verifier.rs":"4eaeb33529879b3bbfc13442a5823905ca05f8f27316192360f9bbd416822976","tests/derive.rs":"ec2f5f0e33296a1b48f4804e5488d58b98b41d0570de5b7e6c5e809ca0ade3fc"},"package":"5e1788eed21689f9cf370582dfc467ef36ed9c707f073528ddafa8d83e3b8500"}
\ No newline at end of file
diff --git a/vendor/signature/CHANGELOG.md b/vendor/signature/CHANGELOG.md
index 86198d54c..4f999de55 100644
--- a/vendor/signature/CHANGELOG.md
+++ b/vendor/signature/CHANGELOG.md
@@ -4,6 +4,36 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## 2.1.0 (2023-04-01)
+### Added
+- `SignatureEncoding::encoded_len` ([#1283])
+
+[#1283]: https://github.com/RustCrypto/traits/pull/1283
+
+## 2.0.0 (2023-01-15)
+### Added
+- `SignatureEncoding` trait as a replacement for `Signature` trait and the
+  now removed `AsRef<[u8]>` bound on signatures ([#1141])
+- New `Keypair` trait which returns owned keys instead of borrowed ([#1141])
+
+### Changed
+- `derive-preview` has been renamed to `derive` and stabilized ([#1141])
+- `digest-preview` renamed to `digest`, still unstable ([#1210])
+- `hazmat-preview` feature stabilized and removed, always on ([#1141])
+- `rand-preview` renamed to `rand_core`, still unstable ([#1210])
+- `std` feature is no longer enabled by default ([#1141])
+- Old `Keypair` trait renamed to `KeypairRef` ([#1141])
+- Signature generic parameter removed from `Keypair`/`KeypairRef` ([#1141])
+- Use `&mut impl CryptoRngCore` RNG arguments ([#1147])
+
+### Removed
+- `Signature` trait - replaced by `SignatureEncoding` ([#1141])
+- `hazmat-preview` feature, now always on ([#1141])
+
+[#1141]: https://github.com/RustCrypto/traits/pull/1141
+[#1147]: https://github.com/RustCrypto/traits/pull/1147
+[#1210]: https://github.com/RustCrypto/traits/pull/1141
+
 ## 1.6.4 (2022-10-06)
 ### Added
 - `RandomizedPrehashSigner` trait in `hazmat` module ([#1130])
diff --git a/vendor/signature/Cargo.toml b/vendor/signature/Cargo.toml
index fa83ff6a1..2d2391580 100644
--- a/vendor/signature/Cargo.toml
+++ b/vendor/signature/Cargo.toml
@@ -13,7 +13,7 @@
 edition = "2021"
 rust-version = "1.56"
 name = "signature"
-version = "1.6.4"
+version = "2.1.0"
 authors = ["RustCrypto Developers"]
 description = "Traits for cryptographic signature algorithms (e.g. ECDSA, Ed25519)"
 documentation = "https://docs.rs/signature"
@@ -39,20 +39,21 @@ rustdoc-args = [
     "docsrs",
 ]
 
+[dependencies.derive]
+version = "2"
+optional = true
+package = "signature_derive"
+
 [dependencies.digest]
-version = "0.10.3"
+version = "0.10.6"
 optional = true
 default-features = false
 
 [dependencies.rand_core]
-version = "0.6"
+version = "0.6.4"
 optional = true
 default-features = false
 
-[dependencies.signature_derive]
-version = "=1.0.0-pre.7"
-optional = true
-
 [dev-dependencies.hex-literal]
 version = "0.3"
 
@@ -61,12 +62,5 @@ version = "0.10"
 default-features = false
 
 [features]
-default = ["std"]
-derive-preview = [
-    "digest-preview",
-    "signature_derive",
-]
-digest-preview = ["digest"]
-hazmat-preview = []
-rand-preview = ["rand_core"]
-std = []
+alloc = []
+std = ["alloc"]
diff --git a/vendor/signature/LICENSE-MIT b/vendor/signature/LICENSE-MIT
index 81a3d57ac..d8d87fe29 100644
--- a/vendor/signature/LICENSE-MIT
+++ b/vendor/signature/LICENSE-MIT
@@ -1,4 +1,4 @@
-Copyright (c) 2018-2022 RustCrypto Developers
+Copyright (c) 2018-2023 RustCrypto Developers
 
 Permission is hereby granted, free of charge, to any
 person obtaining a copy of this software and associated
diff --git a/vendor/signature/README.md b/vendor/signature/README.md
index a1a6fa4ae..6f205d603 100644
--- a/vendor/signature/README.md
+++ b/vendor/signature/README.md
@@ -1,4 +1,4 @@
-# RustCrypto: Digital Signature Algorithms
+# [RustCrypto]: Digital Signature Algorithms
 
 [![crate][crate-image]][crate-link]
 [![Docs][docs-image]][docs-link]
@@ -8,14 +8,10 @@
 [![Project Chat][chat-image]][chat-link]
 
 This crate contains traits which provide generic, object-safe APIs for
-generating and verifying [digital signatures][1].
+generating and verifying [digital signatures].
 
