From 0c14b8854d1f882ca742f92517a64baac0aac445 Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Sun, 8 Mar 2026 09:54:15 -0600 Subject: [PATCH] phc: migrate from `subtle` to `ctutils` See RustCrypto/meta#29 --- Cargo.lock | 9 ++------- Cargo.toml | 1 - phc/Cargo.toml | 2 +- phc/src/output.rs | 12 ++++++------ 4 files changed, 9 insertions(+), 15 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 247955a79..364344f67 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1038,9 +1038,9 @@ name = "phc" version = "0.6.0-rc.1" dependencies = [ "base64ct", + "ctutils", "getrandom 0.4.1", "rand_core 0.10.0", - "subtle", ] [[package]] @@ -1727,7 +1727,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "82a72c767771b47409d2345987fda8628641887d5466101319899796367354a0" dependencies = [ "fastrand", - "getrandom 0.4.1", + "getrandom 0.3.4", "once_cell", "rustix", "windows-sys", @@ -2268,8 +2268,3 @@ name = "zmij" version = "1.0.21" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b8848ee67ecc8aedbaf3e4122217aff892639231befc6a1b58d29fff4c2cabaa" - -[[patch.unused]] -name = "universal-hash" -version = "0.6.0-rc.10" -source = "git+https://github.com/RustCrypto/traits#b7a3bbfef1bea8fe765a9203c3956f997c9a43f9" diff --git a/Cargo.toml b/Cargo.toml index 4914e88e1..dade545a0 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -62,7 +62,6 @@ x509-cert = { path = "./x509-cert" } x509-ocsp = { path = "./x509-ocsp" } rsa = { git = "https://github.com/RustCrypto/RSA" } -universal-hash = { git = "https://github.com/RustCrypto/traits" } [workspace.lints.clippy] borrow_as_ptr = "warn" diff --git a/phc/Cargo.toml b/phc/Cargo.toml index 56e7d9019..fae55af72 100644 --- a/phc/Cargo.toml +++ b/phc/Cargo.toml @@ -16,7 +16,7 @@ storing password hashes [dependencies] base64ct = "1.7" -subtle = { version = "2", default-features = false } +ctutils = "0.4" # optional dependencies getrandom = { version = "0.4", optional = true, default-features = false } diff --git a/phc/src/output.rs b/phc/src/output.rs index 5c0fa2dfc..a4dc87d9a 100644 --- a/phc/src/output.rs +++ b/phc/src/output.rs @@ -3,7 +3,7 @@ use crate::{B64, Error, Result}; use base64ct::Encoding; use core::{cmp::Ordering, fmt, str::FromStr}; -use subtle::{Choice, ConstantTimeEq}; +use ctutils::{Choice, CtEq}; /// Output from password hashing functions, i.e. the "hash" or "digest" /// as raw bytes. @@ -39,11 +39,11 @@ use subtle::{Choice, ConstantTimeEq}; /// as a reasonable maximum, and recommends using 32-bytes. /// /// # Constant-time comparisons -/// The [`Output`] type impls the [`ConstantTimeEq`] trait from the [`subtle`] -/// crate and uses it to perform constant-time comparisons. +/// The [`Output`] type impls the [`CtEq`] trait from the [`ctutils`] crate and uses it to perform +/// constant-time comparisons. /// -/// Additionally the [`PartialEq`] and [`Eq`] trait impls for [`Output`] use -/// [`ConstantTimeEq`] when performing comparisons. +/// Additionally, the [`PartialEq`] and [`Eq`] trait impls for [`Output`] use [`CtEq`] when +/// performing comparisons. /// /// ## Attacks on non-constant-time password hash comparisons /// Comparing password hashes in constant-time is known to mitigate at least @@ -222,7 +222,7 @@ impl AsRef<[u8]> for Output { } } -impl ConstantTimeEq for Output { +impl CtEq for Output { fn ct_eq(&self, other: &Self) -> Choice { self.as_ref().ct_eq(other.as_ref()) }