Bug 1806766 - Update digest to 0.10.6. r=emilio,supply-chain-reviewers

Differential Revision: https://phabricator.services.mozilla.com/D165336
2024-11-24 05:11:16 +00:00 · 2022-12-22 01:38:31 +00:00 · 2022-12-22 01:38:31 +00:00 · 3c83df901a
commit 3c83df901a
parent a0b121be52
13 changed files with 195 additions and 55 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -1369,9 +1369,9 @@ dependencies = [

 [[package]]
 name = "digest"
-version = "0.10.3"
+version = "0.10.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f2fb860ca6fafa5552fb6d0e816a69c8e49f0908bf524e30a90d97c85892d506"
+checksum = "8168378f4e5023e7218c89c891c0fd8ecdb5e5e4f18cb78f38cf245dd021e76f"
 dependencies = [
 "block-buffer",
 "crypto-common",
--- a/supply-chain/audits.toml
+++ b/supply-chain/audits.toml
@ -460,6 +460,11 @@ who = "Mike Hommey <mh+mozilla@glandium.org>"
 criteria = "safe-to-deploy"
 delta = "0.3.5 -> 0.3.6"

+[[audits.digest]]
+who = "Mike Hommey <mh+mozilla@glandium.org>"
+criteria = "safe-to-deploy"
+delta = "0.10.3 -> 0.10.6"
+
 [[audits.displaydoc]]
 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
 criteria = "safe-to-deploy"
--- a/third_party/rust/digest/.cargo-checksum.json
+++ b/third_party/rust/digest/.cargo-checksum.json
@ -1 +1 @@
-{"files":{"CHANGELOG.md":"3acae7ce99b129f14148a93c55958aad7770dc6627dc0f0be2ae7114946d2c09","Cargo.toml":"f57aba9a99a19807a7313f2f7fc86c43ba0b4ab7fcc79dbcac66d1a2d95e5ccc","LICENSE-APACHE":"a9040321c3712d8fd0b09cf52b17445de04a23a10165049ae187cd39e5c86be5","LICENSE-MIT":"9e0dfd2dd4173a530e238cb6adb37aa78c34c6bc7444e0e10c1ab5d8881f63ba","README.md":"3bf6e79fb524aece1652938de1387e77cc80461d69e2e1058f609da421f641cf","src/core_api.rs":"b52728aba8a84f980f3f9cc8a94a64d3a97f1eb5f4db144904822c2f8eefb1f8","src/core_api/ct_variable.rs":"78f94f6487e1f540083c1adcc8d4e86d323876ba606229b588d7b44fece3fa81","src/core_api/rt_variable.rs":"b57f89bf3991a313e2ddde09c701375e23539e7df74d685a161707ba1fbc99e4","src/core_api/wrapper.rs":"f9fd119df19f22fc439e0e93a520fb011ba8aeaedbeff6ff04249036554550bf","src/core_api/xof_reader.rs":"f33ca7b2c17eb99d84ea460d5567af68690e4fa6c2d94069a5d6748f8c8620eb","src/dev.rs":"95046c7d95317dfdedc4d230947882770fc5602f933916ca590d7bfce858dc44","src/dev/fixed.rs":"1cbabc651645c1e781d31825791132b4e3741f426e99d7e40988e2a5ee49bddd","src/dev/mac.rs":"e8837d3b99dc8b6ddb398e7fad5731c2ed36931f851ed625d3ae59fb31244165","src/dev/rng.rs":"ff72c0d2a39a740df944d27caf4cb46b60835a4044f656876f651889d122dd5a","src/dev/variable.rs":"51939602b43f5a813fc725bc603a34246bbf76facaa7930cb7bf78c283ec94a7","src/dev/xof.rs":"b3971175e50f615247e4158cba87d77c369461eda22751d888725cec45b61985","src/digest.rs":"fd2586af06f7cd87694e0f35a9467dde7ceb577904182fc683de523d3ec20529","src/lib.rs":"969ec58f54a2bc3743d06d6aa0b3e0dfd2831390bd9d1b161f422dc260b432f6","src/mac.rs":"59ce9fa5121b1af5f762388a1f2321edacee3c112d7f488313d1b368749074b6"},"package":"f2fb860ca6fafa5552fb6d0e816a69c8e49f0908bf524e30a90d97c85892d506"}