-Used by the [`ecdsa`][2] and [`ed25519`][3] crates, with forthcoming support
-in the [`rsa`][4] crate.
-
-See also the [Signatory][5] crate for trait wrappers for using these traits
-with many popular Rust cryptography crates, including `ed25519-dalek`, *ring*,
-`secp256k1-rs`, and `sodiumoxide`.
+Used by the [`dsa`], [`ecdsa`], [`ed25519`], and [`rsa`] crates maintained by
+the [RustCrypto] organization, as well as [`ed25519-dalek`].
 
 [Documentation][docs-link]
 
@@ -30,10 +26,11 @@ done with a minor version bump.
 
 - All on-by-default features of this library are covered by SemVer
 - MSRV is considered exempt from SemVer as noted above
-- The off-by-default features `derive-preview` and `digest-preview` are
-  unstable "preview" features which are also considered exempt from SemVer.
-  Breaking changes to these features will, like MSRV, be done with a minor
-  version bump.
+- The `derive` feature is stable and covered by SemVer
+- The off-by-default features `digest` and `rand_core` are unstable features 
+  which are also considered exempt from SemVer as they correspond to pre-1.0
+  crates which are still subject to changes. Breaking changes to these features
+  will, like MSRV, be done with a minor version bump.
 
 ## License
 
@@ -63,10 +60,12 @@ dual licensed as above, without any additional terms or conditions.
 [chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg
 [chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260048-signatures
 
-[//]: # (general links)
+[//]: # (links)
 
-[1]: https://en.wikipedia.org/wiki/Digital_signature
-[2]: https://github.com/RustCrypto/signatures/tree/master/ecdsa
-[3]: https://github.com/RustCrypto/signatures/tree/master/ed25519
-[4]: https://github.com/RustCrypto/RSA
-[5]: https://docs.rs/signatory
+[RustCrypto]: https://github.com/RustCrypto/
+[digital signatures]: https://en.wikipedia.org/wiki/Digital_signature
+[`dsa`]: https://github.com/RustCrypto/signatures/tree/master/dsa
+[`ecdsa`]: https://github.com/RustCrypto/signatures/tree/master/ecdsa
+[`ed25519`]: https://github.com/RustCrypto/signatures/tree/master/ed25519
+[`ed25519-dalek`]: https://github.com/dalek-cryptography/ed25519-dalek
+[`rsa`]: https://github.com/RustCrypto/RSA
diff --git a/vendor/signature/src/encoding.rs b/vendor/signature/src/encoding.rs
new file mode 100644
index 000000000..8bc475b01
--- /dev/null
+++ b/vendor/signature/src/encoding.rs
@@ -0,0 +1,31 @@
+//! Encoding support.
+
+#[cfg(feature = "alloc")]
+use alloc::vec::Vec;
+
+/// Support for decoding/encoding signatures as bytes.
+pub trait SignatureEncoding:
+    Clone + Sized + for<'a> TryFrom<&'a [u8]> + TryInto<Self::Repr>
+{
+    /// Byte representation of a signature.
+    type Repr: 'static + AsRef<[u8]> + Clone + Send + Sync;
+
+    /// Encode signature as its byte representation.
+    fn to_bytes(&self) -> Self::Repr {
+        self.clone()
+            .try_into()
+            .ok()
+            .expect("signature encoding error")
+    }
+
+    /// Encode signature as a byte vector.
+    #[cfg(feature = "alloc")]
+    fn to_vec(&self) -> Vec<u8> {
+        self.to_bytes().as_ref().to_vec()
+    }
+
+    /// Get the length of this signature when encoded.
+    fn encoded_len(&self) -> usize {
+        self.to_bytes().as_ref().len()
+    }
+}
diff --git a/vendor/signature/src/error.rs b/vendor/signature/src/error.rs
index 06e22d527..1bfaf33bf 100644
--- a/vendor/signature/src/error.rs
+++ b/vendor/signature/src/error.rs
@@ -22,11 +22,8 @@ pub type Result<T> = core::result::Result<T, Error>;
 ///
 /// [BB'06]: https://en.wikipedia.org/wiki/Daniel_Bleichenbacher
 #[derive(Default)]
+#[non_exhaustive]
 pub struct Error {
-    /// Prevent from being instantiated as `Error {}` when the `std` feature
-    /// is disabled
-    _private: (),
-
     /// Source of the error (if applicable).
     #[cfg(feature = "std")]
     source: Option<Box<dyn std::error::Error + Send + Sync + 'static>>,
@@ -45,12 +42,10 @@ impl Error {
     /// cases are for propagating errors related to external signers, e.g.
     /// communication/authentication errors with HSMs, KMS, etc.
     #[cfg(feature = "std")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "std")))]
     pub fn from_source(
         source: impl Into<Box<dyn std::error::Error + Send + Sync + 'static>>,
     ) -> Self {
         Self {
-            _private: (),
             source: Some(source.into()),
         }
     }
diff --git a/vendor/signature/src/hazmat.rs b/vendor/signature/src/hazmat.rs
index 8119225c6..d2f3e9523 100644
--- a/vendor/signature/src/hazmat.rs
+++ b/vendor/signature/src/hazmat.rs
@@ -5,18 +5,14 @@
 //!
 //! Using them incorrectly can introduce security vulnerabilities. Please
 //! carefully read the documentation before attempting to use them.
-//!
-//! To use them, enable the `hazmat-preview` crate feature. Note that this
-//! feature is semi-unstable and not subject to regular 1.x SemVer guarantees.
-//! However, any breaking changes will be accompanied with a minor version bump.
 
