Fix warnings

[omertuc]

See commit messages

Summary by CodeRabbit

• New Features

  • Added modular inverse operations, Euclidean division-remainder computation, and prime recovery utilities to numeric libraries.
  • Introduced const zero and one trait identifiers for type-safe constant usage.
  • Added floating-point clamping and total-order comparison operations.
  • New RSA key construction methods from prime components.

• Bug Fixes

  • Fixed potential underflow in encryption padding validation.
  • Improved prime validation constraints.
  • Enhanced RSA key generation and component handling.

• Chores

  • Updated dependencies across numeric and cryptographic libraries.
  • Removed vendored byteorder crate.
  • Updated minimum Rust version requirements.
  • Added security advisory references.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: omertuc

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [omertuc]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Walkthrough

This PR updates multiple Rust dependencies and refactors vendored code. Key changes include: upgrading the rsa crate from 0.9.0 to 0.9.10, updating num-bigint, num-integer, and num-traits to newer versions, removing the byteorder vendored crate, adding #[allow(dead_code)] attributes to generated protobuf types, refactoring bigint arithmetic to use constants instead of constructors, and adding new cryptographic helper functions for RSA key generation and recovery.

Changes

Cohort / File(s)	Summary
Dependency Version Updates Cargo.toml, build.rs, vendor/rsa/Cargo.toml*	Bumped rsa from 0.9.0 to 0.9.10; added #[allow(dead_code)] to protobuf code generation; updated num-bigint, num-integer, num-traits versions; added test/bench entry points and feature flags.
Protobuf Generated Code Annotations src/protobuf_gen/github.com.openshift.api.oauth.v1.rs, src/protobuf_gen/github.com.openshift.api.route.v1.rs, src/protobuf_gen/k8s.io.api.*.rs, src/protobuf_gen/k8s.io.apimachinery.*.rs	Added #[allow(dead_code)] attributes to suppress warnings on 100+ public structs across multiple generated protobuf modules without changing functionality.
Cluster Crypto Refactoring src/cluster_crypto.rs, src/cluster_crypto/crypto_objects.rs, src/cluster_crypto/json_crawl.rs	Removed extra reference level in recursive call; added #[allow(clippy::large_enum_variant)] and #[allow(clippy::manual_ok_err)] lint suppressions.
OCP Post-processing src/ocp_postprocess/ip_rename/etcd_rename.rs	Replaced Option::map_or with Option::is_some_and for URL matching logic without behavioral change.
BigInt Arithmetic Refactoring vendor/num-bigint/src/bigint.rs, vendor/num-bigint/src/bigint/*.rs, vendor/num-bigint/src/biguint.rs, vendor/num-bigint/src/biguint/*.rs	Introduced ZERO and ZERO::ConstZero constants across BigInt/BigUint; replaced Zero::zero() calls with Self::ZERO; refactored addition/subtraction/multiplication with macro-based conditional compilation; added modinv method for modular inverse.
RSA Cryptographic Functions vendor/rsa/src/algorithms/rsa.rs, vendor/rsa/src/algorithms/generate.rs, vendor/rsa/src/algorithms/pkcs1v15.rs, vendor/rsa/src/key.rs	Added recover_primes(), compute_modulus(), compute_private_exponent_euler_totient(), and compute_private_exponent_carmicheal() helper functions; added from_primes() and from_p_q() constructors; fixed buffer overflow in PKCS#1 v1.5 encryption padding; strengthened prime validation (prime ≤ 1).
Num-Traits & Num-Integer Updates vendor/num-traits/src/, vendor/num-integer/src/	Introduced ConstZero and ConstOne traits with const ZERO/ONE; added clamp() and TotalOrder::total_cmp() to Float traits; added div_rem_euclid() and checked_div_rem_euclid() methods; removed feature-gated code for leading_ones, trailing_ones, reverse_bits, and byte conversions.
Spki Updates vendor/spki/src/spki.rs	Added SubjectPublicKeyInfoOwned::from_key<T>() constructor supporting any EncodePublicKey type.
Byteorder Vendor Removal vendor/byteorder/*	Removed entire vendored byteorder crate directory including source, tests, benches, CI config, and documentation.
Num-Bigint-Dig & Num-Bigint Macros vendor/num-bigint-dig/Cargo.toml*, vendor/num-bigint/src/macros.rs	Updated crate versions; consolidated conditional compilation with cfg_32, cfg_64, cfg_digit macros; introduced digit-width-aware gating across division, multiplication, and serialization.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Suggested labels

