Migrate from subtle to ctutils (#845)

See RustCrypto/meta#29

Author: tarcieri

Cargo.lock

@@ -21,17 +21,17 @@ sha2 = { version = "0.11.0-rc.5", default-features = false }
 rayon = { version = "1.11", optional = true }
 
 # optional dependencies
+ctutils = { version = "0.4", optional = true }
 kdf = { version = "0.1", optional = true }
 mcf = { version = "0.6", optional = true }
 password-hash = { version = "0.6.0-rc.12", optional = true, default-features = false }
-subtle = { version = "2", optional = true, default-features = false }
 
 [features]
 alloc = ["password-hash?/alloc"]
 
 getrandom = ["password-hash", "password-hash/getrandom"]
 kdf = ["alloc", "dep:kdf"]
-mcf = ["alloc", "phc", "dep:mcf", "dep:subtle"]
+mcf = ["alloc", "phc", "dep:ctutils", "dep:mcf"]
 phc = ["password-hash/phc"]
 rand_core = ["password-hash/rand_core"]
 parallel = ["dep:rayon"]

scrypt/Cargo.toml

@@ -112,7 +112,7 @@ impl PasswordVerifier<PasswordHashRef> for Scrypt {
         let mut actual = vec![0u8; expected.len()];
         scrypt(password, salt, &params, &mut actual).map_err(|_| Error::OutputSize)?;
 
-        if subtle::ConstantTimeEq::ct_ne(actual.as_slice(), &expected).into() {
+        if ctutils::CtEq::ct_ne(actual.as_slice(), &expected).into() {
             return Err(Error::PasswordInvalid);
         }
 

scrypt/src/mcf.rs

@@ -22,15 +22,15 @@ sha2 = { version = "0.11.0-rc.5", default-features = false }
 base64ct = { version = "1.8", default-features = false, features = ["alloc"] }
 
 # optional dependencies
+ctutils = { version = "0.4", optional = true }
 mcf = { version = "0.6", optional = true, default-features = false, features = ["alloc", "base64"] }
 password-hash = { version = "0.6.0-rc.12", optional = true, default-features = false }
-subtle = { version = "2", optional = true, default-features = false }
 
 [features]
 default = ["password-hash"]
 getrandom = ["password-hash/getrandom", "password-hash"]
 rand_core = ["password-hash/rand_core"]
-password-hash = ["dep:mcf", "dep:password-hash", "dep:subtle"]
+password-hash = ["dep:ctutils", "dep:mcf", "dep:password-hash"]
 
 [package.metadata.docs.rs]
 all-features = true

sha-crypt/Cargo.toml

@@ -5,11 +5,11 @@ pub use mcf::{PasswordHash, PasswordHashRef};
 use crate::{BLOCK_SIZE_SHA256, BLOCK_SIZE_SHA512, Params, algorithm::Algorithm};
 use base64ct::{Base64ShaCrypt, Encoding};
 use core::str::FromStr;
+use ctutils::CtEq;
 use mcf::Base64;
 use password_hash::{
     CustomizedPasswordHasher, Error, PasswordHasher, PasswordVerifier, Result, Version,
 };
-use subtle::ConstantTimeEq;
 
 /// SHA-crypt type for use with the [`PasswordHasher`] and [`PasswordVerifier`] traits, which can
 /// produce and verify password hashes in [`Modular Crypt Format`][`mcf`].

sha-crypt/src/mcf.rs

@@ -14,11 +14,11 @@ edition = "2024"
 rust-version = "1.85"
 
 [dependencies]
+ctutils = "0.4"
 hmac = { version = "0.13.0-rc.5", default-features = false }
 pbkdf2 = { version = "0.13.0-rc.9", default-features = false, features = ["hmac"] }
 salsa20 = { version = "0.11.0-rc.2", default-features = false }
 sha2 = { version = "0.11.0-rc.5", default-features = false }
-subtle = { version = "2", default-features = false }
 
 # optional dependencies
 kdf = { version = "0.1", optional = true }

yescrypt/Cargo.toml

@@ -110,7 +110,7 @@ impl PasswordVerifier<PasswordHashRef> for Yescrypt {
         let mut actual = vec![0u8; expected.len()];
         yescrypt(password, &salt, &params, &mut actual)?;
 
-        if subtle::ConstantTimeEq::ct_ne(actual.as_slice(), &expected).into() {
+        if ctutils::CtEq::ct_ne(actual.as_slice(), &expected).into() {
             return Err(Error::PasswordInvalid);
         }