digest: remove impl of subtle::ConstantTimeEq for CtOutput (#2292)

newpavlov · web-flow · commit d5e919f52f96 · 2026-02-09T20:47:32.000+03:00
It's the only place where `subtle` is exposed in the public API of the crate. AFAIK downstream users do not directly rely on this impl, so this change should not cause big problems. We may return this impl in future or replace it with a `ctutils`-based impl (see #2275).
diff --git a/digest/CHANGELOG.md b/digest/CHANGELOG.md
@@ -27,6 +27,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - `HashReader` and `HashWriter` are moved to the `digest-io` crate ([#1809])
 - `io::Write/Read` implementations in favor of the `digest_io::IoWrapper` type ([#1809])
 - `VariableOutput` trait ([#2043])
+- Implementation of `subtle::ConstantTimeEq` for `CtOutput`. Note that implementation of
+  `PartialEq`/`Eq` trait is still const time. ([#2292])
 
 [#1173]: https://github.com/RustCrypto/traits/pull/1173
 [#1334]: https://github.com/RustCrypto/traits/pull/1334
@@ -38,6 +40,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [#1958]: https://github.com/RustCrypto/traits/pull/1958
 [#2043]: https://github.com/RustCrypto/traits/pull/2043
 [#2237]: https://github.com/RustCrypto/traits/pull/2237
+[#2292]: https://github.com/RustCrypto/traits/pull/2292
 
 ## 0.10.7 (2023-05-19)
 ### Changed
diff --git a/digest/src/mac.rs b/digest/src/mac.rs
@@ -3,7 +3,7 @@ use common::{Output, OutputSizeUser, Reset};
 
 use common::typenum::Unsigned;
 use core::fmt;
-use subtle::{Choice, ConstantTimeEq};
+use subtle::ConstantTimeEq;
 
 /// Marker trait for Message Authentication algorithms.
 pub trait MacMarker {}
@@ -215,17 +215,10 @@ impl<'a, T: OutputSizeUser> From<&'a Output<T>> for CtOutput<T> {
     }
 }
 
-impl<T: OutputSizeUser> ConstantTimeEq for CtOutput<T> {
-    #[inline(always)]
-    fn ct_eq(&self, other: &Self) -> Choice {
-        self.bytes.ct_eq(&other.bytes)
-    }
-}
-
 impl<T: OutputSizeUser> PartialEq for CtOutput<T> {
     #[inline(always)]
-    fn eq(&self, x: &CtOutput<T>) -> bool {
-        self.ct_eq(x).into()
+    fn eq(&self, other: &CtOutput<T>) -> bool {
+        self.bytes.ct_eq(&other.bytes).into()
     }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,7 @@ use common::{Output, OutputSizeUser, Reset};`
`3`	`3`
`4`	`4`	`use common::typenum::Unsigned;`
`5`	`5`	`use core::fmt;`
`6`		`-use subtle::{Choice, ConstantTimeEq};`
	`6`	`+use subtle::ConstantTimeEq;`
`7`	`7`
`8`	`8`	`/// Marker trait for Message Authentication algorithms.`
`9`	`9`	`pub trait MacMarker {}`
`@@ -215,17 +215,10 @@ impl<'a, T: OutputSizeUser> From<&'a Output<T>> for CtOutput<T> {`
`215`	`215`	`}`
`216`	`216`	`}`
`217`	`217`
`218`		`-impl<T: OutputSizeUser> ConstantTimeEq for CtOutput<T> {`
`219`		`- #[inline(always)]`
`220`		`- fn ct_eq(&self, other: &Self) -> Choice {`
`221`		`- self.bytes.ct_eq(&other.bytes)`
`222`		`- }`
`223`		`-}`
`224`		`-`
`225`	`218`	`impl<T: OutputSizeUser> PartialEq for CtOutput<T> {`
`226`	`219`	`#[inline(always)]`
`227`		`- fn eq(&self, x: &CtOutput<T>) -> bool {`
`228`		`- self.ct_eq(x).into()`
	`220`	`+ fn eq(&self, other: &CtOutput<T>) -> bool {`
	`221`	`+ self.bytes.ct_eq(&other.bytes).into()`
`229`	`222`	`}`
`230`	`223`	`}`
`231`	`224`