Description: avoid not-in-Debian crate macro_rules_attribute
 This essentially reverts upstream git commit 20023ee.
Author: Jonas Smedegaard <dr@jones.dk>
Forwarded: not-needed
Last-Update: 2025-08-11
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -59,7 +59,6 @@
 hpke-rs-rust-crypto = "0.3"
 itertools = ">= 0.13.0, <= 0.14"
 log = { version = "0.4.8" }
-macro_rules_attribute = "0.2"
 mio = { version = "1", features = ["net", "os-poll"] }
 num-bigint = "0.4.4"
 once_cell = { version = "1.16", default-features = false, features = ["alloc", "race"] }
--- a/rustls/Cargo.toml
+++ b/rustls/Cargo.toml
@@ -49,7 +49,6 @@
 env_logger = { workspace = true }
 hex = { workspace = true }
 log = { workspace = true }
-macro_rules_attribute = { workspace = true }
 num-bigint = { workspace = true }
 rcgen = { workspace = true }
 rustls-native-certs = { workspace = true }
--- a/rustls/src/client/handy.rs
+++ b/rustls/src/client/handy.rs
@@ -245,14 +245,13 @@
 }
 
 #[cfg(test)]
-#[macro_rules_attribute::apply(test_for_each_provider)]
-mod tests {
+test_for_each_provider! {
     use std::prelude::v1::*;
 
     use pki_types::{ServerName, UnixTime};
 
     use super::NoClientSessionStorage;
-    use super::provider::cipher_suite;
+    use provider::cipher_suite;
     use crate::client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier};
     use crate::client::{ClientSessionStore, ResolvesClientCert};
     use crate::msgs::base::PayloadU16;
--- a/rustls/src/crypto/ring/quic.rs
+++ b/rustls/src/crypto/ring/quic.rs
@@ -213,13 +213,13 @@
 }
 
 #[cfg(test)]
-#[macro_rules_attribute::apply(test_for_each_provider)]
-mod tests {
+test_for_each_provider! {
     use std::dbg;
 
-    use super::provider::tls13::{
+    use provider::tls13::{
         TLS13_AES_128_GCM_SHA256_INTERNAL, TLS13_CHACHA20_POLY1305_SHA256_INTERNAL,
     };
+
     use crate::common_state::Side;
     use crate::crypto::tls13::OkmBlock;
     use crate::quic::*;
--- a/rustls/src/hash_hs.rs
+++ b/rustls/src/hash_hs.rs
@@ -184,9 +184,9 @@
 }
 
 #[cfg(test)]
-#[macro_rules_attribute::apply(test_for_each_provider)]
-mod tests {
-    use super::provider::hash::SHA256;
+test_for_each_provider! {
+    use provider::hash::SHA256;
+
     use super::*;
     use crate::crypto::hash::Hash;
     use crate::enums::ProtocolVersion;
--- a/rustls/src/suites.rs
+++ b/rustls/src/suites.rs
@@ -241,15 +241,14 @@
 }
 
 #[cfg(test)]
-#[macro_rules_attribute::apply(test_for_each_provider)]
-mod tests {
+test_for_each_provider! {
     use std::println;
 
-    use super::provider::tls13::*;
+    use provider::tls13::*;
 
     #[test]
     fn test_scs_is_debug() {
-        println!("{:?}", super::provider::ALL_CIPHER_SUITES);
+        println!("{:?}", provider::ALL_CIPHER_SUITES);
     }
 
     #[test]
--- a/rustls/src/test_macros.rs
+++ b/rustls/src/test_macros.rs
@@ -11,16 +11,12 @@
         #[cfg(feature = "ring")]
         mod test_with_ring {
             use crate::crypto::ring as provider;
-            #[allow(unused_imports)]
-            use super::*;
             $($tt)+
         }
 
         #[cfg(feature = "aws_lc_rs")]
         mod test_with_aws_lc_rs {
             use crate::crypto::aws_lc_rs as provider;
-            #[allow(unused_imports)]
-            use super::*;
             $($tt)+
         }
     };
@@ -37,35 +33,29 @@
         #[cfg(feature = "ring")]
         mod bench_with_ring {
             use crate::crypto::ring as provider;
-            #[allow(unused_imports)]
-            use super::*;
             $($tt)+
         }
 