-use crate::{Error, Signature};
+use crate::Error;
 
-#[cfg(feature = "rand-preview")]
-use crate::rand_core::{CryptoRng, RngCore};
+#[cfg(feature = "rand_core")]
+use crate::rand_core::CryptoRngCore;
 
 /// Sign the provided message prehash, returning a digital signature.
-pub trait PrehashSigner<S: Signature> {
+pub trait PrehashSigner<S> {
     /// Attempt to sign the given message digest, returning a digital signature
     /// on success, or an error if something went wrong.
     ///
@@ -33,9 +29,8 @@ pub trait PrehashSigner<S: Signature> {
 }
 
 /// Sign the provided message prehash using the provided external randomness source, returning a digital signature.
-#[cfg(feature = "rand-preview")]
-#[cfg_attr(docsrs, doc(cfg(feature = "rand-preview")))]
-pub trait RandomizedPrehashSigner<S: Signature> {
+#[cfg(feature = "rand_core")]
+pub trait RandomizedPrehashSigner<S> {
     /// Attempt to sign the given message digest, returning a digital signature
     /// on success, or an error if something went wrong.
     ///
@@ -50,13 +45,13 @@ pub trait RandomizedPrehashSigner<S: Signature> {
     /// implementation to decide.
     fn sign_prehash_with_rng(
         &self,
-        rng: impl CryptoRng + RngCore,
+        rng: &mut impl CryptoRngCore,
         prehash: &[u8],
     ) -> Result<S, Error>;
 }
 
 /// Verify the provided message prehash using `Self` (e.g. a public key)
-pub trait PrehashVerifier<S: Signature> {
+pub trait PrehashVerifier<S> {
     /// Use `Self` to verify that the provided signature for a given message
     /// `prehash` is authentic.
     ///
diff --git a/vendor/signature/src/keypair.rs b/vendor/signature/src/keypair.rs
index 6d9f947c6..d4795f2f9 100644
--- a/vendor/signature/src/keypair.rs
+++ b/vendor/signature/src/keypair.rs
@@ -1,17 +1,29 @@
 //! Signing keypairs.
 
-use crate::Signature;
-
 /// Signing keypair with an associated verifying key.
 ///
 /// This represents a type which holds both a signing key and a verifying key.
-pub trait Keypair<S: Signature>: AsRef<Self::VerifyingKey> {
+pub trait Keypair {
     /// Verifying key type for this keypair.
-    type VerifyingKey;
+    type VerifyingKey: Clone;
 
     /// Get the verifying key which can verify signatures produced by the
     /// signing key portion of this keypair.
-    fn verifying_key(&self) -> &Self::VerifyingKey {
-        self.as_ref()
+    fn verifying_key(&self) -> Self::VerifyingKey;
+}
+
+/// Signing keypair with an associated verifying key.
+///
+/// This represents a type which holds both a signing key and a verifying key.
+pub trait KeypairRef: AsRef<Self::VerifyingKey> {
+    /// Verifying key type for this keypair.
+    type VerifyingKey: Clone;
+}
+
+impl<K: KeypairRef> Keypair for K {
+    type VerifyingKey = <Self as KeypairRef>::VerifyingKey;
+
+    fn verifying_key(&self) -> Self::VerifyingKey {
+        self.as_ref().clone()
     }
 }
diff --git a/vendor/signature/src/lib.rs b/vendor/signature/src/lib.rs
index ab504c2ac..ba1feb494 100644
--- a/vendor/signature/src/lib.rs
+++ b/vendor/signature/src/lib.rs
@@ -4,9 +4,16 @@
     html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg",
     html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg"
 )]
-#![cfg_attr(docsrs, feature(doc_cfg))]
+#![cfg_attr(docsrs, feature(doc_auto_cfg))]
 #![forbid(unsafe_code)]
-#![warn(missing_docs, rust_2018_idioms, unused_qualifications)]
+#![warn(
+    clippy::mod_module_files,
+    clippy::unwrap_used,
+    missing_docs,
+    rust_2018_idioms,
+    unused_lifetimes,
+    unused_qualifications
+)]
 