+{"files":{"CHANGELOG.md":"cba0482b4328c05f545e94d6fea5d068b8c2e8c27abec3851b8fb567c6a0f562","Cargo.toml":"be0df25f7235deb18a52323de163e63bd5aefe4ad91ed276022d4757ccddeece","LICENSE-APACHE":"a9040321c3712d8fd0b09cf52b17445de04a23a10165049ae187cd39e5c86be5","LICENSE-MIT":"9e0dfd2dd4173a530e238cb6adb37aa78c34c6bc7444e0e10c1ab5d8881f63ba","README.md":"edf9f16c57466b06d201b8646182b7332324c7aba28f832dde7f57d03249637d","src/core_api.rs":"b52728aba8a84f980f3f9cc8a94a64d3a97f1eb5f4db144904822c2f8eefb1f8","src/core_api/ct_variable.rs":"703bd62fb693a437e319d1192988bd674f9127a6b76f73b4c58c71afc79bc013","src/core_api/rt_variable.rs":"b57f89bf3991a313e2ddde09c701375e23539e7df74d685a161707ba1fbc99e4","src/core_api/wrapper.rs":"033777bed7d140b158e15d50fda8a6e06557ce89bd0738fcca692be2c39e8b8a","src/core_api/xof_reader.rs":"f33ca7b2c17eb99d84ea460d5567af68690e4fa6c2d94069a5d6748f8c8620eb","src/dev.rs":"cbaeab07489efcadec917d7b7bcf2fdade79e78a4839ab3c3d8ad442f8f82833","src/dev/fixed.rs":"1cbabc651645c1e781d31825791132b4e3741f426e99d7e40988e2a5ee49bddd","src/dev/mac.rs":"e8837d3b99dc8b6ddb398e7fad5731c2ed36931f851ed625d3ae59fb31244165","src/dev/rng.rs":"156f42e9eb8fb2083cd12dc4a9bff9d57a321d33367efe6cd42cdc02c17ed2dc","src/dev/variable.rs":"51939602b43f5a813fc725bc603a34246bbf76facaa7930cb7bf78c283ec94a7","src/dev/xof.rs":"b3971175e50f615247e4158cba87d77c369461eda22751d888725cec45b61985","src/digest.rs":"8beab74640774c9f6811daa6dac9b5a8867f5beeb0b552a9b5ddbc5cfc196ed0","src/lib.rs":"5128199102bf0f7638fba0bbcf42b23822e31065841fb0c4304b64f681fde961","src/mac.rs":"6303caa2c5b76513346c082dd600e007354179ad440fc83dad3d7f4240281803"},"package":"8168378f4e5023e7218c89c891c0fd8ecdb5e5e4f18cb78f38cf245dd021e76f"}
--- a/third_party/rust/digest/CHANGELOG.md
+++ b/third_party/rust/digest/CHANGELOG.md
@ -5,6 +5,25 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

+## 0.10.6 (2022-11-17)
+### Added
+- `Mac::verify_reset` and `Mac::verify_slice_reset` methods ([#1154])
+
+[#1154]: https://github.com/RustCrypto/traits/pull/1154
+
+## 0.10.5 (2022-09-16)
+### Fixed 
+- MSRV build ([#1117])
+
+[#1117]: https://github.com/RustCrypto/traits/pull/1117
+
+## 0.10.4 (2022-09-16)
+### Added
+- Feature-gated implementation of the `const_oid::AssociatedOid` trait
+for the core wrappers. ([#1098])
+
+[#1098]: https://github.com/RustCrypto/traits/pull/1098
+
 ## 0.10.3 (2022-02-16)
 ### Fixed
 - Minimal versions build ([#940])
@ -17,7 +36,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

 [#849]: https://github.com/RustCrypto/traits/pull/849

-## 0.10.1 (2021-12-14)
+## 0.10.1 (2021-12-14) [YANKED]
 ### Added
 - `Update::chain` and `Digest::new_with_prefix` methods. ([#846])
 - `Mac::generate_key` method. ([#847])
@ -30,7 +49,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [#846]: https://github.com/RustCrypto/traits/pull/846
 [#847]: https://github.com/RustCrypto/traits/pull/847