lgtm, ok-to-test

Suggested reviewers

• mresvanis
• rauhersu

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Fix warnings' directly and accurately describes the main objective of the pull request, which is to address and suppress various compiler and linter warnings throughout the codebase.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@vendor/num-bigint/src/bigint/division.rs`:
- Around line 466-469: The checked_div_rem_euclid implementation lacks a
zero-divisor check and will panic when v is zero; update checked_div_rem_euclid
to mirror checked_div_euclid/checked_rem_euclid by returning None if
v.is_zero(), otherwise return Some(self.div_rem_euclid(v)); refer to the
checked_div_rem_euclid and div_rem_euclid functions and reuse the same zero
check pattern as in checked_div_euclid/checked_rem_euclid.

In `@vendor/rsa/src/algorithms/rsa.rs`:
- Around line 286-287: Fix the typo in the documentation comment that reads
"totiem" — replace it with "totient" in the comment starting "FIPS 186-4
**requires** the private exponent to be less than λ(n), which would make Euler's
totiem unreliable." in vendor/rsa/src/algorithms/rsa.rs so the sentence reads
"...which would make Euler's totient unreliable."

🧹 Nitpick comments (4)

src/cluster_crypto/json_crawl.rs (1)

292-299: Consider using .ok() instead of suppressing the lint.

The #[allow(clippy::manual_ok_err)] suppression works, but the clippy suggestion would actually simplify this code while preserving the comment context.

♻️ Optional refactor

-        #[allow(clippy::manual_ok_err)]
-        if let Ok(decoded) = String::from_utf8(decoded) {
-            Some(decoded)
-        } else {
-            // We don't search for crypto objects inside binaries
-            None
-        }
+        // We don't search for crypto objects inside binaries, so non-UTF8 returns None
+        String::from_utf8(decoded).ok()

vendor/num-bigint/src/bigrand.rs (1)

52-87: Approve with note on unsafe code complexity.

The cfg_digit! macro dispatches between two implementations based on the target's native digit size. The 64-bit path uses unsafe pointer casting from Vec<u64> to a &mut [u32] slice for gen_bits, which is sound because:

1. Memory alignment is satisfied (u64 alignment ≥ u32 alignment)
2. The debug_assert!(native_len * 2 >= len) ensures the buffer is large enough
3. Big-endian targets correctly swap the u32 halves within each u64 (line 83)

The implementation is correct but subtle. Consider adding a brief inline comment explaining why the endian swap is needed (i.e., gen_bits fills u32 slots in logical order, but on big-endian the memory layout of u64 requires swapping the halves).

src/protobuf_gen/k8s.io.api.core.v1.rs (1)

7-7510: Consider a module-level dead_code allow to reduce regen diff churn (if possible).

If your codegen setup allows it, a single #![allow(dead_code)] at the module/file level (or in the mod protobuf_gen { ... } wrapper) can avoid touching every generated type and keep future regen diffs smaller. If not feasible with your current prost_build pipeline, this per-type approach is still fine.

vendor/num-bigint/src/biguint/iter.rs (1)

321-340: Test test_iter_u32_digits_be doesn't actually test big-endian iteration.

This test is identical to test_iter_u32_digits (lines 279-298) and only uses next(), not next_back(). Compare with test_iter_u64_digits_be (lines 342-361) which correctly tests next_back() for reverse iteration.

Since this is vendored code from an upstream library, this is likely an upstream issue. If you're maintaining this vendored copy, consider fixing the test to actually verify big-endian (reverse) iteration using next_back().

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e14a805 and 87c0819.

⛔ Files ignored due to path filters (3)

• Cargo.lock is excluded by !**/*.lock
• vendor/num-bigint-dig/Cargo.lock is excluded by !**/*.lock
• vendor/rsa/Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (131)