         #[cfg(feature = "aws_lc_rs")]
         mod bench_with_aws_lc_rs {
             use crate::crypto::aws_lc_rs as provider;
-            #[allow(unused_imports)]
-            use super::*;
             $($tt)+
         }
     };
 }
 
 #[cfg(test)]
-#[macro_rules_attribute::apply(test_for_each_provider)]
-mod tests {
+test_for_each_provider! {
     #[test]
     fn test_each_provider() {
-        std::println!("provider is {:?}", super::provider::default_provider());
+        std::println!("provider is {:?}", provider::default_provider());
     }
 }
 
 #[cfg(all(test, bench))]
-#[macro_rules_attribute::apply(bench_for_each_provider)]
-mod benchmarks {
+bench_for_each_provider! {
     #[bench]
     fn bench_each_provider(b: &mut test::Bencher) {
-        b.iter(|| super::provider::default_provider());
+        b.iter(|| provider::default_provider());
     }
 }
--- a/rustls/src/tls12/mod.rs
+++ b/rustls/src/tls12/mod.rs
@@ -339,9 +339,9 @@
 pub(crate) const DOWNGRADE_SENTINEL: [u8; 8] = [0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01];
 
 #[cfg(test)]
-#[macro_rules_attribute::apply(test_for_each_provider)]
-mod tests {
-    use super::provider::kx_group::X25519;
+test_for_each_provider! {
+    use provider::kx_group::X25519;
+
     use super::*;
     use crate::common_state::{CommonState, Side};
     use crate::msgs::handshake::{ServerEcdhParams, ServerKeyExchangeParams};
--- a/rustls/src/tls13/key_schedule.rs
+++ b/rustls/src/tls13/key_schedule.rs
@@ -1036,14 +1036,13 @@
 }
 
 #[cfg(test)]
-#[macro_rules_attribute::apply(test_for_each_provider)]
-mod tests {
+test_for_each_provider! {
     use core::fmt::Debug;
     use std::prelude::v1::*;
     use std::vec;
 
-    use super::provider::ring_like::aead;
-    use super::provider::tls13::{
+    use provider::ring_like::aead;
+    use provider::tls13::{
         TLS13_AES_128_GCM_SHA256_INTERNAL, TLS13_CHACHA20_POLY1305_SHA256_INTERNAL,
     };
     use super::{KeySchedule, SecretKind, derive_traffic_iv, derive_traffic_key};
@@ -1052,12 +1051,12 @@
 
     #[test]
     fn empty_hash() {
-        let sha256 = super::provider::tls13::TLS13_AES_128_GCM_SHA256
+        let sha256 = provider::tls13::TLS13_AES_128_GCM_SHA256
             .tls13()
             .unwrap()
             .common
             .hash_provider;
-        let sha384 = super::provider::tls13::TLS13_AES_256_GCM_SHA384
+        let sha384 = provider::tls13::TLS13_AES_256_GCM_SHA384
             .tls13()
             .unwrap()
             .common
@@ -1261,13 +1260,12 @@
 }
 
 #[cfg(all(test, bench))]
-#[macro_rules_attribute::apply(bench_for_each_provider)]
-mod benchmarks {
+bench_for_each_provider! {
     #[bench]
     fn bench_sha256(b: &mut test::Bencher) {
         use core::fmt::Debug;
 
-        use super::provider::tls13::TLS13_CHACHA20_POLY1305_SHA256_INTERNAL;
+        use provider::tls13::TLS13_CHACHA20_POLY1305_SHA256_INTERNAL;
         use super::{KeySchedule, SecretKind, derive_traffic_iv, derive_traffic_key};
         use crate::KeyLog;
 
@@ -1286,7 +1284,8 @@
                 .expander_for_okm(&traffic_secret);
             test::black_box(derive_traffic_key(
                 traffic_secret_expander.as_ref(),
-                TLS13_CHACHA20_POLY1305_SHA256_INTERNAL.aead_alg,
+                TLS13_CHACHA20_POLY1305_SHA256_INTERNAL
+                    .aead_alg,
             ));
             test::black_box(derive_traffic_iv(traffic_secret_expander.as_ref()));
         }
--- a/rustls/src/verifybench.rs
+++ b/rustls/src/verifybench.rs
@@ -29,8 +29,7 @@
 use crate::verify::ServerCertVerifier;
 use crate::webpki::{RootCertStore, WebPkiServerVerifier};
 
