- ocaml-oci/src/spec: Convert all JSON handling from yojson to jsont
- mirage-crypto/tests/wycheproof: Replace ppx_deriving_yojson with jsont codecs
- ocaml-matter, ocaml-spake2, ocaml-hap, ocaml-csrf: Update dependency from
standalone hkdf package to kdf.hkdf (digestif-based implementation)
- ocaml-hap: Add hkdf_sha512 helper using kdf.hkdf API
- Various code cleanups for jsont compatibility

use freebsd-14-3 on cirrus

* mirage_crypto.h: add powerpc macros

* entropy_cpu_stubs.c: fix powerpc

mirage-crypto-ec: fix ECDSA public key compression

remove dkml CI

update cirrus CI (use FreeBSD 14.2)

Fixes for the less common platforms

Use memcpy_s for MSVC which is a safe form of memcpy.
Documented at https://learn.microsoft.com/en-us/cpp/c-runtime-library/reference/memcpy-s-wmemcpy-s?view=msvc-170

getrandom is not present until Android 28.

Confer: https://android.googlesource.com/platform/bionic/+/02ce401d1e2b31586c94c8b6999364bbbce27388/libc/include/sys/random.h

* add next generation mirage-crypto-rng-mirage

* Defunctorise mirage-crypto-rng-mirage, use mirage-sleep and mirage-mtime instead

* fix test

* adapt to mirage how it'll be in the future (no functor)

* remove now superfluous mirage-crypto-rng-{lwt,eio,async}

we have Mirage_crypto_rng_unix.use_default () now, and by default use getrandom

* remove these packages from CI

* fix enabled_if condition

* Handle CPU_RNG failures in OCaml:

- Previously, a return value of "0" was treated specially, but rdrand/rdseed
may return 0!
- If there's a failure in rdrand/rdseed during cpu_rng_bootstrap, raise an
exception
- If there's a failure during the periodic reseeding (timer initiated feeding
of all pools), ignore it (for now!?)

* use memcpy instead of manual copying

* entropy: provide rdrand and rdseed calls and failures

* cpu_rng_bootstrap: use rdrand if rdseed fails.

if rdseed fails, take 512 times rdrand.

if rdrand fails 512 times (* 10 from the RETRIES in C), fail

* rdseed: 100 retries, rdrand: 10 retries

* avoid unused parameter warnings

* use Val_false directly

Mark the initialize functions as deprecated.

Mingw friendly case for includes.

Instead, advertise the use of the default Unix generator based on
getrandom/getentropy. This is thread-safe and allows to remove the
mirage-crypto-rng-{lwt,miou-unix,eio,async} packages in the future.

* Add /dev/urandom and getentropy RNG generators

Provide guidance to use these by default, document that Fortuna is not
thread-safe. As suggested in #249

* require 4.14 (uses in_channel)
* bench/speed: use Urandom and Getentropy generators
* mirage-crypto-rng-unix: more documentation
* test_entropy: disable on arm64
* Mirage_crypto_rng.generate_into: check off and len being >= 0
* Mirage_crypto_rng.generate_into: adjust docstring
* Mirage_crypto_rng.Generator.generate_into: emit unsafe warning

Co-authored-by: Reynir Björnsson <reynir@reynir.dk>
Co-authored-by: Török Edwin <edwintorok@users.noreply.github.com>
Reviewed-by: Calascibetta Romain <romain.calascibetta@gmail.com>

mirage-crypto-rng-eio: declare the cstruct dependency

remove unused test_rng.ml

mirage-crypto-ec: provide Dh.secret_to_octets

fix CCM, as discovered when porting TLS to string

The issue were missing offsets, both if multiple blocks were encrypted/decrypted
and when unaligned data (i.e. not a multiple of block_size) was encrypted and
decrypted.

* Mirage_crypto.Block.ECB with {de,en}crypt_into

Also provide unsafe_{en,de}crypt_into for further performance.

* Mirage_crypto.Block.CBC now has {de,en}crypt_into functionality

This may avoid buffer allocations. There are as well unsafe functions for those
feeling bounds checks are unnecessary.

* counters: add an offset parameter

* Mirage_crypto.Block.CTR with {de,en}crypt_into

* GCM and ChaCha have {de,en}crypt_into now

* CCM16 with {de,en}crypt_into

* minor adjustments to speed

* Apply suggestions from code review

Co-authored-by: Reynir Björnsson <reynir@reynir.dk>

* revise bounds checks (cc @reynir @palainp), also check off >= 0

* revise block_size check

* update documentation, esp off < 0

* poly1305: mac_into appropriate bounds checks, also unsafe_mac_into

* ccm: remove maclen argument, and ensure tag_size = block_size

* add tailcall annotations, remove an argument from ccm's loop

---------

Co-authored-by: Reynir Björnsson <reynir@reynir.dk>

mirage-crypto-rng-mirage: provide a module type S (to overcome the mirage-random opam package)

* Add an implementation of mirage-crypto-rng-miou to initialize the RNG with Miou

* Update GitHub actions and CirrusCI

* Use the last version of Miou

* Prefer to follow the user's control flow than the cancellation control flow to set correctly global variables

* Use Miou_backoff instead of Backoff and avoid a conflict with the backoff package

* Upgrade the PR with miou.0.2.0 and delete the pin-depends

* Provide a separate executable to bench pfortuna with miou

* Add a comment about the goal of Pfortuna

* note to sync fortuna and pfortuna

* fix opam-lint check: add digestif to dependencies of mirage-crypto-rng-miou-unix

* comment out bench/miou in dune to avoid CI build failures

since (package mirage-crypto-rng-miou-unix) is not supported without
(public_names ..) in dune, there's no easy alternative.

Marking it (optional) still results in failures with OCaml-CI

* no need for (modes native), this is known as https://github.com/ocaml/dune/issues/9979

---------

Co-authored-by: Hannes Mehnert <hannes@mehnert.org>

Require OCaml 4.13 and remove local overrides