• Cargo.toml
• build.rs
• src/cluster_crypto.rs
• src/cluster_crypto/crypto_objects.rs
• src/cluster_crypto/json_crawl.rs
• src/ocp_postprocess/ip_rename/etcd_rename.rs
• src/protobuf_gen/github.com.openshift.api.oauth.v1.rs
• src/protobuf_gen/github.com.openshift.api.route.v1.rs
• src/protobuf_gen/k8s.io.api.admissionregistration.v1.rs
• src/protobuf_gen/k8s.io.api.apps.v1.rs
• src/protobuf_gen/k8s.io.api.batch.v1.rs
• src/protobuf_gen/k8s.io.api.core.v1.rs
• src/protobuf_gen/k8s.io.apimachinery.pkg.api.resource.rs
• src/protobuf_gen/k8s.io.apimachinery.pkg.apis.meta.v1.rs
• src/protobuf_gen/k8s.io.apimachinery.pkg.runtime.rs
• src/protobuf_gen/k8s.io.apimachinery.pkg.util.intstr.rs
• vendor/byteorder/.cargo-checksum.json
• vendor/byteorder/.cargo_vcs_info.json
• vendor/byteorder/.github/workflows/ci.yml
• vendor/byteorder/CHANGELOG.md
• vendor/byteorder/COPYING
• vendor/byteorder/Cargo.toml
• vendor/byteorder/Cargo.toml.orig
• vendor/byteorder/LICENSE-MIT
• vendor/byteorder/README.md
• vendor/byteorder/UNLICENSE
• vendor/byteorder/benches/bench.rs
• vendor/byteorder/rustfmt.toml
• vendor/byteorder/src/io.rs
• vendor/byteorder/src/lib.rs
• vendor/num-bigint-dig/.cargo-checksum.json
• vendor/num-bigint-dig/.cargo_vcs_info.json
• vendor/num-bigint-dig/Cargo.toml
• vendor/num-bigint-dig/Cargo.toml.orig
• vendor/num-bigint-dig/src/algorithms/mod_inverse.rs
• vendor/num-bigint-dig/src/bigrand.rs
• vendor/num-bigint-dig/src/biguint.rs
• vendor/num-bigint-dig/src/prime.rs
• vendor/num-bigint-dig/tests/torture.rs
• vendor/num-bigint/.cargo-checksum.json
• vendor/num-bigint/.cargo_vcs_info.json
• vendor/num-bigint/Cargo.toml
• vendor/num-bigint/Cargo.toml.orig
• vendor/num-bigint/README.md
• vendor/num-bigint/RELEASES.md
• vendor/num-bigint/benches/bigint.rs
• vendor/num-bigint/build.rs
• vendor/num-bigint/src/bigint.rs
• vendor/num-bigint/src/bigint/addition.rs
• vendor/num-bigint/src/bigint/arbitrary.rs
• vendor/num-bigint/src/bigint/bits.rs
• vendor/num-bigint/src/bigint/convert.rs
• vendor/num-bigint/src/bigint/division.rs
• vendor/num-bigint/src/bigint/power.rs
• vendor/num-bigint/src/bigint/serde.rs
• vendor/num-bigint/src/bigint/subtraction.rs
• vendor/num-bigint/src/bigrand.rs
• vendor/num-bigint/src/biguint.rs
• vendor/num-bigint/src/biguint/addition.rs
• vendor/num-bigint/src/biguint/arbitrary.rs
• vendor/num-bigint/src/biguint/convert.rs
• vendor/num-bigint/src/biguint/division.rs
• vendor/num-bigint/src/biguint/iter.rs
• vendor/num-bigint/src/biguint/monty.rs
• vendor/num-bigint/src/biguint/multiplication.rs
• vendor/num-bigint/src/biguint/power.rs
• vendor/num-bigint/src/biguint/serde.rs
• vendor/num-bigint/src/biguint/shift.rs
• vendor/num-bigint/src/biguint/subtraction.rs
• vendor/num-bigint/src/lib.rs
• vendor/num-bigint/src/macros.rs
• vendor/num-bigint/tests/bigint.rs
• vendor/num-bigint/tests/bigint_bitwise.rs
• vendor/num-bigint/tests/biguint.rs
• vendor/num-bigint/tests/consts/mod.rs
• vendor/num-bigint/tests/roots.rs
• vendor/num-integer/.cargo-checksum.json
• vendor/num-integer/.cargo_vcs_info.json
• vendor/num-integer/Cargo.toml
• vendor/num-integer/Cargo.toml.orig
• vendor/num-integer/README.md
• vendor/num-integer/RELEASES.md
• vendor/num-integer/benches/average.rs
• vendor/num-integer/benches/gcd.rs
• vendor/num-integer/benches/roots.rs
• vendor/num-integer/build.rs
• vendor/num-integer/src/average.rs
• vendor/num-integer/src/lib.rs
• vendor/num-integer/src/roots.rs
• vendor/num-integer/tests/average.rs
• vendor/num-integer/tests/roots.rs
• vendor/num-traits/.cargo-checksum.json
• vendor/num-traits/.cargo_vcs_info.json
• vendor/num-traits/Cargo.toml
• vendor/num-traits/Cargo.toml.orig
• vendor/num-traits/README.md
• vendor/num-traits/RELEASES.md
• vendor/num-traits/build.rs
• vendor/num-traits/src/cast.rs
• vendor/num-traits/src/float.rs
• vendor/num-traits/src/identities.rs
• vendor/num-traits/src/int.rs
• vendor/num-traits/src/lib.rs
• vendor/num-traits/src/ops/bytes.rs
• vendor/num-traits/src/ops/euclid.rs
• vendor/num-traits/src/real.rs
• vendor/rsa/.cargo-checksum.json
• vendor/rsa/.cargo_vcs_info.json
• vendor/rsa/CHANGELOG.md
• vendor/rsa/Cargo.toml
• vendor/rsa/Cargo.toml.orig
• vendor/rsa/README.md
• vendor/rsa/src/algorithms/generate.rs
• vendor/rsa/src/algorithms/pkcs1v15.rs
• vendor/rsa/src/algorithms/rsa.rs
• vendor/rsa/src/errors.rs
• vendor/rsa/src/key.rs
• vendor/rsa/src/lib.rs
• vendor/rsa/src/oaep.rs
• vendor/rsa/src/pkcs1v15.rs
• vendor/rsa/src/pkcs1v15/signature.rs
• vendor/rsa/src/pss.rs
• vendor/rsa/src/pss/signature.rs
• vendor/rsa/tests/examples/pkcs8/rsa2048-sp800-56b-priv.der
• vendor/spki/.cargo-checksum.json
• vendor/spki/.cargo_vcs_info.json
• vendor/spki/CHANGELOG.md
• vendor/spki/Cargo.toml
• vendor/spki/Cargo.toml.orig
• vendor/spki/src/spki.rs
• vendor/spki/tests/spki.rs