-## 0.10.0 (2021-12-07)
+## 0.10.0 (2021-12-07) [YANKED]
 ### Changed
 - Dirty traits are removed and instead block-level traits are introduced.
 Variable output traits reworked and now support both run and compile time selection of output size. ([#380], [#819])
--- a/third_party/rust/digest/Cargo.toml
+++ b/third_party/rust/digest/Cargo.toml
@ -12,18 +12,30 @@
 [package]
 edition = "2018"
 name = "digest"
-version = "0.10.3"
+version = "0.10.6"
 authors = ["RustCrypto Developers"]
-description = "Traits for cryptographic hash functions"
+description = "Traits for cryptographic hash functions and message authentication codes"
 documentation = "https://docs.rs/digest"
 readme = "README.md"
-keywords = ["digest", "crypto", "hash"]
-categories = ["cryptography", "no-std"]
+keywords = [
+    "digest",
+    "crypto",
+    "hash",
+]
+categories = [
+    "cryptography",
+    "no-std",
+]
 license = "MIT OR Apache-2.0"
 repository = "https://github.com/RustCrypto/traits"
+
 [package.metadata.docs.rs]
 all-features = true
-rustdoc-args = ["--cfg", "docsrs"]
+rustdoc-args = [
+    "--cfg",
+    "docsrs",
+]
+
 [dependencies.blobby]
 version = "0.3"
 optional = true
@ -32,6 +44,10 @@ optional = true
 version = "0.10"
 optional = true

+[dependencies.const-oid]
+version = "0.9"
+optional = true
+
 [dependencies.crypto-common]
 version = "0.1.3"

@ -46,5 +62,9 @@ core-api = ["block-buffer"]
 default = ["core-api"]
 dev = ["blobby"]
 mac = ["subtle"]
+oid = ["const-oid"]
 rand_core = ["crypto-common/rand_core"]
-std = ["alloc", "crypto-common/std"]
+std = [
+    "alloc",
+    "crypto-common/std",
+]
--- a/third_party/rust/digest/README.md
+++ b/third_party/rust/digest/README.md
@ -28,29 +28,29 @@ done with a minor version bump.

 ## Usage

-Let us demonstrate how to use crates in this repository using BLAKE2b as an
+Let us demonstrate how to use crates in this repository using Sha256 as an
 example.

-First add `blake2` crate to your `Cargo.toml`:
+First add the `sha2` crate to your `Cargo.toml`:

 ```toml
 [dependencies]
-blake2 = "0.8"
+sha2 = "0.10"
 ```

-`blake2` and other crates re-export `digest` crate and `Digest` trait for
+`sha2` and other crates re-export `digest` crate and `Digest` trait for
 convenience, so you don't have to add `digest` crate as an explicit dependency.

 Now you can write the following code:

 ```rust
-use blake2::{Blake2b, Digest};
+use sha2::{Sha256, Digest};

-let mut hasher = Blake2b::new();
+let mut hasher = Sha256::new();
 let data = b"Hello world!";
-hasher.input(data);
+hasher.update(data);
 // `input` can be called repeatedly and is generic over `AsRef<[u8]>`
-hasher.input("String data");
+hasher.update("String data");
 // Note that calling `finalize()` consumes hasher
 let hash = hasher.finalize();
 println!("Result: {:x}", hash);
@ -63,18 +63,18 @@ Alternatively you can use chained approach, which is equivalent to the previous
 example:

 ```rust
-let hash = Blake2b::new()
-    .chain(b"Hello world!")
-    .chain("String data")
+let hash = Sha256::new()
+    .chain_update(b"Hello world!")
+    .chain_update("String data")
    .finalize();

 println!("Result: {:x}", hash);
 ```

-If the whole message is available you also can use convinience `digest` method:
+If the whole message is available you also can use convenience `digest` method:

