From dc0db358abe19481e475e10c32149b53370f1a1c Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Thu, 30 May 2024 05:57:31 +0200
Subject: Merging upstream version 1.72.1+dfsg1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 vendor/primeorder/.cargo-checksum.json |  2 +-
 vendor/primeorder/CHANGELOG.md         |  6 ++++++
 vendor/primeorder/Cargo.toml           |  2 +-
 vendor/primeorder/README.md            |  2 ++
 vendor/primeorder/src/affine.rs        |  7 +++++--
 vendor/primeorder/src/dev.rs           |  2 ++
 vendor/primeorder/src/field.rs         | 23 +++++++++++++++++++++--
 vendor/primeorder/src/lib.rs           |  4 ++--
 8 files changed, 40 insertions(+), 8 deletions(-)

(limited to 'vendor/primeorder')

diff --git a/vendor/primeorder/.cargo-checksum.json b/vendor/primeorder/.cargo-checksum.json
index cfa328a00..ed1f795c3 100644
--- a/vendor/primeorder/.cargo-checksum.json
+++ b/vendor/primeorder/.cargo-checksum.json
@@ -1 +1 @@
-{"files":{"CHANGELOG.md":"fc693b1a8146817a57357c4889266ea268d349c3348dadd566f165a375d4a36e","Cargo.toml":"27184fca63239e9d189981e3d3bd473431e927a30ddcdc1e7877dbb3ef9411ec","LICENSE-APACHE":"a9040321c3712d8fd0b09cf52b17445de04a23a10165049ae187cd39e5c86be5","LICENSE-MIT":"233b95ccbf90dc67e32f3e8995c489f6312d9191ebd141a931c3b684f1e3be6d","README.md":"e5ca721a4b1fb470d68a5fd9f7e9d6631e70ae9c4fbfa1fcf0b9a44b52cb612c","src/affine.rs":"8729eb99754c4cb379fde743a41b7e9fa6dde73b2f01b04f191cb23fc24bb6e2","src/dev.rs":"1ee156b18a6f42246cb2d02a13aa8068c7783d050d32987ae36596232c22312e","src/field.rs":"bfc19ceb9e8cd6725e84253188e82d684d05bc55bf619386726080b81adbed7b","src/lib.rs":"4b26e5a38f30ad77cd47f7c7b56492716d6fe70b5e483daa93bc6d79711f6694","src/point_arithmetic.rs":"7b65088237a263f7972cf59f88e7f761513d3a0ed9e687d6d429d70fa8974398","src/projective.rs":"a2a47adeeae9beeaccfb40a2746543c2db280ff47be038c39338437826f6762c"},"package":"cf8d3875361e28f7753baefef104386e7aa47642c93023356d97fdef4003bfb5"}
\ No newline at end of file
+{"files":{"CHANGELOG.md":"0ecc29c6d0cc860974f61d8c557b81c144782993824b8e8d20322aa09b812c8d","Cargo.toml":"a3117f188eeefe53c4d16e2393930f5b00135bf12fae98484a1c203a021e74f1","LICENSE-APACHE":"a9040321c3712d8fd0b09cf52b17445de04a23a10165049ae187cd39e5c86be5","LICENSE-MIT":"233b95ccbf90dc67e32f3e8995c489f6312d9191ebd141a931c3b684f1e3be6d","README.md":"06732c041b51df2884b78f4f7124c5034cdcd27c6990e472e330bfe917b54f76","src/affine.rs":"8c8c5b7c6fd9d4a1d11d5aaf548b82b4de84643288417aff631f2ee7d555e70a","src/dev.rs":"0b0c78e500e08bce6ef19833fd0010f2e5fc0d1ba91acd2508874ab1598f9129","src/field.rs":"5a3c9bb09c21cafb56032374d99be8494d7bf482253e701cf745c0d6b4df61a5","src/lib.rs":"36feb36b273a33acc953f243003fa9ea6dc41fc41ddc85b784ce00caba2ab43a","src/point_arithmetic.rs":"7b65088237a263f7972cf59f88e7f761513d3a0ed9e687d6d429d70fa8974398","src/projective.rs":"a2a47adeeae9beeaccfb40a2746543c2db280ff47be038c39338437826f6762c"},"package":"3c2fcef82c0ec6eefcc179b978446c399b3cdf73c392c35604e399eee6df1ee3"}
\ No newline at end of file
diff --git a/vendor/primeorder/CHANGELOG.md b/vendor/primeorder/CHANGELOG.md
index 22693bea1..044c36089 100644
--- a/vendor/primeorder/CHANGELOG.md
+++ b/vendor/primeorder/CHANGELOG.md
@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## 0.13.2 (2023-05-29)
+### Changed
+- Improve decoding performance for uncompressed SEC1 points ([#891])
+
+[#891]: https://github.com/RustCrypto/elliptic-curves/pull/891
+
 ## 0.13.1 (2023-04-09)
 ### Added
 - `impl_bernstein_yang_invert!` macro ([#786])
diff --git a/vendor/primeorder/Cargo.toml b/vendor/primeorder/Cargo.toml
index 00deb8671..bddf084bb 100644
--- a/vendor/primeorder/Cargo.toml
+++ b/vendor/primeorder/Cargo.toml
@@ -13,7 +13,7 @@
 edition = "2021"
 rust-version = "1.65"
 name = "primeorder"
-version = "0.13.1"
+version = "0.13.2"
 authors = ["RustCrypto Developers"]
 description = """
 Pure Rust implementation of complete addition formulas for prime order elliptic
diff --git a/vendor/primeorder/README.md b/vendor/primeorder/README.md
index 0c30c7bb5..eb2a163cd 100644
--- a/vendor/primeorder/README.md
+++ b/vendor/primeorder/README.md
@@ -24,6 +24,7 @@ y² = x³ + ax + b
 
