fiat_p256_i2will mask out all but the lowest 2 bits, but it sure as hell isn't doing that.
sha256crate should support every variant of those under the sun or not
Signeris for arbitrary-length messages, and does whatever is appropriate to sign them. This fits with the auto-derive to
DigestSigneris the "main" interface; for RSA we
impl Digest for NoneDigestto handle the directly-signed message case.
RandomizedDigestSigneris the interface for randomized signatures.
BlindedDigestSigneris an almost-identical interface (just trait method names are different) which is for deterministic signatures with blinding.
Signeris only intended for directly-signing messages, but my concern is that confuses users given that other impls of
Signercall through to
DigestSignerdue to the derive.
DigestSigneris trying to be a ROM trait for Fiat-Shamir
finalize()method is working; still bugs elsewhere