 //! # Design
 //!
@@ -43,24 +50,14 @@
 //! ## Implementation
 //!
 //! To accomplish the above goals, the [`Signer`] and [`Verifier`] traits
-//! provided by this are generic over a [`Signature`] return value, and use
-//! generic parameters rather than associated types. Notably, they use such
-//! a parameter for the return value, allowing it to be inferred by the type
-//! checker based on the desired signature type.
-//!
-//! The [`Signature`] trait is bounded on `AsRef<[u8]>`, enforcing that
-//! signature types are thin wrappers around a "bag-of-bytes"
-//! serialization. Inspiration for this approach comes from the Ed25519
-//! signature system, which was based on the observation that past
-//! systems were not prescriptive about how signatures should be represented
-//! on-the-wire, and that lead to a proliferation of different wire formats
-//! and confusion about which ones should be used. This crate aims to provide
-//! similar simplicity by minimizing the number of steps involved to obtain
-//! a serializable signature.
+//! provided by this are generic over a signature value, and use generic
+//! parameters rather than associated types. Notably, they use such a parameter
+//! for the return value, allowing it to be inferred by the type checker based
+//! on the desired signature type.
 //!
 //! ## Alternatives considered
 //!
-//! This crate is based on over two years of exploration of how to encapsulate
+//! This crate is based on many years of exploration of how to encapsulate
 //! digital signature systems in the most flexible, developer-friendly way.
 //! During that time many design alternatives were explored, tradeoffs
 //! compared, and ultimately the provided API was selected.
@@ -73,10 +70,7 @@
 //! - "Bag-of-bytes" serialization precludes signature providers from using
 //!   their own internal representation of a signature, which can be helpful
 //!   for many reasons (e.g. advanced signature system features like batch
-//!   verification). Alternatively each provider could define its own signature
-//!   type, using a marker trait to identify the particular signature algorithm,
-//!   have `From` impls for converting to/from `[u8; N]`, and a marker trait
-//!   for identifying a specific signature algorithm.
+//!   verification).
 //! - Associated types, rather than generic parameters of traits, could allow
 //!   more customization of the types used by a particular signature system,
 //!   e.g. using custom error types.
@@ -108,8 +102,8 @@
 //!
 //! ## Unstable features
 //!
-//! Despite being post-1.0, this crate includes a number of off-by-default
-//! unstable features named `*-preview`, each of which depends on a pre-1.0
+//! Despite being post-1.0, this crate includes off-by-default unstable
+//! optional features, each of which depends on a pre-1.0
 //! crate.
 //!
 //! These features are considered exempt from SemVer. See the
@@ -117,21 +111,21 @@
 //!
 //! The following unstable features are presently supported:
 //!
-//! - `derive-preview`: for implementers of signature systems using
-//!   [`DigestSigner`] and [`DigestVerifier`], the `derive-preview` feature
-//!   can be used to derive [`Signer`] and [`Verifier`] traits which prehash
-//!   the input message using the [`PrehashSignature::Digest`] algorithm for
-//!   a given [`Signature`] type. When the `derive-preview` feature is enabled
+//! - `derive`: for implementers of signature systems using [`DigestSigner`]
+//!   and [`DigestVerifier`], the `derive` feature can be used to
+//!   derive [`Signer`] and [`Verifier`] traits which prehash the input
+//!   message using the [`PrehashSignature::Digest`] algorithm for
+//!   a given signature type. When the `derive` feature is enabled
 //!   import the proc macros with `use signature::{Signer, Verifier}` and then
 //!   add a `derive(Signer)` or `derive(Verifier)` attribute to the given
 //!   digest signer/verifier type. Enabling this feature also enables `digest`
 //!   support (see immediately below).
-//! - `digest-preview`: enables the [`DigestSigner`] and [`DigestVerifier`]
+//! - `digest`: enables the [`DigestSigner`] and [`DigestVerifier`]
 //!   traits which are based on the [`Digest`] trait from the [`digest`] crate.
 //!   These traits are used for representing signature systems based on the
 //!   [Fiat-Shamir heuristic] which compute a random challenge value to sign
 //!   by computing a cryptographically secure digest of the input message.
-//! - `rand-preview`: enables the [`RandomizedSigner`] trait for signature
+//! - `rand_core`: enables the [`RandomizedSigner`] trait for signature
 //!   systems which rely on a cryptographically secure random number generator
 //!   for security.
 //!
@@ -143,53 +137,32 @@
 //! [`Digest`]: https://docs.rs/digest/latest/digest/trait.Digest.html
 //! [Fiat-Shamir heuristic]: https://en.wikipedia.org/wiki/Fiat%E2%80%93Shamir_heuristic
 