 ```rust
-let hash = Blake2b::digest(b"my message");
+let hash = Sha256::digest(b"my message");
 println!("Result: {:x}", hash);
 ```

@ -84,11 +84,11 @@ If you want to hash data from [`Read`][3] trait (e.g. from file) you can rely on
 implementation of [`Write`][4] trait (requires enabled-by-default `std` feature):

 ```rust
-use blake2::{Blake2b, Digest};
+use sha2::{Sha256, Digest};
 use std::{fs, io};

 let mut file = fs::File::open(&path)?;
-let mut hasher = Blake2b::new();
+let mut hasher = Sha256::new();
 let n = io::copy(&mut file, &mut hasher)?;
 let hash = hasher.finalize();

@ -109,17 +109,17 @@ use digest::Digest;
 // Instead use crates from: https://github.com/RustCrypto/password-hashing
 fn hash_password<D: Digest>(password: &str, salt: &str, output: &mut [u8]) {
    let mut hasher = D::new();
-    hasher.input(password.as_bytes());
-    hasher.input(b"$");
-    hasher.input(salt.as_bytes());
+    hasher.update(password.as_bytes());
+    hasher.update(b"$");
+    hasher.update(salt.as_bytes());
    output.copy_from_slice(hasher.finalize().as_slice())
 }

-use blake2::Blake2b;
-use sha2::Sha256;
+let mut buf1 = [0u8; 32];
+let mut buf2 = [0u8; 64];