💤 Files with no reviewable changes (23)

• vendor/num-bigint/tests/biguint.rs
• vendor/byteorder/CHANGELOG.md
• vendor/num-bigint/build.rs
• vendor/byteorder/COPYING
• vendor/byteorder/README.md
• vendor/byteorder/.cargo-checksum.json
• vendor/byteorder/Cargo.toml.orig
• vendor/num-traits/src/cast.rs
• vendor/num-traits/src/int.rs
• vendor/num-bigint/tests/roots.rs
• vendor/byteorder/.github/workflows/ci.yml
• vendor/num-bigint/tests/bigint.rs
• vendor/num-integer/benches/gcd.rs
• vendor/byteorder/benches/bench.rs
• vendor/num-integer/build.rs
• vendor/byteorder/src/io.rs
• vendor/byteorder/UNLICENSE
• vendor/byteorder/LICENSE-MIT
• vendor/byteorder/rustfmt.toml
• vendor/num-bigint/tests/bigint_bitwise.rs
• vendor/num-traits/src/ops/bytes.rs
• vendor/byteorder/.cargo_vcs_info.json
• vendor/byteorder/Cargo.toml

🧰 Additional context used

🧬 Code graph analysis (12)

vendor/num-bigint/benches/bigint.rs (1)

vendor/num-integer/benches/roots.rs (1)

• bench (16-46)

vendor/rsa/src/algorithms/generate.rs (1)

vendor/rsa/src/algorithms/rsa.rs (2)

• compute_modulus (249-251)
• compute_private_exponent_euler_totient (256-278)

vendor/num-bigint/src/biguint/serde.rs (1)

vendor/num-bigint/src/biguint.rs (1)

• biguint_from_vec (526-528)

vendor/num-bigint/src/biguint/arbitrary.rs (1)

vendor/num-bigint/src/biguint.rs (1)

• biguint_from_vec (526-528)

vendor/num-bigint/src/bigrand.rs (1)

vendor/num-bigint/src/biguint.rs (1)

• biguint_from_vec (526-528)

vendor/num-bigint/src/biguint/addition.rs (2)

vendor/num-bigint/src/lib.rs (1)

• from_doublebigdigit (259-261)

vendor/num-bigint-dig/src/biguint.rs (1)

• u32_from_u128 (2530-2537)

vendor/rsa/src/key.rs (1)

vendor/rsa/src/algorithms/rsa.rs (4)