+#[cfg(feature = "alloc")]
+extern crate alloc;
 #[cfg(feature = "std")]
 extern crate std;
 
-#[cfg(all(feature = "signature_derive", not(feature = "derive-preview")))]
-compile_error!(
-    "The `signature_derive` feature should not be enabled directly. \
-    Use the `derive-preview` feature instead."
-);
-
-#[cfg(all(feature = "digest", not(feature = "digest-preview")))]
-compile_error!(
-    "The `digest` feature should not be enabled directly. \
-    Use the `digest-preview` feature instead."
-);
-
-#[cfg(all(feature = "rand_core", not(feature = "rand-preview")))]
-compile_error!(
-    "The `rand_core` feature should not be enabled directly. \
-    Use the `rand-preview` feature instead."
-);
-
-#[cfg(feature = "hazmat-preview")]
-#[cfg_attr(docsrs, doc(cfg(feature = "hazmat-preview")))]
 pub mod hazmat;
 
+mod encoding;
 mod error;
 mod keypair;
-mod signature;
 mod signer;
 mod verifier;
 
-#[cfg(feature = "derive-preview")]
-#[cfg_attr(docsrs, doc(cfg(feature = "derive-preview")))]
-pub use signature_derive::{Signer, Verifier};
+#[cfg(feature = "digest")]
+mod prehash_signature;
 
-#[cfg(all(feature = "derive-preview", feature = "digest-preview"))]
-#[cfg_attr(
-    docsrs,
-    doc(cfg(all(feature = "derive-preview", feature = "digest-preview")))
-)]
-pub use signature_derive::{DigestSigner, DigestVerifier};
+pub use crate::{encoding::*, error::*, keypair::*, signer::*, verifier::*};
 
-#[cfg(feature = "digest-preview")]
-pub use digest;
+#[cfg(feature = "derive")]
+pub use derive::{Signer, Verifier};
 
-#[cfg(feature = "rand-preview")]
-#[cfg_attr(docsrs, doc(cfg(feature = "rand-preview")))]
-pub use rand_core;
+#[cfg(all(feature = "derive", feature = "digest"))]
+pub use derive::{DigestSigner, DigestVerifier};
 
