From ac415f4d32003e2b8f0bd2223952a411795bc00b Mon Sep 17 00:00:00 2001
From: Tony Arcieri <bascule@gmail.com>
Date: Thu, 12 Feb 2026 10:40:57 -0700
Subject: [PATCH 1/2] digest: replace `subtle` with `ctutils`

As discussed in #2275, we are migrating from `subtle` to our new
`ctutils` library:

https://github.com/RustCrypto/utils/tree/master/ctutils
---
 Cargo.lock        | 2 +-
 digest/Cargo.toml | 4 ++--
 digest/src/mac.rs | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index d4de953d9..575b405d8 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -222,8 +222,8 @@ dependencies = [
  "block-buffer",
  "const-oid",
  "crypto-common",
+ "ctutils",
  "sha2",
- "subtle",
  "zeroize",
 ]
 
diff --git a/digest/Cargo.toml b/digest/Cargo.toml
index 4d9f224b6..252d03dee 100644
--- a/digest/Cargo.toml
+++ b/digest/Cargo.toml
@@ -17,9 +17,9 @@ common = { version = "0.2", package = "crypto-common" }
 
 # optional dependencies
 block-buffer = { version = "0.11", optional = true }
-subtle = { version = "2.4", default-features = false, optional = true }
 blobby = { version = "0.4", optional = true }
 const-oid = { version = "0.10", optional = true }
+ctutils = { version = "0.4", optional = true }
 zeroize = { version = "1.7", optional = true, default-features = false }
 
 [dev-dependencies]
@@ -28,7 +28,7 @@ sha2 = "0.11.0-rc.5"
 [features]
 default = ["block-api"]
 block-api = ["block-buffer"] # Enable block API traits
-mac = ["subtle"] # Enable MAC traits
+mac = ["dep:ctutils"] # Enable MAC traits
 rand_core = ["common/rand_core"] # Enable random key generation methods
 getrandom = ["common/getrandom", "rand_core"]
 oid = ["const-oid"]
diff --git a/digest/src/mac.rs b/digest/src/mac.rs
index 03c24a00e..dc2905255 100644
--- a/digest/src/mac.rs
+++ b/digest/src/mac.rs
@@ -3,7 +3,7 @@ use common::{Output, OutputSizeUser, Reset};
 
 use common::typenum::Unsigned;
 use core::fmt;
-use subtle::ConstantTimeEq;
+use ctutils::CtEq;
 
 /// Marker trait for Message Authentication algorithms.
 pub trait MacMarker {}

From 8e8e93664c54ff14a77d33ae778e45fafb1e1b0f Mon Sep 17 00:00:00 2001
From: Tony Arcieri <bascule@gmail.com>
Date: Thu, 12 Feb 2026 11:52:13 -0700
Subject: [PATCH 2/2] use nightly-2026-02-11 for miri

---
 .github/workflows/elliptic-curve.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/elliptic-curve.yml b/.github/workflows/elliptic-curve.yml
index aafbab136..61381f529 100644
--- a/.github/workflows/elliptic-curve.yml
+++ b/.github/workflows/elliptic-curve.yml
@@ -102,6 +102,8 @@ jobs:
       MIRIFLAGS: "-Zmiri-symbolic-alignment-check -Zmiri-strict-provenance"
     steps:
       - uses: actions/checkout@v6
-      - uses: dtolnay/rust-toolchain@nightly
+      - uses: dtolnay/rust-toolchain@stable
+        with:
+          toolchain: nightly-2026-02-11 # pinned due to rust-lang/miri#4855
       - run: rustup component add miri && cargo miri setup
       - run: cargo miri test --all-features