-#[macro_rules_attribute::apply(bench_for_each_provider)]
-mod benchmarks {
+bench_for_each_provider! {
     use super::{Context, provider};
 
     #[bench]
--- a/rustls/src/webpki/client_verifier.rs
+++ b/rustls/src/webpki/client_verifier.rs
@@ -429,15 +429,14 @@
 }
 
 #[cfg(test)]
-#[macro_rules_attribute::apply(test_for_each_provider)]
-mod tests {
+test_for_each_provider! {
     use std::prelude::v1::*;
     use std::{format, println, vec};
 
     use pki_types::pem::PemObject;
     use pki_types::{CertificateDer, CertificateRevocationListDer};
 
-    use super::{WebPkiClientVerifier, provider};
+    use super::WebPkiClientVerifier;
     use crate::RootCertStore;
     use crate::server::VerifierBuilderError;
     use crate::sync::Arc;
--- a/rustls/src/webpki/server_verifier.rs
+++ b/rustls/src/webpki/server_verifier.rs
@@ -301,15 +301,14 @@
 }
 
 #[cfg(test)]
-#[macro_rules_attribute::apply(test_for_each_provider)]
-mod tests {
+test_for_each_provider! {
     use std::prelude::v1::*;
     use std::{println, vec};
 
     use pki_types::pem::PemObject;
     use pki_types::{CertificateDer, CertificateRevocationListDer};
 
-    use super::{VerifierBuilderError, WebPkiServerVerifier, provider};
+    use super::{VerifierBuilderError, WebPkiServerVerifier};
     use crate::RootCertStore;
     use crate::sync::Arc;
 
--- a/rustls/src/client/test.rs
+++ b/rustls/src/client/test.rs
@@ -22,11 +22,10 @@
 #[cfg(feature = "std")]
 use crate::client::ClientConnection;
 
-#[macro_rules_attribute::apply(test_for_each_provider)]
-mod tests {
+test_for_each_provider! {
     use std::sync::OnceLock;
 
-    use super::super::*;
+    use super::*;
     use crate::client::AlwaysResolvesClientRawPublicKeys;
     use crate::crypto::cipher::MessageEncrypter;
     use crate::crypto::tls13::OkmBlock;
@@ -52,7 +51,7 @@
     #[test]
     fn test_no_session_ticket_request_on_tls_1_3() {
         let mut config =
-            ClientConfig::builder_with_provider(super::provider::default_provider().into())
+            ClientConfig::builder_with_provider(provider::default_provider().into())
                 .with_protocol_versions(&[&version::TLS13])
                 .unwrap()
                 .with_root_certificates(roots())
@@ -67,7 +66,7 @@
     #[test]
     fn test_no_renegotiation_scsv_on_tls_1_3() {
         let ch = client_hello_sent_for_config(
-            ClientConfig::builder_with_provider(super::provider::default_provider().into())
+            ClientConfig::builder_with_provider(provider::default_provider().into())
                 .with_protocol_versions(&[&version::TLS13])
                 .unwrap()
                 .with_root_certificates(roots())
@@ -85,7 +84,7 @@
     fn test_client_does_not_offer_sha1() {
         for version in crate::ALL_VERSIONS {
             let config =
-                ClientConfig::builder_with_provider(super::provider::default_provider().into())
+                ClientConfig::builder_with_provider(provider::default_provider().into())
                     .with_protocol_versions(&[version])
                     .unwrap()
                     .with_root_certificates(roots())
@@ -106,7 +105,7 @@
     #[test]
     fn test_client_rejects_hrr_with_varied_session_id() {
         let config =
-            ClientConfig::builder_with_provider(super::provider::default_provider().into())
+            ClientConfig::builder_with_provider(provider::default_provider().into())
                 .with_safe_default_protocol_versions()
                 .unwrap()
                 .with_root_certificates(roots())
@@ -145,7 +144,7 @@
     #[test]
     fn test_client_rejects_no_extended_master_secret_extension_when_require_ems_or_fips() {
         let mut config =
-            ClientConfig::builder_with_provider(super::provider::default_provider().into())
+            ClientConfig::builder_with_provider(provider::default_provider().into())
                 .with_safe_default_protocol_versions()
                 .unwrap()
                 .with_root_certificates(roots())
@@ -195,7 +194,7 @@
             [(&version::TLS12, false), (&version::TLS13, true)]
         {
             let client_hello = client_hello_sent_for_config(
-                ClientConfig::builder_with_provider(super::provider::default_provider().into())
+                ClientConfig::builder_with_provider(provider::default_provider().into())
                     .with_protocol_versions(&[protocol_version])
                     .unwrap()
                     .dangerous()
@@ -474,7 +473,7 @@
     }
 