-pub use crate::{error::*, keypair::*, signature::*, signer::*, verifier::*};
+#[cfg(feature = "digest")]
+pub use {crate::prehash_signature::*, digest};
+
+#[cfg(feature = "rand_core")]
+pub use rand_core;
diff --git a/vendor/signature/src/prehash_signature.rs b/vendor/signature/src/prehash_signature.rs
new file mode 100644
index 000000000..d9a86456d
--- /dev/null
+++ b/vendor/signature/src/prehash_signature.rs
@@ -0,0 +1,31 @@
+//! `PrehashSignature` trait.
+
+/// For intra-doc link resolution.
+#[allow(unused_imports)]
+use crate::{
+    signer::{DigestSigner, Signer},
+    verifier::{DigestVerifier, Verifier},
+};
+
+/// Marker trait for `Signature` types computable as `𝐒(𝐇(𝒎))`
+/// i.e. ones which prehash a message to be signed as `𝐇(𝒎)`
+///
+/// Where:
+///
+/// - `𝐒`: signature algorithm
+/// - `𝐇`: hash (a.k.a. digest) function
+/// - `𝒎`: message
+///
+/// This approach is relatively common in signature schemes based on the
+/// [Fiat-Shamir heuristic].
+///
+/// For signature types that implement this trait, when the `derive` crate
+/// feature is enabled a custom derive for [`Signer`] is available for any
+/// types that impl [`DigestSigner`], and likewise for deriving [`Verifier`] for
+/// types which impl [`DigestVerifier`].
+///
+/// [Fiat-Shamir heuristic]: https://en.wikipedia.org/wiki/Fiat%E2%80%93Shamir_heuristic
+pub trait PrehashSignature {
+    /// Preferred `Digest` algorithm to use when computing this signature type.
+    type Digest: digest::Digest;
+}
diff --git a/vendor/signature/src/signature.rs b/vendor/signature/src/signature.rs
deleted file mode 100644
index 29aa0b845..000000000
--- a/vendor/signature/src/signature.rs
+++ /dev/null
@@ -1,68 +0,0 @@
-//! Signature traits
-
-use crate::error::Error;
-use core::fmt::Debug;
-
-/// For intra-doc link resolution
-#[cfg(feature = "digest-preview")]
-#[allow(unused_imports)]
-use crate::{
-    signer::{DigestSigner, Signer},
-    verifier::{DigestVerifier, Verifier},
-};
-
-/// Trait impl'd by concrete types that represent digital signatures.
-///
-/// Signature types *must* (as mandated by the `AsRef<[u8]>` bound) be a thin
-/// wrapper around the "bag-of-bytes" serialized form of a signature which can
-/// be directly parsed from or written to the "wire".
-///
-/// Inspiration for this approach comes from the Ed25519 signature system,
-/// which adopted it based on the observation that past signature systems
-/// were not prescriptive about how signatures should be represented
-/// on-the-wire, and that lead to a proliferation of different wire formats and
-/// confusion about which ones should be used.
-///
-/// The [`Signature`] trait aims to provide similar simplicity by minimizing
-/// the number of steps involved to obtain a serializable signature and
-/// ideally ensuring there is one signature type for any given signature system
-/// shared by all "provider" crates.
-///
-/// For signature systems which require a more advanced internal representation
-/// (e.g. involving decoded scalars or decompressed elliptic curve points) it's
-/// recommended that "provider" libraries maintain their own internal signature
-/// type and use `From` bounds to provide automatic conversions.
-pub trait Signature: AsRef<[u8]> + Debug + Sized {
-    /// Parse a signature from its byte representation
-    fn from_bytes(bytes: &[u8]) -> Result<Self, Error>;
-
-    /// Borrow a byte slice representing the serialized form of this signature
-    fn as_bytes(&self) -> &[u8] {
-        self.as_ref()
-    }
-}
-
-/// Marker trait for `Signature` types computable as `𝐒(𝐇(𝒎))`
-/// i.e. ones which prehash a message to be signed as `𝐇(𝒎)`
-///
-/// Where:
-///
-/// - `𝐒`: signature algorithm
-/// - `𝐇`: hash (a.k.a. digest) function
-/// - `𝒎`: message
-///
-/// This approach is relatively common in signature schemes based on the
-/// [Fiat-Shamir heuristic].
-///
-/// For signature types that implement this trait, when the `derive-preview`
-/// Cargo feature is enabled a custom derive for [`Signer`] is available for any
-/// types that impl [`DigestSigner`], and likewise for deriving [`Verifier`] for
-/// types which impl [`DigestVerifier`].
-///
-/// [Fiat-Shamir heuristic]: https://en.wikipedia.org/wiki/Fiat%E2%80%93Shamir_heuristic
-#[cfg(feature = "digest-preview")]
-#[cfg_attr(docsrs, doc(cfg(feature = "digest-preview")))]
-pub trait PrehashSignature: Signature {
-    /// Preferred `Digest` algorithm to use when computing this signature type.
-    type Digest: digest::Digest;
-}
diff --git a/vendor/signature/src/signer.rs b/vendor/signature/src/signer.rs
index c025711fe..b339ddf59 100644
--- a/vendor/signature/src/signer.rs
+++ b/vendor/signature/src/signer.rs
@@ -1,16 +1,16 @@
 //! Traits for generating digital signatures
 
-use crate::{error::Error, Signature};
+use crate::error::Error;
 
-#[cfg(feature = "digest-preview")]
+#[cfg(feature = "digest")]
 use crate::digest::Digest;
 
-#[cfg(feature = "rand-preview")]
-use crate::rand_core::{CryptoRng, RngCore};
+#[cfg(feature = "rand_core")]
+use crate::rand_core::CryptoRngCore;
 
 /// Sign the provided message bytestring using `Self` (e.g. a cryptographic key
 /// or connection to an HSM), returning a digital signature.
-pub trait Signer<S: Signature> {
+pub trait Signer<S> {
     /// Sign the given message and return a digital signature
     fn sign(&self, msg: &[u8]) -> S {
         self.try_sign(msg).expect("signature operation failed")
@@ -24,10 +24,11 @@ pub trait Signer<S: Signature> {
     fn try_sign(&self, msg: &[u8]) -> Result<S, Error>;
 }
 
-/// Sign the provided message bytestring using `&mut Self` (e.g., an evolving
-/// cryptographic key), returning a digital signature.
-pub trait SignerMut<S: Signature> {
-    /// Sign the given message, update the state, and return a digital signature
+/// Sign the provided message bytestring using `&mut Self` (e.g. an evolving
+/// cryptographic key such as a stateful hash-based signature), returning a
+/// digital signature.
+pub trait SignerMut<S> {
+    /// Sign the given message, update the state, and return a digital signature.
     fn sign(&mut self, msg: &[u8]) -> S {
         self.try_sign(msg).expect("signature operation failed")
     }
@@ -40,12 +41,8 @@ pub trait SignerMut<S: Signature> {
     fn try_sign(&mut self, msg: &[u8]) -> Result<S, Error>;
 }
 