• compute_modulus (249-251)
• compute_private_exponent_carmicheal (289-304)
• compute_private_exponent_euler_totient (256-278)
• recover_primes (202-246)

vendor/num-bigint/src/biguint/convert.rs (2)

vendor/num-bigint/src/biguint/division.rs (1)

• div_rem_digit (85-107)

vendor/num-bigint/src/biguint/multiplication.rs (1)

• mac_with_carry (15-26)

vendor/num-bigint/src/biguint/multiplication.rs (2)

vendor/num-bigint/src/lib.rs (1)

• from_doublebigdigit (259-261)

vendor/num-bigint-dig/src/biguint.rs (1)

• u32_from_u128 (2530-2537)

vendor/num-bigint/src/biguint/subtraction.rs (2)

vendor/num-bigint/src/lib.rs (1)

• from_doublebigdigit (259-261)

vendor/num-bigint-dig/src/biguint.rs (1)

• u32_from_u128 (2530-2537)

vendor/num-bigint/src/biguint.rs (1)

vendor/num-bigint-dig/src/biguint.rs (2)

• u32_to_u128 (2522-2524)
• u32_from_u128 (2530-2537)

vendor/num-bigint/src/biguint/division.rs (2)

vendor/num-bigint/src/lib.rs (1)

• to_doublebigdigit (265-267)

vendor/num-bigint-dig/src/biguint.rs (1)

• u32_to_u128 (2522-2524)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Red Hat Konflux / recert-4-22-on-pull-request
• GitHub Check: build

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Missing zero-divisor check in checked_div_rem_euclid.

This implementation should return None when v is zero, consistent with checked_div_euclid and checked_rem_euclid above (lines 452-456, 460-464). Currently, it will panic on division by zero instead of returning None, defeating the purpose of the "checked" variant.

🐛 Proposed fix

     fn checked_div_rem_euclid(&self, v: &Self) -> Option<(Self, Self)> {
+        if v.is_zero() {
+            return None;
+        }
         Some(self.div_rem_euclid(v))
     }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	fn checked_div_rem_euclid(&self, v: &Self) -> Option<(Self, Self)> {
	Some(self.div_rem_euclid(v))
	}
	fn checked_div_rem_euclid(&self, v: &Self) -> Option<(Self, Self)> {
	if v.is_zero() {
	return None;
	}
	Some(self.div_rem_euclid(v))
	}

🤖 Prompt for AI Agents

In `@vendor/num-bigint/src/bigint/division.rs` around lines 466 - 469, The
checked_div_rem_euclid implementation lacks a zero-divisor check and will panic
when v is zero; update checked_div_rem_euclid to mirror
checked_div_euclid/checked_rem_euclid by returning None if v.is_zero(),
otherwise return Some(self.div_rem_euclid(v)); refer to the
checked_div_rem_euclid and div_rem_euclid functions and reuse the same zero
check pattern as in checked_div_euclid/checked_rem_euclid.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Typo in documentation comment.

"totiem" should be "totient".

📝 Proposed fix

-/// FIPS 186-4 **requires** the private exponent to be less than λ(n), which would
-/// make Euler's totiem unreliable.
+/// FIPS 186-4 **requires** the private exponent to be less than λ(n), which would
+/// make Euler's totient unreliable.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	/// FIPS 186-4 **requires** the private exponent to be less than λ(n), which would
	/// make Euler's totiem unreliable.
	/// FIPS 186-4 **requires** the private exponent to be less than λ(n), which would
	/// make Euler's totient unreliable.

🤖 Prompt for AI Agents

In `@vendor/rsa/src/algorithms/rsa.rs` around lines 286 - 287, Fix the typo in the
documentation comment that reads "totiem" — replace it with "totient" in the
comment starting "FIPS 186-4 **requires** the private exponent to be less than
λ(n), which would make Euler's totiem unreliable." in
vendor/rsa/src/algorithms/rsa.rs so the sentence reads "...which would make
Euler's totient unreliable."

[openshift-ci]

@omertuc: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-aws-ovn-single-node-recert-serial	87c0819	link	true	/test e2e-aws-ovn-single-node-recert-serial
ci/prow/e2e-aws-ovn-single-node-recert-parallel	87c0819	link	true	/test e2e-aws-ovn-single-node-recert-parallel
ci/prow/baremetalds-sno-recert-cluster-rename	87c0819	link	true	/test baremetalds-sno-recert-cluster-rename

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.