     fn client_certified_key() -> CertifiedKey {
-        let key = super::provider::default_provider()
+        let key = provider::default_provider()
             .key_provider
             .load_private_key(client_key())
             .unwrap();
@@ -498,8 +497,8 @@
         // ensures X25519 is offered irrespective of cfg(feature = "fips"), which eases
         // creation of fake server messages.
         CryptoProvider {
-            kx_groups: vec![super::provider::kx_group::X25519],
-            ..super::provider::default_provider()
+            kx_groups: vec![provider::kx_group::X25519],
+            ..provider::default_provider()
         }
     }
 
@@ -606,7 +605,7 @@
         }
 
         fn server_handshake_encrypter(&self) -> Box<dyn MessageEncrypter> {
-            let cipher_suite = super::provider::cipher_suite::TLS13_AES_128_GCM_SHA256
+            let cipher_suite = provider::cipher_suite::TLS13_AES_128_GCM_SHA256
                 .tls13()
                 .unwrap();
 
--- a/rustls/src/server/test.rs
+++ b/rustls/src/server/test.rs
@@ -62,10 +62,9 @@
     .map(|_| ())
 }
 
-#[macro_rules_attribute::apply(test_for_each_provider)]
 #[cfg(feature = "std")]
-mod tests {
-    use super::super::*;
+test_for_each_provider! {
+    use super::*;
     use crate::common_state::KxState;
     use crate::crypto::{
         ActiveKeyExchange, CryptoProvider, KeyExchangeAlgorithm, SupportedKxGroup,
@@ -84,7 +83,7 @@
     #[cfg(feature = "tls12")]
     #[test]
     fn test_server_rejects_no_extended_master_secret_extension_when_require_ems_or_fips() {
-        let provider = super::provider::default_provider();
+        let provider = provider::default_provider();
         let mut config = ServerConfig::builder_with_provider(provider.into())
             .with_protocol_versions(&[&version::TLS12])
             .unwrap()
@@ -244,8 +243,8 @@
 
     fn server_config_for_rpk() -> ServerConfig {
         let x25519_provider = CryptoProvider {
-            kx_groups: vec![super::provider::kx_group::X25519],
-            ..super::provider::default_provider()
+            kx_groups: vec![provider::kx_group::X25519],
+            ..provider::default_provider()
         };
         ServerConfig::builder_with_provider(x25519_provider.into())
             .with_protocol_versions(&[&version::TLS13])
@@ -257,7 +256,7 @@
     }
 
     fn server_certified_key() -> CertifiedKey {
-        let key = super::provider::default_provider()
+        let key = provider::default_provider()
             .key_provider
             .load_private_key(server_key())
             .unwrap();
@@ -289,7 +288,7 @@
         CryptoProvider {
             kx_groups: vec![FAKE_FFDHE_GROUP],
             cipher_suites: vec![TLS_DHE_RSA_WITH_AES_128_GCM_SHA256],
-            ..super::provider::default_provider()
+            ..provider::default_provider()
         }
     }
 
@@ -335,7 +334,7 @@
 
     #[cfg(feature = "tls12")]
     static TLS12_DHE_RSA_WITH_AES_128_GCM_SHA256: Tls12CipherSuite =
-        match &super::provider::cipher_suite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 {
+        match &provider::cipher_suite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 {
             SupportedCipherSuite::Tls12(provider) => Tls12CipherSuite {
                 common: CipherSuiteCommon {
                     suite: CipherSuite::TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