-// Blanket impl of SignerMut for all Signer types
-impl<T, S> SignerMut<S> for T
-where
-    T: Signer<S>,
-    S: Signature,
-{
+/// Blanket impl of [`SignerMut`] for all [`Signer`] types.
+impl<S, T: Signer<S>> SignerMut<S> for T {
     fn try_sign(&mut self, msg: &[u8]) -> Result<S, Error> {
         T::try_sign(self, msg)
     }
@@ -70,13 +67,8 @@ where
 /// API accepts a [`Digest`] instance, rather than a raw digest value.
 ///
 /// [Fiat-Shamir heuristic]: https://en.wikipedia.org/wiki/Fiat%E2%80%93Shamir_heuristic
-#[cfg(feature = "digest-preview")]
-#[cfg_attr(docsrs, doc(cfg(feature = "digest-preview")))]
-pub trait DigestSigner<D, S>
-where
-    D: Digest,
-    S: Signature,
-{
+#[cfg(feature = "digest")]
+pub trait DigestSigner<D: Digest, S> {
     /// Sign the given prehashed message [`Digest`], returning a signature.
     ///
     /// Panics in the event of a signing error.
@@ -91,11 +83,10 @@ where
 }
 
 /// Sign the given message using the provided external randomness source.
-#[cfg(feature = "rand-preview")]
-#[cfg_attr(docsrs, doc(cfg(feature = "rand-preview")))]
-pub trait RandomizedSigner<S: Signature> {
+#[cfg(feature = "rand_core")]
+pub trait RandomizedSigner<S> {
     /// Sign the given message and return a digital signature
-    fn sign_with_rng(&self, rng: impl CryptoRng + RngCore, msg: &[u8]) -> S {
+    fn sign_with_rng(&self, rng: &mut impl CryptoRngCore, msg: &[u8]) -> S {
         self.try_sign_with_rng(rng, msg)
             .expect("signature operation failed")
     }
@@ -105,32 +96,23 @@ pub trait RandomizedSigner<S: Signature> {
     ///
     /// The main intended use case for signing errors is when communicating
     /// with external signers, e.g. cloud KMS, HSMs, or other hardware tokens.
-    fn try_sign_with_rng(&self, rng: impl CryptoRng + RngCore, msg: &[u8]) -> Result<S, Error>;
+    fn try_sign_with_rng(&self, rng: &mut impl CryptoRngCore, msg: &[u8]) -> Result<S, Error>;
 }
 
 /// Combination of [`DigestSigner`] and [`RandomizedSigner`] with support for
 /// computing a signature over a digest which requires entropy from an RNG.
-#[cfg(all(feature = "digest-preview", feature = "rand-preview"))]
-#[cfg_attr(docsrs, doc(cfg(feature = "digest-preview")))]
-#[cfg_attr(docsrs, doc(cfg(feature = "rand-preview")))]
-pub trait RandomizedDigestSigner<D, S>
-where
-    D: Digest,
-    S: Signature,
-{
+#[cfg(all(feature = "digest", feature = "rand_core"))]
+pub trait RandomizedDigestSigner<D: Digest, S> {
     /// Sign the given prehashed message `Digest`, returning a signature.
     ///
     /// Panics in the event of a signing error.
-    fn sign_digest_with_rng(&self, rng: impl CryptoRng + RngCore, digest: D) -> S {
+    fn sign_digest_with_rng(&self, rng: &mut impl CryptoRngCore, digest: D) -> S {
         self.try_sign_digest_with_rng(rng, digest)
             .expect("signature operation failed")
     }
 
     /// Attempt to sign the given prehashed message `Digest`, returning a
     /// digital signature on success, or an error if something went wrong.
-    fn try_sign_digest_with_rng(
-        &self,
-        rng: impl CryptoRng + RngCore,
-        digest: D,
-    ) -> Result<S, Error>;
+    fn try_sign_digest_with_rng(&self, rng: &mut impl CryptoRngCore, digest: D)
+        -> Result<S, Error>;
 }
diff --git a/vendor/signature/src/verifier.rs b/vendor/signature/src/verifier.rs
index 4d6efbc2b..65409a929 100644
--- a/vendor/signature/src/verifier.rs
+++ b/vendor/signature/src/verifier.rs
@@ -1,12 +1,12 @@
 //! Trait for verifying digital signatures
 
-use crate::{error::Error, Signature};
+use crate::error::Error;
 
-#[cfg(feature = "digest-preview")]
+#[cfg(feature = "digest")]
 use crate::digest::Digest;
 