 It's used to implement the following elliptic curves:
 
+- [`p224`]: NIST P-224
 - [`p256`]: NIST P-256
 - [`p384`]: NIST P-384
 
@@ -84,5 +85,6 @@ dual licensed as above, without any additional terms or conditions.
 [RustCrypto]: https://github.com/rustcrypto/
 [Renes-Costello-Batina 2015]: https://eprint.iacr.org/2015/1060
 [Weierstrass equation]: https://crypto.stanford.edu/pbc/notes/elliptic/weier.html
+[`p224`]: https://github.com/RustCrypto/elliptic-curves/tree/master/p224
 [`p256`]: https://github.com/RustCrypto/elliptic-curves/tree/master/p256
 [`p384`]: https://github.com/RustCrypto/elliptic-curves/tree/master/p256
diff --git a/vendor/primeorder/src/affine.rs b/vendor/primeorder/src/affine.rs
index e7f2feccd..3fb01d905 100644
--- a/vendor/primeorder/src/affine.rs
+++ b/vendor/primeorder/src/affine.rs
@@ -182,8 +182,11 @@ where
             }
             sec1::Coordinates::Uncompressed { x, y } => {
                 C::FieldElement::from_repr(*y).and_then(|y| {
-                    Self::decompress(x, y.is_odd())
-                        .and_then(|point| CtOption::new(point, point.y.ct_eq(&y)))
+                    C::FieldElement::from_repr(*x).and_then(|x| {
+                        let lhs = y * &y;
+                        let rhs = x * &x * &x + &(C::EQUATION_A * &x) + &C::EQUATION_B;
+                        CtOption::new(Self { x, y, infinity: 0 }, lhs.ct_eq(&rhs))
+                    })
                 })
             }
         }
diff --git a/vendor/primeorder/src/dev.rs b/vendor/primeorder/src/dev.rs
index 67877aa74..77f563fa0 100644
--- a/vendor/primeorder/src/dev.rs
+++ b/vendor/primeorder/src/dev.rs
@@ -1,5 +1,7 @@
 //! Development-related functionality.
 
+// TODO(tarcieri): move all development-related macros into this module
+
 /// Implement projective arithmetic tests.
 #[macro_export]
 macro_rules! impl_projective_arithmetic_tests {
diff --git a/vendor/primeorder/src/field.rs b/vendor/primeorder/src/field.rs
index a347f0bb1..9a3b6eade 100644
--- a/vendor/primeorder/src/field.rs
+++ b/vendor/primeorder/src/field.rs
@@ -261,6 +261,25 @@ macro_rules! impl_mont_field_element {
             }
         }
 
+        $crate::impl_mont_field_element_arithmetic!(
+            $fe, $bytes, $uint, $arr, $add, $sub, $mul, $neg
+        );
+    };
+}
+
+/// Add arithmetic impls to the given field element.
+#[macro_export]
+macro_rules! impl_mont_field_element_arithmetic {
+    (
+        $fe:tt,
+        $bytes:ty,
+        $uint:ty,
+        $arr:ty,
+        $add:ident,
+        $sub:ident,
+        $mul:ident,
+        $neg:ident
+    ) => {
         impl AsRef<$arr> for $fe {
             fn as_ref(&self) -> &$arr {
                 self.0.as_ref()
@@ -491,7 +510,7 @@ macro_rules! impl_bernstein_yang_invert {
         $d:expr,
         $nlimbs:expr,
         $word:ty,
-        $from_montgomery:ident,
+        $from_mont:ident,
         $mul:ident,
         $neg:ident,
         $divstep_precomp:ident,
@@ -502,7 +521,7 @@ macro_rules! impl_bernstein_yang_invert {
         // See Bernstein-Yang 2019 p.366
         const ITERATIONS: usize = (49 * $d + 57) / 17;
 
-        let a = $from_montgomery($a);
+        let a = $from_mont($a);
         let mut d = 1;
         let mut f = $msat();
         let mut g = [0; $nlimbs + 1];
diff --git a/vendor/primeorder/src/lib.rs b/vendor/primeorder/src/lib.rs
index 0847a995a..8c515a148 100644
--- a/vendor/primeorder/src/lib.rs
+++ b/vendor/primeorder/src/lib.rs
@@ -8,11 +8,11 @@
 #![warn(missing_docs, rust_2018_idioms, unused_qualifications)]
 #![doc = include_str!("../README.md")]
 
-#[cfg(feature = "dev")]
-pub mod dev;
 pub mod point_arithmetic;
 
 mod affine;
+#[cfg(feature = "dev")]
+mod dev;
 mod field;
 mod projective;
 
-- 
cgit v1.2.3