-hash_password::<Blake2b>("my_password", "abcd", &mut buf);
-hash_password::<Sha256>("my_password", "abcd", &mut buf);
+hash_password::<sha2::Sha256>("my_password", "abcd", &mut buf1);
+hash_password::<sha2::Sha512>("my_password", "abcd", &mut buf2);
 ```

 If you want to use hash functions with trait objects, use `digest::DynDigest`
--- a/third_party/rust/digest/src/core_api/ct_variable.rs
+++ b/third_party/rust/digest/src/core_api/ct_variable.rs
@ -5,6 +5,8 @@ use super::{
 use crate::HashMarker;
 #[cfg(feature = "mac")]
 use crate::MacMarker;
+#[cfg(feature = "oid")]
+use const_oid::{AssociatedOid, ObjectIdentifier};
 use core::{fmt, marker::PhantomData};
 use crypto_common::{
    generic_array::{ArrayLength, GenericArray},
@ -12,10 +14,15 @@ use crypto_common::{
    Block, BlockSizeUser, OutputSizeUser,
 };

+/// Dummy type used with [`CtVariableCoreWrapper`] in cases when
+/// resulting hash does not have a known OID.
+#[derive(Copy, Clone, Debug, Eq, PartialEq, Hash)]
+pub struct NoOid;
+
 /// Wrapper around [`VariableOutputCore`] which selects output size
 /// at compile time.
 #[derive(Clone)]
-pub struct CtVariableCoreWrapper<T, OutSize>
+pub struct CtVariableCoreWrapper<T, OutSize, O = NoOid>
 where
    T: VariableOutputCore,
    OutSize: ArrayLength<u8> + IsLessOrEqual<T::OutputSize>,
@ -24,10 +31,10 @@ where
    Le<T::BlockSize, U256>: NonZero,
 {
    inner: T,
-    _out: PhantomData<OutSize>,
+    _out: PhantomData<(OutSize, O)>,
 }

-impl<T, OutSize> HashMarker for CtVariableCoreWrapper<T, OutSize>
+impl<T, OutSize, O> HashMarker for CtVariableCoreWrapper<T, OutSize, O>
 where
    T: VariableOutputCore + HashMarker,
    OutSize: ArrayLength<u8> + IsLessOrEqual<T::OutputSize>,
@ -38,7 +45,7 @@ where
 }

 #[cfg(feature = "mac")]
-impl<T, OutSize> MacMarker for CtVariableCoreWrapper<T, OutSize>
+impl<T, OutSize, O> MacMarker for CtVariableCoreWrapper<T, OutSize, O>
 where
    T: VariableOutputCore + MacMarker,
    OutSize: ArrayLength<u8> + IsLessOrEqual<T::OutputSize>,
@ -48,7 +55,7 @@ where
 {
 }

-impl<T, OutSize> BlockSizeUser for CtVariableCoreWrapper<T, OutSize>
+impl<T, OutSize, O> BlockSizeUser for CtVariableCoreWrapper<T, OutSize, O>
 where
    T: VariableOutputCore,
    OutSize: ArrayLength<u8> + IsLessOrEqual<T::OutputSize>,
@ -59,7 +66,7 @@ where
    type BlockSize = T::BlockSize;
 }

-impl<T, OutSize> UpdateCore for CtVariableCoreWrapper<T, OutSize>
+impl<T, OutSize, O> UpdateCore for CtVariableCoreWrapper<T, OutSize, O>
 where
    T: VariableOutputCore,
    OutSize: ArrayLength<u8> + IsLessOrEqual<T::OutputSize>,
@ -73,7 +80,7 @@ where
    }
 }

-impl<T, OutSize> OutputSizeUser for CtVariableCoreWrapper<T, OutSize>
+impl<T, OutSize, O> OutputSizeUser for CtVariableCoreWrapper<T, OutSize, O>
 where
    T: VariableOutputCore,
    OutSize: ArrayLength<u8> + IsLessOrEqual<T::OutputSize> + 'static,
@ -84,7 +91,7 @@ where
    type OutputSize = OutSize;
 }

-impl<T, OutSize> BufferKindUser for CtVariableCoreWrapper<T, OutSize>
+impl<T, OutSize, O> BufferKindUser for CtVariableCoreWrapper<T, OutSize, O>
 where
    T: VariableOutputCore,
    OutSize: ArrayLength<u8> + IsLessOrEqual<T::OutputSize>,
@ -95,7 +102,7 @@ where
    type BufferKind = T::BufferKind;
 }

-impl<T, OutSize> FixedOutputCore for CtVariableCoreWrapper<T, OutSize>
+impl<T, OutSize, O> FixedOutputCore for CtVariableCoreWrapper<T, OutSize, O>
 where
    T: VariableOutputCore,
    OutSize: ArrayLength<u8> + IsLessOrEqual<T::OutputSize> + 'static,
@ -120,7 +127,7 @@ where
    }
 }

-impl<T, OutSize> Default for CtVariableCoreWrapper<T, OutSize>
+impl<T, OutSize, O> Default for CtVariableCoreWrapper<T, OutSize, O>
 where
    T: VariableOutputCore,
    OutSize: ArrayLength<u8> + IsLessOrEqual<T::OutputSize>,
@ -137,7 +144,7 @@ where
    }
 }

-impl<T, OutSize> Reset for CtVariableCoreWrapper<T, OutSize>
+impl<T, OutSize, O> Reset for CtVariableCoreWrapper<T, OutSize, O>