 /// Verify the provided message bytestring using `Self` (e.g. a public key)
-pub trait Verifier<S: Signature> {
+pub trait Verifier<S> {
     /// Use `Self` to verify that the provided signature for a given message
     /// bytestring is authentic.
     ///
@@ -34,13 +34,8 @@ pub trait Verifier<S: Signature> {
 /// API accepts a [`Digest`] instance, rather than a raw digest value.
 ///
 /// [Fiat-Shamir heuristic]: https://en.wikipedia.org/wiki/Fiat%E2%80%93Shamir_heuristic
-#[cfg(feature = "digest-preview")]
-#[cfg_attr(docsrs, doc(cfg(feature = "digest-preview")))]
-pub trait DigestVerifier<D, S>
-where
-    D: Digest,
-    S: Signature,
-{
+#[cfg(feature = "digest")]
+pub trait DigestVerifier<D: Digest, S> {
     /// Verify the signature against the given [`Digest`] output.
     fn verify_digest(&self, digest: D, signature: &S) -> Result<(), Error>;
 }
diff --git a/vendor/signature/tests/derive.rs b/vendor/signature/tests/derive.rs
index 5048dc682..70e2dc0fc 100644
--- a/vendor/signature/tests/derive.rs
+++ b/vendor/signature/tests/derive.rs
@@ -1,13 +1,13 @@
 //! Tests for code generated by `signature_derive`
 
-#![cfg(all(feature = "derive-preview", feature = "hazmat-preview"))]
+#![cfg(feature = "derive")]
 
 use digest::{generic_array::GenericArray, Digest, OutputSizeUser};
 use hex_literal::hex;
 use sha2::Sha256;
 use signature::{
     hazmat::{PrehashSigner, PrehashVerifier},
-    DigestSigner, DigestVerifier, Error, PrehashSignature, Signature, Signer, Verifier,
+    DigestSigner, DigestVerifier, Error, PrehashSignature, SignatureEncoding, Signer, Verifier,
 };
 
 /// Test vector to compute SHA-256 digest of
@@ -17,35 +17,43 @@ const INPUT_STRING: &[u8] = b"abc";
 const INPUT_STRING_DIGEST: [u8; 32] =
     hex!("ba7816bf 8f01cfea 414140de 5dae2223 b00361a3 96177a9c b410ff61 f20015ad");
 
+type Repr = GenericArray<u8, <Sha256 as OutputSizeUser>::OutputSize>;
+
 /// Dummy signature which just contains a digest output
-#[derive(Debug)]
-struct DummySignature(GenericArray<u8, <Sha256 as OutputSizeUser>::OutputSize>);
+#[derive(Clone, Debug)]
+struct DummySignature(Repr);
+
+impl PrehashSignature for DummySignature {
+    type Digest = Sha256;
+}
+
+impl SignatureEncoding for DummySignature {
+    type Repr = Repr;
+}
+
+impl TryFrom<&[u8]> for DummySignature {
+    type Error = Error;
 
-impl Signature for DummySignature {
-    fn from_bytes(bytes: &[u8]) -> Result<Self, Error> {
+    fn try_from(bytes: &[u8]) -> Result<Self, Error> {
         Ok(DummySignature(GenericArray::clone_from_slice(
             bytes.as_ref(),
         )))
     }
 }
 
-impl AsRef<[u8]> for DummySignature {
-    fn as_ref(&self) -> &[u8] {
-        self.0.as_ref()
+impl From<DummySignature> for Repr {
+    fn from(sig: DummySignature) -> Repr {
+        sig.0
     }
 }
 
-impl PrehashSignature for DummySignature {
-    type Digest = Sha256;
-}
-
 /// Dummy signer which just returns the message digest as a `DummySignature`
 #[derive(Signer, DigestSigner, Default)]
 struct DummySigner {}
 
 impl PrehashSigner<DummySignature> for DummySigner {
     fn sign_prehash(&self, prehash: &[u8]) -> signature::Result<DummySignature> {
-        DummySignature::from_bytes(prehash)
+        DummySignature::try_from(prehash)
     }
 }
 
@@ -58,7 +66,7 @@ struct DummyVerifier {}
 
 impl PrehashVerifier<DummySignature> for DummyVerifier {
     fn verify_prehash(&self, prehash: &[u8], signature: &DummySignature) -> signature::Result<()> {
-        assert_eq!(signature.as_ref(), prehash);
+        assert_eq!(signature.to_bytes().as_slice(), prehash);
         Ok(())
     }
 }
@@ -66,7 +74,7 @@ impl PrehashVerifier<DummySignature> for DummyVerifier {
 #[test]
 fn derived_signer_impl() {
     let sig: DummySignature = DummySigner::default().sign(INPUT_STRING);
-    assert_eq!(sig.as_ref(), INPUT_STRING_DIGEST.as_ref())
+    assert_eq!(sig.to_bytes().as_slice(), INPUT_STRING_DIGEST.as_ref())
 }
 
 #[test]