 where
    T: VariableOutputCore,
    OutSize: ArrayLength<u8> + IsLessOrEqual<T::OutputSize>,
@ -151,7 +158,7 @@ where
    }
 }

-impl<T, OutSize> AlgorithmName for CtVariableCoreWrapper<T, OutSize>
+impl<T, OutSize, O> AlgorithmName for CtVariableCoreWrapper<T, OutSize, O>
 where
    T: VariableOutputCore + AlgorithmName,
    OutSize: ArrayLength<u8> + IsLessOrEqual<T::OutputSize>,
@ -165,3 +172,33 @@ where
        write!(f, "{}", OutSize::USIZE)
    }
 }
+
+#[cfg(feature = "oid")]
+#[cfg_attr(docsrs, doc(cfg(feature = "oid")))]
+impl<T, OutSize, O> AssociatedOid for CtVariableCoreWrapper<T, OutSize, O>
+where
+    T: VariableOutputCore,
+    O: AssociatedOid,
+    OutSize: ArrayLength<u8> + IsLessOrEqual<T::OutputSize>,
+    LeEq<OutSize, T::OutputSize>: NonZero,
+    T::BlockSize: IsLess<U256>,
+    Le<T::BlockSize, U256>: NonZero,
+{
+    const OID: ObjectIdentifier = O::OID;
+}
+
+/// Implement dummy type with hidden docs which is used to "carry" hasher
+/// OID for [`CtVariableCoreWrapper`].
+#[macro_export]
+macro_rules! impl_oid_carrier {
+    ($name:ident, $oid:literal) => {
+        #[doc(hidden)]
+        #[derive(Copy, Clone, Debug, Eq, PartialEq, Hash)]
+        pub struct $name;
+
+        #[cfg(feature = "oid")]
+        impl AssociatedOid for $name {
+            const OID: ObjectIdentifier = ObjectIdentifier::new_unwrap($oid);
+        }
+    };
+}
--- a/third_party/rust/digest/src/core_api/wrapper.rs
+++ b/third_party/rust/digest/src/core_api/wrapper.rs
@ -14,6 +14,8 @@ use crypto_common::{

 #[cfg(feature = "mac")]
 use crate::MacMarker;
+#[cfg(feature = "oid")]
+use const_oid::{AssociatedOid, ObjectIdentifier};

 /// Wrapper around [`BufferKindUser`].
 ///
@ -227,6 +229,17 @@ where
    }
 }

+#[cfg(feature = "oid")]
+#[cfg_attr(docsrs, doc(cfg(feature = "oid")))]
+impl<T> AssociatedOid for CoreWrapper<T>
+where
+    T: BufferKindUser + AssociatedOid,
+    T::BlockSize: IsLess<U256>,
+    Le<T::BlockSize, U256>: NonZero,
+{
+    const OID: ObjectIdentifier = T::OID;
+}
+
 #[cfg(feature = "std")]
 #[cfg_attr(docsrs, doc(cfg(feature = "std")))]
 impl<T> std::io::Write for CoreWrapper<T>
--- a/third_party/rust/digest/src/dev.rs
+++ b/third_party/rust/digest/src/dev.rs
@ -71,7 +71,7 @@ pub fn feed_rand_16mib<D: crate::Update>(d: &mut D) {
    for _ in 0..n {
        rng.fill(buf);
        d.update(buf);
-        // additional byte, so size of feeded data
+        // additional byte, so size of fed data
        // will not be multiple of block size
        d.update(&[42]);
    }
--- a/third_party/rust/digest/src/dev/rng.rs
+++ b/third_party/rust/digest/src/dev/rng.rs
@ -2,7 +2,7 @@
 use core::num::Wrapping;

 /// Initial RNG state used in tests.
-// choosen by fair dice roll. guaranteed to be random.
+// chosen by fair dice roll. guaranteed to be random.
 pub(crate) const RNG: XorShiftRng = XorShiftRng {
    x: Wrapping(0x0787_3B4A),
    y: Wrapping(0xFAAB_8FFE),
--- a/third_party/rust/digest/src/digest.rs
+++ b/third_party/rust/digest/src/digest.rs
@ -7,7 +7,7 @@ use alloc::boxed::Box;
 /// Marker trait for cryptographic hash functions.
 pub trait HashMarker {}

-/// Convinience wrapper trait covering functionality of cryptographic hash
+/// Convenience wrapper trait covering functionality of cryptographic hash
 /// functions with fixed output size.
 ///
 /// This trait wraps [`Update`], [`FixedOutput`], [`Default`], and
--- a/third_party/rust/digest/src/lib.rs
+++ b/third_party/rust/digest/src/lib.rs
@ -27,8 +27,7 @@
 #![forbid(unsafe_code)]
 #![doc(
    html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg",
-    html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg",
-    html_root_url = "https://docs.rs/digest/0.10.3"
+    html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg"
 )]
 #![warn(missing_docs, rust_2018_idioms)]

@ -60,6 +59,9 @@ mod mac;
 #[cfg(feature = "core-api")]
 #[cfg_attr(docsrs, doc(cfg(feature = "core-api")))]
 pub use block_buffer;
+#[cfg(feature = "oid")]
+#[cfg_attr(docsrs, doc(cfg(feature = "oid")))]
+pub use const_oid;
 pub use crypto_common;

 pub use crate::digest::{Digest, DynDigest, HashMarker};
--- a/third_party/rust/digest/src/mac.rs
+++ b/third_party/rust/digest/src/mac.rs
@ -11,7 +11,7 @@ use subtle::{Choice, ConstantTimeEq};
 #[cfg_attr(docsrs, doc(cfg(feature = "mac")))]
 pub trait MacMarker {}

-/// Convinience wrapper trait covering functionality of Message Authentication algorithms.
+/// Convenience wrapper trait covering functionality of Message Authentication algorithms.
 ///
 /// This trait wraps [`KeyInit`], [`Update`], [`FixedOutput`], and [`MacMarker`]
 /// traits and provides additional convenience methods.
@ -59,6 +59,12 @@ pub trait Mac: OutputSizeUser + Sized {
    /// Check if tag/code value is correct for the processed input.
    fn verify(self, tag: &Output<Self>) -> Result<(), MacError>;

+    /// Check if tag/code value is correct for the processed input and reset
+    /// [`Mac`] instance.
+    fn verify_reset(&mut self, tag: &Output<Self>) -> Result<(), MacError>
+    where
+        Self: FixedOutputReset;
+
    /// Check truncated tag correctness using all bytes
    /// of calculated tag.
    ///
@ -66,6 +72,15 @@ pub trait Mac: OutputSizeUser + Sized {
    /// to MAC's output.
    fn verify_slice(self, tag: &[u8]) -> Result<(), MacError>;

+    /// Check truncated tag correctness using all bytes
+    /// of calculated tag and reset [`Mac`] instance.
+    ///
+    /// Returns `Error` if `tag` is not valid or not equal in length
+    /// to MAC's output.
+    fn verify_slice_reset(&mut self, tag: &[u8]) -> Result<(), MacError>
+    where
+        Self: FixedOutputReset;
+
    /// Check truncated tag correctness using left side bytes
    /// (i.e. `tag[..n]`) of calculated tag.
    ///
@ -137,6 +152,18 @@ impl<T: Update + FixedOutput + MacMarker> Mac for T {
        }
    }

+    #[inline]
+    fn verify_reset(&mut self, tag: &Output<Self>) -> Result<(), MacError>
+    where
+        Self: FixedOutputReset,
+    {
+        if self.finalize_reset() == tag.into() {
+            Ok(())
+        } else {
+            Err(MacError)
+        }
+    }
+
    #[inline]
    fn verify_slice(self, tag: &[u8]) -> Result<(), MacError> {
        let n = tag.len();
@ -144,7 +171,24 @@ impl<T: Update + FixedOutput + MacMarker> Mac for T {
            return Err(MacError);
        }
        let choice = self.finalize_fixed().ct_eq(tag);
-        if choice.unwrap_u8() == 1 {
+        if choice.into() {
+            Ok(())
+        } else {
+            Err(MacError)
+        }
+    }
+
+    #[inline]
+    fn verify_slice_reset(&mut self, tag: &[u8]) -> Result<(), MacError>
+    where
+        Self: FixedOutputReset,
+    {
+        let n = tag.len();
+        if n != Self::OutputSize::USIZE {
+            return Err(MacError);
+        }
+        let choice = self.finalize_fixed_reset().ct_eq(tag);
+        if choice.into() {
            Ok(())
        } else {
            Err(MacError)
@ -158,7 +202,7 @@ impl<T: Update + FixedOutput + MacMarker> Mac for T {
        }
        let choice = self.finalize_fixed()[..n].ct_eq(tag);

-        if choice.unwrap_u8() == 1 {
+        if choice.into() {
            Ok(())
        } else {
            Err(MacError)
@ -173,7 +217,7 @@ impl<T: Update + FixedOutput + MacMarker> Mac for T {
        let m = Self::OutputSize::USIZE - n;
        let choice = self.finalize_fixed()[m..].ct_eq(tag);

-        if choice.unwrap_u8() == 1 {
+        if choice.into() {
            Ok(())
        } else {
            Err(MacError)
@ -239,7 +283,7 @@ impl<T: OutputSizeUser> ConstantTimeEq for CtOutput<T> {
 impl<T: OutputSizeUser> PartialEq for CtOutput<T> {
    #[inline(always)]
    fn eq(&self, x: &CtOutput<T>) -> bool {
-        self.ct_eq(x).unwrap_u8() == 1
+        self.ct_eq(x).into()
    }
 }